Privacy Policy

Last updated: 3 April 2026

1. Introduction

Anti Gravity Technologies ("we", "us", "our") operates Your AI Accountant ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal and financial information when you use the Service.

We comply with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules") of India.

2. Information We Collect

2.1 Account Information

  • Full name, email address, and phone number (optional) provided during registration.
  • Google account information if you sign up via Google OAuth.
  • Hashed password (we never store plaintext passwords).

2.2 Financial Data

  • Bank statements (PDF, Excel, CSV) you upload for processing.
  • Transaction details extracted from uploaded statements.
  • Ledger names, voucher details, and categorization data.
  • GSTIN, PAN, and other tax identifiers associated with your clients.
  • Tally company data pulled via the Bridge agent (at your request).

2.3 Usage Data

  • Transaction processing counts for billing purposes.
  • Login timestamps, IP addresses, and session information for security.
  • Bridge agent connection logs and error reports for diagnostics.

3. How We Use Your Information

  • Service Delivery: Processing bank statements, AI-powered transaction categorization, and Tally synchronization.
  • AI Processing: We use OpenAI's GPT models to verify parsed transactions and provide categorization suggestions. Only transaction descriptions and amounts are sent to OpenAI — never your personal identity, account numbers, or full bank statements.
  • Billing: Tracking transaction usage to debit your prepaid wallet balance.
  • Security: Detecting unauthorized access, fraud prevention, and abuse monitoring.
  • Communication: Sending password reset emails, verification emails, and critical service updates.
  • Improvement: Improving AI categorization accuracy based on aggregated (anonymized) patterns.

4. Sensitive Personal Data (SPDI)

Under the SPDI Rules, financial information (bank statements, account details) is classified as Sensitive Personal Data. We handle this data with the following safeguards:

  • Encrypted at rest using AES-256 encryption.
  • Transmitted over TLS 1.2+ encrypted connections.
  • Access restricted to authorized personnel only.
  • We collect this data only with your explicit consent (by uploading files to the Service) and only for the purposes stated in this policy.

5. Data Storage & Security

  • Cloud Infrastructure: Your data is stored on Google Cloud Platform servers in the Asia South 1 (Mumbai) region.
  • Database: PostgreSQL with encrypted connections and row-level access controls.
  • File Storage: Uploaded bank statements are stored in Google Cloud Storage with server-side encryption.
  • Bridge Agent: The desktop bridge agent stores its authentication token locally using AES-256-GCM encryption with a machine-specific key. Tally data stays on your local network.
  • Passwords: Hashed using bcrypt with salt. We cannot retrieve your password.

6. Data Sharing

We do not sell your personal or financial data. We share data only in these cases:

  • OpenAI: Transaction descriptions (not personal identifiers) are sent to OpenAI for AI-powered categorization. OpenAI's API data is not used to train their models.
  • Team Members: If you use team features, your admin and staff members can access shared client data as configured.
  • Client Portal: If you create client portal access, the designated client can view their own transaction data.
  • Legal Requirements: We may disclose data if required by Indian law, court order, or government authority.

7. Your Rights

You have the right to:

  • Access: View all personal data we hold about you (available in your Settings page).
  • Correction: Update your personal information at any time through your account settings.
  • Deletion: Request account deletion from Settings > Security > Danger Zone. This soft-deletes your account; data is permanently removed after 30 days.
  • Withdraw Consent: You may stop using the Service at any time and request deletion of your data.
  • Data Portability: You may export your transaction data at any time.

8. Cookies & Local Storage

  • We use JWT tokens stored in localStorage for authentication.
  • We use sessionStorage for temporary UI state (e.g., welcome messages).
  • We do not use third-party tracking cookies or advertising cookies.
  • Google OAuth may set its own cookies during the sign-in flow.

9. Data Retention

  • Active account data is retained as long as your account is active.
  • Deleted accounts are soft-deleted and permanently removed after 30 days.
  • Uploaded bank statement files may be retained for up to 90 days for processing and support.
  • Audit logs are retained for 6 months for security purposes.
  • Billing records are retained for 7 years as required by Indian tax law.

10. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top indicates when this policy was last revised.

12. Grievance Officer

In accordance with the IT Act 2000 and SPDI Rules, our Grievance Officer can be contacted at:

Grievance Officer

Anti Gravity Technologies

Email: grievance@youraiaccountant.in

We will acknowledge your complaint within 48 hours and resolve it within 30 days.

13. Contact

For questions about this Privacy Policy, contact us at privacy@youraiaccountant.in