Your data stays in India. Always here.

We follow the Digital Personal Data Protection Act, 2023 (DPDPA) from day one. We also comply with the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Where the two overlap, DPDPA prevails.

If you are just visiting earntaps.com, we know almost nothing about you. We log technical context — IP, browser, referrer, time of visit, pages viewed — for security and analytics. No PII collected.

Once you take the AI check or fill a contact form, you have shared identifiable details with us, and the rest of this notice applies.

When you take the AI check or submit a form, we collect:

• Contact details you share (name, email, phone)
• Financial-context details you choose to share during the check (income range, goals, current investments, family situation, jurisdiction)
• Technical context (IP address, browser, referrer, time of visit) for security and analytics

We never collect: PAN, Aadhaar, bank account, card details, or any government identifier. If a field on this site asks for any of these, treat it as a phishing attempt and tell us through the contact form.

• To sort you to the right person, plan, or product — an advisor, planner, tax CA, NRI specialist, or vetted product from the partner network
• To follow up about your check result, only if you ask us to
• To improve the AI matching model over time
• To meet our legal obligations and respond to regulatory requests

Your details are stored on encrypted servers in Mumbai, ap-south-1 region. Backups stay in the same region. Your data does not leave India unless you ask to be introduced to a partner who operates from another jurisdiction. In that case, we tell you before any transfer happens and take your explicit consent.

Under no circumstances will we sell or rent your personal information to anyone, for any reason, at any time.

We share with one matched partner, only if you decide to meet. Until you say yes, your details stay with Earntaps. The matched partner takes on the regulatory and contractual responsibility once you start a relationship with them.

We share with regulators and law-enforcement only when legally compelled to do so.

We use a short list of processors to run the service:

• Anthropic (LLM for the AI check)
• Resend (transactional email)
• PostHog (analytics, India-hosted)
• DigitalOcean (Bengaluru region, hosting and Postgres)
• Cloudflare (CDN, DNS, edge WAF)

Each processor is bound by the same data-security standards we are under DPDPA and contract.

You can ask us to:

• Show you what we hold about you, in a readable copy
• Correct anything inaccurate
• Delete your data, subject to limited legal-hold exceptions
• Withdraw consent at any time
• Nominate someone to act on your behalf if you cannot
• Raise a grievance

Send a request through the privacy form. We respond within 30 days. Unsatisfied? Escalate to our Grievance Officer through the same form, marking the subject “Escalation — Grievance Officer”. We respond inside 15 days. After that, the Data Protection Board of India is the regulator.

We use one first-party analytics cookie to understand how visitors use the site. You can decline it at the banner and the site still works. We do not use third-party advertising cookies on this site. Cookie consent is stored for 12 months.

Active check data: 24 months after your last activity. Records we are legally required to retain (financial, regulatory): the period required by Indian law, typically up to five years. After that, we delete.

Data encrypted in transit (TLS 1.3) and at rest (AES-256). Access controls are role-based and audited. We comply with reasonable security practices and procedures as required under Section 43A of the IT Act, 2000 and Rule 8 of the SPDI Rules, 2011. We will tell you within 72 hours if a breach affects your data.

If we change anything material, we will tell you on this page with a new effective date. If the change is significant, we will email you. This notice was last updated on 13 May 2026.