Privacy Policy

At task360, your data security is our priority. Explore our Privacy Policy to understand our commitment to protecting your business and financial information.

Effective Date: January 1, 2026
Last Updated: January 12, 2026

1. INTRODUCTION

Welcome to Task360's Privacy Policy. We are committed to protecting your privacy and handling your personal data responsibly.

Who We Are:
Task360, operated by Task360 Assisst Private Limited., is a company providing accounting, taxation, compliance, and business advisory services. We are based in Indore, Madhya Pradesh, India.

Purpose of This Policy:
This Privacy Policy explains:

  • What personal data we collect
  • Why we collect it
  • How we use, store, and protect it
  • Your rights regarding your data
  • How to contact us about privacy matters

Scope:
This policy applies to:

  • Our website (www.task360.in)
  • Our professional services
  • All communications and interactions with us

Your Consent:
By using our website or services, you consent to the data practices described in this policy.

2. DATA CONTROLLER

Data Controller Details:

Name: Task360 Assist Private Limited (operating as Task360)
Address: 186, Goyal Nagar, Near Bengali Square, Indore, Madhya Pradesh, India
Email: info@task360.co Phone: 8989459947 Website: www.task360.co

Data Protection Officer:
For privacy-related queries, contact:
Email: info@task360.co Response Time: Within 1 week

3. LEGAL BASIS FOR DATA PROCESSING

We process your personal data based on:

3.1 Contract Performance

Processing necessary to:

  • Provide professional services you engaged us for
  • Execute engagement letter or service agreement
  • Deliver contracted outputs

3.2 Legal Obligation

Processing required by:

  • Chartered Accountants Act, 1949
  • Income Tax Act, 1961
  • GST Act, 2017
  • Companies Act, 2013
  • Prevention of Money Laundering Act, 2002
  • Other applicable Indian laws

3.3 Legitimate Interest

Processing necessary for:

  • Business administration
  • Service improvement
  • Marketing communications (with opt-out)
  • Fraud prevention
  • Network security

3.4 Consent

Processing based on your explicit consent for:

  • Newsletter subscriptions
  • Marketing communications
  • Optional data sharing
  • Cookies and tracking (where required)

You may withdraw consent anytime without affecting lawfulness of processing done before withdrawal.

4. PERSONAL DATA WE COLLECT

4.1 Information You Provide Directly

Contact Information:

  • Full name
  • Email address
  • Phone number
  • Company name and designation
  • Business address
  • Communication preferences

Professional Information:

  • Business type and industry
  • Turnover and financial metrics
  • Number of employees
  • Business objectives

Financial Information:

  • Bank account details (for payments)
  • GST numbers
  • PAN/TAN details
  • Accounting data
  • Financial statements
  • Tax returns
  • Transaction records
  • Invoice and payment history

Identity Documents:

  • PAN card copies
  • Aadhaar (when legally required)
  • Director identification documents
  • Incorporation documents
  • Partnership deeds
  • Trust deeds
  • Authorized signatory documents

Service-Specific Data:

  • Information needed for specific engagements
  • Documents uploaded by you
  • Communications with our team
  • Feedback and survey responses

4.2 Information We Collect Automatically

Website Usage Data:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Pages visited and time spent
  • Referral source
  • Click patterns
  • Date and time of visit

Cookies and Tracking:

  • Session cookies
  • Preference cookies
  • Analytics cookies
  • Marketing cookies (with consent)

See Section 10 for detailed Cookie Policy.

Communication Data:

  • Email correspondence
  • Call recordings (with notice)
  • Chat transcripts
  • Meeting notes

4.3 Information from Third Parties

We may receive data from:

  • Government Portals: GST portal, Income Tax portal, MCA portal (with your authorization)
  • eCommerce Platforms: Amazon, Flipkart, Meesho (with your authorization)
  • Banks: For payment reconciliation
  • Credit Bureaus: For due diligence (with consent)
  • Business Partners: With your authorization
  • Publicly Available Sources: Business registries, published financials

4.4 Sensitive Personal Data

We may process sensitive data when necessary:

