Loading…
Loading…
Last updated: 1 January 2025 · Effective: 1 January 2025
OnlineTaxGuru is committed to protecting your personal and financial information. This policy explains what data we collect, how we use it, how we protect it, and your rights as our client.
256-bit AES Encryption · TLS 1.3 · Data Stays in India
Your financial data is protected with industry-standard security practices.
When you register or use our services, we collect your full name, email address, mobile number, PAN, Aadhaar number (last 4 digits only for verification), date of birth, residential and business address, and bank account details necessary for the specific service engaged.
To provide CA-assisted services, we collect financial documents including income statements, Form 16, Form 26AS, bank account statements, investment certificates, capital gains statements, business financial records, and any other documents you upload to our portal.
We automatically collect browser type, IP address, device identifiers, pages visited, time spent on pages, and referring URLs through cookies and server logs. This data is used to improve platform performance and user experience and is never linked to your personal identity.
We retain records of communications between you and our CA team (chat messages, emails, call logs) for quality assurance, compliance audit trails, and to provide continuity of service.
We use your information solely to: (a) provide the tax and compliance services you have engaged; (b) assign a qualified Chartered Accountant to your case; (c) communicate service status, document requests, and completion updates; (d) process payments securely; (e) comply with our legal and regulatory obligations under the Income Tax Act, CA Act, and ICAI guidelines; (f) send transactional emails and service reminders (not marketing emails unless you opt in); (g) improve our platform, detect fraud, and ensure security; and (h) respond to legal requests from government authorities as required by Indian law.
All data stored on our servers is protected with AES 256-bit encryption. Data in transit between your browser and our servers is secured using TLS 1.3. Document uploads are encrypted immediately upon receipt and stored in encrypted form on our cloud infrastructure.
OnlineTaxGuru follows a comprehensive information security management framework aligned with ISO 27001 principles. This framework governs our data collection, storage, processing, and disposal practices, and is reviewed regularly to ensure continued effectiveness.
Access to your documents and personal information is strictly role-based. Only your assigned CA and authorised compliance staff can access your case files. All access is logged, audited, and reviewed regularly. CAs are bound by ICAI's client confidentiality guidelines in addition to our platform-level data protection policies.
We retain your documents and case records for 8 years from the date of service completion, in accordance with the requirements of the Income Tax Act, 1961 and the Companies Act, 2013. After the retention period, data is securely deleted using NIST 800-88 compliant methods.
Payments are processed through Razorpay, a PCI-DSS Level 1 compliant payment gateway. We do not store your card numbers or UPI credentials. Razorpay's privacy policy governs the data they collect during payment processing.
We use Amazon Web Services (AWS) — specifically AWS Mumbai region (ap-south-1) — for cloud hosting and document storage. AWS is ISO 27001, SOC 2, and PCI-DSS compliant. Data does not leave India.
To provide our services, your CA will access the Income Tax portal, GST portal, MCA portal, or other relevant government systems on your behalf using credentials you provide or through officially authorised integrations. We do not store government portal passwords on our servers.
We never sell, rent, or share your personal or financial information with advertisers, data brokers, or any third party for commercial purposes. Your data is your property and will never be monetised by OnlineTaxGuru.
You have the following rights regarding your personal data: (a) Right to Access — you may request a copy of all personal data we hold about you; (b) Right to Correction — you may request corrections to inaccurate or incomplete data; (c) Right to Deletion — you may request deletion of your account and personal data, subject to our legal retention obligations; (d) Right to Data Portability — you may request your data in a structured, machine-readable format; (e) Right to Withdraw Consent — you may withdraw consent for marketing communications at any time by emailing us or clicking unsubscribe. To exercise any of these rights, email us at privacy@onlinetaxguru.com with subject line "Privacy Request". We will respond within 30 days.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes via email or a prominent notice on our website at least 15 days before the change takes effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.
For any questions, complaints, or requests related to your privacy or this policy, contact our Data Protection Officer at: privacy@onlinetaxguru.com or write to us at: OnlineTaxGuru, Mumbai, Maharashtra, India. We will acknowledge your request within 72 hours and resolve it within 30 days.