Do I need to install anything to connect Tally?

No. Export your data as an XML file from TallyPrime and upload it to Tavit. No plugins, no API keys, no changes to your Tally configuration required.

How does ITC reconciliation work?

Tavit fetches your GSTR-2B from the GSTN portal and matches it against your Tally purchase register line by line. Mismatches are flagged with supplier-level detail.

Is my data stored in India?

Yes. All data is stored on Supabase's India region (ap-south-1) and never leaves Indian servers. Tavit complies with the DPDP Act 2023 and GST IT-01 data residency norms.

Which GST returns does Tavit support?

Currently GSTR-1, GSTR-2B reconciliation, and GSTR-3B. TDS (26Q/27Q) and GSTR-9 annual return are in active development.

Legal

Privacy Policy

Last updated: 3 June 2026 · Effective: 3 June 2026

This policy describes how Tavit Technologies Pvt. Ltd. processes personal data in compliance with the Digital Personal Data Protection Act, 2023 (India).

1. Who We Are

Tavit Technologies Pvt. Ltd. ("Tavit", "we", "us") is a company incorporated under the Companies Act, 2013, with its registered office in Varanasi, Uttar Pradesh, India. We operate the Tavit platform — an AI-assisted GST compliance and accounting product for Indian businesses and CAs.

As a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act), we are responsible for the personal data you share with us.

2. Data We Collect

When you use Tavit we collect:

• Identity data — name, email address, mobile number, PAN/GSTIN.
• Business data — company name, registered address, GST registration details, Tally XML files you upload.
• Transaction data — invoices, credit notes, purchase records, ITC claims, tax ledgers.
• Usage data — pages visited, features used, error logs, device and browser information.
• Communication data — support tickets, feedback, and emails you send us.

We do not collect Aadhaar numbers, bank account credentials, or biometric data.

3. How We Use Your Data

We use your data exclusively to:

• Provide GST return preparation, ITC reconciliation, and compliance calendar services.
• Import and process Tally XML data you upload.
• Send compliance deadline reminders via email or WhatsApp (only if you opt in).
• Improve our product through aggregated, anonymised analytics.
• Fulfil legal and regulatory obligations (e.g., audits required by the Income Tax Act or GST Act).

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Sharing

We share data only with:

• GSTN / MasterGST / GSTHero — to file returns on your behalf, strictly as instructed by you.
• Supabase — our database provider (PostgreSQL hosted in Mumbai, India).
• Razorpay — payment processing for subscriptions (governed by Razorpay's own privacy policy).
• Infrastructure providers — Vercel (CDN) and Railway (container hosting), both operating under data processing agreements.

All sub-processors are contractually bound to process your data only on our instructions.

5. Data Residency

All business and personal data is stored on servers located in India. We do not transfer your financial or tax data outside the territory of India.

6. Data Retention

We retain your data for the period your account is active and for a minimum of 7 years thereafter, as required by the GST Act and Income Tax Act for financial records.

If you request deletion of your account, we will erase personal identifiers within 30 days, subject to legal hold obligations.

7. Your Rights (DPDP Act 2023)

Under the Digital Personal Data Protection Act, 2023, you have the right to:

• Access a summary of the personal data we hold about you.
• Correction of inaccurate or outdated personal data.
• Erasure of your personal data (subject to legal retention requirements).
• Grievance redressal — contact our Data Protection Officer within 48 hours response time.
• Nomination — designate another individual to exercise rights on your behalf in case of death or incapacity.

To exercise any of these rights, email us at privacy@tavit.in.

8. Cookies

We use only functional cookies necessary for authentication (session tokens stored in httpOnly cookies) and one analytics cookie (anonymous usage metrics). We do not use advertising or cross-site tracking cookies.

You can disable cookies in your browser, but this will prevent you from logging in.

9. Security

We protect your data with:

• TLS 1.3 encryption in transit for all API and web traffic.
• AES-256 encryption at rest for database volumes.
• Row-Level Security (RLS) policies in PostgreSQL — your data is isolated from other companies at the database layer.
• Regular penetration testing and vulnerability assessments.
• Strict access controls — engineers cannot access production customer data without multi-party approval.

10. Changes to This Policy

We will notify you by email at least 15 days before any material change to this Privacy Policy. Continued use of Tavit after the effective date constitutes acceptance of the updated policy.

11. Grievance Officer

If you have a complaint about how we handle your data, contact our Grievance Officer:

Name: Durgesh Pandey
Email: grievance@tavit.in
Address: Tavit Technologies Pvt. Ltd., Varanasi, Uttar Pradesh — 221001, India

We will acknowledge complaints within 48 hours and resolve them within 30 days.

Questions? Contact us →