This Privacy Policy explains how Rightax Accounting and Consultancy Services Private Limited, operating under the brand name GSTConsultancy through the website gstconsultancy.com (“we”, “us”, “our”), collects, uses, stores, and protects your personal information. This Policy is compliant with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000, and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
1. Data We Collect
Account Information: Name, email address, phone number, business name, and GSTIN when you register.
Query Data: GST questions, descriptions, uploaded documents (returns, notices, invoices), and any other materials you submit.
Payment Data: Transaction records processed through Razorpay. We do not store card details; these are handled by Razorpay's PCI-DSS compliant infrastructure.
Usage Data: IP address, browser type, pages visited, and interaction data collected via server logs and analytics.
2. Legal Basis for Processing
Under the DPDP Act 2023, we process your data on the basis of: (a) your consent provided during registration; (b) contractual necessity to provide our advisory services; and (c) legitimate interests in improving our platform and preventing fraud.
3. How We Use Your Data
We use your data to: provide GST advisory services; process payments and generate invoices; send transactional emails (question received, answered, payment receipt); improve our services; comply with legal obligations; and prevent fraud and abuse.
4. Data Sharing
We do not sell your personal data. We share data with: Razorpay (payment processing); Resend (transactional email delivery); Vercel (hosting); and Supabase (database). All third-party providers are contractually bound to protect your data.
5. Data Security
We implement industry-standard security measures: TLS 1.3 encryption for data in transit; AES-256 encryption for data at rest; row-level security (RLS) ensuring you can only access your own data; and regular security audits.
6. Data Retention
Account data: Retained until you delete your account or prolonged inactivity.
Q&A records: Retained for 7 years for legal and dispute resolution purposes.
Payment records: Retained for 8 years in compliance with applicable tax laws.
7. Your Rights under DPDP Act 2023
You have the right to: access your personal data; correct inaccurate data; erase your data (subject to legal retention requirements); withdraw consent; and raise grievances with our Data Protection Officer. To exercise these rights, email: privacy@gstconsultancy.com
8. Cookies
We use only essential cookies (authentication, session management) and analytical cookies (anonymous usage statistics). We do not use advertising or tracking cookies.
9. Children's Privacy
Our services are intended for users aged 18 and above. We do not knowingly collect personal data from minors.
10. Changes to This Policy
We may update this Policy periodically. Material changes will be notified to registered users via email. Continued use of our services after notification constitutes acceptance.
11. Contact
For privacy-related concerns, contact our Data Protection Officer at: privacy@gstconsultancy.com