Privacy Policy

Effective:26 May 2026 Last updated:26 May 2026 Version:1.0

In plain English We collect only the data we need to run the Service — your Google sign-in basics if you sign in, and anonymous page views so we know which tools are useful. We do not sell your data. Many tools run entirely in your browser, so your files never leave your device. You can request access, correction, or deletion of your data at any time under the Digital Personal Data Protection Act, 2023.

1. Scope & roles

This Privacy Policy describes how T S Black Corporate Consultants Private Limited ("TS Black", "we", "our") collects, uses, discloses and protects personal data when you access https://tsblack.in and the tools listed on it (collectively, the "Service").

For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act") we act as the Data Fiduciary in respect of personal data you provide directly to us. Where you upload files that contain third-party personal data (for example, employee records in our Salary Slip Generator), you are the Data Fiduciary in respect of that data and we act as a Data Processor on your behalf.

Data Fiduciary: T S Black Corporate Consultants Private Limited
CIN: U70200GJ2025PTC158447
Registered office: Chandrachitt, Akshar Marg, Opp. Satnam Hospital, Rajkot Postal Colony, Rajkot, Gujarat 360004, India
Contact: [email protected] · +91 73839 99929

2. Data we collect

Category	Examples	Source
Authentication data	Email, name, profile photo URL, Google account ID	You, via Google Sign-In (Firebase Authentication)
Optional profile data	Display name, website, phone (if you choose to add)	You
Usage data	Page views, tool views, click events, anonymised view counts	Automatic — browser
Technical data	IP address (collected by Cloudflare for security), browser user-agent, device type, time zone	Automatic — network/browser
Preferences	Theme (light/dark), view layout, last-viewed tools	Browser `localStorage`
User Content	Files you upload to a tool (PDFs, CSVs, images) and inputs you type into a tool	You
Communications	Email, WhatsApp, or form submissions you send us	You

We do not knowingly collect: government identifiers (PAN, Aadhaar), biometric data, financial-account credentials, or special-category personal data (health, religion, sexual orientation, political opinions). If any tool ever requires such data, the tool's page will provide a separate purpose-specific notice and consent.

3. Why we collect it

Operate & secure the Service — authenticate you, prevent abuse, debug errors.
Provide tool functionality — process the data you submit so a tool can produce its output.
Improve the Service — understand which tools are used and where users get stuck; measured on aggregate, anonymised data.
Communicate with you — respond to support requests, send service notices, and (only with your separate opt-in) product updates.
Comply with law — meet our obligations under Indian law, including tax, accounting and regulator-mandated record-keeping.

4. Legal basis

Under §4 of the DPDP Act, we process personal data on one of these grounds:

Consent (§6) — for sign-in, optional profile fields, marketing communications, and tools you actively choose to run.
Certain legitimate uses (§7) — for security, fraud prevention, and complying with judicial orders or other legal obligations.

Where we rely on consent, you may withdraw consent at any time (see Clause 10). Withdrawal does not affect the lawfulness of processing before withdrawal.

We do not sell or rent personal data. We share personal data only with the following recipients and only as necessary:

Recipient	Role	Purpose
Google LLC (Firebase, Google Sign-In)	Data Processor	Authentication, data storage, hosting
Cloudflare Inc.	Data Processor	Content delivery, DDoS protection, edge caching
Payment gateway providers (when paid tools are launched)	Data Processor	Process payments under PCI DSS standards
Statutory or law-enforcement authorities	Recipient under law	Where disclosure is required by a binding legal order
Professional advisors (auditors, lawyers) bound by confidentiality	Recipient	Where strictly necessary for our compliance

We require each Data Processor to implement appropriate technical and organisational measures and to process personal data only on our documented instructions.

6. International transfers

Some of our processors (notably Google / Firebase and Cloudflare) operate globally and may process personal data outside India. Such transfers are made consistent with §16 of the DPDP Act. Where the Central Government notifies a list of restricted countries, we will not transfer personal data to those jurisdictions.

