Privacy Policy

Who we are

Our website address is: https://atlayco.com. We provide professional services related to accounting, GST registrations and returns, TDS/TCS, income tax return (ITR) preparation and filing, compliance advisory, and allied financial documentation.

What personal data we collect and why

We collect only the information necessary to deliver professional services and meet legal and regulatory obligations. This may include:

  • Identity data: name, PAN, Aadhaar (where legally permitted), business name, and contact details.
  • Registration data: GSTIN, registration certificates, and proof documents required for statutory filings.
  • Financial data: invoices, bank details (only where needed for refunds or statutory compliance), books of accounts, ledgers, and expense records.
  • Compliance data: prior returns, notices, departmental communications, challans, and payment references.
  • Technical data: IP address, device/browser information, and basic analytics for security and performance.

We use this data to: deliver and manage engagements, prepare and file GST/ITR returns, respond to department notices, maintain statutory records, improve our services, and comply with applicable laws.

Legal basis for processing

We process data based on one or more of the following: performance of a contract for professional services; compliance with legal obligations under tax and company laws; legitimate interests in running a secure service; and your consent where explicitly sought (e.g., marketing updates or optional features).

Data sources

Data is collected directly from clients, authorized representatives, publicly available registries/portals (e.g., GST portal, income tax portal) where permitted, and through documentation shared for service delivery.

Cookies and analytics

We use essential cookies for session management and security, and limited analytics to understand site performance. These do not track sensitive financial information. Browser settings can be used to control cookies; blocking some cookies may impact site functionality.

Client communications and documents

When you share documents for accounting, GST, or ITR services, they are used solely for the agreed engagement and retained as required by law and professional standards. We may store correspondence, challans, acknowledgements, and filings to maintain a compliance audit trail.

Data sharing and disclosures

We do not sell personal data. We may share data with:

  • Government departments and statutory portals (e.g., GSTN, Income Tax Department) to complete filings or respond to notices.
  • Trusted service providers under contract (e.g., secure hosting, document management, analytics) bound by confidentiality and data protection obligations.
  • Professional collaborators (e.g., CAs/CS/advocates) strictly on a need-to-know basis for your engagement.
  • Law enforcement or regulators when legally required.

Data retention

We retain accounting and compliance records for the period mandated under applicable laws (often 7–10 years) and professional standards. Where no legal retention applies, we retain data only as long as needed for the purpose collected, after which it is securely deleted or anonymized.

Your rights

Subject to applicable law, you may request access, correction, updating, or deletion of your personal data, or object to/limit certain processing. Some information cannot be deleted while a statutory or contractual retention applies (e.g., filed returns and audit records). To exercise your rights, contact us using the details below.

Information security

We implement administrative, technical, and organizational safeguards to protect your data from unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is fully secure; we continually improve our controls.

International data transfers

If data is processed or stored outside your jurisdiction by our service providers, we ensure appropriate safeguards are in place consistent with applicable data protection requirements.

Third‑party links and embedded content

Our site may link to government portals or third‑party sites to facilitate compliance tasks. Their privacy practices are not controlled by us; please review their policies before sharing information.

Children’s data

Our services are intended for businesses and adults. We do not knowingly collect personal data from children.

Updates to this policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The “Last updated” date will be revised accordingly.

Contact

For privacy questions or requests, contact: support@atlayco.com.

By clicking ‘Accept’ you confirm you have read and agree to this Privacy Policy. Accept