Terms & Conditions

← Back to Home

Version 2.0 • Last updated April 2026

1. About MyTaxLocker & MaxLeaf

These Terms and Conditions govern your use of the MyTaxLocker application and website (mytaxlocker.maxleaf.in), which is operated and owned by MaxLeaf ("Company", "we", "us").

MyTaxLocker ("App") is a personal tax management application that assists Indian taxpayers in preparing ITR-1 (Sahaj) and ITR-4 (Sugam) income tax returns, storing tax documents, and managing tax-related information.

This App is NOT a registered e-filing intermediary. The JSON files generated are for your personal use and must be uploaded to the Income Tax Department portal (incometax.gov.in) by you.

By selecting "Start Tax Filing" or "Consult a CA", you are granting MaxLeaf permission to process your data as outlined in our Privacy Policy.

2. Data We Collect

MaxLeaf, as the Data Fiduciary under the Digital Personal Data Protection Act (DPDPA) 2023, collects the following categories of personal data through the MyTaxLocker app, solely for the purpose of tax return preparation:

• Identity Data: PAN, Aadhaar number, name, date of birth, mobile number, email
• Financial Data: Salary details (Form 16), deductions, investments, bank account details (account number, IFSC)
• Tax Documents: Uploaded PDFs and images (Form 16, rent receipts, investment proofs)
• Device Data: Device type, OS version (for crash reporting only)

We do NOT collect passwords, biometric templates, or payment card details.

3. How We Use Your Data

Your data is used exclusively for:

• Generating ITR-1 / ITR-4 JSON files for Income Tax filing
• Storing your tax documents securely in your personal vault
• Auto-filling tax forms across assessment years
• Generating PDF documents (Form 12BB, rent receipts, computation sheets)
• Tax planning and optimization suggestions

MaxLeaf will NEVER sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Storage & Security

Your data is stored on Amazon Web Services (AWS) servers located in Mumbai, India (ap-south-1 region), fully compliant with RBI data localization requirements.

Security measures implemented by MaxLeaf include:

• Field-level encryption (AES-256) for PAN, Aadhaar, and bank details
• TLS 1.2+ encryption in transit with certificate pinning
• Per-user data isolation — only you can access your files
• AWS Cognito authentication with multi-factor support
• Biometric login option (Face ID / fingerprint) for convenience
• PII access audit logging for compliance

Storage limits: 5 MB per file, 15 documents per assessment year, 50 MB total per user.

5. Data Retention

Your tax documents and filing data are retained for up to 8 years from the date of upload, consistent with Indian income tax record-keeping requirements (6–7 years for ITR records as per the Income Tax Act, 1961).

After 8 years, data is automatically deleted. You may delete your data at any time before this period by using the "Delete Account" option in the App.

6. Your Rights (DPDPA 2023)

Under the Digital Personal Data Protection Act, 2023, MaxLeaf as your Data Fiduciary ensures you have the right to:

• Access: View all personal data we hold about you
• Correction: Update or correct any inaccurate data
• Erasure: Request complete deletion of your data and account
• Portability: Export all your data in machine-readable format
• Withdraw Consent: Revoke your consent at any time (this will require account deletion as the App cannot function without processing your tax data)

To exercise these rights, use the in-app features or contact our Grievance Officer at support@maxleaf.in.

7. Aadhaar Data Handling

Your Aadhaar number is collected solely for inclusion in ITR JSON files as mandated by the Income Tax Department. It is:

• Stored with field-level encryption on AWS servers in India
• Masked (showing only last 4 digits) in the App UI
• Never shared with any third party
• Deleted when you delete your account

MaxLeaf does not authenticate using Aadhaar or access UIDAI services.

8. CA Assignment & Data Sharing

If you opt for CA-assisted filing, your tax filing data may be shared with a Chartered Accountant (CA) assigned through the App. This sharing:

• Requires your explicit consent at the time of submission
• Is limited to the specific assessment year's filing data
• The CA is bound by professional confidentiality obligations under ICAI regulations
• You can revoke access by cancelling the filing request

MaxLeaf acts as the Data Fiduciary; the assigned CA acts as a Data Processor for the limited purpose of reviewing and filing your return.

9. Limitation of Liability

MyTaxLocker is a tax preparation tool, not a substitute for professional tax advice. MaxLeaf makes no guarantees regarding:

• The accuracy of tax calculations (users must verify before filing)
• Acceptance of generated ITR JSON by the Income Tax portal
• Tax refund amounts or processing times
• Changes in tax laws that may affect calculations

MaxLeaf shall not be liable for any tax penalties, interest, or losses arising from the use of this App. Maximum aggregate liability is limited to the fees paid by you for the service in the relevant assessment year.

10. Grievance Officer & Contact

In compliance with the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000:

Company: MaxLeaf
Email: support@maxleaf.in
Website: maxleaf.in
Response time: Within 72 hours of receiving your complaint

Follow us: @MaxLeafIndia on Instagram, X (Twitter), and Facebook

You may also contact the Data Protection Board of India if your grievance is not resolved satisfactorily.