Privacy Policy

This Privacy Policy describes how Entigrity Services LLP ("Entigrity", "we", "our", or "us"), a Limited Liability Partnership incorporated in India and having its registered office in Ahmedabad, Gujarat, collects, uses, processes, discloses, and safeguards personal data and information that is provided to us in the course of our business activities — including through this website and during the delivery of our white-label accounting, tax, and audit services to U.S. CPA firms.

We are committed to complying with applicable data-protection laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, the Information Technology Act, 2000 and the rules made thereunder (including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011), and contractual data-protection commitments made to our partner CPA firms regarding their underlying client data.

1. Who this policy covers

This policy applies to:

• Visitors to www.entigrityservices.com and any sub-domains operated by Entigrity Services LLP;
• Prospective and existing partner CPA firms who interact with us via website forms, email, phone, or in person;
• Individuals whose personal information is provided to us in the course of delivering services to our partner CPA firms (referred to as "engagement data" and processed strictly as a data processor on behalf of the partner firm).

2. Information we collect

2.1 Information you provide directly

• Contact and business details: name, firm name, role/designation, work email, phone number, state/country, and firm size — submitted via our website contact form or shared with our partnership team.
• Engagement information: details of the services you wish to engage us for, your firm's software stack, seasonal volumes, and pain points.
• Communications: emails, messages, call notes, and meeting records exchanged with our team.

2.2 Information collected automatically

• Technical data: IP address, browser type and version, operating system, device identifiers, referring URL, pages viewed, and timestamps.
• Cookies: we use a minimal set of strictly necessary cookies to operate this website. We do not currently deploy advertising, profiling, or third-party tracking cookies.

2.3 Engagement data (processed on behalf of partner firms)

In the course of delivering accounting, tax, and audit-support services, we receive and process information relating to our partner firms' clients — including financial records, tax-return data, employee/payroll information, and supporting documentation. Such data is processed strictly as a data processor on behalf of the partner CPA firm (who acts as the data controller), under a signed Master Services Agreement (MSA), Non-Disclosure Agreement (NDA), and applicable engagement-level data-processing terms.

3. How we use information

• To respond to inquiries, schedule discovery calls, and provide quotations;
• To negotiate, execute, and administer Master Services Agreements, NDAs, and Statements of Work with partner firms;
• To deliver the contracted accounting, tax, and audit-support services;
• To communicate operational updates, capacity reports, quarterly business reviews, and service-related notices;
• To comply with applicable Indian law, tax filings, statutory audit requirements, and lawful regulatory requests;
• To maintain the security and integrity of our systems, detect and prevent fraud, and enforce our contractual rights.

4. Legal basis for processing

We process personal data on the following legal bases:

• Consent — where you have submitted information via a website form or otherwise provided it voluntarily;
• Performance of a contract — to deliver services under an MSA/SOW with a partner CPA firm;
• Legal obligation — to comply with Indian tax, corporate, labour, and data-protection laws;
• Legitimate interest — to operate, secure, and improve our business in a manner that does not override your rights.

5. Disclosure of information

We do not sell, rent, or trade personal data. We disclose information only in the following circumstances:

• To partner CPA firms — engagement data is shared only with the partner firm that originated it, and only as required to deliver the contracted services;
• To sub-processors and service providers — limited to vendors that support our business operations (e.g., secure hosting, communication, professional advisors), each bound by written confidentiality and data-protection obligations;
• To regulators and law-enforcement authorities — where required by Indian law, court order, or binding regulatory request;
• In connection with a corporate transaction — such as a reorganization, financing, or sale, subject to standard confidentiality protections.

6. Cross-border data transfer

Because we serve CPA firms based in the United States, engagement data is, by nature of the service, transferred between India and the United States. Such transfers are governed by the engagement contract with the partner CPA firm and are protected by appropriate technical and organizational safeguards, including encrypted transmission channels, restricted access, and signed NDAs covering all personnel involved.

7. Data retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this policy or as required by applicable law:

• Contact and inquiry data: up to 24 months from the last interaction, unless an engagement is established;
• Engagement data: retained for the term of the engagement plus a contractually-agreed period (typically 7 years) to meet U.S. and Indian tax-record-retention requirements;
• Statutory records: retained for the periods mandated by the Companies Act, Income-tax Act, and LLP Act.

8. Data security

We maintain reasonable security practices and procedures aligned with ISO/IEC 27001 controls. Specific measures include:

• Physical access controls — biometric entry, restricted workfloors, no removable media or personal devices on production floors;
• Encryption — AES-256 at rest and TLS 1.3 in transit; VPN-only access to partner-firm environments;
• Identity and access — multi-factor authentication, least-privilege access, periodic access reviews;
• People controls — background verification, individual NDAs, annual security and data-protection training;
• Monitoring and incident response — centralized logging, alerting, and a documented incident-response procedure with prompt breach-notification commitments to affected partner firms.

Further details are set out in our Data Security page.

9. Your rights

Subject to applicable law (including the DPDP Act, 2023), you may have the following rights in respect of personal data relating to you:

• Right of access — to confirm whether we hold personal data about you and obtain a copy;
• Right of correction — to request correction of inaccurate or incomplete data;
• Right of erasure — to request deletion of data, subject to lawful retention requirements;
• Right to withdraw consent — where processing is based on consent;
• Right to grievance redressal — to raise a complaint with our Grievance Officer (details below).

For engagement data, requests should be directed to the partner CPA firm acting as the data controller; we will support the partner firm in responding to any such request.

10. Grievance Officer

11. Updates to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The "Last updated" date at the top indicates when the policy was last revised. Material changes will be highlighted on this page or, where appropriate, communicated to partner firms directly.

12. Contact

For any questions about this Privacy Policy or our data-handling practices, please contact:

• Email: privacy@entigrityservices.com
• Postal: Entigrity Services LLP, Ahmedabad, Gujarat 380015, India