1. Who we are
This privacy policy explains how our chartered accountancy firm ("we", "us") collects, uses, stores, and shares your personal data when you use our website, client portal, and related services. We comply with India's Digital Personal Data Protection Act, 2023 ("DPDP Act").
2. Data we collect
- Account data: name, email, phone, password (hashed).
- Engagement data: documents and information you upload for compliance work (PAN, GSTIN, financials).
- Communications: messages and notes exchanged through the portal.
- Technical data: IP address (hashed), browser type, and pages visited for security and analytics.
3. How we use it
To provide accounting and compliance services, communicate with you, generate invoices, send statutory reminders, and meet our legal obligations under tax law.
4. Your rights under DPDP
- Right to access: request a copy of your data from Privacy settings.
- Right to correction: update your profile any time.
- Right to erasure: request account deletion; data is anonymised immediately and purged after 30 days.
- Right to withdraw consent: toggle marketing, WhatsApp, and analytics consents in Privacy settings.
- Right to grievance redressal: email grievance@example.com.
5. Sharing
We do not sell personal data. We share strictly with statutory authorities when required, with payment processors (Razorpay) to collect fees, and with infrastructure providers (Supabase) under data-processing agreements.
6. Retention
Engagement records are retained for 8 years to meet ICAI and tax-law obligations. Marketing consents are retained until withdrawn.
7. Contact
Data Protection Officer: dpo@example.com.