Privacy Policy

1. Introduction

GST Clarity AI (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website and services at gstclarityai.in.

2. Information we collect

We collect the following information when you use our service:

Email address: Required for account creation and OTP-based authentication. Used to send you your explanation and for transactional communications only.

Uploaded documents: GST notices you upload (PDF or images) are processed to generate explanations. These documents are stored securely and automatically deleted after 30 days.

Payment information: Payment processing is handled entirely by Razorpay. We do not store your credit card, debit card, or UPI details on our servers. We only receive a transaction confirmation from Razorpay.

Usage data: We collect anonymised usage events (such as pages visited and features used) to improve our service. No personally identifiable information is included in analytics data.

3. How we process your data

To generate your GST notice explanation, your uploaded document is processed by the following third-party services:

Google Cloud Vision API: Used to extract text from your uploaded document (Optical Character Recognition). Your document is transmitted securely to Google Cloud servers for processing and is not retained by Google beyond the duration of the API call.

OpenAI API: The extracted text is sent to OpenAI’s language model to generate a structured explanation. OpenAI does not use data submitted via their API to train their models. Data is processed in accordance with OpenAI’s data usage policies.

These services are used solely for the purpose of generating your explanation. Your data is never shared with third parties for marketing, advertising, or any purpose unrelated to service delivery.

4. Data retention and deletion

Uploaded documents and generated explanations are stored for 30 days from the date of upload to allow you to access your explanation and ask follow-up questions. After 30 days, all document data is automatically and permanently deleted from our servers. Your email address and account information are retained as long as your account exists.

5. Data security

All data is transmitted using HTTPS (TLS 1.2 or higher) encryption. Documents are encrypted at rest using industry-standard AES-256 encryption. Our infrastructure is hosted on Google Cloud Platform, which maintains SOC 2, ISO 27001, and other security certifications. Access to user data is restricted to authorised systems only and is logged for audit purposes.

6. Cookies

We use essential cookies only — specifically, a session token stored as an HTTP-only cookie for authentication purposes. We do not use advertising cookies, tracking pixels, or third-party marketing cookies. If we introduce analytics cookies in the future, we will update this policy and seek your consent where required.

7. Data sharing

We do not sell, rent, or share your personal data or uploaded documents with any third party for marketing or commercial purposes. Data is shared only with the service providers listed in Section 3, solely for the purpose of delivering the service to you.

8. Your rights

You have the right to request deletion of your account and all associated data at any time by contacting us at gstclarityai@gmail.com. Upon receiving your request, we will delete your data within 7 business days and confirm the deletion via email.

9. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.

10. Contact

If you have questions about this Privacy Policy or how your data is handled, please contact us at gstclarityai@gmail.com.