Skip to main content
corpuscorpus
TermsContactJoin Waitlist
Legal

Privacy Policy

Your privacy is fundamental to how we operate. This policy explains exactly what we collect, why, and how we protect it.

Last updated: 1 April 2025 · Effective: 1 April 2025

1. Information We Collect

We collect information to provide and improve corpus. The types of information we collect depend on how you use our services.

Account & Identity Information

  • Name, email address, phone number
  • Company name, GSTIN, PAN, and registered address
  • Role within your organization (Admin, Accountant, CA, etc.)
  • Profile photo (optional)

Financial & Business Data

  • Invoices, bills, receipts, and transactions you create or import
  • Chart of accounts, ledgers, and journal entries
  • GST returns, TDS records, and compliance filings
  • Bank account details and statements (for reconciliation)
  • Employee and payroll data (if payroll module is used)

Usage & Technical Data

  • Pages visited, features used, and time spent
  • IP address, browser type, device identifiers
  • Error logs and crash reports
  • API access logs (timestamps, endpoints, response codes)

2. How We Use Your Information

We use the data we collect for the following purposes:

Provide the Service

Deliver accounting, GST, payroll, and all other modules you use.

Compliance & Filings

Pre-fill GSTR-1, GSTR-3B, TDS returns, and other statutory reports.

AI Features

Power AI insights, anomaly detection, narration, and NL queries using your data.

Support & Communication

Respond to tickets, send service notifications, and billing alerts.

Security

Detect fraud, unauthorized access, and suspicious activity.

Improvements

Analyze usage patterns to improve features and fix bugs.

We do not sell your data. We do not use your financial data to train general-purpose AI models accessible to other companies or individuals.

3. Data Storage & Security

All corpus data is stored in secure, SOC 2 Type II certified infrastructure hosted in India. We implement the following security measures:

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption for all data in transit
  • Row-level security (RLS) ensuring strict data isolation between organizations
  • Multi-factor authentication for all internal systems
  • Automated daily backups with 30-day retention and point-in-time recovery
  • Annual third-party penetration testing

Data is retained for the duration of your subscription plus 7 years to comply with Indian accounting and tax law requirements. You may request earlier deletion subject to legal obligations.

4. Sharing & Third Parties

We share data only in the following limited circumstances:

Infrastructure Providers

Supabase (database), Vercel/cloud hosting — bound by Data Processing Agreements.

Payment Processors

Razorpay or Stripe for subscription billing — they receive only payment-related data.

Government Portals

GSTN, MCA, and Income Tax portals when you explicitly initiate a filing.

AI Services

Anthropic (Claude API) for AI features — data is processed under strict confidentiality; not used for training.

Legal Requirements

When required by Indian law, court order, or to protect the rights and safety of users.

5. Your Rights

You have the following rights with respect to your personal data:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Update inaccurate or incomplete personal data.
  • Portability: Export your accounting data in standard formats (CSV, JSON).
  • Deletion: Request deletion of your account and personal data (subject to legal retention requirements).
  • Objection: Object to processing of your data for marketing purposes.
  • Restriction: Request that we restrict processing in certain circumstances.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

6. Cookies & Tracking

We use cookies and similar technologies for:

  • Essential cookies: Authentication sessions, CSRF protection, and security tokens. These cannot be disabled.
  • Analytics cookies: Anonymous usage statistics to understand feature adoption (opt-out available in settings).
  • Preference cookies: Save your UI preferences like theme, language, and dashboard layout.

We do not use third-party advertising cookies or cross-site tracking technologies.

7. Children's Privacy

corpus is a professional accounting platform intended for use by adults (18+) in a business context. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately at [email protected].

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and an in-app notification at least 30 days before the changes take effect. Continued use of corpus after the effective date constitutes acceptance of the updated policy. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact Us

For privacy-related queries, data requests, or concerns, contact our Data Protection Officer:

corpus (by Elanora Group)

Data Protection Officer

Email: [email protected]

General: [email protected]

Response time: Within 30 business days