Privacy Policy
1) Scope
This Privacy Policy explains how FileWithUs (“we”, “our”, “us”) collects, uses, shares, and safeguards your personal data when you use our websites, mobile app(s), partner/agent portals, and services including Income-Tax filings, GST, MCA compliance, TDS/TCS, registrations, and allied professional services (collectively, the “Services”).
We operate in India and process data in accordance with applicable laws, including the Information Technology Act, 2000 and the SPDI Rules, 2011, as well as the Digital Personal Data Protection Act, 2023 (“DPDP Act”), as notified from time to time.
2) Data we collect
Identity & contact
- Name, date of birth, gender
- Emails, phone numbers, postal addresses
- PAN, masked Aadhaar (we avoid storing full Aadhaar unless necessary for a filing and with your explicit consent)
- Director/partner details (DIN, LLPIN, CIN), GSTIN
Financial & compliance
- ITR data, Form 16/16A, AIS/TIS extracts (on your authorization), TDS/TCS details
- GST returns & invoices, HSN/SAC, e-way/e-invoice data
- Bank account details for refunds/payouts; we do not store card CVV
- Company incorporation documents, MOA/AOA, ROC filings
Service usage
- Account data, orders, support tickets, chat/phone summaries
- Device, IP, app & browser metadata, logs for fraud/security
- Partner/Agent IDs and referrals (where applicable)
Sources
- Directly from you or your authorized representative
- On your consent: govt portals (Income-Tax, GST, MCA) via OTP/session
- Third-party providers (e.g., payment gateways, KYC services) where permitted by law
Sensitive identifiers: We do not request or store biometrics. We only use OTPs you provide to complete the specific task you approve. Never share permanent passwords to government portals with anyone, including us.
3) How we use data
- Deliver and improve our Services (ITR/GST/MCA filings, registrations, advisory)
- Identity verification, KYC, fraud prevention, and information security
- Generate and submit statutory forms/returns you authorize us to file
- Payment processing, invoicing, refunds, reconciliation
- Customer support, reminders (due dates), and service updates
- Compliance with legal obligations, audit, dispute resolution
- With your consent: marketing communications; you can opt out anytime
4) Legal basis & consent
Depending on the context, we act as a “Data Fiduciary” (DPDP Act) and engage vetted “Data Processors” to deliver services. Our processing relies on one or more of the following:
- Consent (e.g., accessing AIS/TIS or GST data via OTP)
- Performance of a contract (providing the Services you request)
- Legal obligation (statutory record-keeping, responding to lawful requests)
- Legitimate uses permitted under law (fraud prevention, network security)
You may withdraw consent at any time. This does not affect prior lawful processing but may impact our ability to continue certain services.
7) Security
- Encryption in transit (HTTPS/TLS) and at rest for sensitive records, where applicable
- Role-based access controls, need-to-know data access, employee confidentiality
- Regular backups, logging, and security monitoring
- Reasonable security practices under IT Act & SPDI Rules
No method of electronic storage is 100% secure. We strive to protect your data and promptly address incidents in line with law.
8) Data retention
We keep personal data only as long as necessary for the purposes described above, to meet legal, accounting, or reporting requirements, and to resolve disputes. Compliance records may be retained for several years (for example, up to 8 years or longer where laws or proceedings require).
When no longer needed, data is securely deleted or de-identified per our retention schedules.
9) Your rights (India)
Subject to law, you may have the right to:
- Request access to your personal data we hold
- Request correction or updating of inaccurate data
- Request erasure where appropriate
- Withdraw consent for processing based on consent
- Nominate an individual to exercise rights on your behalf (where applicable)
- Seek redress via our Grievance Officer; you may also approach authorities as provided under applicable laws
To exercise these rights, see Grievance & contact.
10) Children
Our Services are intended for adults. We do not knowingly collect personal data from children under 18. If you believe a child has provided us data, please contact us for prompt removal.
11) Cross-border transfers
We primarily store data in India. If we transfer data outside India (e.g., to a cloud/processor in another country), we do so in accordance with applicable law and with appropriate contractual or technical safeguards.
12) Partners & agents
If you engage our Services via a FileWithUs partner/agent, we may share necessary data with that partner/agent for service delivery, status updates, and commission reconciliation. Partners/agents are bound by confidentiality and data-processing obligations.
13) Third-party links & payments
- Our site/app may link to third-party sites. Their privacy practices are their own.
- Payments are processed by independent payment gateways (e.g., Razorpay/PayU/etc.). We do not store your full card details.
14) Grievance & contact
If you have a question, request, or grievance about this Policy or your personal data, please contact our Grievance Officer/Data Protection Contact:
- Name: Grievance Officer, FileWithUs
- Email: info@filewithus.in
- Phone: +91-9963685739
- Address: FileWithUs, Hyderabad, Telangana, India
We aim to respond within 15 days or sooner, as required by applicable law.
15) Updates to this Policy
We may update this Privacy Policy to reflect changes to our practices or legal requirements. We will post the revised version with an updated “Effective” date and, where appropriate, notify you via email or prominent notice.
Previous versions may be available on request.