Privacy Policy

Bhargav Rajurkar & Co., Practising Company Secretaries (the firm, we, us) is the Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDPA) for the personal data we collect through this portal and through direct communication with you. We collect and process personal data to deliver the professional services you engage us for and to comply with applicable Indian law.

We collect, broadly:

• Identity: full name, gender, date of birth, PAN, Aadhaar (last four digits stored; OTP-verified), passport (foreign founders), photograph from KYC.
• Contact: email address, mobile number.
• Address: permanent and current residential addresses; registered office of the proposed entity.
• Entity details: proposed entity name, shareholding, contribution, business description.
• Documents: PAN, Aadhaar / utility bill / passport copies, office utility bill, NOC from owner, photos.
• Financial: Razorpay transaction reference; we do not store card or UPI details.
• Communications: emails, WhatsApp messages, and notes you exchange with us.

• Performance of the engagement: filing forms with the Ministry of Corporate Affairs and other authorities you have engaged us to file with.
• Statutory compliance: the Prevention of Money Laundering Act, 2002 (PMLA) for client KYC retention; the Income Tax Act and the Companies Act for record-keeping.
• Account operation: authenticating you and partners on the dashboard; sending you status updates by email and WhatsApp.

We do not process your personal data for marketing without your explicit consent.

The following processors handle your data on our behalf, under contractual safeguards:

• Supabase (United States / global): database hosting and document storage, encrypted in transit and at rest, access controlled by Row-Level Security.
• Vercel (United States / global): hosting of this website and the application that serves it.
• Razorpay (India): payment processing.
• Surepass (India): Aadhaar OTP verification and PAN verification at partner KYC.
• Zoho Mail and Zepto Mail (India): transactional and inbox email.
• Google (Gemini API, global): AI suggestion of likely NIC code categories from your business description (informational only — paralegal confirms before filing).

We use AI to suggest likely NIC business-activity codes from your business description. This suggestion is informational; a human paralegal reviews and confirms the final NIC code before any government filing. No legal or fiscal effect arises from the automated suggestion alone.

We use only essential cookies required to keep you signed in and to maintain your session. We do not use advertising or third-party tracking cookies.

We retain your records for the periods required by Indian law, typically eight years from completion of the engagement (per Companies Act 2013 and PMLA record-keeping rules). You may request earlier erasure of data not subject to a statutory retention obligation.

Our primary processors (database, payments, KYC, email) are accessed within India. Some processors (Supabase, Vercel, Google) operate globally and may store backups outside India in jurisdictions notified by the Government of India for transfer under Section 16 of the DPDPA. We do not transfer to restricted jurisdictions.

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

Connections to this portal are encrypted with TLS. The database is encrypted at rest and access is gated by Row-Level Security. We follow the principle of least privilege for staff access. Where we suspect a personal data breach, we will notify the Data Protection Board of India and affected Data Principals as required by the DPDPA.

• Right to information: request a summary of the personal data we hold about you and the processors with whom it is shared.
• Right to correction and erasure: request correction of inaccurate data; request erasure of data not subject to a statutory retention obligation.
• Right to nominate: appoint another person to exercise your rights in case of your death or incapacity.
• Right of grievance redressal: raise a grievance with the Grievance Officer below; if not resolved satisfactorily, escalate to the Data Protection Board of India.

Email the Grievance Officer to exercise any of these rights.

Material changes will be reflected here with a new effective date. The latest version is always at this URL.