We place the highest importance on respecting and protecting your privacy. Our relationship with you is our most important asset. We want you to feel comfortable and confident when using our Platform and Services. The objective of this Policy is for you to better understand the type of information we intend to collect from you; the purpose for which the information collected by us will be used; the use of such information by the parties with whom we will share your information; our policy regarding cookies and identity theft instances; the data security practices of the third party website links available on our Platform; the data retention policy and information security measures implemented by us; our disclaimers in relation to Services and the Platform; our policy regarding the changes and updates to this Policy; our policy with respect to withdrawal of your consent; and legal rights and obligations in case of disputes and grievances.
This Privacy Policy (the “Policy”) applies to the use of or access to thewebsite https://cleartax.com and https://app.eu.cleartax.com (hereinafter, collectively referred to as the “Platform”), by the User (hereinafter “you” or “your”).
The Platform is provided by Defmacro Software Private Limited (hereinafter “Company”or “Cleartax” or “our” or “we” or “us”, which expression shall, unless repugnant to the context or meaning thereof, be deemed to mean and include its affiliates, successors and permitted assigns), a company incorporated under the laws of India , having its registered office at C 245A, Ground floor, Room No 1, Vikas Puri, New Delhi 110018, India.
Provision of the Cleartax services to a customer (“Services”), shall be governed by the terms of the Cleartax Master Subscription and Services Agreement and the Integration Services Agreement accessible at https://www.cleartax.com/legal.
By using the Platform or availing the Services, you agree to this Policy. Subject to applicable laws, the terms of this Policy (and any changes thereto) will become applicable to you retrospectively on and from the date of your first use of the Platform. If you do not agree to the terms of this Policy, please do not use our Platform and Services.
The Policy extends to the following information: (a) information you provide us, or the information otherwise collected by us through your usage of our Platform and Services (see Terms); (b) information collected while you use the Platform and Services; (c) information collected from any other source; or (d) information generated while availing the Services including but not limited to any transactional information. We aim for full transparency on how we gather, use, and share your information.
1. Personal Data Collected
ClearTax may process the following categories of personal data when you interact with our Platform and Services, contact us, or when access is provisioned for you. The information below describes the types of data, the purposes for which it is processed, and the applicable legal basis.
| Data Categories | Purpose of Processing | Legal Basis |
|---|---|---|
| Contact details – name,company name, business email address, phone number, postal address, job title, IP address associated with the user account |
|
|
| Billing and payment data – billing address, payment details (limited to what is required for invoicing), transaction records |
|
|
| Device and usage data – device identifiers, IP address, browser type, operating system, domain name, timestamps, access logs, feature usage data |
|
|
| Financial metadata (invoice metadata) –invoice amount, quantity, order value, tax currency code, VAT amounts, prepaid amount, payment means type code, payment terms, invoice note, order ID and similar invoice-level meta data |
|
|
| Chat and support interaction data – chat transcripts, support tickets, logs of interactions with ClearTax support agents |
|
|
| Cookies and similar technologies– session identifiers, preference cookies, analytics identifiers and comparable technologies used on the website or web application |
|
|
2. Third Parties With Whom We share Data
2.1 Service Providers (Sub-Processors)
We share personal data with trusted third-party service providers who support the hosting,operation, security, analytics, customer support and delivery of our Services. These providers act as ClearTax sub-processors and may process personal data only under our documented instructions. They are contractually required to maintain confidentiality, implement appropriate security measures, and are prohibited from using the data for their own purposes. ClearTax maintains a list of its sub-processors and provides customers with notice of material changes in accordance with GDPR requirements.
2.2. Affiliates and Group Companies
We may share personal data with our subsidiaries or affiliated entities that assist us in providing the Services, including for customer support, engineering, technical operations,internal reporting, or account administration. All affiliates receiving personal data handle it incompliance with this Privacy Policy and applicable data protection standards.
2.3. Partners
Where required by local regulations, ClearTax may use accredited PEPPOL Access Point providers to transmit e-invoices to government systems. Data is shared with these partners only as needed to complete the regulated submission process.
2.4. Compliance With Government or Regulatory Requirements
In jurisdictions where Services require submission of invoice information to government platforms or tax authorities, we may disclose invoice data or metadata strictly as required by applicable law or under the customer’s instructions as the data controller. Such disclosures are limited to the minimum necessary to fulfil regulatory obligations.
2.5. Billing and Payment Processing.We may share limited billing-related information (such as billing contact details, invoice records or purchase order references) with our authorised accounting or financial administration systems solely for the purpose of issuing invoices, maintaining financial records, or complying with statutory accounting obligations. ClearTax does not collect or store any payment card information as part of the Services, and no third-party payment processors are involved in this context.
2.6. Professional Advisors.
We may share personal data with external auditors, legal counsel, accountants, insurers, and other advisers where such disclosure is reasonably required for audit activities, compliance reviews, dispute resolution, or for obtaining legal or financial advice. These recipients are bound by confidentiality obligations.
2.7. Business Transactions.
If ClearTax is involved in a merger, acquisition, financing, reorganisation, sale of assets, or similar transaction, personal data may be transferred to the relevant entity as part of the evaluation or completion of that transaction. Any successor entity will continue to process personal data in accordance with this Privacy Policy unless otherwise communicated.
2.8. Required Disclosures for Legal or Security Purposes.
We may disclose personal data when legally required to do so, such as in response to court orders, lawful government requests, or regulatory inquiries. We may also disclose personal data where necessary to protect the rights, property, or safety of ClearTax, our customers, or the public, or to investigate and prevent fraud, security incidents, or abuse of our Services.
