G
GCC TaxGPTBack to home
Last updated: April 2026 — updated to include CT Return Generator

Privacy Policy

GCC Tax GPT is a professional tax research tool. We understand that the queries you submit may relate to sensitive business and financial matters. This policy explains exactly what data we collect, how it is used, and who can access it.

1. What Data We Collect

GCC Tax GPT has two distinct tools with different data handling. What we collect depends on which tool you use:

Tax Research Chat

  • Account information — your name and email address, provided at registration.
  • Conversation content — your queries and the AI-generated answers, stored to enable conversation history and follow-up questions.
  • Usage data — query counts, jurisdiction selected, and API cost per query. Query text is not written to log files.
  • Technical data — IP address (rate limiting only, not stored long-term), browser type, and session tokens.

CT Return Generator

Generate → Download → Gone
  • Financial documents — the PDF you upload is held in memory only and is never written to disk or stored in our database. It is discarded immediately after your return is generated.
  • Generated outputs — the Excel return and PDF report are generated in memory, streamed to you as a download, and immediately discarded. We do not retain copies.
  • Audit log only — we store a single log entry containing your user ID, a timestamp, and the action type (“ct_return_generated”). No financial figures, no company name, no document content.

2. How Your Queries Are Processed

To generate an answer, your query is processed through the following pipeline. You should be aware that your query text is transmitted to third-party AI infrastructure providers:

Anthropic

Large language model (Claude) — generates the answer

Anthropic does not train on API data by default. Data is processed under their API Terms of Service.

Voyage AI

Embeddings and reranking — matches your query to relevant documents

Data is processed under Voyage AI's API Terms of Service and is not used for model training.

Recommendation: Avoid including specific client names, entity registration numbers, or other directly identifying information in your queries. Frame questions using general descriptions (e.g. “a UAE holding company” rather than a specific company name). The tax rules are the same regardless of the entity name.

3. CT Return Generator — Detailed Data Handling

The CT Return Generator processes sensitive financial documents. Because this is significantly different from the chat tool, we explain its data handling in full detail here.

What happens when you upload a document

  • Your PDF is received by our server and held exclusively in RAM. It is never written to disk, never saved to our database, and never cached.
  • The complete PDF — including company name, financial figures, auditor details, and all notes — is transmitted to Anthropic's Claude API over an encrypted HTTPS connection to generate your CT return.
  • Once Claude's response is received, your uploaded PDF is immediately released from memory. It no longer exists on our infrastructure.

What Anthropic receives and does with it

  • Anthropic receives the full contents of your uploaded PDF as part of the API request.
  • Anthropic does not use API data to train their models by default. Their data handling is governed by the Anthropic Privacy Policy.
  • We are in the process of requesting Anthropic's Zero Data Retention (ZDR) policy for our account, which would require Anthropic to process and immediately discard API requests without any logging on their side.

What happens to the generated return

  • The Excel return and PDF computation report are generated in memory on our server and packaged into a ZIP file.
  • The ZIP is sent directly to your browser as a download. After the transfer completes, all generated files are discarded from our server.
  • We do not store, cache, or retain any copy of your generated return. There is no history of CT returns within the platform.

4. Who Can Access Your Conversations

Your conversations are private and access is strictly limited:

  • You — you can view, continue, and permanently delete any of your conversations at any time from within the app.
  • GCC Tax GPT operators — as the platform operator, we have administrative access to the database for the purposes of maintaining the service, diagnosing technical issues, and ensuring platform integrity. We do not routinely read user conversations.
  • No other users — your conversations are isolated to your account and are never visible to other users.
  • No third-party advertisers or data brokers — we do not sell, share, or monetise your conversation data.

5. Data Storage and Security

  • Conversations are stored in a PostgreSQL database hosted on a DigitalOcean server located in the Frankfurt, Germany region (EU infrastructure).
  • All data in transit is encrypted via HTTPS/TLS.
  • Access to the server requires SSH key authentication — password-based access is disabled.
  • Your query text is not written to application log files.
  • Passwords are hashed using bcrypt and never stored in plaintext.

6. Data Retention and Deletion

Your conversation history is retained for as long as your account is active, so that you can access prior research sessions.

  • You can delete individual conversations at any time from within the chat interface. Deletion is permanent and immediate.
  • To request full account deletion and erasure of all associated data, contact us at the address below. We will process deletion requests within 30 days.

7. Cookies and Session Tokens

We use a session token stored in your browser's local storage to keep you logged in. This token expires after 7 days. We do not use advertising cookies or third-party tracking cookies. We do not use Google Analytics or any third-party analytics services.

8. Changes to This Policy

If we make material changes to this policy — particularly around how query data is processed or who has access to it — we will notify active users by email before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

9. Contact

For privacy-related questions, data deletion requests, or concerns about how your data is handled, contact us at:

GCC Tax GPT

Email: privacy@gcctaxgpt.com

© 2026 GCC Tax GPT. All rights reserved.