Privacy Policy

In the course of providing professional services and operating our website, TaxClue Consultech Private Limited collects and processes the following categories of personal and business data:

• Identity Data: Full name, date of birth, PAN (Permanent Account Number), Aadhaar number, DIN (Director Identification Number), passport details, and photographs — as mandated by applicable government filings.
• Contact Data: Email address, mobile number, landline number, residential and business address.
• Financial Data: Income particulars, bank account details (for service delivery only), financial statements, balance sheets, profit and loss accounts, GST returns, and tax computations.
• Business Data: Company name, CIN, GSTIN, LLPIN, trade licence details, shareholding patterns, MoA/AoA extracts, board resolutions, and partnership deeds.
• Payment Data: Transaction reference numbers processed through RBI-authorised payment gateways (Razorpay/CCAvenue). We do not store credit/debit card numbers, CVVs, or PINs on our servers.
• Communication Data: Emails, WhatsApp messages, SMS, recorded phone calls (with prior consent), chat transcripts, and form submissions.
• Technical Data: IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, session duration, and cookies — collected automatically through server logs and analytics tools.
• Government Portal Credentials: Login credentials and Digital Signature Certificates (DSC) shared by you for the purpose of filing on government portals — stored in encrypted form and used solely for authorised service delivery.

We collect data directly from you, from government portals during filings, from publicly available sources (MCA portal, GST search, etc.), and through automated technologies on our website.

We process your personal data solely for the following purposes and on the following lawful bases under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000:

• Performance of Contract (Section 4(a), DPDP Act): To deliver the registration, filing, certification, advisory, or compliance service you have engaged.
• Compliance with Law (Section 4(b), DPDP Act): To meet obligations under the Income Tax Act, 1961; Companies Act, 2013; CGST Act, 2017; FSSAI Act, 2006; Trade Marks Act, 1999; Patents Act, 1970; and other applicable statutes.
• Consent (Section 6, DPDP Act): For marketing communications, newsletters, and optional services — which you may withdraw at any time.
• Legitimate Interests: For fraud prevention, service improvement, website analytics, and internal record-keeping.

We will never sell, rent, or trade your personal data to third parties for their own commercial purposes.

Your data is shared only in the following strictly limited circumstances:

• Government Authorities: Filing of applications, returns, and forms on government portals (MCA, GST, Income Tax, FSSAI, BIS, IP India, DGFT, ICEGATE, EPFO, ESIC, and others) — solely pursuant to your written or electronic authorisation for the specific service engaged.
• Professional Service Partners: Chartered Accountants (regulated by ICAI), Company Secretaries (regulated by ICSI), and Advocates (regulated by BCI) who are assigned to your engagement, each bound by their respective professional ethics codes and by our confidentiality agreements.
• Payment Processors: RBI-authorised payment gateways for processing payments. These processors are PCI-DSS compliant and bound by their own privacy obligations.
• Cloud Infrastructure: AWS/Google Cloud servers located in India for data storage and backup, governed by data processing agreements.
• Legal Compulsion: When required by a court order, statutory authority directive, regulatory investigation, or any applicable law — including but not limited to the Code of Criminal Procedure, 1973; Income Tax Act, 1961; Prevention of Money Laundering Act, 2002; and the DPDP Act, 2023.

All third parties with access to your data are bound by written confidentiality and data protection agreements that are no less restrictive than this Privacy Policy.

We implement technical and organisational measures in accordance with Section 8 of the DPDP Act and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, including:

• Encryption: SSL/TLS encryption for all data in transit; AES-256 encryption for sensitive data at rest.
• Access Control: Role-based access control (RBAC) with multi-factor authentication for all internal systems.
• Secure Storage: Data hosted on ISO 27001-certified servers located in India.
• Monitoring: Continuous access logging, intrusion detection, and anomaly monitoring.
• Backups: Automated encrypted daily backups with geographically redundant disaster recovery.
• Personnel Security: All employees undergo background verification and sign binding confidentiality agreements.
• Audit: Periodic security audits and vulnerability assessments conducted by independent assessors.

While we employ industry-leading safeguards, no system of electronic storage or transmission over the internet is absolutely secure. We therefore cannot guarantee absolute security, but undertake to promptly notify affected Data Principals and the Data Protection Board of India in the event of any personal data breach, in accordance with Section 8(6) of the DPDP Act.

Our website uses the following categories of cookies and tracking technologies:

• Strictly Necessary Cookies: Essential for website functionality — forms, navigation, session management. These cannot be disabled.
• Analytics Cookies: Google Analytics (GA4) — to understand visitor behaviour, page views, traffic sources, and session duration. Data is anonymised and used solely for website improvement.
• Marketing Cookies: Meta Pixel (Facebook), Google Ads conversion tracking — deployed only with your explicit consent under applicable law. Used for interest-based advertising and retargeting.
• Functional Cookies: To remember your preferences (language, region) across visits.

