Effective Date: January 15, 2025
TaxSQR LLP (“we”, “our”, or “us”) is committed to protecting the privacy of our clients and users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our tax organizer and related services, in connection with tax preparation for clients of US CPA firms.
By accessing or using our services, you agree to the terms of this Privacy Policy.
1. Who We Are
TaxSQR LLP is a tax support services firm based in India. We specialize in preparing tax returns for clients across multiple jurisdictions including the United States, United Kingdom, and India. We serve CPA firms, chartered accountants, and tax professionals in these regions. Our operations include collecting and processing client data through our proprietary digital tools, including the Tax Organizer.
Multi-Jurisdictional Tax Services We provide comprehensive tax preparation and support services across India, UK, and US tax systems.
2. Information We Collect
We collect Personally Identifiable Information (PII) that you voluntarily provide to us, including:
• Full Name and Legal Identifiers • Date of Birth • Tax Identification Numbers (SSN, ITIN, UTR, PAN, Aadhaar, etc.) • Contact Information (Email, Phone, Address) • Employment and Residency History • Dependent and Family Information • Foreign Asset Disclosures and International Holdings
United States Tax Documents
• W-2 Forms (Wage and Tax Statement) • 1099 Forms (Various types: INT, DIV, MISC, NEC, etc.) • 1040 Individual Tax Returns • Schedule K-1 (Partnership/S-Corp) • 8938 (FATCA Statement) • FBAR (Foreign Bank Account Report) • Brokerage Statements and Investment Records
United Kingdom Tax Documents
• P60 (End of Year Certificate) • P45 (Details of employee leaving work) • SA100 (Self Assessment Tax Return) • SA302 (Tax Calculation) • Dividend Vouchers and Investment Income • Capital Gains Records • Pension Statements and Benefits
India Tax Documents
• Form 16 (TDS Certificate) • Form 26AS (Annual Tax Statement) • ITR Forms (Income Tax Returns 1-7) • TDS Certificates (16A, 16B, 16C) • Investment Proofs (80C, 80D, etc.) • Capital Gains Statements • Foreign Asset and Income Declarations
Common Financial Data Across All Jurisdictions
• Bank Statements and Financial Account Information • Investment Portfolio Details and Trading Records • Property Ownership and Rental Income Records • Business Income and Expense Documentation • Cryptocurrency Transaction Records • Insurance Premiums and Medical Expenses • Charitable Donations and Eligible Deductions
We also collect technical data such as IP address, browser type, and usage behavior for analytics and security purposes.
3. How We Use Your Information
We use your personal information to:
• Prepare and support the preparation of tax returns across US, UK, and India jurisdictions • Ensure compliance with multi-jurisdictional tax regulations and reporting requirements • Communicate with you regarding your tax filings in relevant jurisdictions • Share data securely with authorized CPA firms, chartered accountants, and tax professionals • Handle cross-border tax implications and international reporting obligations • Respond to legal and regulatory inquiries from tax authorities in applicable jurisdictions • Improve our services and platform functionality across different tax systems
We do not sell your personal information to third parties
4. Lawful Basis for Processing
We process your data under the following legal bases:
• Consent: You provide informed consent by using our services across applicable jurisdictions • Contractual necessity: For fulfilling service agreements with accounting firms and tax professionals in the US, UK, and India • Legal obligation: To comply with applicable tax and data protection laws in multiple jurisdictions including US federal and state laws, UK GDPR and data protection laws, and Indian Income Tax Act and data protection regulations • Legitimate interests: For cross-border tax compliance and international reporting requirements (where not overridden by data subject interests) • Vital interests: Where processing is necessary to protect someone’s life (rare circumstances) • Public task: When processing is necessary for compliance with tax authority requirements
GDPR Article References For EU/EEA residents, our processing is based on Articles 6 and 9 of the GDPR. Detailed legal basis information is available upon request.
5. Data Retention
We retain your personal data only for as long as necessary:
• To fulfill the purposes outlined in this policy across all service jurisdictions • To comply with legal, regulatory, and contractual obligations (typically 7 years for tax records in the US, 6 years in the UK, and 8 years in India, or as required by the longest applicable retention period) • To resolve disputes and enforce agreements across multiple jurisdictions • To maintain records for cross-border tax audit and compliance purposes
6. Data Sharing and Transfers
We may share your information with:
• US, UK, and Indian CPA firms, chartered accountants, and tax professionals for whom we prepare tax returns • Authorized employees and consultants under strict confidentiality agreements • Third-party service providers (e.g., cloud storage, email, analytics platforms) • Government tax authorities in the US (IRS), UK (HMRC), and India (Income Tax Department) if legally required • International compliance and regulatory bodies as mandated by cross-border tax agreements
We ensure that any data transferred between India, UK, US, and other jurisdictions complies with applicable international data protection standards including GDPR, US privacy laws, and Indian data protection regulations.
7. Data Security
We employ physical, administrative, and technical safeguards to protect your information, including:
• Encrypted data storage and transmission (SSL/TLS) • Role-based access controls • Secure servers hosted in compliant data centers • Routine audits and penetration testing
Despite our efforts, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
8. GDPR Compliance & Data Protection
For individuals in the European Union and European Economic Area, we comply with the General Data Protection Regulation (GDPR). This section outlines your specific rights and our obligations under GDPR.
GDPR Compliance Commitment We are committed to protecting EU/EEA residents’ data rights and maintaining the highest standards of data protection.
Legal Basis for Processing Under GDPR
• Article 6(1)(a) – Consent: For voluntary data submission through our tax organizer • Article 6(1)(b) – Contract: For fulfilling tax preparation services • Article 6(1)(c) – Legal Obligation: For compliance with tax laws and regulations • Article 6(1)(f) – Legitimate Interests: For fraud prevention and system security • Article 9(2)(a) – Explicit Consent: For processing special category data when necessary for tax compliance
International Data Transfers
When transferring personal data from the EU/EEA to India or other non-EU countries, we ensure adequate protection through:
• Standard Contractual Clauses (SCCs) approved by the European Commission • Appropriate technical and organizational measures • Regular compliance assessments and data protection impact assessments • Binding corporate rules where applicable
Data Processing Records
We maintain comprehensive records of all processing activities as required under Article 30 GDPR, including:
• Purposes of processing and legal basis • Categories of data subjects and personal data • Recipients and international transfers • Retention periods and security measures
9. Your Data Protection Rights
Depending on your location and applicable laws, you may have the following rights. EU/EEA residents have additional rights under GDPR:
GDPR Rights (EU/EEA Residents)
• Right of Access (Article 15): Obtain confirmation and copy of your personal data • Right to Rectification (Article 16): Correct inaccurate or incomplete data • Right to Erasure (Article 17): Request deletion of your personal data • Right to Restrict Processing (Article 18): Limit how we process your data • Right to Data Portability (Article 20): Receive your data in a structured format • Right to Object (Article 21): Object to processing based on legitimate interests • Right to Withdraw Consent: Withdraw consent at any time
General Rights (All Users)
• Access your personal data • Request correction of your data • Request deletion of your data (subject to legal obligations) • Withdraw consent where applicable • Lodge a complaint with supervisory authorities • Receive information about data breaches affecting you
Response Timeline We will respond to your requests within 30 days (GDPR) or as required by applicable local laws. Complex requests may require up to 60 additional days with notification.
How to Exercise Your Rights
• Email: info@taxsqr.com with “Data Subject Request” in the subject line • Include: Your full name, contact information, and specific request details • Verification: We may request additional information to verify your identity • Free of Charge: Most requests are processed free of charge
Supervisory Authority Contacts
• EU/EEA: Your local Data Protection Authority or European Data Protection Board (edpb.europa.eu) • UK: Information Commissioner’s Office (ICO) – ico.org.uk • India: Data Protection Board of India (when established) • US: Federal Trade Commission (FTC) or relevant state authorities
10. Data Breach Notification
In accordance with GDPR and other applicable data protection laws, we have established procedures for detecting, investigating, and reporting data breaches.
Our Breach Response Process
• Detection & Assessment: Immediate identification and risk assessment of any potential breach • Containment: Swift action to contain and minimize the impact of the breach • Authority Notification: Report to supervisory authorities within 72 hours where required by law • Individual Notification: Notify affected individuals without undue delay if high risk to their rights and freedoms • Documentation: Maintain comprehensive records of all breaches and response actions
Breach Notification Commitment We will notify you promptly if a data breach is likely to result in high risk to your personal data, including steps taken and recommended actions.
11. Children’s Privacy
Our services are not intended for children under the age of 16 (EU/EEA residents) or 18 (other jurisdictions). We do not knowingly collect personal data from children without appropriate parental consent.
• If we become aware that we have collected data from a child without proper consent, we will delete it promptly • Parents/guardians can contact us to review, delete, or stop further collection of their child’s information • We comply with applicable children’s privacy laws including COPPA (US) and GDPR provisions for children
12. Changes to This Policy
We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or service offerings.
• Notification: Material changes will be communicated via email or prominent notice on our website • GDPR Compliance: For EU/EEA residents, we will obtain fresh consent where required by law • Effective Date: Changes become effective on the date specified in the updated policy • Version Control: Previous versions are archived and available upon request
We encourage you to review this policy periodically to stay informed about how we protect your information.
Contact Us
If you have any questions or concerns about this Privacy Policy, or wish to exercise your data protection rights, please contact:
TaxSQR LLP – 5TH FLOOR, Office No. 503, EROS City Square, Sector 49-50, Rosewood City, Gurugram, Haryana 122018 – India
Contact Information:
- DPO: info@taxsqr.com
- Phone: +91-8008006493