  • Health information (for insurance, employee benefits)
  • Biometric data (if used for authentication)
  • Financial information in detail

We process sensitive data only:

  • With explicit consent, or
  • When legally required, or
  • For professional services contracted

5. HOW WE USE YOUR DATA

5.1 Service Delivery

Primary Purpose: To provide professional services you engaged us for

Specific uses:

  • Preparing financial statements and returns
  • Filing tax returns and GST returns
  • Company incorporation and compliance
  • Business advisory and consulting
  • Virtual CFO services
  • Fundraising support
  • ESOP implementation
  • Any other contracted services

5.2 Communication

  • Responding to your inquiries
  • Providing service updates
  • Sending important notices
  • Sharing relevant resources
  • Seeking feedback
  • Conducting surveys

5.3 Legal and Regulatory Compliance

  • Complying with CA professional standards
  • Meeting tax and GST obligations
  • Responding to legal requests
  • Cooperating with regulatory authorities
  • Preventing money laundering
  • Maintaining professional records

5.4 Business Operations

  • Processing payments and billing
  • Managing client accounts
  • Internal record-keeping
  • Quality control and peer review
  • Professional indemnity insurance
  • Business analytics
  • Service improvement

5.5 Marketing (with opt-out option)

  • Sending newsletters
  • Sharing service updates
  • Providing educational content
  • Announcing new offerings
  • Inviting to events and webinars

Opt-Out: You can unsubscribe anytime via link in emails or emailing info@task360.co

5.6 Security and Fraud Prevention

  • Protecting against unauthorized access
  • Detecting fraudulent activities
  • Ensuring network security
  • Preventing data breaches
  • Identity verification

5.7 Website Improvement

  • Analyzing website usage
  • Improving user experience
  • Testing new features
  • Optimizing performance
  • Understanding user preferences

6. DATA SHARING AND DISCLOSURE

6.1 We Do NOT Sell Your Data

We never sell your personal data to third parties.

6.2 Sharing with Service Providers

We may share data with trusted third parties who help us deliver services:

Technology Providers:

  • Cloud storage providers (AWS, Google Cloud)
  • Email service providers
  • Accounting software providers (Tally, Zoho Books)
  • Video conferencing platforms
  • Website hosting services
  • Payment gateways
  • Analytics platforms (Google Analytics)

Professional Service Providers:

  • Sub-contractors and consultants
  • Peer reviewers (for quality control)
  • Legal advisors
  • Insurance providers
  • Banking partners

Conditions:

  • All service providers are bound by confidentiality
  • Data Processing Agreements in place
  • Limited to data necessary for their function
  • Subject to security requirements

6.3 Government and Regulatory Authorities

We disclose data when:

  • Required by law
  • Requested by Income Tax Department
  • Requested by GST authorities
  • Requested by MCA or ROC
  • Required for regulatory compliance
  • Necessary for legal proceedings
  • Required by court order

6.4 eCommerce and Business Platforms

With your authorization, we access:

  • Amazon Seller Central
  • Flipkart Seller Hub
  • Meesho Seller Dashboard
  • Other marketplace platforms
  • Accounting software
  • Banking platforms

We use this access only for contracted services.

6.5 Business Transfers

If Task360 is involved in merger, acquisition, or sale of assets:

  • Your data may be transferred
  • We will notify you before transfer
  • New entity will be bound by this policy
  • You will have choice to continue or terminate services

6.6 With Your Consent

We may share data with others when you explicitly consent or direct us to do so:

  • Sharing reports with your bankers
  • Providing information to investors
  • Coordinating with other advisors
  • Any other purpose you authorize

7. DATA RETENTION

7.1 Retention Periods

During Engagement:

  • All data retained for service delivery

After Engagement Ends:

| Data Type | Retention Period | Reason | |-----------|------------------|---------| | Financial records | 8 years minimum | CA Act requirement | | Tax returns and working papers | 6 years minimum | Income Tax Act | | GST records | 6 years minimum | GST Act | | Corporate documents | 8 years minimum | Companies Act | | Audit files | 10 years | Professional standards | | Identity documents | 5 years after KYC | PMLA compliance | | Communications | 3 years | Business records | | Marketing data | Until unsubscribe + 1 year | Compliance | | Website analytics | 26 months | Industry practice |

7.2 Legal Holds

Data subject to litigation or investigation retained until matter concludes.

