Privacy Policy

This Privacy Policy explains how TaxLegit Consulting Private Limited collects, uses, and protects your information while using the ICFR Generation AI platform.

Last updated: 4/29/2026

TaxLegit Consulting Private Limited is committed to protecting the privacy and security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our ICFR Generation AI Service.

1. Information We Collect

  • Financial Data: Financial metadata, control descriptions, and process flows uploaded for ICFR generation.
  • Account Data: Names, email addresses, phone numbers, job titles, company names, professional credentials, and billing information necessary to create and manage your account.
  • Usage Data: Information about how you interact with the AI platform, collected automatically to improve system performance and reliability.

2. How We Use Your Data

  • Generate customised ICFR documentation and risk-control matrices
  • Maintain and secure your account
  • Refine and improve our machine learning models
  • Protect against fraud, security threats, and illegal activity

3. Data Security

We implement enterprise-grade security measures to protect your data, including:

  • Encryption at Rest: AES-256 encryption for all stored data
  • Encryption in Transit: TLS 1.3 or higher for all data transmission
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and regular vulnerability scanning
  • Secure Infrastructure: ISO 27001-certified cloud hosting providers

4. Data Retention

User data is retained only for the duration of the subscription period plus a grace period, after which it is permanently deleted from our active servers unless legal requirements dictate otherwise. We maintain:

  • Regular security audits and penetration testing
  • Employee training on data protection and security best practices
  • Strict confidentiality agreements with all personnel
  • Incident response and breach notification procedures

5. Your Privacy Rights

You have the right to access your personal data and request a copy in a portable format. You may update or correct inaccurate personal information through your account dashboard or by contacting us directly.