Back to Home
Tax360

Privacy Policy

Last updated: 2026-01-25

This Privacy Policy explains how Tax360.lk ("Tax360", "we", "our", or "us") collects, uses, shares, and protects information when you use our website and services (the "Service").

1. Scope and Definitions

"Personal Data" means information that identifies you or can reasonably be linked to you.

Depending on how you use the Service, we may process:

  • Account Data: name, email address, authentication details.
  • Conversation Data: prompts, messages, and content you submit in chat, plus the Service's responses.
  • Tax Input / Personalization Data: information you provide for calculations or tailored experiences (for example, income information, employer details, and other tax-related financial information).
  • Support and Feedback Data: messages you send to support and feedback you submit about responses.
  • Device and Usage Data: IP address, browser type, operating system, timestamps, pages/actions, and similar technical data.

Please do not submit secrets you would not want stored (for example, passwords, OTP codes, or full payment card details) in chat.

2. Information We Collect

2.1 Information you provide

We collect Personal Data you choose to provide when you:

  • create an account or sign in
  • contact support
  • use chat, calculators, or other features that accept user inputs
  • submit feedback on an interaction
  • subscribe to updates (if offered)

2.2 Information collected automatically

When you use the Service, we automatically collect Device and Usage Data described above.

2.3 Cookies and similar technologies

We use cookies (and similar technologies) for:

  • Essential operation (for example, authentication and security)
  • Preferences (for example, remembering your theme)
  • Performance and reliability (for example, error monitoring and service stability)

You can usually control cookies through your browser settings. Some cookies are required for the Service to function.

3. How We Use Your Information

We use Personal Data to:

  • provide, operate, and maintain the Service
  • process and display your conversation history and saved items (if any)
  • provide results and guidance based on the information you submit
  • personalize your experience (if you use personalization features)
  • respond to requests, questions, and support tickets
  • communicate service-related notices and updates
  • prevent abuse, fraud, and security incidents
  • improve the Service, including its quality and reliability

4. AI Processing, Model Improvement, and Feedback

4.1 AI processing

The Service may process your Conversation Data and Tax Input / Personalization Data using AI systems in order to generate responses. This may involve transmitting relevant content to service providers that help us deliver AI functionality (see Section 5).

4.2 Model improvement and training by subscription tier

  • Free and Guest users: Your Conversation Data and Tax Input / Personalization Data may be used to improve our AI features, including for model training and evaluation.
  • Pro, Pro+ and Enterprise users: We do not use your Conversation Data or Tax Input / Personalization Data for model training.

4.3 Feedback and quality assurance

If you submit feedback on a message or interaction, we may review the relevant conversation context for quality assurance, safety, and support purposes.

For clarity:

  • Feedback review can apply to all tiers.
  • Using content for model training follows the tier rules in Section 4.2.

5. How We Share Information

We do not sell your Personal Data.

We may share Personal Data in the following situations:

5.1 Service providers (processors)

We use trusted third-party vendors to help operate the Service. These vendors may process Personal Data on our behalf, such as:

  • AI infrastructure and model providers (to generate responses)
  • authentication providers (including OAuth sign-in providers like Google, if you choose them)
  • email delivery and support tooling
  • hosting, database, and monitoring/logging providers

We require service providers to protect information and to use it only to provide services to us.

5.2 Legal and safety

We may disclose information if we believe it is reasonably necessary to:

  • comply with law, regulation, or legal process
  • protect the rights, safety, and security of Tax360, our users, or the public
  • investigate or prevent fraud, abuse, or security issues

5.3 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction.

6. Data Retention

We retain Personal Data only as long as necessary for the purposes described in this policy, including:

  • keeping your account active and providing the Service
  • maintaining your conversation history and saved data until you delete it or close your account
  • complying with legal obligations and resolving disputes
  • enforcing our agreements and protecting the Service

When you request deletion, we will delete or de-identify Personal Data, subject to legal requirements and limited retention in backups and logs.

7. Security

We use reasonable technical and organizational measures designed to protect Personal Data, including access controls and safeguards appropriate to the sensitivity of the information.

No method of transmission or storage is 100% secure. You are responsible for keeping your credentials confidential.

8. Your Choices and Rights

Depending on your location and applicable law, you may have rights to:

  • request access to Personal Data we hold about you
  • request correction of inaccurate Personal Data
  • request deletion of your account and associated Personal Data
  • object to or request restriction of certain processing

Paid tiers (Pro, Pro+ and Enterprise) have an additional product guarantee described in Section 4.2 regarding model training.

To make a request, contact us using the details in Section 10. We may need to verify your identity before fulfilling requests.

9. International Transfers

Our service providers and infrastructure may be located in countries outside Sri Lanka. Where we transfer Personal Data internationally, we take steps designed to ensure appropriate protection consistent with applicable law.

10. Contact Us

If you have questions or requests regarding this Privacy Policy, contact: