Skip to content
Got a notice? Emergency response →

Privacy Policy

Last updated: April 2026

This policy is issued by TrustNRI in compliance with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable global privacy laws where we serve users.

1. What we collect

When you use TrustNRI, we may collect: your name, email address, phone number, country of residence, and Indian investment details you voluntarily provide through our forms. We use essential cookies for site functionality (country detection, session state). We also load consent-gated analytics and ad-attribution scripts (listed in §11) once you accept the cookie banner; declining the banner blocks all of them.

2. Lawful basis for processing (DPDP Act)

We process your personal data on the following lawful bases under Section 4 of the DPDP Act, 2023:

  • Consent — for newsletter signups, contact form submissions, and any marketing communication.
  • Contractual necessity — for matching you with a CA, delivering paid services, and processing fees.
  • Legitimate use — for country detection via IP geolocation (to personalize which DTAA applies to you).

3. AIS and 26AS processing

Your AIS JSON or Form 26AS PDF is parsed entirely in your browser using client-side JavaScript. The file never leaves your device, is never uploaded to our servers, and is never transmitted to any third party. No TDS data from your AIS is stored, logged, or analytics-tracked. You can verify this in your browser's Network tab while using the analyzer — you will see zero outbound requests carrying your data.

4. How we use your data

Information you provide through lead forms is used to: match you with a qualified CA, personalize your DTAA consultation, and send you relevant updates about your case. We do not sell your data. We do not use your data to train AI models.

5. Data sharing

Your data is shared only with: (a) the Chartered Accountant assigned to your case, who is bound by professional confidentiality under ICAI rules, and (b) payment processors for fee collection. We do not share data with advertisers, data brokers, or third-party marketers.

6. Data retention

We retain personal data only for as long as necessary:

  • Lead capture & contact form data: up to 24 months from last interaction, then deleted.
  • Newsletter email addresses: until you unsubscribe, then deleted within 30 days.
  • Client service records: 7 years after the end of engagement, as required under Indian tax filing retention rules.
  • IP-based country detection: in-session only, never persisted.
  • AIS / 26AS content: never stored — processed in-browser and discarded when you close the tab.

7. Data security

All traffic is served over TLS 1.3. Any data at rest (on our partner CAs' systems for client engagements) is encrypted. Access is restricted to authorized personnel only on a need-to-know basis.

8. Your rights

Under the DPDP Act and equivalent laws (EU GDPR, UK GDPR, California CCPA where applicable), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or outdated data
  • Delete your data (“right to erasure”)
  • Withdraw consent at any time
  • Port your data to another provider
  • File a grievance with our Grievance Officer (see Section 10) or escalate to India's Data Protection Board

To exercise any of these rights, email privacy@trustnri.in. We respond within 30 days.

9. International users

If you are accessing TrustNRI from the European Union, the United Kingdom, or the state of California, you have additional rights under EU GDPR, UK GDPR, and the CCPA respectively. These rights are substantially equivalent to those listed above. We do not transfer your personal data outside of India except where required to deliver the service you have requested (e.g., IRS Form 6166 submissions for US clients).

10. Grievance Officer (DPDP Act §8(9))

In accordance with the DPDP Act 2023 §8(9) and Rule 3(1)(b)(i) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, the Grievance Officer for TrustNRI is:

  • Name: Vipul Sharma
  • Role: Grievance Officer, TrustNRI
  • Email: grievance@trustnri.in
  • Response SLA: Acknowledgement within 24 hours per IT (Intermediary) Rules 2021 Rule 3(2)(a); substantive resolution within 15 days per Rule 3(2)(a) and within 30 days for DPDP grievances

11. Cookies

We use essential cookies for site functionality (country detection, session management). Once you accept the cookie banner, the following non-essential trackers load. All are gated by Consent Mode v2 — declining the banner blocks every one of them.

Third-party cookies and tracking pixels used on this site
VendorCookies / pixelsPurposeExpiry
Google Analytics 4_ga, _gid, _ga_*Site analytics, page-view aggregation24 months
Google Ads_gcl_au, conversion pixelAd-attribution, conversion measurement90 days
Meta Pixel_fbpFacebook / Instagram ad attribution90 days
LinkedIn Insight Taglidc, bcookie, UserMatchHistoryLinkedIn ad attribution90 days–2 years
Microsoft Clarity_clck, _clsk, MUIDSession-replay heatmaps (PII inputs auto-masked)12 months
TrustNRI essentialtrustnri-consent, trustnri-country, trustnri-uidConsent state, country preference, anonymous session IDSession / 12 months

You can withdraw consent at any time by clearing your browser's site data for this domain, or by emailing privacy@trustnri.in — we'll honour the request within 30 days.

12. Country detection

We use IP-based geolocation (via Vercel Edge geolocation headers — your IP never leaves Vercel's network) to detect your approximate country so we can show the right DTAA rates for you. This data is processed in-session only and is never stored. You can override the detected country at any time using the country selector in the navigation bar.

13. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent version. Material changes will be communicated via email to subscribers and via a banner on the site.

14. Contact

For privacy-related queries: privacy@trustnri.in. For grievances: grievance@trustnri.in.