FinIFRS Intelligence Last updated: 30 May 2026
FinIFRS Intelligence (“FinIFRS”, “we”, “us”, or “our”) operates the FinIFRS Controllership Intelligence Platform, a cloud-hosted SaaS solution for enterprise period-end close management. Our registered office is in Mumbai, Maharashtra, India.
This Privacy Policy explains how we collect, use, store, and protect personal data in connection with your use of our platform, website (finifrs.com), and any related services.
We process personal data in accordance with the Digital Personal Data Protection (DPDP) Act, 2023 of India and its associated Rules. Where our customers include entities in the European Economic Area, we additionally comply with the General Data Protection Regulation (GDPR) to the extent applicable.
Name, work email address, company name, entity type, job title, and authentication credentials. Collected when you register or contact us.
Trial balance data, GL codes, account names, and balance amounts that you upload to the platform. This data belongs entirely to you. We process it only to provide the service and never use it for any other purpose.
Platform actions, page visits, feature usage, session duration, IP address, browser type, and device information. Collected automatically through application logs and analytics.
Records of actions taken within the platform (mappings, approvals, exports, overrides) including user identity and timestamp. These records are integral to the product's audit trail functionality.
Emails, support tickets, and any other correspondence you send to us.
We do not sell your personal data. We do not use your financial ledger data for advertising, model training, or benchmarking without your explicit written consent.
Under the DPDP Act, 2023, we process personal data on the following bases:
All platform data is stored on Supabase-hosted PostgreSQL infrastructure within data centers located in India or in compliant regions. Data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. Database access is governed by Row-Level Security (RLS) policies enforced at the PostgreSQL level — no tenant can access another tenant's data under any circumstances.
We undergo periodic security reviews and maintain access controls aligned with SOC 2 Type II principles. Audit log tables are append-only and cannot be modified or deleted by any application-level user.
| Data Category | Retention Period |
|---|---|
| Account & Identity Data | Duration of subscription + 2 years post-termination |
| Financial Ledger Data | Duration of subscription + 7 years (statutory audit retention) |
| Audit Log Data | 7 years from date of creation (non-deletable) |
| Usage & Activity Data | 12 months rolling |
| Support Communications | 3 years from resolution |
We engage the following sub-processors to operate the platform. Each is bound by a Data Processing Agreement and processes data only on our instruction:
Database hosting, authentication, storage
Region: India
Frontend/Backend hosting and edge delivery
Region: India / Global CDN
In-memory caching for performance
Region: India
Internal email and collaboration
Region: India
As a data principal under the DPDP Act, you have the following rights:
To exercise any of these rights, email connect@finifrs.com. We will respond within 2-5 Business days.
We use strictly necessary cookies for session authentication and platform operation. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this will prevent you from logging into the platform.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (at the address associated with your account) and by displaying a prominent notice on the platform at least 14 days before the changes take effect. Continued use after the effective date constitutes acceptance.
This document was last updated on 30 May 2026. Version 1.3.