đ In This Policy
1. Overview
This Data Policy supplements our Privacy Policy and provides specific details about data handling practices at TaxClue, including data classification, storage, processing, and cross-border transfers. It applies to all data collected across taxclue.in, app.taxclue.net, data.taxclue.net, and related services.
2. Data Classification
We classify data into the following categories, each with appropriate security controls:
- Public: Information available in public registries (company names, CIN, GSTIN status)
- Internal: Operational data (task assignments, billing records, internal notes)
- Confidential: Client financial data, tax computations, business documents
- Sensitive: PAN, Aadhaar details, bank information, login credentials, DSC data
3. Data Storage
All client data is stored on servers hosted by our hosting provider with data centres in India. Our databases are:
- MySQL databases with role-based access control
- Backed up daily with encrypted copies
- Hosted on servers with SSL certificates and firewall protection
- Subject to regular security audits and vulnerability assessments
- Protected by brute-force detection and automated lockout mechanisms
4. Data Processing Practices
- Data is processed only for the stated purpose of service delivery
- We employ the principle of data minimisation â we collect only what is necessary
- Automated processing (via our CRM and practice management tools) is used for task management, deadline tracking, and compliance workflows
- No automated decision-making that significantly affects clients is performed without human oversight
- Client data is never used for training AI/ML models or shared for research purposes
5. Data Collected via APIs
Our data platform (data.taxclue.net) collects business information from public government APIs and portals for verification and lead generation. This includes:
- GSTIN details via GSTN and authorized API providers
- DIN/CIN/LLPIN details via MCA portal
- FSSAI licence status via FSSAI portal
All such data is publicly available and collected in compliance with applicable laws. No personal or sensitive data is collected through these channels without consent.
6. Cross-Border Data Transfers
Your data is primarily stored and processed within India. In the event data needs to be transferred outside India (e.g., email delivery servers, cloud backup services), we ensure compliance with the DPDPA 2023 and any rules notified thereunder regarding cross-border data transfers.
7. Data Portability
You have the right to request a copy of your data in a commonly used, machine-readable format (CSV, PDF, or JSON). Requests can be made to our Grievance Officer (details on our Privacy Policy page) and will be fulfilled within 30 days.
8. Data Deletion
Upon request, we will delete your personal data unless retention is required by law. Deletion requests will be processed within 30 days. Please note:
- Data filed with government authorities (IT returns, GST returns, ROC filings) cannot be recalled or deleted by us
- Data subject to statutory retention requirements will be retained for the mandated period
- Backup systems may retain encrypted copies for up to 90 days after deletion from primary systems
9. Third-Party Data Processors
We use the following categories of third-party processors, each bound by data processing agreements:
- Hosting: Web hosting and server infrastructure
- Payment: Payment gateway for transaction processing
- Email: Email delivery and SMTP services
- Analytics: Website usage analytics
- Communication: WhatsApp Business API for client communications
A complete list of sub-processors is available upon request. Contact privacy@taxclue.in.
Have Questions About This Policy?
Our team is happy to clarify any concerns. Reach out anytime.