AI Usage Disclosure — Veloxis

Effective date: [to be set on first publication] Last revised: 2026-05-24 Data Fiduciary: VKG & Associates, Chartered Accountants Contact: CA Krishna Gujarathi, krishna@vkg.co.in

This disclosure explains how Veloxis uses artificial intelligence ("AI"), which third-party AI providers it consults, what data is shared with them, and what controls protect client confidentiality. It is read together with the Privacy Policy and the Terms of Service.

This document is issued in alignment with:

  • The Digital Personal Data Protection Act, 2023 ("DPDP Act"), §5 (notice), §8 (data processor obligations), §16 (cross-border data transfer).
  • The ICAI Code of Ethics (confidentiality; Second Schedule, Part I, Clause 1) and the ICAI Standards on Auditing, particularly SA 230 on documentation.
  • The CERT-In Cyber Security Directions, 2022.

1. AI features inside Veloxis

The Platform contains the following features that consult external AI providers at runtime:

Feature What it does When AI is called
Smart Check Suggests possible exceptions or anomalies on a checklist item, given the underlying ledger + register + supporting documents When a Firm user clicks "Run Smart Check" on a checklist item
Ask Tool Free-text query over the engagement's evidence pack When a Firm user submits a question through the Ask Tool input
AI Advisor Managing-Partner-only free-text question routed against the full Advisor Evidence Pack for the engagement When a Managing Partner submits a question in the Advisor pane
Audit-content drafting helpers Generates first-draft narratives for Notes, IFC, CARO, Audit Report sections from the structured engagement data When a Firm user clicks "Draft with AI" on a section

All other Platform features — Trial Balance import, Ledger Master Registry, Daybook ingestion, Financial-Statement workbook generation, CARO computation, Form 3CD generation, Audit Report assembly, MRL generator — run locally on the Firm's servers and do not consult any external AI provider.

2. Which AI providers are used

The Platform may consult the following providers depending on the feature, on system configuration, and on availability:

  • Anthropic, PBC ("Anthropic"), https://www.anthropic.com/ — primary provider, model family Claude.
  • Google LLC ("Google"), https://ai.google/ — fall-back provider, model family Gemini.

Both providers are engaged as sub-processors under §8 of the DPDP Act. The Firm has reviewed each provider's published terms — Anthropic Commercial Terms (current published version) and Google Cloud / AI Platform Terms — and confirmed both publish a "no training on customer data by default" position. This forms the basis of the tokenisation + transfer architecture described below.

If the Firm onboards a new AI provider, this disclosure will be revised before the new provider is enabled for production use.

3. The data that leaves the Firm's servers

The Firm has built a pseudonymisation pipeline ("Privacy Pipeline v2", 2026-05) such that no plaintext personal-identifier of the Firm's clients or of their counterparties is sent to any external AI provider in the ordinary course of operation. The Pipeline transforms every AI-bound prompt before it leaves the Firm's servers as follows:

Important: pseudonymisation is not anonymisation. The data sent to AI providers remains personal data under the DPDP Act, 2023 because the Firm holds the reverse mapping (the engagement-scoped TokenMap) and can re-identify the data principal at will. Re-identification is also theoretically possible from the structured financial data alone in narrow circumstances (e.g., a public MCA filing whose figures match a specific engagement's tokenised snapshot). The Firm relies on the Tokenisation Pipeline + provider-side ZDR posture + contractual safeguards as proportionate risk-reduction measures, not as anonymisation.

  • Format-strict identifiers — Permanent Account Number (PAN), Goods and Services Tax Identification Number (GSTIN), Aadhaar, Tax Deduction Account Number (TAN), Corporate Identification Number (CIN), Indian Financial System Code (IFSC), bank account numbers, mobile numbers, e-mail addresses, pincodes, UPI handles — are replaced with opaque bracketed tokens of the form [TYPE.ID5] (e.g., [PAN.A3K7Z]). The mapping back to plaintext lives only on the Firm's servers, AES-256-GCM-encrypted, under a key derived from the Firm key and the engagement identifier.
  • Free-form names and addresses — company names, individual names, audit-firm names, vendor / customer / lender names, contact persons, addresses, street and building names — are replaced with deterministic synthetic Indian-style names sourced from a curated dictionary (e.g., "HDFC Bank" → "Crescent Bank"; "Quality Assurance Pvt Ltd" → "Iris Services Pvt Ltd"; "Mr Krishna Patel" → "Aman Sharma"). The mapping is deterministic per (engagement, real value, identifier type) so the same real entity always resolves to the same fake name within one engagement.
  • Numerical and categorical data (amounts, dates, ratios, financial-statement schedule labels, voucher numbers, document references) are not tokenised and pass through to the AI provider in clear. The AI provider therefore sees structured financial data without the entity identifying information.

