Privacy Policy

FirstReports is a SaaS platform that helps Indian Chartered Accountants consolidate equity trading P&L statements and ledgers from multiple broker platforms into a single tax-ready report. Our registered place of business is in 3rd Floor, 305, UDB Towers, Govind Marg, Sindhi Colony, Jaipur, Rajasthan – 302004, India.

For any privacy-related queries, contact us at: support@firstreports.in

2.1 Account Information

When you register, we collect:

• Full name
• Email address
• Firm name (optional)
• Password (stored as a secure hash — we never see your plain-text password)

If you register via Google OAuth, we receive your name and email from Google. We do not receive your Google password.

2.2 Client Data You Upload

When you upload a client's broker statement, we collect and store:

• The raw file (CSV / Excel) in encrypted cloud storage
• Parsed trade data extracted from that file (symbols, quantities, prices, dates, charges)
• Client details you enter: name, PAN number, email, financial year

You are the Data Fiduciary for your clients' personal data. You are responsible for having the appropriate authority or consent from your clients to upload their financial data to our platform.

2.3 Usage Data

We automatically collect:

• Browser type and version
• IP address
• Pages visited and features used
• Date and time of access

This data is used solely for security monitoring, debugging, and improving the platform.

2.4 Payment Information

Payments are processed by Razorpay. We do not store your card number, CVV, or bank account details. We only store the transaction ID and plan status returned by Razorpay.

We use the information we collect to:

• Provide, operate, and maintain the FirstReports platform
• Authenticate your identity and manage your account
• Process and display consolidated P&L statements for your clients
• Send transactional emails (account verification, password reset, payment receipts)
• Respond to support queries
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations under Indian law

We do not use your clients' financial data for advertising, training AI models, or any purpose other than delivering the service you requested.

We do not sell your personal data. We share data only with the following sub-processors, strictly for the purpose of delivering the service:

We may also disclose information if required by law, court order, or a competent government authority under Indian law.

To auto-detect the format of an uploaded broker file, we send only the column headers and first 5 rows of the file to Anthropic's API. We never send:

• Your client's PAN number
• Your client's name or email
• The full dataset of trades

All arithmetic (P&L calculation, STCG/LTCG classification) is performed by our own deterministic code — not by the AI model.

Anthropic's data handling is governed by their Privacy Policy.

All data is stored on Supabase infrastructure, which is hosted on AWS. Data at rest is encrypted using AES-256. Data in transit is encrypted using TLS 1.2+.

Access to your data is controlled by Row-Level Security (RLS) policies — your client data is never accessible to other CAs on the platform.

While we implement industry-standard security measures, no system is 100% secure. In the event of a data breach that is likely to result in risk to your rights, we will notify you within 72 hours of becoming aware of it.

• Account data: Retained as long as your account is active. Deleted within 30 days of account deletion.
• Client and upload data: Retained as long as you keep it on the platform. You can delete individual clients or files at any time from the dashboard.
• Usage logs: Retained for up to 90 days for security purposes.
• Payment records: Retained for 7 years as required under the Income Tax Act, 1961 and GST law.

Under the Digital Personal Data Protection Act, 2023, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Erasure: Request deletion of your account and associated data, subject to legal retention requirements.
• Grievance redressal: Raise a complaint with us and receive a response within 30 days.

To exercise any of these rights, email us at support@firstreports.in.

We use only essential cookies required for authentication (session tokens) and security (CSRF protection). We do not use advertising cookies or third-party tracking cookies.

FirstReports is intended for use by licensed Chartered Accountants and professional tax practitioners. We do not knowingly collect data from individuals under the age of 18. If you believe a minor has provided us data, contact us at support@firstreports.in and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice on the platform at least 7 days before the change takes effect. Your continued use after the effective date constitutes acceptance of the updated policy.

In accordance with the Information Technology Act, 2000 and rules thereunder, the name and contact details of the Grievance Officer are: