Privacy Policy

Effective Date: January 15, 2025

TaxSQR LLP (“we”, “our”, or “us”) is committed to protecting the privacy of our clients and users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our tax organizer and related services, in connection with tax preparation for clients of US CPA firms.

By accessing or using our services, you agree to the terms of this Privacy Policy.

1. Who We Are

TaxSQR LLP is a tax support services firm based in India. We specialize in preparing tax returns for clients across multiple jurisdictions including the United States, United Kingdom, and India.

We serve CPA firms, chartered accountants, and tax professionals in these regions. Our operations include collecting and processing client data through our proprietary digital tools, including the Tax Organizer.

Multi-Jurisdictional Tax Services: We provide comprehensive tax preparation and support services across India, UK, and US tax systems.

2. Information We Collect

We collect Personally Identifiable Information (PII) that you voluntarily provide to us, including:

  • Full Name and Legal Identifiers
  • Date of Birth
  • Tax Identification Numbers (SSN, ITIN, UTR, PAN, Aadhaar, etc.)
  • Contact Information (Email, Phone, Address)
  • Employment and Residency History
  • Dependent and Family Information
  • Foreign Asset Disclosures and International Holdings

United States Tax Documents

  • W-2 Forms (Wage and Tax Statement)
  • 1099 Forms (INT, DIV, MISC, NEC, etc.)
  • 1040 Individual Tax Returns
  • Schedule K-1 (Partnership/S-Corp)
  • 8938 (FATCA Statement)
  • FBAR (Foreign Bank Account Report)
  • Brokerage Statements and Investment Records

United Kingdom Tax Documents

  • P60 (End of Year Certificate)
  • P45 (Details of employee leaving work)
  • SA100 (Self Assessment Tax Return)
  • SA302 (Tax Calculation)
  • Dividend Vouchers and Investment Income
  • Capital Gains Records
  • Pension Statements and Benefits

India Tax Documents

  • Form 16 (TDS Certificate)
  • Form 26AS (Annual Tax Statement)
  • ITR Forms (ITR-1 to ITR-7)
  • TDS Certificates (16A, 16B, 16C)
  • Investment Proofs (80C, 80D, etc.)
  • Capital Gains Statements
  • Foreign Asset and Income Declarations

Common Financial Data Across All Jurisdictions

  • Bank Statements and Financial Account Information
  • Investment Portfolio Details and Trading Records
  • Property Ownership and Rental Income Records
  • Business Income and Expense Documentation
  • Cryptocurrency Transaction Records
  • Insurance Premiums and Medical Expenses
  • Charitable Donations and Eligible Deductions

We also collect technical data such as IP address, browser type, device information, and usage behavior for analytics and security purposes.

3. How We Use Your Information

We use your personal information to:

  • Prepare and support the preparation of tax returns across US, UK, and India
  • Comply with jurisdictional tax regulations and reporting requirements
  • Communicate with you regarding your tax filings and documentation
  • Coordinate with CPA firms, chartered accountants, and tax professionals
  • Handle cross-border tax implications and international reporting obligations
  • Respond to tax notices and regulatory inquiries
  • Improve our services, platform functionality, and user experience
  • Ensure data security, fraud prevention, and compliance monitoring

We do not sell your personal information to third parties.

4. Lawful Basis for Processing

We process your personal data under the following legal bases:

  • Consent: You provide informed consent by using our services across applicable jurisdictions.
  • Contractual Necessity: For fulfilling service agreements with accounting firms and tax professionals.
  • Legal Obligation: To comply with applicable federal and state laws, UK GDPR, Indian data protection laws, and the Indian Income Tax Act.
  • Legitimate Interests: For cross-border tax compliance and international reporting requirements (where not overridden by data subject interests).
  • Vital Interests: Where processing is necessary to protect someone’s life.
  • Public Task: When processing is necessary for compliance with tax authority requirements.

GDPR Article References: For EU/EEA residents, our processing is based on Articles 6 and 9 of the GDPR. Detailed legal basis information is available upon request.

5. Data Retention

We retain your personal data only for as long as necessary:

  • To fulfill the purposes outlined in this policy across all service jurisdictions
  • To comply with legal, regulatory, and contractual obligations (typically 7 years for tax records in the US, 6 years in the UK, and 8 years in India, or as required by the longest applicable retention period)
  • To resolve disputes and enforce agreements across multiple jurisdictions
  • To maintain records for cross-border tax audit and compliance purposes

6. Data Sharing and Transfers

We may share your information with:

  • US, UK, and Indian CPA firms, chartered accountants, and tax professionals for whom we prepare tax returns
  • Authorized employees and consultants under strict confidentiality agreements
  • Third-party service providers (e.g., cloud storage, email, analytics platforms)
  • Government tax authorities in the US (IRS), UK (HMRC), and India (Income Tax Department) if legally required
  • International compliance and regulatory bodies as mandated by cross-border tax agreements

We ensure that any data transferred between India, UK, US, and other jurisdictions complies with applicable international data protection standards including GDPR, US privacy laws, and Indian data protection regulations.

