Privacy Policy
Last updated: July 2026 • TaxShield
🔒 TL;DR — No personal data is collected or stored. PDFs are processed in-memory and discarded. No cookies, no tracking.
No Personal Data Collected or Stored
We do not collect, store, or process any personal data. There are no user accounts, no login, no registration, and no way for us to identify who you are. Your Form 16, Form 26AS, income details, PAN, and generated ITR JSON never leave your device in any persistent form.
PDF Processing
When you upload a PDF, it is processed in-memory only. Text is extracted, parsed, and sent back to your browser within your active session. Once the response is delivered, the PDF data is immediately discarded from server memory. There is no file system storage, no database persistence, and no backup copies made.
No Cookies, No Tracking
- No cookies (first-party or third-party)
- No tracking pixels or fingerprinting
- No third-party analytics services (Google Analytics, Meta Pixel, etc.)
- No advertising networks
The only analytics collected are anonymous page-view counts — a simple counter that records which pages were visited and basic screen width data. This uses a randomly generated visitor ID stored in your browser's localStorage (not a cookie). It contains no personally identifiable information and cannot be linked back to you.
No Data Shared with Third Parties
We do not share any data with third parties. No analytics providers, no advertising networks, no data brokers, no affiliates. Since we don't collect personal data in the first place, there is nothing to share.
Local Processing
All tax computations, regime comparisons, and JSON generation happen in your browser or within an ephemeral server session. The generated ITR JSON file is created client-side and stays on your device when you download it. You are in full control of where that file goes — typically you upload it on incometax.gov.in yourself.
Compliance
Since no personal data is stored, there is no data to breach, no data principal rights to exercise (right to erasure, correction, portability), and no data fiduciary obligations beyond this disclosure. This approach satisfies the requirements of:
- Information Technology Act, 2000 (India) — including reasonable security practices under Section 43A
- Digital Personal Data Protection Act, 2023 (DPDP Act) — no data retained means no consent or data principal rights provisions apply
Contact
If you have questions about this privacy policy or how the tool handles data, you can reach us at:
📧 contact@example.com
(Or raise an issue on the project repository)
Changes to This Policy
We may update this policy if the tool's functionality changes. The "Last updated" date at the top will reflect when the policy was last revised.