What Zoho's terms say, and what its Advanced Autoscan actually did to a real ₹61,250 bill
I read Zoho's Receipts terms of service yesterday because of a Reddit thread. A small-business owner was venting that his CA charges five thousand rupees a month to organise his receipts, and the comments answered themselves with three "just use Zoho Books" mentions inside ten replies. One tax lawyer chimed in to say it was a free-market call. For a CA uploading another person's financial records to a third-party tool, the terms are part of that call, and most of the thread did not seem to have read them.
This is the read, with the quotes, of what those pages say and what they leave out. Two documents matter: the product-specific Zoho Receipts terms, and the corporate-wide Zoho privacy policy. They disagree on tone, and that is the first interesting thing.
The first thing you notice is that one of these pages is from 2016 and its product page is gone
The Receipts terms page carries a footer reading "© 2016" with no visible revision. The matching product landing page, zoho.com/receipts.html, returns 404 today. So the standalone Zoho Receipts has either been absorbed into Zoho Books or quietly retired, while its terms page still sits at a public URL. If you search for "is Zoho Receipts safe" in 2026, the page Google will hand you was last touched in the year of demonetisation.
The clause that contradicts the only thing you would use it for
This is the sentence:
"You will not upload any content that is considered as confidential and/or personal information belonging to any person or entity."
Read it twice. Read it as a CA whose entire job is uploading other people's confidential financial documents. The terms, as written, prohibit the obvious use case. Zoho almost certainly does not enforce that clause against bookkeeping use, because the feature exists to do precisely that. But if you ever had a dispute about a data incident involving a client's bills, that clause is now on a public page with your signature against it.
The second line worth quoting:
"all the receipts are subject to human verification by our personnel in India who are subject to strict background verification."
Zoho employees physically look at uploaded receipts as part of the workflow. They are background-checked, the page says. They are also people, and "no human ever sees your bills" is a promise this product cannot make.
The Receipts terms have no retention policy, no deletion timeline, no grievance officer, no India-specific Data Protection Officer, and no reference to the DPDP Act 2023. The page predates DPDP by seven years and reads like it.
The corporate privacy policy fills some of the silence and leaves the wrong gaps
Zoho's main privacy policy, effective 22 December 2025, is the document that actually governs Zoho Books. It has a few useful clauses:
- "Zoho has never sold your information... We do not sell any personal information."
- "We recognize that you own your service data."
- A Data Protection Officer with a contact email (
dpo@zohocorp.com). - A deletion timeline: from active databases within six months of termination, from backups within three months after that.
- A sub-processors list published in the open.
- "Using anonymized crops of service data to improve accuracy of the algorithms; and using your organization's data for developing models specific for your organization."
For a CA in India, the two real gaps:
- No India data residency. The policy says service data is processed and stored "within the United States of America, the European Economic Area (EEA) and other countries where Zoho operates." India is not named. For a tool that will end up holding your client's supplier ledgers, GSTINs and invoice values, "stored somewhere in the EEA or US" is a fact your engagement letter and your client may not have seen.
- No DPDP Act reference. The policy is GDPR-aligned, with Model Contractual Clauses for cross-border transfer. It does not reference India's Digital Personal Data Protection Act 2023, and the DPO sits in Utrecht. For a service whose Indian-CA users are governed by Indian law, that gap is loud.
The "anonymized crops" line is the third one to reread. Anonymisation on invoices is harder than on chat logs, because a GSTIN, a vendor name and a date are effectively a fingerprint of one real business. The burden of judging whether "anonymised" is enough is on you, not them.
So, is it safe to upload your client's bills to Zoho Books?
That decision is yours. Three things to acknowledge before you make it:
- You are uploading your clients' confidential financial records to a tool whose oldest terms told you not to, and whose current corporate policy says the data will live outside India.
- You are trusting that Zoho's "anonymised algorithm improvement" does not include the parts of a bill that uniquely identify your client.
- You are picking a vendor whose published DPO sits in the Netherlands and whose policy treats EU privacy law as the governing standard rather than Indian law.
The same thought, written about chat tools, sits in our ChatGPT-vs-OCR post: pasting a client's bill anywhere, including a chat window, is a data-handling decision.
What its Advanced Autoscan actually did to a real bill
The terms pages cannot tell you this. You only find it by uploading.
Zoho ships two OCR products under similar names. There is the regular Autoscan, included on every plan: 50 scans per month on Free, 200 on Standard and Professional, and 1,000 on Premium and above. There is also a separate Advanced Autoscan add-on, priced at ₹419 per 50 scans per month billed annually, or ₹499 per 50 scans per month at the regular rate (per the official Zoho Books India pricing page). The Advanced tier comes with 2 free trial scans on a new account. So beyond the trial, you are paying roughly ₹8 to ₹10 per scan for the premium product.
We uploaded a single real bill: a transport invoice from Nice Packers & Movers, Delhi to Ahmedabad, ₹61,250 total, GSTIN printed across the top. The trial counter on our fresh account read "Available Autoscans: 1 / Purchased Monthly: 2," and the screen banner pushed "Use Advanced Autoscan. Buy Addon." Both signal that what ran was the Advanced product, not the regular one. So this is the paid, premium OCR by Zoho's own positioning.
Here is what it returned, against the actual bill.
| Bill says | Zoho extracted | Right? |
|---|---|---|
| Vendor: Nice Packers and Movers | Nice Packers & Movers | yes |
| Bill # 101 | 101 | yes |
| Bill Date: 22/12/2021 | 02/12/2022 | no, wrong day and wrong year |
| Vendor GSTIN: 07GVCPS9174J1ZS (printed across the top) | not captured | no |
| Customer: Kuldeep Kumar | empty | no |
| Route: Noida Sector-72 → Ahmedabad | empty | no |
| Packing Charge ₹45,000 | merged into a row called "Transportation Charge Loading Charge Include" at ₹45,000 | partial |
| GST @ 5% = ₹2,250 | silently dropped | no |
| Service Charge @ 10% = ₹4,500 | "Service Charge@%" at ₹4,500, lost the 10% | partial |
| Insurance Charge @ 3% = ₹7,500 | "Insurance Charge @2k..... %" at ₹7,500, rate confused | partial |
| NGT Tax ₹1,500 | silently dropped | no |
| Bilty Charge ₹500 | silently dropped | no |
| TOTAL ₹61,250 | ₹57,000 | short by ₹4,250 |
| Account/ledger mapping | every line account = "Uncategorized" | no |
The Bill posted to Zoho is ₹4,250 short of the printed total, and the three missing lines are exactly GST ₹2,250 + NGT Tax ₹1,500 + Bilty Charge ₹500 = ₹4,250. No low-confidence field. No skipped section. The OCR produced a Bill that looks complete and is wrong by four thousand two hundred and fifty rupees.
For a CA, dropping the GST line is the single most expensive omission. The Input Tax Credit is not booked, the books do not tie to the printed bill, and the error surfaces months later in reconciliation with interest on the gap. The vendor GSTIN is also missing from the form, which is the field a 2B match would need.
This is the same failure mode the ChatGPT vs OCR piece documents: the model returns a plausible wrong answer rather than an error. The Advanced Autoscan, on this bill, behaved the same way. And it is priced as the paid premium tier, not the bundled one.
The Bundled Autoscan that ships included on every plan is the less capable tier by Zoho's own positioning. An upgrade product positioned as more accurate, that silently drops the GST line, is not the kind of thing whose downgrade reads the same bill better. The bundled basic does not handle this bill either.
And on the same bill, the MessyDocs pipeline
We took the same image and ran it through our pipeline on the same day. Every field Zoho dropped came through.
The vendor name, full address, mobile, website, email and the printed GSTIN 07GVCPS9174J1ZS all came through at high confidence. Bill number 101, customer Kuldeep Kumar, From NOIDA, Sector-72, To Ahmedabad, the consignment line LR-101 = 34 Items. All eight line items came through with amounts: Transportation ₹45,000, Loading and Unloading marked Include, GST @ 5% = ₹2,250, Service Charge @ 10% = ₹4,500, Insurance Charge ≈ 3% = ₹7,500, NGT Tax ₹1,500, Bilty Charge ₹500. The printed total of ₹61,250 was returned correctly. The date 22/12/021 was flagged at medium confidence with a bounding box for human review, because the year is genuinely ambiguous on the form (021 rather than 2021 or 21). That is exactly the kind of field a CA should be asked to confirm before posting, and exactly the moment a confident-wrong OCR is most dangerous.
Per-scan cost is meaningfully lower than the ₹8 to ₹10 per scan Zoho charges for the Advanced add-on. The masters never leave the machine. The bill is the only thing our cloud ever sees.
On this specific bill, the head-to-head is:
| Zoho Advanced Autoscan | MessyDocs pipeline | |
|---|---|---|
| Vendor name | yes | yes |
| Vendor GSTIN | missed | captured |
| Bill date | wrong (02/12/2022) | 22/12/021, flagged for review |
| Customer | missed | captured |
| Route | missed | captured |
| All 8 line items | 3 dropped (GST, NGT, Bilty) | all 8 captured |
| Total | ₹57,000 (short by ₹4,250) | ₹61,250 (correct) |
| Confidence flagging on ambiguous fields | none | medium-confidence flags with bounding boxes |
For Indian SMB and CA workflows, "just use Zoho" stops being the obvious answer the moment a real vendor bill enters the picture.
The same bill through Odoo and Xero failed differently
We ran the same image through Odoo's IAP OCR and Xero/Hubdoc on the same day.
- Odoo returned ₹6.00 as the bill total. The digit-cluster grab failure: it lifted "6" from somewhere on the document and called it the total. Off by ₹61,244.
- Xero/Hubdoc got the total right at ₹61,250 but lumped everything into a single line with Tax reported as ₹0. The lazy-lump failure: looks clean, silently destroys the ITC.
Three bundled-OCR products, three failure modes, one pattern: none of them produced a Bill where the GST input tax credit could be correctly booked. Each lost the ₹2,250 of ITC in its own way. The MessyDocs pipeline returned the full split.