1. Introduction
ESP Point (“we”, “us”, “our”) is committed to protecting your personal information. This Privacy Policy explains how your data is collected, used, stored, protected, and processed when you use our website, mobile app, and related services (“Platform”).
By using our Platform, you agree to this Policy. If you do not agree, please discontinue use.
This Policy is compliant with:
- Information Technology Act, 2000
- SPDI (Sensitive Personal Data or Information) Rules
- General industry-accepted privacy standards
2. Scope
This Policy applies to:
- Individual taxpayers and clients
- CAs, CS, tax consultants and professionals
- App/website visitors
- Any person interacting with ESP Point in any way
3. Information We Collect
A. Personal Information
- Name, date of birth, gender
- Email, phone number, postal address
- PAN, Aadhaar (only if voluntarily provided)
- Bank account number, IFSC, UPI ID
- Form 16, Form 26AS, AIS/TIS
- Income details, deductions, investment proofs
- Tax challans, vouchers, invoices
- Uploaded files & documents
B. Sensitive Personal Information
- Financial information
- Tax return data
- Government-issued ID information
- Encrypted login credentials
C. Device & Technical Data
- IP address
- Device type and operating system
- Browser details
- Session logs
- Basic performance analytics
D. Optional App Permissions (Only If You Allow)
- Camera (for document uploads)
- Storage access (file uploads)
- SMS read (for OTP autofill)
- Contacts (optional client import)
- Microphone (optional voice notes)
You may deny or revoke permissions anytime through device settings.
E. Communication Data
- Emails sent by you
- Chat messages
- Support tickets
- Call recordings (only when consented)
4. How We Collect Information
- Directly from you
- From uploaded documents
- Through secure partners (KYC, payment gateway, ERI)
- Automatic technical logs
- Publicly available or government sources
5. Purpose of Processing
A. Primary Service Purposes
- Income Tax Return preparation & filing
- GST filings, accounting & compliance
- Handling tax notices, scrutiny and advisory
- KYC verification
- Auto-importing tax data (if enabled by user)
B. Communication
- Filing reminders
- Alerts and notifications
- Service confirmations
C. Legal & Regulatory Compliance
As required under tax laws, IT Act, audits, or government authorities
D. Security & Fraud Prevention
- Detecting unauthorized activity
- Preventing identity theft
- Protecting system integrity
E. Service Improvement
- Improving app & website performance
- Troubleshooting
- Enhancing user experience
F. Marketing (Only With Consent)
- Promotional emails
- New feature updates
- Offers and periodic announcements
You may opt out anytime.
6. Legal Basis of Processing
We rely on:
- User consent
- Contractual necessity
- Legal and regulatory requirements
- Legitimate interests
- Fraud & security obligations
7. Sharing of Information
We never sell your personal data.
We may share your information with:
- Hosting/cloud service providers
- Payment gateways (PCI-compliant)
- KYC verification partners
- ERI/tax-filing partners
- Business support vendors (SMS, email, CRM tools)
- Government authorities (only when legally required)
- Auditors or professional advisors
All partners must follow strict confidentiality and data security obligations.
8. International Transfer
If data is stored/processed outside India (e.g., on global cloud servers), appropriate security measures and contractual safeguards are applied.
9. Data Security
We maintain strong security measures including:
- SSL/TLS encryption
- Access control & role-based authorization
- Secure cloud infrastructure
- Data minimization principles
- Continuous activity monitoring
No system is 100% secure, but we take all reasonable precautions.
10. Data Retention
We keep data only as long as required:
| Data Type |
Retention |
| Tax data & filings | 7–10 years |
| KYC documents | 5–7 years |
| Account/profile data | Active + 2 years |
| Chat/support messages | Minimum 2 years |
| Call recordings | 1–3 years |
| Analytics-logs | Stored only in anonymized form |
Data is securely deleted or anonymized when no longer required.
11. User Rights
You have the right to:
- Access your personal data
- Correct inaccurate information
- Request deletion (if legally allowed)
- Withdraw consent
- Restrict certain processing
- Request a copy of your data
- Raise a privacy complaint
You may contact our support team via the Platform to exercise these rights.
12. Children’s Privacy
Our services are intended for users 18 years and above.
If it is discovered that a minor’s data has been collected, we will delete it upon request.
13. Cookies (Short Legal Notice Only)
We use only essential cookies that support:
- Login/session security
- Core website functionality
- Basic analytics
You may restrict cookies through browser settings.
14. Automated Decision-Making
We may use automated tools for fraud detection, document classification and recommendations.
You may request human review whenever needed.
15. Third-Party Links
External websites linked from our Platform have their own privacy practices.
We are not responsible for their policies.
16. Data Breach Procedure
In case of a security incident, we will:
- Investigate immediately
- Take corrective steps
- Notify affected users (if required by law)
- Inform authorities where legally mandated
