What is Your AI Accountant?

Your AI Accountant is a Tally data-entry automation tool built for Indian CAs and accountants. Upload bank statements, GST returns, or invoices — AI extracts, categorises to ledgers, and pushes clean vouchers to Tally Prime in one click.

Which banks are supported?

We parse PDF, Excel, and CSV bank statements from 50+ Indian banks — ICICI, HDFC, SBI, Axis, Kotak, Yes, IDFC, IndusInd, Federal, Canara, PNB, BoB, Union, and more. No manual formatting required.

How much does it cost?

100 transactions free every month. After that, Rs.0.20 per transaction (Rs.20 per 100) — introductory launch price, full price Rs.0.25. No subscription, no contracts, no credit card required to start.

Does it work with Tally ERP 9 and Tally Prime?

Yes. Our lightweight Tally Bridge agent runs on your Windows desktop and pushes vouchers directly into Tally Prime (and Tally ERP 9 where compatible). Vouchers land perfectly with correct tax treatment.

Is my financial data secure?

Yes. All uploads are encrypted in transit (TLS) and at rest. The Tally Bridge uses AES-256-GCM token encryption. Your Tally data never leaves your desktop except for the specific vouchers you choose to push.

Can I handle GSTR-1, GSTR-2A, and GSTR-2B?

Yes. Upload GSTR-1 JSON for sales, GSTR-2B Excel for purchases, GSTR-2A for reconciliation. Our engine matches them against your ledgers automatically.

How long does onboarding take?

Under 5 minutes. Sign up with Google, download the Tally Bridge (~37 MB Windows app), one-click auto-pair from your dashboard, upload your first bank statement. First vouchers pushed to Tally in under 10 minutes.

Privacy Policy

Version 2.0 · Last updated: 21 May 2026

This policy is designed to comply with the Information Technology Act, 2000, the SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023 (India).

1. Introduction

Tax One Advisory (OPC) Pvt. Ltd. ("we", "us", "our") operates Your AI Accountant ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal and financial information when you use the Service.

Tax One Advisory (OPC) Pvt. Ltd. acts as the "Data Fiduciary" under the Digital Personal Data Protection Act, 2023 ("DPDPA") for personal data processed through the Service. We process such data in accordance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules").

2. Definitions

Personal Data: Any data about an individual who is identifiable by or in relation to such data.
Sensitive Personal Data (SPDI): Financial information such as bank account details, statements, and related records, as defined under the SPDI Rules.
Data Fiduciary:The entity that determines the purpose and means of processing personal data — i.e., us.
Subprocessor: A third-party service provider engaged by us to process data on our behalf.
Client Data: Financial or personal data of third parties (e.g., your clients) that you upload to the Service.

3. Data We Collect

3.1 Account Information

Full name, email address, and phone number (optional) provided during registration.
Google account information if you sign up via Google OAuth.
Hashed password — plaintext passwords are not stored.

3.2 Financial Data

Bank statements (PDF, Excel, CSV) you upload for processing.
Transaction details extracted from uploaded statements.
Ledger names, voucher details, and categorization data.
GSTIN, PAN, and other tax identifiers associated with your clients.
Tally company data pulled via the Bridge agent (at your request).

3.3 Usage Data

Transaction processing counts for billing purposes.
Login timestamps, IP addresses, and session information for security.
Bridge agent connection logs and error reports for diagnostics.

4. How We Use Your Data

Service Delivery: Processing bank statements, converting uploaded PDF invoices into structured data, and Tally synchronization.
Billing: Tracking transaction usage to debit your prepaid wallet balance.
Security: Detecting unauthorized access, fraud prevention, and abuse monitoring.
Communication: Sending password reset emails, verification emails, and critical service updates.
Improvement: Improving extraction and matching accuracy based on aggregated and anonymized patterns.

5. AI Processing & Automation

AI is used in a single, specific part of the Service: Invoice Conversion— converting uploaded PDF invoices into structured transaction data. Bank statement extraction and ledger categorization are performed by deterministic (non-AI) processing.

For Invoice Conversion, the relevant content of the uploaded invoice (such as invoice text, amounts, party names, and line items) may be sent to our AI provider to extract structured fields. Passwords and login credentials are not sent.
We use API-based AI services (currently OpenAI) where customer API data is not used to train the provider's models.
Automated processing: Invoice fields extracted by AI are suggestions only. You should review extracted data before relying on it.
Accuracy limitation: AI-generated outputs may contain inaccuracies and should be independently reviewed by a qualified professional before filing, reporting, or financial reliance.

6. Legal Basis for Processing

We process your personal data on one or more of the following lawful bases:

Consent: Consent you provide when you create an account and upload data.
Performance of contract: Processing necessary to deliver the Service you have subscribed to.
Legal obligation: Compliance with applicable Indian law, including tax and record-keeping requirements.
Legitimate interests: Fraud prevention, security, and abuse monitoring, balanced against your rights.

