Effective Date: 1 March 2026 | Last Updated: 1 March 2026
1. Who We Are
TaxEye is a product of Enterfirst Pvt Ltd, a company incorporated under the Companies Act 2013, with its registered office in India. We operate the TaxEye platform — a cloud-based SaaS solution for tax notice management and compliance.
For the purposes of applicable data protection laws, Enterfirst Pvt Ltd is the Data Fiduciary with respect to personal data processed through the TaxEye platform.
Contact: [email protected]
2. Data We Collect
We collect the following categories of personal data:
Account & Registration Data
Name, email address, mobile number, firm name, PAN (optional), GST registration number (optional), designation.
Client Data (entered by you)
Tax notice details, client PAN/GSTIN, document uploads, reply drafts and correspondence data that you add to the platform. You remain the data processor for your clients' data under applicable law.
Usage & Technical Data
IP address, browser type, device information, pages visited, feature usage, session duration, error logs.
Payment Data
Billing address, GST number for invoices. Card/bank data is processed directly by our PCI-DSS compliant payment processor and is never stored on TaxEye servers.
Communications
Emails, support tickets, chat messages and feedback submitted to TaxEye.
3. How We Use Your Data
- Provide, operate and improve the TaxEye platform
- Process payments and manage subscriptions
- Send transactional communications (notices, alerts, receipts)
- Send product updates, newsletters and marketing (with your consent; you may opt out at any time)
- Comply with legal obligations (tax laws, court orders, government directions)
- Detect, prevent and address fraud, security issues and abuse
- Conduct analytics to improve product quality and user experience
- Customer support and dispute resolution
4. Legal Basis for Processing
Under India's Digital Personal Data Protection Act 2023, we process your personal data on the following bases:
- Consent: Where you have provided explicit consent (e.g., marketing emails, optional profile data)
- Contract: Where processing is necessary to fulfil our service agreement with you
- Legal Obligation: Where we are required by law to process data (e.g., GST invoicing, income tax records)
- Legitimate Interest: For security, fraud prevention, analytics, and platform improvement
5. Data Sharing & Disclosure
We do not sell your personal data. We may share data with:
- Service Providers: Cloud hosting (AWS India), payment processors (Razorpay), email/SMS providers, analytics tools — all bound by data processing agreements
- Legal Authorities: Where required by applicable Indian law, court order, or government direction
- Business Transfer: In the event of a merger, acquisition, or sale of all or part of our business, with appropriate confidentiality obligations
We do not transfer personal data outside India without appropriate safeguards as required by the DPDP Act.
6. Data Retention
We retain personal data for as long as your account is active or as needed to provide services. After account termination:
- Account data is retained for 90 days to allow reactivation, then deleted
- Tax-related transaction records may be retained for up to 7 years to comply with Indian income tax and GST record-keeping requirements
- Backups are purged on a 30-day rolling schedule
7. Data Security
We implement industry-standard technical and organisational security measures including:
- AES-256 encryption at rest and TLS 1.3 in transit
- Role-based access controls (RBAC) with multi-factor authentication
- Regular security audits and penetration testing
- ISO 27001-aligned information security management
- Automated threat detection and incident response
See our Security page for full details.
8. Your Rights
Under the DPDP Act 2023, you have the following rights as a Data Principal:
- Right to Information: Know what personal data we hold about you
- Right of Correction: Request correction of inaccurate or incomplete data
- Right of Erasure: Request deletion of your data (subject to legal retention requirements)
- Right to Grievance Redressal: Lodge a complaint with our designated Grievance Officer
- Right to Nominate: Nominate another individual to exercise rights on your behalf in the event of death or incapacity
To exercise these rights, email [email protected] with your registered email address and the specific request.
9. Cookies & Tracking
We use cookies and similar technologies to operate the platform and improve your experience. Categories:
- Strictly Necessary: Session authentication, security tokens (cannot be disabled)
- Functional: Remember your preferences and settings
- Analytics: Understand how users interact with TaxEye (Google Analytics, Mixpanel) — with IP anonymisation
- Marketing: Only with your explicit consent
You can manage cookie preferences via your browser settings. Disabling analytics or functional cookies may affect your experience.
10. Children's Privacy
TaxEye is a professional B2B platform intended for use by adults (18+) engaged in tax practice or business. We do not knowingly collect personal data from minors. If we become aware that a minor's data has been collected, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or in-app notification at least 14 days before the changes take effect. Continued use of TaxEye after the effective date constitutes acceptance of the updated policy.
For privacy-related queries, data requests, or grievances:
Grievance Officer — TaxEye (Enterfirst Pvt Ltd)
[email protected]
We aim to respond within 30 days of receiving your request.
This policy is governed by and construed in accordance with the laws of India. Any disputes shall be subject to the exclusive jurisdiction of courts in India.