Privacy Policy
Clear information on how we collect, use, store and protect personal data for Indian CA firms and their clients.
1. Scope
This policy describes how CA Copilot (“we”, “our”, “us”) processes personal and business information when firms use our products and the Client Portal. It applies to data we control as a service provider to your firm and as a website operator.
This document is informational and not legal advice. For compliance questions, consult your counsel.
2. Data We Collect
- Account data: firm name, contact names, work/personal emails, phone numbers, role/permissions.
- Operational data: invoices/bills, registers, reconciliation results, comments, tasks, portal messages and metadata (upload time, uploader, client/period).
- Diagnostics: log events for reliability and security (e.g., errors, device/browser info, IP region). Aggregated where possible.
- Support data: attachments you send to support and product feedback.
3. How We Use Data
- Provide, operate and secure the service (identity, access, uploads, processing, exports, audit).
- Improve accuracy and reliability (quality checks, fraud and abuse prevention, performance tuning).
- Support and incident response (troubleshooting, customer success).
- Legal compliance and enforcement of terms.
4. Lawful Basis / Legal Grounds
We process data primarily to perform our contract with your firm and for legitimate interests such as securing the service and improving quality. Where required, we rely on consent (for example, certain communications) which you may withdraw at any time.
5. Retention & Deletion
We retain data for as long as the account is active or as needed to provide the service. Firm admins can request deletions by client/period. Verified deletions are queued and executed with logs.
| Category | Typical Retention | Notes |
|---|---|---|
| Operational documents | Active subscription + admin-configured period | Supports review/audit; firm may request purge of specific clients/periods. |
| Account records | Duration of account + up to 3 years | For billing, disputes and legal requirements. |
| Audit logs | 90–365 days | Configurable for enterprise plans. |
| Backups | 30–90 days | Rolling backups with periodic restore tests. |
6. Subprocessors
We use reputable infrastructure providers to deliver the service (e.g., cloud hosting, storage, email). We maintain a current list of critical subprocessors and will provide notice of material changes to subscribed admins.
7. Security Measures
Security is built into our product and operations. Highlights include HTTPS/TLS, presigned uploads, encryption at rest by our cloud provider, role-based access (tenant→client), session controls and audit logging. Learn more on our Security page.
8. Data Location & Transfers
Primary data processing occurs in cloud regions selected for performance and reliability. Where cross-border transfers occur, we take appropriate measures under applicable laws and contractual safeguards.
9. Your Rights & Choices
- Access, correct or delete your information (subject to law and firm admin approval).
- Export your data (Excel/CSV/JSON) or request a copy of audit logs via your admin.
- Opt-out of non-essential communications.
10. Children’s Data
Our services are intended for business use by CA firms. We do not knowingly collect personal data from children.
11. Changes to this Policy
We may update this policy to reflect changes in our practices or legal requirements. We will update the “Last updated” date and, where appropriate, notify admins.
12. Contact
Privacy questions or requests:
- Email: privacy@ca-copilot.com
- Security reports: security@ca-copilot.com
Last updated: