Ask Veda

TaxClue AI · Active
Namaste! I'm Veda — TaxClue's AI compliance assistant. 🙏

Ask me anything about GST, ITR, Company registration, Trademark, FSSAI or any compliance topic. When you're ready, I'll connect you with our expert for a free callback.
Share your details — our expert will call you
Powered by TaxClue · India's Trusted Compliance Platform
⚖️ Legal Document

Confidentiality Policy

📅 Last updated: June 2025 🌐 Applies to taxclue.in ⚖️ Governed by Indian Law
Section 01

Fundamental Commitment

TaxClue Consultech Private Limited treats all client information as strictly confidential. This commitment is a cornerstone of our professional practice and constitutes a binding legal and ethical obligation under the professional ethics codes of ICAI, ICSI, and BCI, as well as applicable Indian data protection law. Every member of our team — employees, associates, consultants, and professional partners — is bound by this obligation.

Section 02

Definition of Confidential Information

For the purposes of this Policy, "Confidential Information" means all non-public information, in any form or medium, disclosed by or on behalf of the Client to TaxClue, or otherwise obtained by TaxClue in the course of providing services, including but not limited to:

  • Personal Data: PAN, Aadhaar, DIN, passport details, date of birth, contact details, photographs, and biometric information.
  • Financial Information: Income details, bank account numbers, financial statements, balance sheets, profit and loss accounts, tax returns, investment details, loan agreements, and credit history.
  • Business Information: Company structure, shareholding patterns, board resolutions, MoA/AoA, partnership deeds, trade secrets, client lists, business strategies, merger/acquisition plans, and proprietary processes.
  • Legal Information: Notices received from authorities, dispute details, litigation strategy, settlement discussions, and legal opinions.
  • Communication Content: All correspondence — emails, WhatsApp messages, phone conversations, video meetings, and chat transcripts — exchanged between the Client and TaxClue.
  • Government Portal Data: Login credentials, DSC details, filing history, and response documents accessed or created during service delivery.
Section 03

Handling and Access Controls

Confidential Information is subject to the following safeguards:

  • Need-to-Know Principle: Access is restricted to team members directly assigned to the Client's engagement. No other employee, client, or third party has access.
  • Role-Based Access Control (RBAC): Digital systems enforce role-based access with multi-factor authentication.
  • Encryption: AES-256 encryption for stored data; SSL/TLS for data in transit.
  • Confidentiality Agreements: All employees, contractors, and professional partners sign binding Non-Disclosure Agreements (NDAs) before commencing work.
  • Segregation: Client data is logically segregated — information of one client is never accessible to or shared with another client.
  • Physical Security: Physical documents stored in locked, access-controlled facilities with CCTV monitoring.
  • Device Security: Company-managed devices with disk encryption, remote wipe capability, and endpoint protection.
  • Secure Disposal: Upon expiry of retention periods, documents are securely shredded (physical) or cryptographically erased (digital).
Section 04

Permitted Disclosures

Confidential Information may be disclosed only in the following strictly limited circumstances:

  • Client Authorisation: With the Client's explicit written or electronic consent — including authorisation to file on government portals as part of the engaged service.
  • Professional Team Members: To CAs, CSs, Advocates, and other qualified professionals assigned to the Client's engagement — each bound by their respective professional ethics codes (ICAI, ICSI, BCI) which impose independent confidentiality obligations.
  • Legal Compulsion: When compelled by a court order, summons, statutory authority demand, or regulatory investigation under applicable law — including the Code of Criminal Procedure, 1973; Income Tax Act, 1961; PMLA, 2002; and DPDP Act, 2023. Where legally permissible, TaxClue shall notify the Client before making such disclosure.
  • Prevention of Crime or Fraud: Where TaxClue has reasonable grounds to believe that disclosure is necessary to prevent or report a serious criminal offence, fraud, money laundering, or imminent harm to any person.
Section 05

Duration of Obligation

TaxClue's confidentiality obligations under this Policy are perpetual and survive the termination or completion of any service engagement indefinitely. Client information remains confidential regardless of the passage of time, unless: (a) the information enters the public domain through no fault or action of TaxClue; (b) the Client provides written consent for disclosure; or (c) disclosure is compelled by applicable law.

Section 06

Professional Standards

Our confidentiality practices are aligned with and governed by:

  • Clause 1 of Part I of the Second Schedule to the Chartered Accountants Act, 1949 — professional misconduct for disclosure of client information without consent.
  • ICSI Code of Conduct — Company Secretaries' duty of confidentiality.
  • Bar Council of India Rules (Part VI, Chapter II) — solicitor-client privilege and advocate's duty of secrecy.
  • Digital Personal Data Protection Act, 2023 — data protection obligations for Data Fiduciaries.
  • Information Technology Act, 2000 and IT (Reasonable Security Practices) Rules, 2011 — data security requirements.
  • ISO 27001:2022 — information security management standards (TaxClue is ISO 27001-certified).
Section 07

Breach Response Protocol

In the event of a suspected or confirmed breach of confidentiality:

  • Immediate Containment: The affected system or access point is isolated and secured within 2 hours of detection.
  • Client Notification: Affected Clients are notified within 72 hours of confirming the breach, in compliance with Section 8(6) of the DPDP Act, 2023.
  • Investigation: A thorough forensic investigation is conducted to determine the scope, cause, and impact of the breach.
  • Regulatory Notification: The Data Protection Board of India and any other applicable regulatory body are notified as required by law.
  • Remediation: Root cause analysis is completed, and corrective measures are implemented to prevent recurrence.
  • Disciplinary Action: Any employee or associate found responsible for a breach faces disciplinary action up to and including termination and legal prosecution.
Section 08

Client's Obligations

The Client also agrees to keep confidential TaxClue's proprietary processes, internal methodologies, pricing structures, software tools, and any non-public information shared during the engagement. This obligation is mutual and survives the termination of the engagement.

Section 09

Contact

TaxClue Consultech Private Limited CIN: U74999HR2021PTC095657
📍 Plot No 55, Sector 21A, Faridabad, Haryana — 121001, India
📧 info@taxclue.in
📞 +91 98914 64610
🌐 www.taxclue.in

Grievance Officer: Mr. Mohit Panchal