7. Data Security

We employ physical, administrative, and technical safeguards to protect your information, including:

  • Encrypted data storage and transmission (SSL/TLS)
  • Role-based access controls
  • Secure servers hosted in compliant data centers
  • Routine audits and penetration testing

Despite our efforts, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. GDPR Compliance & Data Protection

For individuals in the European Union and European Economic Area, we comply with the General Data Protection Regulation (GDPR).

GDPR Compliance Commitment: We are committed to protecting EU/EEA residents’ data rights and maintaining the highest standards of data protection.

Legal Basis for Processing Under GDPR

  • Article 6(1)(a) – Consent: For voluntary data submission through our tax organizer
  • Article 6(1)(b) – Contract: For fulfilling tax preparation services
  • Article 6(1)(c) – Legal Obligation: For compliance with tax laws and regulations
  • Article 6(1)(f) – Legitimate Interests: For fraud prevention and system security
  • Article 9(2)(a) – Explicit Consent: For processing special category data when necessary

International Data Transfers

When transferring personal data from the EU/EEA to India or other non-EU countries, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Appropriate technical and organizational measures
  • Regular compliance assessments and data protection impact assessments
  • Binding corporate rules where applicable

Data Processing Records

We maintain comprehensive records of all processing activities as required under GDPR, including:

  • Purposes of processing and legal basis
  • Categories of data subjects and personal data
  • Recipients of international transfers
  • Retention periods and security measures

9. Your Data Protection Rights

Depending on your location and applicable laws, you may have the following rights. EU/EEA residents have additional rights under GDPR:

GDPR Rights (EU/EEA Residents)

• Right of Access (Article 15): Obtain confirmation and copy of your personal data • Right to Rectification (Article 16): Correct inaccurate or incomplete data • Right to Erasure (Article 17): Request deletion of your personal data • Right to Restrict Processing (Article 18): Limit how we process your data • Right to Data Portability (Article 20): Receive your data in a structured format • Right to Object (Article 21): Object to processing based on legitimate interests • Right to Withdraw Consent: Withdraw consent at any time

General Rights (All Users)

Access your personal data Request correction of your data Request deletion of your data (subject to legal obligations) Withdraw consent where applicable Lodge a complaint with supervisory authorities Receive information about data breaches affecting you

Response Timeline
We will respond to your requests within 30 days (GDPR) or as required by applicable local laws. Complex requests may require up to 60 additional days with notification.

10. Data Breach Notification

In accordance with GDPR and other applicable data protection laws, we have established procedures for detecting, investigating, and reporting data breaches.

Our Breach Response Process

• Detection & Assessment: Immediate identification and risk assessment of any potential breach
• Containment: Swift action to contain and minimize the impact of the breach
• Authority Notification: Report to supervisory authorities within 72 hours where required by law
• Individual Notification: Notify affected individuals without undue delay if high risk to their rights and freedoms
• Documentation: Maintain comprehensive records of all breaches and response actions

Breach Notification Commitment
We will notify you promptly if a data breach is likely to result in high risk to your personal data, including steps taken and recommended actions.

11. Children’s Privacy

Our services are not intended for children under the age of 16 (EU/EEA residents) or 18 (other jurisdictions). We do not knowingly collect personal data from children without appropriate parental consent.

• If we become aware that we have collected data from a child without proper consent, we will delete it promptly.
• Parents/guardians can contact us to review, delete, or stop further collection of their child’s information.
• We comply with applicable children’s privacy laws including COPPA (US) and GDPR provisions for children.

12. Changes to This Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or service offerings.

• Notification: Material changes will be communicated via email or prominent notice on our website
• GDPR Compliance: For EU/EEA residents, we will obtain fresh consent where required by law
• Effective Date: Changes become effective on the date specified in the updated policy
• Version Control: Previous versions are archived and available upon request

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions or concerns about this Privacy Policy, or wish to exercise your data protection rights, please contact:

TaxSQR LLP
5TH FLOOR, Office No. 503, EROS City Square,
Sector 49-50, Rosewood City, Gurugram, Haryana 122018 – India

Contact Information: