Privacy Policy

This Privacy Policy is governed by and compliant with the following Indian laws and regulations: • The Digital Personal Data Protection Act, 2023 ("DPDPA") • The Information Technology Act, 2000 and the IT (Amendment) Act, 2008 • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 • Any other applicable data protection regulations issued by the Government of India or competent regulatory authority GetYourCA acts as a Data Fiduciary as defined under the DPDPA, and you, as the user, are the Data Principal.

We collect your personal data through the following means: • Directly from you, when you fill forms, register an account, book a consultation, or engage with our chatbot. • Automatically, through cookies, analytics tools, and server logs when you visit and use the Platform. • From independent professionals (CAs, CSs) connected through the Platform, to the extent necessary for service delivery. • From government portals and databases, where you have authorised GetYourCA to act on your behalf (e.g., income tax portal, GST portal). • From third-party service providers integrated with the Platform, such as payment gateways and cloud hosting providers.

Under the Digital Personal Data Protection Act, 2023, processing of your personal data is based on your free, informed, specific, and unambiguous consent. You provide consent by: • Creating an account or registering on the Platform. • Submitting a form, chatbot query, or consultation booking. • Uploading documents for service processing. • Continuing to use the Platform after being presented with this Policy. 5.1 Withdrawing Consent You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred prior to withdrawal. To withdraw consent or request cessation of data processing, email us at connect@getyourca.in with the subject line "Withdraw Consent". Please note that withdrawal of consent for core service data may result in our inability to continue providing services to you.

We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our retention periods are as follows: • Account and profile data: Retained for the duration of your account and for 5 years after account closure, to comply with tax and financial record-keeping obligations under Indian law. • Tax and compliance documents: Retained for a minimum of 8 years from the date of filing, in accordance with income tax and GST record-keeping requirements. • Communication records: Retained for 2 years from the date of communication. • Usage and analytics data: Retained in anonymised or aggregated form for up to 2 years. • Payment records: Retained for 8 years as required by financial regulations. Upon expiry of the applicable retention period, your data will be securely deleted or anonymised. You may request earlier deletion, subject to our legal and regulatory retention obligations.

GetYourCA implements appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, alteration, or destruction. Our security measures include: • Encryption of data in transit using TLS/SSL protocols. • Access controls and role-based permissions limiting who can access your data internally. • Regular security assessments and vulnerability testing of our systems. • Secure storage of sensitive financial documents with restricted access. • Staff training on data protection and confidentiality obligations. 10.1 Data Breach Notification In the event of a personal data breach that is likely to result in risk to your rights or freedoms, GetYourCA will: • Take immediate steps to contain and remediate the breach. • Notify the Data Protection Board of India (once operational) as required under the DPDPA. • Inform affected users without undue delay where the breach poses a high risk to them, describing the nature of the breach, likely consequences, and steps we are taking. If you suspect any unauthorised use of your data, please notify us immediately at grievance@getyourca.in.

The GetYourCA Platform is intended for users who are 18 years of age or older. We do not knowingly collect, store, or process personal data of children under the age of 18. If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such data. If you believe a child's data has been submitted to our Platform, please notify us at grievance@getyourca.in immediately.

The Platform may contain links to third-party websites, government portals, or partner services. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party site you visit. GetYourCA is not responsible for the privacy practices or content of such external websites.

GetYourCA reserves the right to update or amend this Privacy Policy at any time to reflect changes in law, our practices, or Platform features. We will notify you of material changes by: • Posting the updated Policy on this page with a revised "Last Updated" date. • Sending an email notification to your registered email address for significant changes. Your continued use of the Platform after any update constitutes your acceptance of the revised Privacy Policy.

In accordance with the Information Technology Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, GetYourCA has designated a Grievance Officer to address privacy-related complaints and concerns. Designation: Grievance Officer, GetYourCA Email: grievance@getyourca.in Contact: connect@getyourca.in Phone: +91 99990 15066 Response Time: Within 48 business hours of receipt of complaint Resolution Time: Within 30 days of receipt of complaint If your grievance is not resolved to your satisfaction, you may approach the Data Protection Board of India or any other competent authority.

For any privacy-related questions, data requests, or concerns not addressed in this Policy, please reach out to us: Email: connect@getyourca.in Phone: +91 99990 15066 Website: https://getyourca.in Grievance Email: grievance@getyourca.in By using the GetYourCA Platform, you acknowledge that you have read, understood, and agreed to this Privacy Policy.