Legal

Privacy Policy

Last updated: April 6, 2026

1. Data Controller

Prefiler Labs Private Limited ("Company", "we", "us", or "our") is the data controller responsible for the collection, use, storage, and protection of your personal and financial data.

CIN: U63111DL2026PTC464315
Registered Address: New Delhi, Delhi, India

2. Our Core Privacy Commitment

Prefiler is built around a fundamental principle: your financial documents are never stored. Uploaded bank statements, PDFs, and CSV files are processed entirely in memory, parsed into structured data, and deleted immediately after extraction completes. No raw financial document ever reaches long-term storage.

We store only derived analysis metadata — risk scores, flag counts, confidence metrics, and narrative summaries. The original transaction-level data used to compute these outputs is discarded after processing.

3. What We Collect

We collect only the minimum data required to operate the service:

  • Account information: Name, email address, and organisation affiliation provided during registration.
  • Client records: Client names, PAN numbers, entity types, and contact information that you voluntarily enter into the client management system. These are stored to enable client-linked analysis workflows.
  • Derived analysis data: Risk assessments, confidence scores, flag metadata, materiality indices, and AI-generated narrative summaries. These contain no raw financial data.
  • Usage data: Feature utilisation patterns, analysis counts, and session information for service improvement.
  • Payment data: Transaction references and billing records. Full payment card details are processed by Razorpay and never touch our servers.

4. What We Do NOT Collect

Prefiler does not collect:

  • Browsing history, device fingerprints, or location data
  • Contact lists, social media profiles, or biometric data
  • Raw financial transaction data beyond the ephemeral processing window
  • Any data unrelated to the analysis workflow

There are no third-party advertising trackers, retargeting pixels, or cross-site tracking mechanisms on the platform.

5. How We Use Data

  • Data is used exclusively to deliver the pre-filing intelligence service.
  • Data is never sold to any third party.
  • Data is never shared for marketing, advertising, or profiling.
  • Data is never used to train, fine-tune, or improve any AI or machine learning model — internal or external.
  • Within firm accounts, data visibility is governed by role-based access: Partners see all firm analyses, Senior CAs see assigned analyses, and Juniors see only their own.

6. AI Usage Disclosure

Prefiler employs a hybrid analytical architecture:

  • A deterministic, rule-based engine computes all risk scores, flags, and materiality assessments. This engine is versioned, auditable, and reproducible.
  • A large language model generates narrative summaries and facilitates the clarification workflow. The LLM operates only on structured, derived data — never on raw financial documents.
  • The LLM does not make scoring decisions. Removing the AI component would not alter any risk output.

7. PII Masking & Handling

All personally identifiable information (PAN numbers, Aadhaar references, account numbers, and names) detected during document parsing is masked in logs and excluded from AI model inputs. The AI narrative layer refers to subjects using neutral language ("the entity", "the account holder") and is architecturally prevented from echoing specific personal identifiers.

8. Data Storage & Security

  • All data is encrypted in transit using TLS 1.2 or higher.
  • All stored data is encrypted at rest within our cloud infrastructure.
  • Row-level security (RLS) policies enforce data isolation at the database level — users cannot access data belonging to other users or firms.
  • Access to production systems follows least-privilege principles.

9. Data Retention

  • Financial documents: Processed ephemerally. Deleted immediately after parsing.
  • Analysis reports: Retained for the duration of the user's active account. Users can archive or delete individual analyses at any time.
  • Client records: Retained until manually deleted by the user.
  • Account data: Permanently removed within 30 days of account deletion request.
  • Billing records: Retained up to 8 years to comply with Indian tax regulations.

10. Cookies & Tracking

  • Essential cookies: Authentication tokens and session management. Cannot be disabled.
  • Analytics: Privacy-respecting, anonymised usage analytics for platform improvement. No PII is shared.

We do not use advertising cookies, retargeting pixels, or cross-site tracking.

11. International Data Transfers

Data may be processed on servers outside your country of residence. All transfers are protected by encryption in transit and at rest. Where applicable, transfers comply with GDPR, DPDPA, and other relevant data protection frameworks.

12. Your Rights

Depending on your jurisdiction, you may:

  • Access: Request a copy of all personal and derived data we hold about you.
  • Correct: Request correction of inaccurate or incomplete information.
  • Delete: Request permanent deletion of your account and all associated data.
  • Port: Request your data in a structured, machine-readable format.
  • Object: Object to specific processing activities where permitted by law.

To exercise any right, contact privacy@prefiler.com. We respond within 30 days.

13. Children's Data

Prefiler is not intended for individuals under 18. We do not knowingly collect data from minors.

14. Jurisdiction & Compliance

  • India: Digital Personal Data Protection Act, 2023 (DPDPA) and Information Technology Act, 2000.
  • EU: General Data Protection Regulation (GDPR).
  • International: We align with internationally recognised data protection standards in all jurisdictions where we operate.

15. Grievance Officer

In accordance with the Information Technology Act, 2000:

Karan Sahu
Designation: Founder & CEO
Email: grievance@prefiler.com
Address: New Delhi, Delhi, India

Grievances are acknowledged within 24 hours and resolved within 30 days.

16. Changes to This Policy

Material changes are communicated via email or in-platform notification at least 15 days before taking effect. Continued use constitutes acceptance.

17. Contact

Privacy inquiries: privacy@prefiler.com

Data access / deletion: privacy@prefiler.com

Grievances: grievance@prefiler.com

Previous versions available upon request. Contact support@prefiler.com.