Your Privacy is Our Responsibility

Khajanchi Brothers Private Limited is a CA and legal compliance firm registered under the Companies Act, 2013, with its registered office at:

We provide services including income tax return (ITR) filing, GST registration and returns, company and LLP incorporation, MSME/Udyam registration, trademark and intellectual property filing, TDS returns, and legal document drafting, among others.

In delivering these services, we necessarily collect and process personal and financial information provided by you. This policy governs how we handle that information.

We collect only the information that is necessary to provide the specific service you have engaged us for. We do not collect data speculatively or in bulk.

We use the information you share with us strictly for the following purposes:

• Service Delivery: Preparing and filing your ITR, GST returns, TDS returns, or other compliance documents on the Income Tax portal, GST portal, MCA21 portal, or other government platforms.
• Identity Verification: Verifying your identity for e-filing, e-verification (Aadhaar OTP), and government portal logins as required under applicable law.
• Client Communication: Responding to your queries, sending filing acknowledgements, refund updates, notice alerts, and deadline reminders via WhatsApp, email, or call.
• Legal Compliance: Meeting our own obligations under tax law, ICAI regulations, company law, and other applicable statutes that require us to maintain records of filings made on behalf of clients.
• Quality Assurance: Reviewing and cross-checking your data against AIS, Form 26AS, and other government-held records to ensure accuracy of filings — this is done by our CA team only, internally.
• Service Improvement: Analysing aggregated, anonymised usage patterns on our website to improve the client experience. No individual is identified in this analysis.
• Invoicing and Payments: Generating invoices and tracking payments for services rendered. We do not store payment card details — all payments are processed via third-party payment gateways.

We process your personal data on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform the service contract you have entered into with us — e.g., filing your ITR requires your PAN, Form 16, and financial data.
• Legal Obligation: Certain data must be retained by us under the Income Tax Act, 1961, the Goods and Services Tax Act, 2017, the Companies Act, 2013, and ICAI regulations.
• Legitimate Interest: We maintain communication records and service history to provide accurate, consistent service to returning clients.
• Your Consent: For any use of your data beyond direct service delivery — such as featuring a testimonial, or sending periodic service updates — we will always ask for your explicit consent first.

We share your personal and financial information only in the following strictly limited circumstances:

• Government Portals and Statutory Authorities: Your data is submitted to the Income Tax Department (incometax.gov.in), GST Network (gst.gov.in), Ministry of Corporate Affairs (mca.gov.in), Trademark Registry (ipindia.gov.in), and other regulatory portals as required to complete your specific filing or registration. This is the primary purpose for which you share data with us.
• Internal Team Members: Only the CA or team member assigned to your case has access to your data. Access is role-based and restricted.
• Technology Service Providers: We use secure, reputable platforms for document storage and communication (e.g., cloud storage with encryption, email services). These providers are contractually bound not to access or use your data for any other purpose.
• Payment Gateways: If you pay via our website, your payment is processed by a third-party gateway (e.g., Razorpay or PhonePe). We do not store your card or UPI credentials. The gateway's own privacy policy governs that transaction.
• Legal Requirement: If we are required by law, court order, or government authority to disclose your data, we will comply — and where legally permitted, we will inform you before doing so.

• Sell, rent, or trade your personal or financial data to any company, individual, or marketing agency.
• Share your data with insurance companies, loan providers, investment platforms, or financial product sellers — even if they approach us directly.
• Share your PAN, Aadhaar, bank details, or income figures with any person outside our organisation except as described in Section 5.
• Use your data to contact you with unsolicited offers, third-party promotions, or political communications.
• Disclose client financial information to other clients, competitors, or the press — professional confidentiality is an absolute obligation for us under ICAI's Code of Ethics.

We retain your data for the minimum period necessary to fulfil the purpose for which it was collected, and to comply with applicable legal obligations:

After the applicable retention period, your data is securely deleted or anonymised so that you can no longer be identified from it.

