Privacy Policy
Last updated: 2 July 2026
Lakshmi Sahithi & Co ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy — which also serves as the notice required under Section 5 of the Digital Personal Data Protection Act, 2023 (the "DPDP Act") — explains what personal data we collect, why, how we protect it, and the rights available to you. It is intended to be consistent with the DPDP Act, the Information Technology Act, 2000 and the SPDI Rules, 2011.
1. Who we are (Data Fiduciary)
For the purposes of the DPDP Act, Lakshmi Sahithi & Co is the Data Fiduciary that determines the purpose and means of processing your personal data. You — the individual whose data is processed — are the Data Principal. Our contact details are at the end of this policy.
2. Personal data we collect
- Information you provide — when you use the enquiry form, the "File Now" form, WhatsApp, email, phone, or the client portal: your name, phone number, email, city, PAN (if you choose to share it), and your message.
- Service & financial information — where you engage us, the documents and details necessary to deliver the professional service you request (e.g. income details, statements, returns).
- Account & upload data — if you use the client portal, your login email and any documents you upload.
- Technical data — standard logs (such as IP address, browser type) kept by our hosting/service providers for security and reliability.
3. Purpose & how we use your data
In line with the principle of purpose limitation, we use your personal data only to:
- respond to your enquiry and provide the professional services you request;
- communicate with you about your engagement and filings;
- operate and secure the client portal; and
- comply with our legal, regulatory, tax and professional (ICAI) obligations.
We practise data minimisation — we collect only what is necessary for these purposes, and we do not sell, rent or trade your personal data.
4. Legal basis & your consent
We process your personal data on the basis of your consent — which is free, specific, informed, unconditional and unambiguous, given through a clear affirmative action (such as submitting a form or creating a portal account) — and, where applicable, for the performance of our engagement with you or to meet a legal obligation (a "legitimate use" under the DPDP Act). You may withdraw your consent at any time (see "Your rights"), as easily as it was given; withdrawal does not affect processing already carried out, and may limit our ability to provide certain services.
5. Cookies & third-party services
This website does not use advertising or tracking cookies and runs no analytics of its own. Some features rely on trusted processors that may set their own cookies or receive limited technical data when the relevant page loads:
- Google Fonts — website typography.
- Google Maps — the embedded map on the Contact page.
- Web3Forms — delivers your form submissions to us by email.
- Supabase — powers the client portal (authentication and secure document storage). Where the portal is used, we select a data region in India.
You can control or block cookies via your browser; essential content will continue to work.
6. Sharing of your data
We disclose personal data only to: (a) service providers/processors who help us operate the website or deliver our services, under confidentiality obligations; or (b) where required by law, regulation, court order, or ICAI guidelines. We do not transfer your data to any party for their own marketing.
7. Data retention
We retain your personal data only for as long as necessary for the purpose it was collected. As a Chartered Accountancy practice, we are also required to retain certain client records for statutory periods under tax, company and professional law — such records are kept for those periods even after a service ends. When data is no longer required and there is no legal obligation to retain it, we securely delete or anonymise it.
8. Data security
We apply reasonable technical and organisational safeguards to protect your data, including HTTPS across the site, access controls, and — for the client portal — row-level security so each client can access only their own records, private document storage, and expiring download links. All client information is handled under strict professional confidentiality in line with ICAI guidelines.
9. Your rights as a Data Principal
Under the DPDP Act, subject to its conditions, you have the right to:
- Access — obtain a summary of the personal data we process about you and how;
- Correction & completeness — have inaccurate or incomplete data corrected or completed, and updated;
- Erasure — request deletion of your personal data (subject to our legal retention duties);
- Withdraw consent — withdraw previously given consent at any time;
- Grievance redressal — a readily available means to raise a grievance (see below);
- Nominate — nominate another individual to exercise your rights in the event of death or incapacity.
To exercise any of these rights, contact our Grievance Officer below. We will respond within the timelines prescribed under the DPDP Act.
10. Grievance redressal
If you have any question, request or complaint about how we handle your personal data, please contact:
CA Lakshmi Sahithi Jallipalli — Grievance Officer
Lakshmi Sahithi & Co
Email: Ca.lakshmisahithi@gmail.com
Phone: +91 90002 69751
If your grievance is not resolved to your satisfaction, you may escalate the matter to the Data Protection Board of India as provided under the DPDP Act.
11. Data breach
In the event of a personal data breach, we will take prompt remedial action and notify the Data Protection Board of India and affected Data Principals in the manner required under the DPDP Act.
12. Children's data
Our services are intended for individuals and businesses and are not directed at children. We do not knowingly collect the personal data of children (individuals under 18) without verifiable parental/guardian consent, and we do not carry out tracking or targeted advertising directed at children.
13. Changes to this policy
We may update this policy from time to time; the latest version will always appear here with a revised date.
14. Contact
Lakshmi Sahithi & Co · Ca.lakshmisahithi@gmail.com · +91 90002 69751 · Hyderabad, Telangana 500038.
See also: Terms & Conditions · Disclaimer
This policy is provided for information and reflects our current practices under the DPDP Act, 2023. As the Act's rules continue to be operationalised, please treat this as a living document and consult a legal advisor for advice specific to your situation.