The Firm publishes the full technical methodology at docs/privacy-and-tokenization.md in the Veloxis repository.

4. Data the AI provider never sees

  • Plaintext client names — masked via pseudonyms or [CLIENT.A] tokens.
  • Plaintext counterparty names — masked via pseudonyms or [PERSON.X] tokens.
  • PAN / GSTIN / Aadhaar / TAN / CIN / IFSC / Bank account / Mobile / E-mail / Pincode / UPI — masked via bracketed tokens.
  • Original uploaded documents — PDFs, Excels, and images are extracted to text on the Firm's server, then tokenised and the tokenised text is what reaches the AI provider when relevant to the query.
  • Original document filenames — never sent in the user-facing prompt; cached locally only.
  • The engagement identifier (CUID), client identifier, user identifier — never sent.
  • API keys, session tokens, internal IDs — never sent.

5. Data the AI provider does see

  • Structured engagement evidence in a tokenised JSON form — financial-statement schedules, ratio values, materiality figures, checklist statuses, the auditor's free-text question, the tokenised text of any supporting document the user has explicitly attached.
  • Aggregated financial figures: balances, debits, credits, opening/closing amounts. These are factually correct but de-linked from the entity name.
  • Categorical labels: entity type (Company / LLP / Partnership / Proprietorship / Trust), industry sector at a broad level (Manufacturing / Services / Trading), state where applicable (for GST classification), period covered (financial year).
  • The system prompt — describes the auditor's role and the response format expected.

6. Provider-side controls relied upon

For each provider, the Firm relies on the following published positions in the provider's commercial terms as in force on the effective date at the top of this document. The Firm pins these references and reviews them quarterly; any material adverse change triggers an out-of-cycle disclosure update.

  • Anthropic (Commercial API)
    • Plan tier in use by the Firm: paid commercial API (the Firm is not using the free / consumer Claude.ai product).
    • Reference: Anthropic's Commercial Terms of Service and Anthropic's published data-retention page at https://privacy.claude.com/en/articles/7996866-how-long-do-you-store-personal-data.
    • Position relied upon: Anthropic does not use commercial-API inputs or outputs to train any foundation model unless the customer explicitly opts in. The Firm has not opted in.
    • Retention: Anthropic retains commercial-API traffic for up to 30 days for abuse detection. Trust-and-safety material may be retained longer where required by law.
  • Google (Gemini API)
    • Plan tier in use by the Firm: paid Gemini API on Google Cloud (the Firm is not using the free AI Studio tier).
    • Reference: Gemini API Terms of Service at https://ai.google.dev/gemini-api/terms and the Vertex AI / Gemini API data-use disclosures.
    • Position relied upon: For the paid Gemini API, Google does not use prompts or responses to train Google's foundation models. The free tier permits some training use; the Firm therefore uses the paid tier only.
    • Retention: prompts and responses retained for up to 24 hours for abuse detection on the paid tier. Logged trust-and-safety material may be retained longer where required by law.
  • Common positions across both providers
    • No model output is treated as a finished professional deliverable — see §11 below.
    • No re-identification attempts — providers' commercial terms prohibit attempts to re-identify pseudonymised data.

The Firm reviews provider terms quarterly. The references above will be re-dated at each review. Material adverse changes will be communicated in-app and to the Grievance Officer mailing list before the new terms take effect on Veloxis traffic.

7. Reverse pipeline — restoring names for the auditor

When the AI provider responds, the response is intercepted on the Firm's server before display:

  1. Bracketed tokens ([PAN.A3K7Z]) are matched against the engagement's TokenMap and replaced with the original plaintext for display.
  2. Pseudonyms ("Crescent Bank", "Iris Services Pvt Ltd") are matched as substrings against the engagement's TokenMap, longest-first, and replaced with the original plaintext.
  3. Any bracketed-shape string surviving the reverse pass is flagged as a "surviving token" — the AI invented or mutated a token. This is logged for forensic review but does not prevent the auditor from seeing the response.

Only the de-tokenised response is rendered to the Firm user. The raw AI response (in tokenised form) is retained in the audit log for 90 days for forensic review and then removed.

8. AI in the audit-report file

Where Smart Check, Ask Tool, AI Advisor, or any AI-assisted draft has been used in producing or reviewing an engagement deliverable, the engagement's working-paper file shall contain:

  • The timestamped record of the AI call, drawn from the AIPrivacyLog table.
  • The auditor-side prompt (with plaintext restored for the auditor's review) and the auditor-side response.
  • The professional reviewer's manual review and sign-off of the AI suggestion.

