Privacy & Security

Privacy Policy

Your privacy is our priority. Learn how we protect your data.

Last Updated

February 28, 2026

Effective Date

March 1, 2026

Global Compliance Standards

GDPR• EU Data Protection

CCPA/CPRA• California Privacy

ISO 27001• Compliance Ready

SOC 2• Type II Ready

IT Act 2000• India Compliance

HIPAA• Healthcare Ready

Your Data is Safe

We never sell your data to third parties.

Contact DPO

dpo@fininvo.com

This Privacy Policy is published by Fininvo, a trade name of Prashbi Global Services Pvt. Ltd., a company incorporated under the laws of India (CIN: U52100KA2020PTC133490), with its registered office at Tholons Tower, 346 HIG, 17th Cross Rd, Dollars Colony, R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India. References to "Fininvo", "we", "us", or "our" in this document refer to Prashbi Global Services Pvt. Ltd..

Our Privacy Commitment

Prashbi Global Services Pvt. Ltd. is committed to protecting your privacy. We adhere to the highest global standards including GDPR, CCPA, and India's data protection frameworks.

Tholons Tower, 346 HIG, 17th Cross Rd, Dollars Colony, R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India

CIN: U52100KA2020PTC133490

No data selling End-to-end encryption Data minimization

Information We Collect

Account Data

• Name, email, phone number
• Company name, job title
• Billing/payment information
• Authentication credentials

Business Data

• Employee/customer records
• Financial transactions
• Inventory/order data
• Documents you upload

Technical Data

• IP address, device type
• Browser, operating system
• Login/access timestamps
• Feature usage analytics

Cookie Data

• Session management
• Preference storage
• Analytics (anonymized)
• Security tokens

How We Use Your Data

Service Delivery

Providing and maintaining our ERP, HR, and business management services

Security & Fraud Prevention

Detecting threats, preventing unauthorized access, protecting your account

Product Improvement

Analyzing usage patterns to enhance features and user experience

Communication

Service updates, security alerts, support responses, and marketing (with consent)

Legal Compliance

Meeting regulatory requirements, responding to legal requests, enforcing terms

Billing & Payments

Processing subscriptions, invoicing, and financial transactions

Legal Basis (GDPR)

Under GDPR, we process your data based on these legal grounds:

Contract Performance

Necessary to provide our services

Legitimate Interest

Security, fraud prevention, improvement

Legal Obligation

Tax, accounting, regulatory compliance

Consent

Marketing, optional cookies

Data Sharing & Third Parties

We NEVER sell your personal data to third parties.

We may share data with:

Cloud Providers

AWS, GCP (with DPAs in place)

Payment Processors

Stripe, Razorpay (PCI compliant)

Legal Authorities

When required by law

Business Transfers

Merger/acquisition (with notice)

Your Privacy Rights

Right to Access

Request a copy of your data

Right to Rectification

Correct inaccurate data

Right to Erasure

Request data deletion

Right to Portability

Export in machine-readable format

Right to Object

Object to certain processing

Right to Restrict

Limit data processing

Right to Withdraw Consent

Revoke consent anytime

Right to Complain

File with DPA authority

Exercise Your Rights: Email privacy@fininvo.com or use the Privacy Center in your account settings. We respond within 30 days.

California Privacy Rights (CCPA/CPRA)

California residents have additional rights under CCPA/CPRA:

Right to know what personal information is collected

Right to request deletion of personal information

Right to opt-out of sale/sharing (we do not sell data)

Right to non-discrimination for exercising privacy rights

Right to correct inaccurate personal information

Right to limit use of sensitive personal information

Security Measures

Enterprise-Grade Security (Fininvo Standard)

AES-256 Encryption

Data encrypted at rest

TLS 1.3

Encrypted in transit

Zero Trust Architecture

Verify every request

MFA Enforcement

Multi-factor authentication

SOC 2 Type II

Compliance ready

Penetration Testing

Quarterly security tests

AI Threat Detection

Real-time monitoring

Encrypted Backups

Secure disaster recovery

Data Retention

Data Type	Retention Period
Active account data	Duration of account
Post-termination data	30 days for export
Financial/tax records	7 years (legal requirement)
Security logs	1 year
Analytics (anonymized)	Indefinite

International Data Transfers

Your data may be processed in countries outside your jurisdiction. We ensure adequate protection through:

Standard Contractual Clauses

EU-approved SCCs with all processors

Data Residency Options

Choose India, EU, or US data centers

Data Processing Agreements

Signed with all sub-processors

Encryption in Transit

All cross-border transfers encrypted

Children's Privacy

AGE RESTRICTION

The Fininvo Platform is a business-to-business (B2B) enterprise software solution designed exclusively for use by businesses, organizations, and professionals. The Platform is not intended for use by individuals under the age of 18.

We do not knowingly collect, process, or store personal data from children under 13 years of age (or under 16 in jurisdictions where GDPR applies). If we become aware that we have inadvertently collected personal data from a child, we will take immediate steps to delete such data and terminate the associated account.

COPPA Compliance (US): In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at privacy@fininvo.com and we will promptly delete such information.

India DPDP Act: In accordance with the Digital Personal Data Protection Act, 2023, we do not process personal data of children (under 18) without verifiable parental consent. Our Platform is not designed for minors.

Digital Personal Data Protection Act, 2023 (India)

As an Indian company (CIN: U52100KA2020PTC133490), Prashbi Global Services Pvt. Ltd. is committed to full compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000 including the SPDI Rules, 2011.

Lawful Processing (Section 4)

• Personal data processed only for lawful purposes with valid consent or legitimate uses
• Purpose limitation strictly enforced, data not used beyond stated purpose
• Data minimization, only data necessary for the service is collected

Data Principal Rights (Section 11-14)

• Right to access personal data and obtain summary of processing activities
• Right to correction and erasure of inaccurate or outdated data
• Right to grievance redressal, complaints addressed within 30 days
• Right to nominate another person to exercise rights in case of death or incapacity

Consent Management (Section 6-7)

• Clear, informed, and specific consent obtained before processing
• Consent can be withdrawn at any time with equal ease as it was given
• Separate consent for each distinct purpose of processing
• Records of consent maintained as per DPDP requirements

Data Fiduciary Obligations (Section 8-9)

• Reasonable security safeguards to protect personal data
• Data breach notification to the Data Protection Board and affected individuals without delay
• Data retention limited to the period necessary for the stated purpose
• Data deleted upon withdrawal of consent or when purpose is fulfilled

Grievance Officer: In compliance with the DPDP Act and IT Act, our Grievance Officer can be reached at grievance@fininvo.com. All complaints will be acknowledged within 48 hours and resolved within 30 days. If unsatisfied with the resolution, you may approach the Data Protection Board of India.

Cross-Border Transfers: Personal data of Indian data principals may be transferred outside India only to countries or territories not restricted by the Central Government under Section 16 of the DPDP Act. Where transfers are permitted, we ensure equivalent data protection standards through contractual safeguards and Standard Contractual Clauses.

Contact Our Privacy Team

Data Protection Officer