Privacy Policy

TaxAible ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and AI-powered tax preparation services tailored for the Pakistani tax system.

1. Information We Collect

We collect information that you provide directly to us, including:

• Account Information: Name, email address, and encrypted passwords.
• Tax & Financial Data: Income details, expense records, asset declarations, and NTN (National Tax Number) as required for FBR filing.
• IRIS Credentials: To facilitate automated filing, we collect your IRIS login credentials. These are symmetrically encrypted using industry-standard protocols and are only decrypted at the moment of filing.
• AI Interactions: Text-based descriptions of your financial activities provided during chat sessions for tax classification. We maintain logs of these interactions to verify filing instructions.
• Uploaded Documents: Images or PDFs of tax-related documents (e.g., salary certificates, utility bills) processed for data extraction.

2. How We Use Your Information

We use the collected information for the following purposes:

• Tax Computation: Mapping your financial data to the relevant tax codes under the Income Tax Ordinance, 2001.
• AI-Assisted Processing: Using Google Gemini AI to analyze natural language inputs and extract data from documents.
• Automated Filing: Submitting your tax returns directly to the FBR IRIS portal upon your explicit request.
• Audit & Verification: Maintaining a record of user inputs to provide proof of the source of information in case of audits or legal queries.

Strict Non-Marketing Policy: Your personal, financial, and tax data is never used for marketing, advertising, or profiling purposes. We do not use your data to sell you third-party products or services.

3. Data Protection & Security

We implement robust technical and organizational measures to secure your data:

• Encryption: Standard passwords are irreversibly hashed using Scrypt. IRIS credentials are encrypted with AES-256 (Fernet) tied to environment-specific keys.
• Account Isolation: We use Row-Level Security (RLS) patterns to ensure that your data is strictly isolated and accessible only to your authenticated session.
• Secure Transmission: All data is transmitted over encrypted HTTPS connections.

4. Data Sharing & Third-Parties

We do not sell your personal data. We share information only in the following limited contexts:

• FBR (Federal Board of Revenue): Data is transmitted to FBR systems for the sole purpose of filing your tax returns.
• Audit & Legal Authorities: In the event of a tax audit, investigation, or legal conflict, TaxAible will cooperate with relevant Pakistani authorities. This may include sharing your account data, filing records, and the full transcript of your AI chat interactions.
• Generative AI: Anonymized or context-specific data is shared with LLMs to provide AI capabilities.
• Cloudflare: We use Cloudflare Turnstile for bot protection and security.

No Other Third-Party Sharing: Aside from the entities explicitly mentioned above, your data is never shared with, sold to, or accessible by any other third parties, including data brokers or marketing agencies.

5. Your Rights

As a user, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of your account and associated tax data, subject to legal record-keeping requirements and the necessity of data for audit trails.

6. Compliance with Pakistani Law

Our practices are designed to align with the Prevention of Electronic Crimes Act (PECA) 2016 and the Income Tax Ordinance 2001 of Pakistan. We maintain the confidentiality of taxpayer information as required by law, subject to disclosure requirements in official audit or legal proceedings.

7. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through our Support Page.