Privacy Policy

Last updated: 5 April 2026

1. Who we are

FiledRight (filedright.in) is a collaborative tax compliance platform for Indian Chartered Accountants and their clients. This policy explains how we collect, use, store, and protect your personal data when you use our platform.

2. What data we collect

We collect the following categories of personal data:

  • Account information: Name, email address, and password (for CAs). Email address (for clients invited by their CA).
  • Practice information: Practice name and logo uploaded by the CA.
  • Client profile data: Name, email, phone number, PAN, GSTIN, business type, income sources, and other tax-relevant attributes entered by the CA or client.
  • Documents: Invoices, Form 16, bank statements, and other financial documents uploaded by CAs or clients.
  • Extracted data: Structured data extracted from uploaded documents by our AI processing (invoice numbers, amounts, GSTINs, HSN codes).
  • Messages: Communications between CAs and clients within a Space.
  • Usage data: Pages visited, features used, and anonymised analytics collected via Vercel Analytics.

3. Why we collect your data

  • Service delivery: To provide document collection, AI extraction, compliance checklist generation, and messaging between CAs and clients.
  • Account management: To authenticate you, manage your practice, and send transactional emails (invitations, password resets).
  • Compliance tracking: To generate and maintain checklists, track document status, and monitor filing deadlines.
  • Product improvement: To understand how the platform is used and improve the experience. We use anonymised, aggregated analytics only.

4. AI processing

When documents are uploaded, we use Google Gemini to extract structured data (invoice numbers, amounts, GSTINs, HSN codes). This processing happens on a per-document basis for the sole purpose of populating your compliance data.

Your documents are never used to train AI models. Extracted data belongs only to you and your CA.

5. Where your data is stored

All data is stored on servers in the Mumbai region (ap-south-1) via Supabase. Documents are stored in encrypted storage buckets. Database connections are encrypted in transit. The application is hosted on Vercel.

6. Who can access your data

  • CAs: Can access all data within Spaces they have created, including client documents, extracted data, messages, and internal notes.
  • Practice team members: Can access Spaces within their practice, based on the access level set by the practice admin.
  • Clients: Can access only their own Space, including their documents, checklist, messages, and profile. Clients cannot see internal notes.
  • FiledRight: Our team may access data for technical support and troubleshooting, but only when necessary and with appropriate safeguards.

7. Third-party services

We use the following third-party services to operate the platform:

  • Supabase: Database, authentication, and file storage (Mumbai region).
  • Vercel: Application hosting and anonymised web analytics.
  • Google Gemini: AI document extraction (per-document processing, no training).
  • Resend: Transactional emails (invitations, magic links, password resets).

8. Data retention and deletion

Your data is retained for as long as your account is active. CAs can archive or permanently delete client Spaces at any time. When a Space is permanently deleted, all associated documents, extracted data, messages, and checklist items are removed from our systems.

Clients can export their data from any active Space. If you wish to delete your account entirely, contact us at privacy@filedright.in.

9. Your rights

Under applicable Indian data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Export your data in a portable format.
  • Withdraw consent for data processing.

To exercise any of these rights, email us at privacy@filedright.in.

10. Security

We use industry-standard security measures including encrypted connections (TLS), encrypted storage, row-level security policies on all database tables, and secure authentication with session management. We do not store passwords in plain text.

11. Changes to this policy

We may update this policy from time to time. If we make significant changes, we will notify you via email or a notice on the platform. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

For any questions about this privacy policy or your data, contact us at privacy@filedright.in.