We implement reasonable security practices and procedures as required under the IT (SPDI) Rules, 2011, including:

• Encrypted Storage: All client documents containing financial or identity information are stored in encrypted cloud environments with access logging.
• Access Controls: Only the CA or team member assigned to your case can access your file. Access is granted on a need-to-know basis and revoked when a case is closed.
• Secure Communication: We prefer encrypted channels for document sharing (WhatsApp end-to-end encryption, or secure email). We do not recommend sending PAN or Aadhaar copies over unencrypted public channels.
• No Printed Document Storage: We operate a paperless office. Physical documents shared with us are scanned and securely returned or destroyed — we do not maintain physical client files.
• Password Protection: Systems used by our team are password-protected and updated regularly. We use two-factor authentication on all major platforms.
• Staff Training: All team members are trained on data confidentiality obligations — including the ICAI professional ethics rules on client confidentiality.
• Breach Response: In the event of a data security breach that affects your personal data, we will notify you and the appropriate authorities as required under applicable law, without undue delay.

Our website (www.khajanchibrothers.com) uses cookies and similar technologies to provide a functioning, analysable, and optimised website experience.

You can control and delete cookies through your browser settings. Disabling analytics cookies will not affect your ability to use our website or engage our services.

You have the following rights in relation to the personal data we hold about you. To exercise any of these rights, contact us at info@khajanchibrothers.com or WhatsApp us at +91 87965 55208.

• Right to Access: You may request a copy of the personal data we hold about you at any time. We will respond within 30 days.
• Right to Correction: If any data we hold about you is inaccurate or incomplete, you may request that we correct it. This is especially important for government-filed documents — if an error is found post-filing, we will work with you to rectify it at the earliest.
• Right to Deletion ("Right to be Forgotten"): You may request that we delete your personal data. We will honour this request to the maximum extent possible — subject to legal obligations to retain certain records (e.g., filed tax returns must be retained for the statutory period).
• Right to Withdraw Consent: Where we process your data based on consent (e.g., testimonials, marketing communications), you may withdraw that consent at any time. Withdrawal does not affect any processing already done.
• Right to Restrict Processing: You may request that we limit the use of your data to storage only, pending resolution of a dispute about its accuracy or the legality of processing.
• Right to Data Portability: You may request your data in a structured, machine-readable format for transfer to another service provider.
• Right to Complain: If you believe we have processed your data incorrectly, you may raise a complaint with us first. You also have the right to approach the Ministry of Electronics and Information Technology (MeitY) or other applicable regulatory authorities.

Our website may contain links to external websites — including government portals (incometax.gov.in, gst.gov.in), the ICAI website, and other resources. These links are provided for your convenience only.

We have no control over the content or privacy practices of those websites. This Privacy Policy does not apply to any third-party website. We encourage you to review the privacy policy of any external site before submitting personal information there.

Our services are intended for adults (18 years and above) or businesses. We do not knowingly collect personal data from individuals below the age of 18.

If a parent or guardian believes that a minor has submitted personal data to us without consent, please contact us immediately at info@khajanchibrothers.com and we will delete that data promptly.

Note: Filing an ITR for a minor child (minor's income clubbed with parent's) is a legitimate tax compliance service we offer — in this case, the minor's PAN data is processed under the parent's or guardian's authorisation and engagement with us.

We may update this Privacy Policy from time to time to reflect changes in our services, applicable law, or our data handling practices. Any material changes will be communicated to existing clients via email or WhatsApp before they take effect.

The "Last Updated" date at the top of this page always reflects when the most recent revision was made. We encourage you to review this page periodically.

Continued use of our services after any update constitutes your acceptance of the revised policy. If you disagree with any change, you may contact us to discuss it or request deletion of your data.

For any questions, concerns, or requests related to this Privacy Policy or the personal data we hold about you, please contact us through any of the following channels. We aim to respond to all privacy-related queries within 7 working days.