7. Cookies & local storage

We use the following client-side storage:

Firebase Auth session cookies / tokens — strictly necessary to keep you signed in.
Browser localStorage — for your preferences (theme, view mode, dismissed banners). No personal data is sent to our servers from localStorage.
Browser sessionStorage — for rate-limiting sign-in attempts (counter only).
Service-worker cache — for offline performance.
Google Analytics 4 cookies (_ga, _ga_*) — measure aggregate, anonymous usage of the Service so we know which tools are useful. IPs are anonymised; ad-personalisation signals are disabled.

We do not use advertising cookies or cross-site tracking pixels. You can clear local storage and cookies at any time via your browser settings.

Manage analytics

You can turn analytics off entirely on this device. Your preference is stored locally and respected on every TS Black page from then on. We also automatically honour your browser's Do Not Track and Global Privacy Control signals.

Analytics: checking… Google Analytics 4, IP anonymised, ads disabled.

8. Retention

Data	Retention period
Account data (email, name, photo)	Until you delete your account, then permanently erased within 30 days subject to legal hold
Tool view counts	Aggregated indefinitely; individual events not stored
Server-side User Content (when a tool requires it)	Processed transiently and deleted within 24 hours unless the tool's page states otherwise
Client-only User Content	Never sent to our servers; controlled entirely by you
Support communications	Up to 3 years from last interaction
Financial records (where paid tools are used)	8 years, as required by §128 of the Companies Act 2013 and §36 of the CGST Act 2017

9. Security

We implement reasonable security practices and procedures consistent with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules") and the security guidance under the DPDP Act, including:

TLS 1.2+ encryption in transit for all browser-to-server traffic;
Encryption at rest for stored data on Firebase / Google Cloud infrastructure;
Authentication via Google Sign-In; no password storage on our servers;
Role-based access controls; admin actions restricted to authorised personnel;
Strict Content-Security-Policy, HSTS, and other HTTP security headers;
Regular review of dependencies and vulnerability advisories.

Despite these measures, no internet transmission or storage system is 100% secure. If we become aware of a personal-data breach that poses risk to you, we will notify you and the Data Protection Board of India in accordance with §8(6) of the DPDP Act.

10. Your rights under the DPDP Act

You have the following rights in respect of your personal data:

Right to information (§11) — request a summary of personal data we process about you and the identities of recipients with whom it has been shared.
Right to correction, completion, updating and erasure (§12) — request rectification or deletion of inaccurate or outdated data.
Right of grievance redressal (§13) — escalate any concern through the Grievance Officer (Clause 13 below).
Right to nominate (§14) — nominate another person to exercise your rights in case of death or incapacity.
Right to withdraw consent (§6(4)) — withdraw consent for any processing based on consent, by emailing the Grievance Officer or deleting your account.

To exercise any right, write to [email protected] from the email associated with your account. We will respond within the timelines required by the DPDP Act and, in any event, within 15 days for grievance complaints under IT Rules 2021.

11. Children

The Service is not directed to individuals below 18 years of age. We do not knowingly process personal data of children. If you believe a child has provided us with personal data, please contact the Grievance Officer so we can erase it.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by updating the "Last updated" date and, where appropriate, by an in-product notice or email to your registered address. If the change reduces your rights, we will seek fresh consent where required.

13. Grievance Officer

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (Rule 3(2)) and the DPDP Act 2023 (§8(10)), our designated Grievance Officer is:

Name: CA Meet Dilipbhai Dhrangadhariya (Whole-Time Director)
Designation: Grievance Officer / Data Protection Contact
Email: [email protected]
Phone: +91 73839 99929 (10:00–18:00 IST, Mon–Sat)
Postal: T S Black Corporate Consultants Pvt Ltd, Chandrachitt, Akshar Marg, Opp. Satnam Hospital, Rajkot Postal Colony, Rajkot, Gujarat 360004, India
Response SLA: Acknowledgement within 24 hours; resolution within 15 days

If you are unable to obtain a satisfactory resolution from the Grievance Officer, you may approach the Data Protection Board of India in accordance with §27 of the DPDP Act.

14. Contact

General privacy questions: [email protected]. See the Contact page for office hours and other channels.