Client and firm data stays protected, scoped, and accountable.

CA DigiBox is designed for professional firms handling sensitive client work. This policy explains what data is collected, how it is used, and the controls available to protect it.

Last updated: 06 June 2026 Security details Terms of service

Data privacy first

Built around tenant-scoped firm workspaces.

Each firm workspace is treated as a separate tenant context. Staff, client users, documents, credentials, activity logs, storage settings, billing records, and configuration are handled with tenant-aware controls.

Private Documents and credentials are not public by default.

Scoped Tenant, party, employee, and client permissions decide access.

Audited Important actions can be logged for review and accountability.

Information we collect

We collect firm details, owner/admin details, employee and client user details, party/client records, timesheet data, service records, credentials, documents, document movement records, storage audit records, payment/subscription details, activity logs, and technical data such as IP address, device/browser details, and session information.

How we use information

Information is used to operate tenant workspaces, authenticate users, send OTP or email notifications, manage subscriptions, provide document and credential workflows, maintain audit trails, troubleshoot issues, improve product reliability, and protect accounts from misuse.

Documents and credentials

Documents, attachments, and credentials are sensitive by design. Access is controlled through tenant settings, staff permissions, client visibility flags, signed document links, and storage configuration. Secret credential values should be shared only with authorized users.

Storage and third-party services

Depending on configuration, files may be stored on server storage or Amazon S3. Email, OTP, Razorpay, WhatsApp links, and other integrations may process limited information required to deliver their function. Admins should configure these services using their own approved accounts and policies.

Data retention

Workspace data is retained while the tenant account is active or as required for recovery, billing, audit, compliance, or legal purposes. Platform Admin controls can soft-delete or permanently purge tenant data where supported. Secure temporary document links expire based on configured settings.

Your controls

Firm admins can manage users, permissions, client visibility, storage settings, security settings, and document sharing controls. Platform Admin can manage packages, tenant settings, subscriptions, feature flags, and account lifecycle.

Security

We use authentication, tenant scoping, permission checks, private file handling, signed links, audit logs, and operational controls to reduce risk. No software can guarantee absolute security, so firms should also use strong passwords, MFA/authenticator setup, least-privilege permissions, and secure email/storage accounts.

Contact

For privacy questions, data requests, or security concerns, contact the CA DigiBox support or platform administration team through your onboarding channel.

Ready to evaluate

Start with a private trial workspace.

Test the tenant-scoped client portal, document controls, and pricing plan before going live.

Start Free Trial