7. Data Sharing & Subprocessors

We do not sell your personal or financial data. We engage the following subprocessors:

Provider	Purpose
OpenAI	Invoice Conversion (PDF invoice data extraction)
Google Cloud Platform	Hosting and file storage (Mumbai region)
Supabase	Managed PostgreSQL database infrastructure
Google OAuth	Optional sign-in and authentication

These providers process data under contractual confidentiality and security obligations. We may also share data with:

Team Members: If you use team features, your admin and staff members can access shared client data as configured.
Client Portal: If you create client portal access, the designated client can view their own transaction data.
Legal Requirements: We may disclose data if required by Indian law, court order, or government authority.

8. Security Measures

Under the SPDI Rules, financial information is classified as Sensitive Personal Data. We apply commercially reasonable safeguards, including:

AES-256 encryption at rest and TLS 1.2+ encryption in transit.
Passwords hashed using bcrypt with salt.
TOTP-based two-factor authentication (2FA) available for accounts.
Role-based access control (RBAC) and the principle of least privilege.
Audit logging of sensitive operations.
Encrypted backups and secure secret management.
Periodic access reviews of authorized personnel.
The desktop Bridge agent stores its authentication token locally using AES-256-GCM encryption with a machine-specific key; Tally data remains on your local network.

9. International Transfers

Your account and financial data are stored on Google Cloud Platform servers in the Asia South 1 (Mumbai) region. The only operation that may involve transmission of data outside India is Invoice Conversion, where invoice content is securely sent to our AI provider for extraction, subject to contractual safeguards and applicable law. Stored financial records and files are not transferred outside India for storage.

10. Data Retention

Data Type	Retention
User account data	Until deletion is requested
Deleted accounts	Soft-deleted, permanently removed after 30 days
Uploaded statement files	Up to 90 days for processing and support
Audit logs	6 months
Billing records	7 years (Indian tax law)

11. Breach Notification

In the event of a confirmed personal data breach affecting your information, we will take commercially reasonable measures to investigate, mitigate, and notify affected users and applicable authorities as required under applicable law.

12. Your Rights

Under the DPDPA 2023, you have the right to:

Access: View the personal data we hold about you (available in your Settings page).
Correction: Update your personal information at any time through your account settings.
Deletion:Request account deletion from Settings > Security > Danger Zone. This soft-deletes your account; data is permanently removed after 30 days.
Withdraw Consent: You may stop using the Service at any time and request deletion of your data.
Data Portability: You may export your transaction data at any time.
Grievance Redressal: You may contact our Grievance Officer for any data-related complaints (see Section 18).

13. Cookies & Local Storage

Type	Purpose
Essential	Authentication via JWT tokens stored in localStorage
Functional	Temporary UI state via sessionStorage (e.g., welcome messages)
Security	Session validation cookies set by Google OAuth

We do not use third-party tracking or advertising cookies, and we do not use analytics tools such as Google Analytics, Mixpanel, or Segment. You can disable cookies via your browser controls; doing so may prevent sign-in and break core functionality.

14. Children's Privacy

The Service is not intended for individuals below the age threshold defined under applicable law. We do not knowingly collect personal information from children. If you believe a child has provided data, contact us and we will take appropriate steps to remove it.

15. Enterprise & Team / Client Data

Users uploading third-party financial or personal data (e.g., client data) represent that they have obtained all necessary permissions, authorizations, or lawful basis required to process such data through the Service.
Users are responsible for ensuring that uploaded data does not violate applicable laws, confidentiality obligations, or third-party rights.
Users should avoid uploading passwords, OTPs, or unrelated sensitive personal information.
For team accounts, the admin is responsible for managing staff access to shared client data.

16. Limitation of Outputs & Service

No professional advice: The Service provides software-assisted automation, data extraction, and categorization suggestions only. It does not constitute legal, tax, audit, accounting, or financial advice.
Review required: AI-generated outputs may contain inaccuracies and should be independently reviewed by a qualified professional before filing, reporting, or financial reliance.
Backups: While we implement backup and disaster recovery measures, you are encouraged to maintain independent backups of critical accounting records.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The version and "Last updated" date at the top indicate when this policy was last revised.

Version	Date	Changes
v2.0	21 May 2026	Added Data Fiduciary, legal basis, subprocessors, breach notification, international transfers, AI disclaimers, client-data consent. Scoped AI use to Invoice Conversion only.
v1.0	15 Apr 2026	Initial policy.

18. Contact & Grievance Officer

In accordance with the IT Act 2000, SPDI Rules, and DPDPA 2023, our Grievance Officer can be contacted at:

Grievance Officer

Tax One Advisory (OPC) Pvt. Ltd.

Email: taxoneadvisory@gmail.com

For privacy or security concerns, email the same address with "Privacy" or "Security" in the subject line.

We will acknowledge your complaint within 48 hours and aim to resolve it within 30 days.