AboutContactSupportPrivacySign InBook a Demo →
Legal Document

Privacy Policy

FinIFRS Intelligence Last updated: 30 May 2026

1. Who We Are

FinIFRS Intelligence (“FinIFRS”, “we”, “us”, or “our”) operates the FinIFRS Controllership Intelligence Platform, a cloud-hosted SaaS solution for enterprise period-end close management. Our registered office is in Mumbai, Maharashtra, India.

This Privacy Policy explains how we collect, use, store, and protect personal data in connection with your use of our platform, website (finifrs.com), and any related services.

2. Applicable Law

We process personal data in accordance with the Digital Personal Data Protection (DPDP) Act, 2023 of India and its associated Rules. Where our customers include entities in the European Economic Area, we additionally comply with the General Data Protection Regulation (GDPR) to the extent applicable.

3. Data We Collect

Account & Identity Data

Name, work email address, company name, entity type, job title, and authentication credentials. Collected when you register or contact us.

Financial & Ledger Data

Trial balance data, GL codes, account names, and balance amounts that you upload to the platform. This data belongs entirely to you. We process it only to provide the service and never use it for any other purpose.

Usage & Activity Data

Platform actions, page visits, feature usage, session duration, IP address, browser type, and device information. Collected automatically through application logs and analytics.

Audit Log Data

Records of actions taken within the platform (mappings, approvals, exports, overrides) including user identity and timestamp. These records are integral to the product's audit trail functionality.

Communications Data

Emails, support tickets, and any other correspondence you send to us.

4. How We Use Your Data

Provide, operate, and maintain the FinIFRS platform
Authenticate users and enforce multi-tenant row-level security
Process and validate trial balance ingestion per your instructions
Generate financial statements, exception reports, and audit logs
Respond to support requests and communicate product updates
Monitor platform performance, detect fraud, and prevent abuse
Comply with applicable legal obligations including tax and audit requirements

We do not sell your personal data. We do not use your financial ledger data for advertising, model training, or benchmarking without your explicit written consent.

5. Legal Basis for Processing

Under the DPDP Act, 2023, we process personal data on the following bases:

Consent: For marketing communications and optional product research participation.
Contractual Necessity: To fulfill our obligations under the platform subscription agreement.
Legitimate Interest: For platform security, fraud prevention, and product improvement.
Legal Obligation: To comply with applicable Indian law including RBI, SEBI, and MCA requirements.

6. Data Storage & Security

All platform data is stored on Supabase-hosted PostgreSQL infrastructure within data centers located in India or in compliant regions. Data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. Database access is governed by Row-Level Security (RLS) policies enforced at the PostgreSQL level — no tenant can access another tenant's data under any circumstances.

We undergo periodic security reviews and maintain access controls aligned with SOC 2 Type II principles. Audit log tables are append-only and cannot be modified or deleted by any application-level user.

7. Data Retention

Data CategoryRetention Period
Account & Identity DataDuration of subscription + 2 years post-termination
Financial Ledger DataDuration of subscription + 7 years (statutory audit retention)
Audit Log Data7 years from date of creation (non-deletable)
Usage & Activity Data12 months rolling
Support Communications3 years from resolution

8. Third-Party Sub-processors

We engage the following sub-processors to operate the platform. Each is bound by a Data Processing Agreement and processes data only on our instruction:

Supabase Inc. & Postgres

Database hosting, authentication, storage

Region: India

AWS Services

Frontend/Backend hosting and edge delivery

Region: India / Global CDN

Redis Labs

In-memory caching for performance

Region: India

Google Workspace

Internal email and collaboration

Region: India

9. Your Rights (DPDP Act, 2023)

As a data principal under the DPDP Act, you have the following rights:

Right to Access: Request a copy of the personal data we hold about you.
Right to Correction: Request correction of inaccurate or incomplete personal data.
Right to Erasure: Request deletion of your personal data, subject to statutory retention obligations.
Right to Grievance Redressal: Lodge a complaint with our Data Protection Officer if you believe your rights have been violated.
Right to Nominate: Nominate another person to exercise your rights on your behalf in the event of death or incapacity.

To exercise any of these rights, email connect@finifrs.com. We will respond within 2-5 Business days.

10. Cookies

We use strictly necessary cookies for session authentication and platform operation. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this will prevent you from logging into the platform.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (at the address associated with your account) and by displaying a prominent notice on the platform at least 14 days before the changes take effect. Continued use after the effective date constitutes acceptance.

12. Contact Us

Data Protection Officer

FinIFRS Intelligence

connect@finifrs.com

Mumbai, Maharashtra, India

This document was last updated on 30 May 2026. Version 1.3.