You may manage cookie preferences through your browser settings or through our cookie consent mechanism. Disabling strictly necessary cookies may impair website functionality. For detailed information, refer to the cookie policies of Google Analytics and Meta Pixel respectively.

Under Chapter III of the Digital Personal Data Protection Act, 2023, you have the following rights:

• Right to Access (Section 11): Obtain a summary of your personal data being processed and the processing activities undertaken.
• Right to Correction and Erasure (Section 12): Request correction of inaccurate data or erasure of data that is no longer necessary for the purpose for which it was collected — subject to legal retention requirements.
• Right to Withdraw Consent (Section 6(6)): Withdraw consent for processing at any time, without affecting the lawfulness of processing prior to withdrawal.
• Right to Grievance Redressal (Section 13): Lodge a complaint with our Grievance Officer or, if unresolved within 30 days, with the Data Protection Board of India.
• Right to Nominate (Section 14): Nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any right, email info@taxclue.in with subject line "Data Principal Rights Request". We will respond within 30 days of receiving your verified request.

We retain your personal data in accordance with the following retention schedule:

• Active Engagements: For the full duration of the service engagement plus 8 years from the date of completion — as required under Section 149 of the Income Tax Act, 1961 (reassessment window); Section 73/74 of the CGST Act, 2017; and Section 128 of the Companies Act, 2013.
• Inactive Accounts: Data progressively minimised after 3 years of inactivity. Non-essential data erased after 8 years unless required by law.
• Legal Records: Documents required for ongoing or anticipated litigation, regulatory investigation, or audit — retained until final resolution plus the applicable limitation period under the Limitation Act, 1963.
• Marketing Data: Retained until consent is withdrawn or the purpose is fulfilled.
• Website Analytics: Anonymised and aggregated data retained indefinitely for trend analysis.

Upon expiry of the retention period, data is securely deleted using industry-standard methods (data wiping, cryptographic erasure) or anonymised beyond re-identification.

Our website may contain hyperlinks to external websites, including government portals (MCA V3, GST Portal, Income Tax e-Filing, FSSAI FoSCoS, etc.), payment gateways, and third-party resources. TaxClue does not control, endorse, or assume responsibility for the privacy practices, content, or security of these external sites. We recommend reviewing the privacy policies of any third-party website before providing your personal data.

Our website and services are not directed at individuals below 18 years of age. We do not knowingly collect, process, or store personal data from children. If you are a parent or guardian and become aware that your child has provided personal data to us without your consent, please contact us immediately at info@taxclue.in. Upon verification, we will promptly delete such data.

All personal data collected by TaxClue is stored and processed within the territory of India. We do not transfer personal data outside India except where expressly permitted under the DPDP Act, 2023 and applicable rules. In the event that cross-border transfer becomes necessary (e.g., for NRI clients requiring coordination with foreign jurisdictions), we will obtain your specific consent and ensure that adequate data protection safeguards are in place as prescribed by the Central Government under Section 16 of the DPDP Act.

TaxClue Consultech Private Limited reserves the right to amend this Privacy Policy at any time. Material changes will be communicated via email to registered users and prominently displayed on our website. The revised version shall become effective immediately upon publication at www.taxclue.in/privacy-policy/. Continued use of our website or services following such publication constitutes acceptance of the amended Policy. We recommend reviewing this page periodically.

In accordance with Section 13(1) of the DPDP Act, 2023 and Rule 5(9) of the IT (Reasonable Security Practices) Rules, 2011, the details of our Grievance Officer are:

Grievance Officer: Mr. Deepak Gaur
Designation: Director
Email: info@taxclue.in
Address: Shop No 1, FCA 32/1, Near Patel Chowk Main Bandh Road, SGM Nagar, Faridabad, Haryana — 121001, India

Grievances shall be acknowledged within 48 hours and resolved within 30 days of receipt. If you are dissatisfied with the resolution, you may file a complaint with the Data Protection Board of India under Section 13(2) of the DPDP Act.

For queries, grievances, or requests relating to this Privacy Policy, please write to:

TaxClue Consultech Private Limited
CIN: U74999HR2021PTC095657
📍 Shop No 1, FCA 32/1, Near Patel Chowk Main Bandh Road, SGM Nagar, Faridabad, Haryana — 121001, India
📧 info@taxclue.in
📞 +91 98914 64610
🌐 www.taxclue.in