7.3 Secure Deletion

After retention period:

  • Data securely deleted or anonymized
  • Physical documents shredded
  • Electronic data permanently erased
  • Backups purged
  • Deletion logs maintained

7.4 Exceptions

We may retain data longer if:

  • Required by law
  • Necessary for legal claims
  • With your explicit consent
  • Anonymized for statistical purposes

8. DATA SECURITY

8.1 Security Measures

We implement comprehensive security:

Technical Security:

  • Encryption in transit (SSL/TLS)
  • Encryption at rest (AES-256)
  • Secure cloud storage
  • Regular security updates
  • Firewall protection
  • Intrusion detection systems
  • Regular vulnerability scans
  • Secure backup systems

Access Controls:

  • Multi-factor authentication
  • Role-based access control
  • Individual user accounts
  • Regular access reviews
  • Strong password policies
  • Automatic session timeouts

Organizational Security:

  • Employee confidentiality agreements
  • Security awareness training
  • Clean desk policy
  • Secure document disposal
  • Visitor access controls
  • Security incident response plan

Physical Security:

  • Secure office premises
  • Controlled access
  • CCTV surveillance
  • Locked storage for physical documents
  • Secure disposal facilities

8.2 Employee Training

All employees undergo:

  • Data protection training
  • Security awareness programs
  • Regular refresher courses
  • Specific training for handling sensitive data

8.3 Third-Party Security

Service providers must:

  • Maintain equivalent security standards
  • Undergo security assessments
  • Sign Data Processing Agreements
  • Report security incidents promptly

8.4 Incident Response

In case of data breach:

  1. Immediate containment within 24 hours
  2. Assessment of impact and affected data
  3. Notification to affected users within 72 hours
  4. Reporting to authorities as required
  5. Remediation and prevention measures
  6. Documentation and review

8.5 Limitations

While we implement strong security:

  • No system is 100% secure
  • Internet transmission has inherent risks
  • You are responsible for protecting your passwords
  • Notify us immediately of suspected breaches

9. YOUR RIGHTS

9.1 Right to Access

You can request:

  • What personal data we hold about you
  • How we use your data
  • Who we share it with
  • How long we'll keep it

Process:

  • Submit request to info@task360.co
  • We respond within 30 days
  • First request free; subsequent requests may be charged

9.2 Right to Correction

You can request correction of:

  • Inaccurate data
  • Incomplete data
  • Outdated information

Process:

  • Notify us of corrections needed
  • We verify and update within 15 days
  • Notify third parties if already shared

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion when:

  • Data no longer necessary for purpose
  • You withdraw consent
  • You object to processing
  • Data processed unlawfully

Limitations:

  • Cannot delete if legally required to retain
  • Cannot delete if needed for legal claims
  • Cannot delete anonymized statistical data

9.4 Right to Restrict Processing

You can request we limit processing when:

  • Disputing data accuracy
  • Processing is unlawful but you oppose deletion
  • We no longer need data but you need it for legal claims
  • Pending verification of legitimate grounds

9.5 Right to Data Portability

You can request:

  • Copy of your data in structured format
  • Transfer to another service provider (where technically feasible)

Format: Commonly used, machine-readable format (PDF, Excel, CSV)

9.6 Right to Object

You can object to:

  • Processing for direct marketing (absolute right)
  • Processing based on legitimate interest
  • Automated decision-making

9.7 Right to Withdraw Consent

When processing based on consent:

  • You can withdraw anytime
  • Doesn't affect lawfulness of prior processing
  • We'll stop processing unless other legal basis exists
  • May affect our ability to provide services

9.8 Right to Lodge Complaint

If you believe we've violated data protection laws:

  • Contact our Data Protection Officer first

9.9 How to Exercise Rights

Contact:
Email: info@task360.co Subject: Data Rights Request - [Specify Right]

Include:

  • Your name and contact details
  • Account/client reference (if applicable)
  • Specific right you're exercising
  • Any supporting information

Timeline:

  • We respond within 30 days
  • May extend by 60 days for complex requests
  • We'll inform you of any extension

Verification:

  • We may ask for identity verification
  • To prevent unauthorized access
  • Proportionate to sensitivity of request

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 What Are Cookies

Cookies are small text files stored on your device when you visit websites. They help websites remember your preferences and understand usage patterns.