This is in line with SA 230 documentation requirements for sufficient appropriate audit evidence and demonstrates that the AI was used as a tool under the auditor's control.

9. Auditor's option to disable AI on an engagement

The Managing Partner or the signing partner of any engagement may instruct the Firm to disable all AI features for that engagement. The Firm will record the instruction in the engagement's permissions log and re-route all checklist work to the manual path for the duration of the instruction.

10. Cross-border data transfer and sectoral localisation

Anthropic and Google process API traffic outside India (United States and other locations). The Firm relies on §16 of the DPDP Act, 2023, which permits transfer of personal data to any country other than countries that the Central Government has expressly restricted by notification. As of the effective date of this disclosure, no restriction notification names the United States or any other current Anthropic / Google operating region in a manner that prevents the transfer.

Sectoral data-localisation overlays

Independent of the DPDP Act, the following sector regulators have published rules that constrain cross-border processing of certain client data. Where the Firm performs an engagement to which any of the following applies, AI features that route data outside India are disabled for that engagement by the engagement partner before fieldwork commences:

  • Reserve Bank of India ("RBI") regulated entities — RBI's Master Direction on Outsourcing of IT Services (April 2023) and the Storage of Payment System Data circular (April 2018, supplemented April 2019) restrict the storage and routing of payment-system data outside India. Audits of RBI-regulated banks, NBFCs, payment-system operators, and prepaid-instrument issuers fall within this scope.
  • Securities and Exchange Board of India ("SEBI") regulated entities — SEBI's Cybersecurity and Cyber Resilience Framework for Market Infrastructure Institutions and the Framework on Cloud Adoption (March 2023) require certain data classes to remain within India. Audits of stock exchanges, depositories, and certain market intermediaries are within scope.
  • Insurance Regulatory and Development Authority of India ("IRDAI") regulated entities — IRDAI's Information and Cyber Security Guidelines (April 2023) require policyholder and underwriting data to be stored within India.

For engagements in scope of any of the above, the Platform's AI features are disabled at the engagement level (see §9 above). The engagement partner records the disablement and the regulatory basis in the engagement permissions log. AI features are not re-enabled for the engagement during its life.

If the Government issues a country-restriction notification under DPDP §16, the Firm will disable the affected provider globally until alternative arrangements are in place.

11. AI suggestions are not professional opinions

Outputs from any AI feature inside Veloxis are advisory in nature. They are not, and shall not be represented as:

  • A statutory audit report under §143 of the Companies Act, 2013.
  • A tax audit report under §44AB of the Income-tax Act, 1961.
  • An ITR.
  • A CARO 2020 reporting opinion.
  • Any other professional deliverable required to be signed by a Chartered Accountant in practice.

The signing partner remains personally responsible under the ICAI Code of Ethics, the Chartered Accountants Act, 1949, and SA 200 for every opinion, signature, and certificate emitted from Veloxis. AI suggestions are reviewed by the partner and either accepted (with documentation), modified, or rejected before they appear in any signed deliverable.

12. Hallucination, error, and the auditor's safeguard

AI providers occasionally generate confident but incorrect text ("hallucination"). The Firm's mitigations:

  • The Privacy Pipeline already strips identifying information before the AI sees data, which limits the AI's ability to introduce wrong identifying details. Numerical errors remain possible.
  • All AI suggestions are surfaced as suggestions in the UI and are not auto-applied to checklist items, registers, dashboards, or generated reports.
  • The auditor reviews every suggestion before sign-off. Documentation of that review is mandatory under SA 230.
  • Where an AI suggestion is found to be incorrect, the Firm encourages the user to record the correction via the in-app feedback control. The feedback is retained for ongoing pipeline calibration.

13. Updates to this disclosure

The Firm will revise this disclosure when any of the following changes:

  • A new AI provider is engaged.
  • The list of features that consult AI changes.
  • The classes of data shared with the AI change.
  • A provider's published terms on training or retention materially change.
  • The Privacy Pipeline architecture changes in a way that affects what is sent.

Revisions will be dated at the top of this document. Material revisions will be communicated to authorised users via in-app notice and (for client-portal users) via e-mail.

14. Grievance

Concerns about how Veloxis uses AI on personal data may be raised with the Grievance Officer at krishna@vkg.co.in. The Firm will acknowledge within twenty-four hours and respond substantively within fifteen days, in alignment with the IT Intermediary Rules, 2021 and the DPDP Act.

Veloxis is operated by VKG & Associates, Chartered Accountants. Concerns about this document may be raised with the Grievance Officer at krishna@vkg.co.in.