Privacy Policy

1. Introduction

Sharma & Associates ("we", "us", "our"), a chartered accountant firm registered with the Institute of Chartered Accountants of India (ICAI) (FRN: 0202020), is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data through our client portal ("Portal") hosted at http://localhost:3000.

This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act (DPDPA), 2023.

2. Data We Collect

We collect the following categories of personal information:

• Identity Data: Full name, email address, phone number
• Financial Identifiers: PAN number, GSTIN (where applicable)
• Documents: Tax filings, financial statements, balance sheets, and other documents uploaded by our team on your behalf
• Account Data: Login credentials (passwords are encrypted and never stored in plain text)
• Usage Data: Login timestamps, portal activity for security audit purposes
• Enquiry Data: Name, email, phone, firm details, and messages submitted through our contact form

3. Purpose of Data Collection

Your data is collected and processed for the following purposes:

• Providing secure access to your financial documents through the Portal
• Managing your account and authenticating your identity
• Sending email notifications regarding document updates
• Maintaining audit trails for security and compliance
• Responding to enquiries submitted through our website
• Complying with applicable laws and professional regulations

4. Data Storage & Security

We implement industry-standard security measures to protect your data:

• All data is transmitted over encrypted HTTPS connections
• Passwords are hashed using industry-standard algorithms and never stored in plain text
• Documents are stored on secure cloud storage with restricted access
• Row-Level Security (RLS) ensures clients can only access their own data
• Administrative actions are logged in an audit trail
• Role-based access control separates admin, employee, and client permissions

5. Data Retention

Your personal data and documents are retained for a period of 7 years from the date of last activity, in accordance with applicable tax and financial record-keeping requirements under Indian law. After this period, data may be securely deleted unless retention is required by law.

You may request deletion of your data at any time, subject to our legal and regulatory obligations to retain certain records.

6. Data Sharing

We do not sell, rent, or trade your personal information to third parties. Your data may be shared only in the following circumstances:

• With authorized employees of our firm who need access to serve you
• With cloud service providers who host the Portal infrastructure (data processing only, no access to content)
• When required by law, court order, or regulatory authority
• With your explicit written consent

7. Your Rights

Under the Digital Personal Data Protection Act (DPDPA), 2023, you have the following rights:

• Right to Access: Request a summary of your personal data being processed
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data, subject to legal retention requirements
• Right to Grievance Redressal: Lodge a complaint regarding data processing
• Right to Nominate: Nominate another individual to exercise your rights

To exercise any of these rights, please contact us using the details provided below.

8. Cookies

Our Portal uses only essential cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, or any third-party advertising cookies. These essential cookies are strictly necessary for the Portal to function and cannot be disabled.

9. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDPA, 2023, the details of our Grievance Officer are:

10. Contact Us

For any questions or concerns regarding this Privacy Policy, please contact us at:

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Continued use of the Portal after changes constitutes acceptance of the revised policy.