10.2 Types of Cookies We Use

Strictly Necessary Cookies:

  • Purpose: Essential website functionality
  • Examples: Session management, security, load balancing
  • Duration: Session (deleted when browser closed)
  • Legal Basis: Legitimate interest (essential for service)
  • Cannot be disabled without affecting website functionality

Preference Cookies:

  • Purpose: Remember your settings and preferences
  • Examples: Language selection, display preferences, font size
  • Duration: 1 year
  • Legal Basis: Legitimate interest / Consent
  • Can be disabled but may affect user experience

Analytics Cookies:

  • Purpose: Understand how you use our website
  • Examples: Google Analytics, page views, bounce rate
  • Duration: 2 years
  • Legal Basis: Consent
  • Can be disabled via cookie settings

Marketing Cookies:

  • Purpose: Show relevant advertisements
  • Examples: Google Ads, Facebook Pixel, remarketing
  • Duration: 90 days - 2 years
  • Legal Basis: Consent
  • Can be disabled via cookie settings

10.3 Third-Party Cookies

We use cookies from:

| Provider | Purpose | Privacy Policy | |----------|---------|----------------| | Google Analytics | Website analytics | Google Privacy Policy | | Google Ads | Advertising | Google Ads Policy | | Facebook Pixel | Social media marketing | Facebook Privacy | | LinkedIn Insight | Professional networking ads | LinkedIn Privacy |

10.4 Managing Cookies

Cookie Consent Banner:

  • Appears on first visit
  • Choose which cookies to accept
  • Update preferences anytime

Browser Settings:

  • Block all cookies
  • Delete existing cookies
  • Block third-party cookies
  • Receive cookie warnings

Note: Blocking cookies may affect website functionality.

Opt-Out Links:

10.5 Do Not Track

Our website respects "Do Not Track" browser settings. When enabled, we:

  • Don't place marketing cookies
  • Limit analytics tracking
  • Don't share data for advertising

10.6 Other Tracking Technologies

Pixels/Web Beacons:

  • Used in emails to track opens
  • Can be disabled by blocking images

Local Storage:

  • Stores larger amounts of data locally
  • Used for application functionality
  • Clear via browser settings

Session Storage:

  • Temporary storage during session
  • Automatically cleared when browser closed

11. CHILDREN'S PRIVACY

11.1 Age Restriction

Our services are intended for:

  • Businesses and professionals
  • Individuals 18 years or older

We do not knowingly:

  • Collect data from children under 18
  • Market to children
  • Allow children to create accounts

11.2 Parental Notice

If you believe we've collected child's data:

  • Contact us immediately at privacy@task360.in
  • We will delete it promptly
  • We will take corrective measures

11.3 School/Educational Services

If providing services to educational institutions:

  • Separate agreement with institution
  • Institution responsible for student consent
  • Limited processing only for contracted purpose
  • Enhanced security measures

12. INTERNATIONAL DATA TRANSFERS

12.1 Data Location

Your data is primarily stored and processed in:

  • India (primary location)
  • Service providers may use international servers

12.2 Cross-Border Transfers

We may transfer data outside India when:

  • Using cloud services with international servers
  • Coordinating with international team members
  • Required for professional services
  • With your explicit consent

12.3 Safeguards

For international transfers:

  • We ensure adequate data protection
  • Use Standard Contractual Clauses where applicable
  • Verify recipient country has adequate protections
  • Implement technical safeguards (encryption)

12.4 Your Rights

International transfers don't reduce your rights. You retain all rights described in Section 9.

13. AUTOMATED DECISION-MAKING AND PROFILING

13.1 Automated Processing

We use limited automated processing for:

  • Service Recommendations: Suggesting suitable packages based on business profile
  • Fraud Detection: Flagging suspicious activities
  • Quality Checks: Automated validation of data completeness

13.2 No Pure Automated Decisions

We do NOT make significant decisions based purely on automated processing. All important decisions involve human review.

13.3 Right to Human Review

You can:

  • Request human review of automated recommendations
  • Challenge automated assessments
  • Provide additional context
  • Object to automated processing

14. MARKETING COMMUNICATIONS

14.1 Types of Communications

With appropriate consent/opt-in, we may send:

Service-Related (Always Sent):

  • Engagement confirmations
  • Service updates
  • Important notices
  • Billing statements
  • Compliance reminders

Marketing (Opt-In Required):

  • Newsletters
  • Service updates
  • Educational content
  • Event invitations
  • Promotional offers
  • Blog posts

14.2 Consent

Marketing communications require:

  • Explicit opt-in (checkbox)
  • Or legitimate interest (existing clients for similar services)
  • Clear identification of sender
  • Unsubscribe option

14.3 Unsubscribe

How to Opt-Out:

  • Click "Unsubscribe" in any marketing email
  • Email unsubscribe@task360.in
  • Contact us at privacy@task360.in
  • Update preferences in client portal (when available)

Effect:

  • Removed from marketing lists within 5 business days
  • Service-related communications continue
  • No penalty or service impact

14.4 Frequency

Marketing emails:

  • Maximum 2 per week
  • Sent only during business hours
  • Respect email preferences
  • Relevant to your interests

15. PROFESSIONAL CONFIDENTIALITY

15.1 CA Professional Secrecy

As Consultant, we are bound by:

  • Professional duty of confidentiality

This provides additional protection beyond data privacy laws.

15.2 Enhanced Protection

Professional confidentiality means:

  • Cannot disclose client affairs without consent
  • Applies even after engagement ends
  • Extends to all team members
  • Survives business changes

15.3 Exceptions

Professional secrecy may be overridden by:

  • Court orders
  • Statutory obligations
  • ICAI disciplinary proceedings
  • With client's explicit authorization

15.4 Quality Review

For quality control, we may:

  • Share anonymized data with peer reviewers
  • Disclose to professional indemnity insurers
  • Provide to Members of ICAI for quality audits

All recipients bound by equivalent confidentiality.

16. SPECIAL CATEGORIES OF DATA

16.1 Financial Data

Financial data receives enhanced protection:

  • Encrypted storage and transmission
  • Restricted access (need-to-know basis)
  • Regular security audits
  • Segregated from general systems

16.2 Identity Documents

PAN, Aadhaar, passport:

  • Processed only when legally required
  • Stored securely (encrypted)
  • Access logs maintained
  • Deleted after retention period

16.3 Health Information

If we process health data (insurance, employee benefits):

  • Explicit consent obtained
  • Minimum necessary information
  • Extra security measures
  • Limited sharing (only to relevant insurers)

16.4 Biometric Data

If we implement biometric authentication:

  • Explicit consent required
  • Stored encrypted
  • Cannot be reconstructed
  • Deleted upon request

17. DATA BREACHES

17.1 Prevention

We implement comprehensive security to prevent breaches (see Section 8).

17.2 Breach Response

If breach occurs:

Within 24 Hours:

  • Contain the breach
  • Assess severity
  • Activate incident response team

Within 72 Hours:

  • Notify affected individuals
  • Report to authorities (if required)
  • Provide details of breach
  • Explain potential impact

Within 7 Days:

  • Implement remediation
  • Strengthen security
  • Provide updates to affected parties

17.3 Your Response

If you suspect breach:

  1. Notify us immediately
  2. Change passwords
  3. Monitor accounts
  4. Review recent activities

17.4 Our Commitment

We will:

  • Be transparent about breach
  • Provide regular updates
  • Offer assistance (credit monitoring if relevant)
  • Bear reasonable costs of remediation
  • Learn and improve

18. UPDATES TO THIS POLICY

18.1 Changes

We may update this policy:

  • To reflect law changes
  • To improve clarity
  • To add new services
  • Based on feedback

18.2 Notification

Material changes notified via:

  • Email to registered users
  • Prominent notice on website
  • Updated "Last Updated" date
  • Highlight of key changes

18.3 Effective Date

Changes effective:

  • 7 days after notification for material changes
  • Immediately for minor/clarifying changes

18.4 Continued Use

Continued use after effective date constitutes acceptance. If you don't agree:

  • Stop using services
  • Request data deletion
  • Terminate engagement

19. CONTACT US

19.1 General Privacy Inquiries

Email: info@task360.co Subject: Privacy Inquiry
Response Time: Within 72 hours

19.2 Data Rights Requests

Email: info@task360.co Subject: Data Rights Request - [Specify Right]
Response Time: Within 30 days

19.3 Data Protection Officer

Email: info@task360.co For: Complex privacy matters, compliance questions
Response Time: Within 48 hours

19.4 Security Incidents

Email: info@task360.co Subject: URGENT - Security Incident
Response Time: Immediate acknowledgment, investigation within 24 hours

19.5 Complaints

Step 1: Contact our DPO info@task360.co Step 2: Escalate to senior management
Step 3: File complaint with regulatory authority

19.6 Office Address

Task360 by Task360 Assist Private Limited
186, Goyal Nagar, Near Bengali Square, Indore, Madhya Pradesh - 452016
India

Office Hours: Monday - Friday, 10:00 AM - 6:00 PM IST

20. JURISDICTION AND APPLICABLE LAW

20.1 Governing Law

This Privacy Policy is governed by:

  • Laws of India
  • Information Technology Act, 2000
  • Digital Personal Data Protection Act, 2023
  • Chartered Accountants Act, 1949
  • Other applicable Indian regulations

20.2 Jurisdiction

Any disputes regarding this policy subject to jurisdiction of courts in Indore, Madhya Pradesh, India.

20.3 Severability

If any provision is found invalid, remaining provisions continue in effect.

21. ACKNOWLEDGMENT

By using our website or services, you acknowledge:

✓ You have read and understood this Privacy Policy
✓ You consent to data collection and use as described
✓ You understand your rights
✓ You know how to exercise your rights
✓ You can withdraw consent anytime
✓ You have had opportunity to ask questions

If you do not agree, please do not use our services or website.

APPENDIX: QUICK REFERENCE GUIDE

What We Collect

  • Contact information (name, email, phone)
  • Financial data (statements, returns, transactions)
  • Identity documents (PAN, incorporation docs)
  • Business information (industry, turnover)
  • Website usage data (IP, pages visited)

Why We Collect

  • To provide professional services
  • To comply with legal obligations
  • To improve services
  • To communicate with you
  • To ensure security

How We Protect

  • Encryption (in transit and at rest)
  • Access controls
  • Regular security audits
  • Employee training
  • Secure facilities

Your Rights

  • Access your data
  • Correct inaccuracies
  • Request deletion
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent
  • Lodge complaint

How to Contact

  • Privacy queries: privacy@task360.in
  • Data rights: privacy@task360.in
  • DPO: dpo@task360.in
  • Security: security@task360.in
  • Response time: 30-72 hours

Cookie Control

  • Manage via cookie banner
  • Update browser settings
  • Opt-out tools available
  • Do Not Track respected

Document Version: 1.0
Effective Date: January 1, 2026
Last Updated: January 12, 2026
Next Review: January 1, 2027

© 2026 Task360 by Task360 Assist Private Limited. All rights reserved.

This Privacy Policy has been prepared in compliance with applicable Indian data protection laws. While we have made efforts to ensure accuracy and completeness, it should not be considered as legal advice. We recommend consulting with a legal professional for specific privacy law questions.

CONSENT CONFIRMATION

By clicking "I Accept," creating an account, using our website, or engaging our services, you confirm that you have read, understood, and consent to this Privacy Policy.

For children under 18: This website is not intended for use by individuals under 18 years of age. If you are under 18, please do not use this website or provide any personal information.

Mehtalogy LABS