Governance

Data & AI Policy

Last updated: April 6, 2026

This document explains how Prefiler uses data, how it uses AI, and where the boundaries are. It is written for the accounting professionals who rely on the platform and need to understand exactly what drives the outputs they see.

1. The Deterministic Risk Engine

All risk scores, compliance flags, materiality assessments, and confidence metrics in Prefiler are computed by a deterministic, rule-based scoring engine. This engine:

  • Evaluates transaction patterns, concentration ratios, cross-category indicators, and recurring behaviours using structured financial logic.
  • Applies versioned risk weights and materiality thresholds — every weight is tracked, every threshold is documented.
  • Produces reproducible outputs: the same input data processed against the same engine version always produces the same risk score.
  • Supports compound-risk escalation: when multiple flags co-occur, the engine applies defined escalation rules rather than simply summing individual scores.

There is no randomness, probabilistic inference, or opaque weighting in the scoring process. Every score can be traced to specific rules and thresholds.

2. Structural Extraction — Not AI Guessing

Document parsing uses coordinate-based extraction, not AI-driven text interpretation. The system identifies table structures, column positions, row boundaries, and numeric fields using geometric analysis of document layout.

This approach targets ≥98% structural extraction accuracy for major Indian and international bank statement formats. When extraction confidence falls below threshold, the system flags the analysis for manual review rather than guessing.

3. Where AI Is Used

Prefiler employs a large language model for exactly two purposes:

  • Narrative generation: Converting structured analysis outputs (risk scores, flag details, confidence metrics) into human-readable professional summaries suitable for CA workpapers.
  • Clarification workflow: Generating forensic-grade follow-up questions when the analysis engine identifies ambiguous patterns that could be resolved with additional context from the practitioner.

The LLM receives only structured, derived data — not raw financial documents. It has no access to original bank statements, PAN numbers, or other PII.

4. What AI Does NOT Do

The AI layer:

  • Does not compute risk scores or confidence metrics.
  • Does not decide which flags to raise or which thresholds to apply.
  • Does not modify the output of the deterministic engine.
  • Does not access raw financial documents or personal identifiers.
  • Does not make autonomous compliance decisions.

Removing the AI component entirely would eliminate narrative summaries and the clarification loop. It would not change a single risk score, flag, or materiality assessment.

5. No Training on User Data

User-uploaded financial data is never used to train, fine-tune, or improve any AI model — internal or external. This commitment applies to all current and future models.

Financial documents are processed ephemerally and deleted immediately. Derived summaries are stored for user access but are not fed into any training pipeline.

6. Explainability & Traceability

Every analysis output is fully traceable. For each completed analysis, the system records:

  • Which risk rules were triggered and their individual contributions to the total score.
  • Which heuristic patterns were activated (e.g., cash structuring detection, vendor concentration analysis).
  • Confidence metrics: parse confidence, classification confidence, and risk confidence.
  • The version of the scoring engine, prompt template, and AI model used.
  • Token usage and processing duration for audit purposes.

If a score cannot be explained by specific rules and thresholds, it is not issued.

7. Vendor Neutrality

Prefiler's architecture enforces vendor abstraction. The LLM provider can be switched without affecting scoring logic, data models, or security boundaries. Prompt templates are version-controlled. The system supports A/B model comparison and cross-model adversarial testing to maintain output quality regardless of the underlying AI provider.

8. Human Governance Philosophy

Prefiler is a decision-support tool, not a decision-making system. It surfaces risks, flags, and implications. The final assessment, interpretation, and filing decision always rests with the licensed professional.

The platform presents flag feedback mechanisms (accept, dispute, note) that allow practitioners to record their professional judgment alongside the system's findings — creating an auditable record of human oversight.

9. Quality Assurance

The deterministic engine undergoes:

  • Synthetic dataset stress testing across thousands of generated financial cases with injected anomalies, ambiguities, and edge cases.
  • Benchmark regression testing to ensure scoring consistency across engine updates.
  • Classification accuracy auditing with human-reviewed sample sets.

No scoring engine update is deployed to production without passing calibration testing against benchmark datasets.

10. Operating Entity

All data governance, AI governance, and platform policies are maintained by Prefiler Labs Private Limited (CIN: U63111DL2026PTC464315), New Delhi, India.

11. Contact

For questions about our data and AI practices: support@prefiler.com

For full data handling details, see our Privacy Policy. For infrastructure security, see our Security Overview.