Privacy Policy
Last Updated: June 16, 2026
Welcome to Practice Workspace (the "Platform", "we", "us", or "our"). We understand that Chartered Accountants, Tax Consultants, and Accounting Firms handle extremely sensitive client credentials, financial filings, and tax details. We are committed to maintaining the highest standards of confidentiality, data integrity, and security.
This Privacy Policy explains how we collect, use, process, store, and protect your information and your client's data when you use our SaaS Platform. By accessing or using Practice Workspace, you agree to the practices outlined in this policy.
1. Data Encryption & Security Standards
Data security is not an afterthought; it is our foundation. We implement industry-leading encryption protocols:
- Encrypted Vault: All client credentials for government portals (Income Tax, GST, TRACES, MCA) are encrypted using AES-256 (Advanced Encryption Standard). Encryption keys are securely managed with firm-level separation.
- Data in Transit: All communications between your browser, our servers, and third-party APIs are encrypted using modern TLS 1.3 / SSL protocols.
- Database Isolation: We implement logical database schema isolation. Your firm's workspace, clients, credentials, and task lists cannot be accessed by any other firm on our platform.
2. Information We Collect
To provide our CA and Tax Practice Management features, we collect the following categories of information:
- Firm Profile Data: Firm name, logo, GSTIN, registered email address, phone number, and physical office location.
- Staff Workspace Data: Name, role permissions, and active logs of workspace actions (ITR tasks created, vaults updated) for your internal audit trail.
- Client Master Records: Client name, entity type, PAN, GSTIN, TAN, mobile number, and email. This information is used solely for tracking ITR, GST, and TDS returns.
- Encrypted Credentials: Government portal usernames and passwords stored in the Vault, which are encrypted on the client-side/database layer.
3. WhatsApp Automation Privacy Rules
Our automated WhatsApp Integration helps you securely share tax documents and filing logs directly with clients. Here is how we protect privacy within this integration:
- Authorized Sender Only: The system only processes incoming texts from mobile numbers matching those registered in your secure Client Master. Unregistered numbers are instantly blocked.
- Temporary Media Storage: Documents fetched from your secure vault or database to be delivered via WhatsApp are transmitted using secure, temporary, single-use download links. We do not store client files on public messaging servers.
- Audit Logging: Every automated WhatsApp message sent, document fetched, or credential requested is logged in your firm's internal Audit Log for security reviews.
4. Data Sharing & Third-Party Vendors
We do not sell, trade, or rent your firm or client data to third parties. We only share information with trusted infrastructure partners necessary to host the Platform:
- Supabase/PostgreSQL: For secure data storage and encryption.
- Vercel: For hosting our next-generation React app frontend.
- Official WhatsApp API Providers: To safely transmit automated document notifications.
5. Compliance & Your Rights
We align our security practices with the Indian Information Technology Act, 2000 (Section 43A) regarding sensitive personal data. As a user, you have complete control to edit, export, or permanently delete your client master databases, audit logs, and vault credentials directly from your Workspace settings at any time.
6. Contact and Support
If you have any questions, concerns, or feedback regarding our privacy practices, or if you wish to report a security incident, please reach out to our security team through our Help Desk or write to us at:
Email: security@practiceworkspace.in
Subject: Data Protection Inquiry