Privacy Policy

Zaxo (operated from India) is a Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP Act"). You, the filer, are the Data Principal. We process your tax-related personal data only to help you file your Income Tax Return — and for nothing else. You can access, correct, or delete your data at any time from your account page.

We collect only the minimum data required to file your ITR:

• Identity — email, name, profile picture (from Google sign-in). Used to create your account and address you.
• PAN, address, DOB, bank account number, IFSC — extracted from your Form 16 / 26AS / AIS, or provided by you. Used to populate your ITR fields and your refund destination.
• Form 16, Form 26AS, AIS PDFs — uploaded by you. Used by our parsers to extract tax data; the original files are not shared with anyone outside Zaxo.
• Conversation history — what you tell our agent and what it tells you. Used to give you a coherent filing experience and to debug if something goes wrong.
• Payment metadata — Razorpay order ID, payment ID, signature. Used to issue receipts and reconcile our accounts. We never see your card or UPI credentials — those go directly to Razorpay.

We do not collect your Aadhaar, biometric data, health data, sexual orientation, religious or caste data, political opinions, or trade-union membership.

By creating an account and clicking "Continue with Google" on the sign-in modal, you consent to Zaxo processing your data for the lawful purpose of preparing and guiding your ITR filing. Consent is free, specific, informed, unambiguous, and withdrawable. You may withdraw it at any time from your account page — withdrawal triggers immediate erasure of your data, except payment records (see retention).

• Active filings — kept while you are working on them.
• Completed filings — your filing guide, chat history, and uploaded PDFs are erased 30 days after you mark the filing complete. The 30-day window gives you time to come back if you need to re-read the guide or re-verify.
• Payment records — Razorpay transaction metadata is retained for 7 yearsto comply with India's financial-records retention rules. The records are anonymised (your name, email, and PAN are removed) when you delete your account; only the transaction ID, amount, and timestamp remain.
• If you delete your account — everything else is erased within 30 days.

• Firestore (Google Cloud, asia-south1 = Mumbai) — your account, filings, and chat history.
• Firebase Storage (Google Cloud, asia-south1) — your uploaded PDFs.
• Anthropic API(United States) — Form 16 / 26AS / AIS PDFs and conversation messages are sent to Anthropic for the AI agent to read and respond. Anthropic does not train its models on Zaxo's API data and retains content for at most 30 days unless flagged for abuse review. By using Zaxo, you consent to this cross-border transfer for the lawful purpose of running the AI assistant.
• Razorpay (India) — payment processing.
• Vercel (United States) — application hosting. Vercel processes only request metadata (no stored personal data).
• Sentry (United States, optional, may not be active) — error reporting. We strip PAN, bank account numbers, ID tokens, and authorization headers from every event before sending.

Cross-border transfer is necessary for the service to function. The Government of India may publish a notified country list for cross-border restrictions; we will update this policy if new restrictions affect any of the above.

• PAN and bank account numbers are encrypted at rest with AES-256-GCM. The encryption key is held in our server environment, never exposed to clients.
• All traffic is TLS-encrypted (HTTPS only).
• Firebase Authentication ID tokens are short-lived (1 hour) and verified server-side on every API request.
• Firestore security rules deny client-side reads of any other user's data.
• We log every server error to Sentry with PAN, account numbers, ID tokens, and authorization headers redacted.

Under the DPDP Act, as a Data Principal you have the right to:

• Access your personal data — download a full copy from /account.
• Correct or update your data — most fields are editable from inside the chat (just tell the agent).
• Erase your data and account — also from /account. Erasure is permanent.
• Withdraw consent — equivalent to deleting your account, since Zaxo cannot operate without consent to process your data.
• Nominate someone to exercise these rights on your behalf in case of incapacity. Contact the Grievance Officer below to register a nominee.
• Grievance redressal — see below.

Zaxo is intended for use by adults (18 years and older) who file their own ITR. We do not knowingly collect data from children. If you are a parent or guardian and you believe your child has used Zaxo, please contact the Grievance Officer to delete the data immediately.

Zaxo uses only essential cookies / browser storage required to keep you signed in (Firebase Authentication tokens). We do not use third-party tracking pixels, advertising cookies, or analytics that profile you across sites.

We bump the version stamp at the top whenever we change this policy. If the change is material, we will prompt you to review and re-accept on your next sign-in. The historical version you accepted is recorded on your account so you can verify.

If you have a complaint about how Zaxo handles your data, or want to exercise rights you cannot self-serve from /account, contact:

If you are not satisfied with our response, you may approach the Data Protection Board of India.

Privacy questions that aren't complaints: privacy@zaxo.tech.