3. Cookies and Similar Technologies
ClearTax uses cookies and similar technologies to enable core functionality, maintain secure sessions, remember your preferences, and improve the performance of our Platform. Where required by law, we obtain your consent before placing non-essential cookies (such as analytics cookies). You may manage your cookie settings at any time through the cookie banner or preferences panel displayed when accessing the Platform. Blocking certain cookies may affect your ability to use some features of the Services.
4. Identity Protection and Fraud Prevention
ClearTax will never request sensitive personal data, login credentials, or payment information via unsolicited emails or messages. If you receive any communication that appears fraudulent or suspicious, please do not respond and contact us immediately. We are not responsible for losses resulting from phishing or identity-theft attempts outside of our control.
5. Links to Third-Party Websites
Our Platform may contain links to third-party websites or services. These third parties operate independently from ClearTax and have their own privacy policies. We are not responsible for the content or privacy practices of such websites. If you choose to use functionalities that involve third-party providers (e.g., authentication integrations), the privacy policies of those providers will apply to the relevant processing.
6. International Data Transfers
We may process and store your data in the European Economic Area (“EEA”) region or we may transfer it to India or to other countries in which we have affiliates, subsidiaries, or service providers. Where such transfers occur, ClearTax implements appropriate safe guards as required by GDPR, including the use of Standard Contractual Clauses (SCCs), data minimisation, encryption, and strict sub-processor controls. You may request more information about our transfer safeguards by contacting us.
7. Data Retention and Accuracy
7.1. Retention Periods: We will retain your personal information only for as long as is necessary to fulfill the purposes set out in this Policy. This includes retaining data to the extent necessary for
7.1.1. Delivering contracted Services;
7.1.2. Complying with legal, tax, and accounting obligations
(e.g., applicable statutory laws);
7.1.3. Resolving disputes; and
7.1.4. Enforcing our legal agreements and policies.
7.2. Review and Accuracy: We encourage you to review your information regularly. Any information found to be inaccurate or incomplete shall be corrected or amended upon notice. To review the information collected by us, please contact us atprivacy@cleartax.com.
7.3. User Responsibility: You acknowledge that all information provided to us is disclosed willingly and without coercion. You are responsible for taking adequate precautions at your end to preserve the integrity and security of your data, including your personal information.
8. Your Rights Under GDPR
Depending on your relationship with ClearTax and applicable law, you may have the following rights regarding your personal data:
1. Right of access – to receive a copy of the personal data we hold about you.
2. Right to rectification – to correct inaccurate or incomplete data.
3. Right to erasure – to request deletion of your data in specific circumstances.
4. Right to restriction – to request that we limit processing.
5. Right to data portability – to request transfer of your data to another controller.
6. Right to object – to object to processing based on legitimate interests.
7. Right to withdraw consent – where processing is based on consent.
To exercise these rights, please contact us using the information provided below. We may need to verify your identity before responding.
9. Information Security
ClearTax implements technical and organisational measures designed to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, and destruction. These include encryption, network security controls, access restrictions, monitoring, audit logging, data segregation, and regular security assessments. We continually review and update our security posture in line with industry best practices.
10. Children’s Data
The Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe that a minor has provided personal data to us, please contact us so we may take appropriate action.
11. Disclaimer
11.1. While we employ industry-standard measures to ensure data integrity and availability in accordance with applicable laws, you shall be solely responsible to ensure that you maintain back-up copies of such information and in the event of any malfunctioning or failing of the Platform for any reason whatsoever (including on account of maintenance),you may be required to resubmit such information.
11.2. Although, we take appropriate steps to maintain the security of information we collect from you to the extent permissible under applicable law, we assume no responsibility of whatsoever nature as to make good the losses and damages you may incur, due to privacy and/or security breach of your information. We shall not be liable for any loss or damage sustained by reason of disclosure (inadvertent or otherwise) of any information and/or omission or inaccuracy with respect to any information so disclosed and used whether or not in pursuance of a legal process or otherwise.
11.3. In the event there is any transmission of data from the Platform to a government authorised authority/portal (including but not limited to the e-invoicing portal), then such authority/portal shall have the sole right and discretion, without any liability of any nature to the Company, by all means (whether manual or automates) to accept/ reject or any User’s data from being transmitted to the authority/portal system from our Platform,including but not limited to, in case of security breach, data traffic beyond prescribed by the authority/portal, suspected payload (having virus and/ or malware) or transfer of corrupt data or due to any other reasons as mandated by the authority/portal.
11.4. Payment Transactions: When making a payment, you provide your financial information independently and directly to third-party service providers (such as your bank, credit card issuer, or payment gateway). We do not collect or store your full payment credentials on our servers.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The “Last Updated” date at the top indicates the latest revision. Significant changes will be communicated through the Platform or other appropriate means. Continued use of the Services after such changes constitutes acceptance of the revised Policy.
13. Contact Details
if you have any requests, questions or concerns about our use of your personal information and this Privacy Policy, you can contact our Data Protection Officer or privacy office team at:
ClearTax EU Privacy Team
Email: privacy@cleartax.com
Data Protection Officer (DPO): dpo@cleartax.com
14. Governing Law
This Policy shall be governed by and construed and enforced in accordance with the laws of England and Wales, without regard to the conflict of law principles. Any controversies,conflicts, disputes, or differences arising out of this Policy shall be resolved by courts in London, England which shall have exclusive jurisdiction over all issues arising out of this Policy
