Privacy Policy

Finkr is an AI-powered tax compliance platform operated by Syntheialabs Private Limited ("Syntheialabs", "we", "us", or "our"), a company incorporated under the laws of India. Finkr is designed for Chartered Accountants (CAs) and their authorized staff to manage income tax compliance, respond to notices, and track statutory deadlines.

This Privacy Policy explains how we collect, use, store, and protect your personal data and your clients' data when you use Finkr. It is governed by India's Digital Personal Data Protection (DPDP) Act, 2023 and the Information Technology Act, 2000.

By accessing or using Finkr, you agree to the practices described in this policy. If you do not agree, please discontinue use of the platform.

We collect the following categories of data:

• Account Information: Name, email address, mobile number, CA membership number, and firm name provided at registration.
• Tax Documents: Income Tax Returns (ITRs), notices (143(1), 148, 245, etc.), demand orders, assessment orders, and other documents you upload or import.
• Client Identifiers: PAN numbers, assessment years, and related taxpayer details associated with your clients.
• Usage Data: Pages visited, features used, session timestamps, IP address, browser type, and device identifiers collected automatically.
• Payment Information: Billing details processed via our payment gateway. We do not store full card numbers on our servers.
• Communications: Support queries, feedback, and emails you send to us.

We process your data for the following purposes:

• Service Delivery: Providing AI-assisted notice analysis, draft responses, compliance tracking, and deadline management.
• Account Management: Creating and maintaining your account, authenticating access, and managing subscriptions.
• AI Processing: Analyzing tax documents you upload to generate compliance insights, draft responses, and risk summaries.
• Customer Support: Responding to your queries and resolving issues.
• Product Improvement: Aggregated, anonymized usage analytics to improve platform features — never using identifiable client tax data for this purpose.
• Legal Compliance: Meeting obligations under applicable Indian laws, including tax record-keeping requirements.

Finkr uses AI models to process tax documents and generate compliance assistance. The following disclosures apply:

• Data Sent to AI Models: Content from documents you upload (notices, ITRs, demands) is sent to AI processing infrastructure to generate analysis and draft responses.
• No Training on Your Data: We do not use your data or your clients' tax data to train or fine-tune AI models without your explicit written consent.
• AI Outputs Are Assistive: All AI-generated content (notice responses, summaries, risk assessments) is intended as a starting point for professional review. It does not constitute legal or tax advice. You remain responsible for the accuracy and appropriateness of all filings and communications made on behalf of your clients.
• Cloud AI Infrastructure: AI processing uses Microsoft Azure infrastructure. Data transmitted is encrypted in transit and subject to Azure's enterprise data protection commitments.

• Storage Location: Data is stored on servers located in India (Microsoft Azure India regions).
• Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
• Access Controls: Access to production data is restricted to authorized Syntheialabs personnel on a need-to-know basis, with audit logs maintained.
• No Offshore Transfer: We do not transfer personal data outside India except as required for AI model inference (Microsoft Azure, which maintains EU/India data residency commitments under enterprise agreements).

We retain your data as follows:

• Active Subscriptions: All account and client data is retained for the duration of your active subscription.
• Post-Cancellation: Data is retained for 3 years after subscription cancellation to comply with Income Tax Act record-keeping requirements, and then securely deleted unless a longer retention is required by law.
• Account Deletion Requests: Upon a verified deletion request, identifiable personal data is deleted within 30 days, subject to mandatory legal retention obligations.
• Usage Logs: Anonymized usage logs may be retained for up to 5 years for security and audit purposes.

We do not sell your personal data. We share data only in the following limited circumstances:

• Cloud Infrastructure: Microsoft Azure (hosting, storage, email delivery). Azure processes data as a data processor on our behalf under a data processing agreement.
• Payment Processing: Payment gateways process billing data under their own PCI-DSS compliant policies.
• Legal Requirements: We may disclose data to law enforcement or regulatory authorities when required by law or valid legal process.
• Business Transfers: In the event of a merger, acquisition, or asset sale, data may be transferred to the successor entity, with notice provided to affected users.

We do not share your or your clients' tax data with third-party advertisers or marketing platforms.

As a Data Principal under India's DPDP Act, 2023, you have the following rights:

• Right of Access: Request a summary of personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of personal data where processing is no longer necessary, subject to legal retention requirements.
• Right to Grievance Redressal: Lodge a complaint with our Grievance Officer (details below). We will respond within 30 days.
• Right to Nominate: Nominate another individual to exercise rights on your behalf in case of death or incapacity.

To exercise these rights, contact our Grievance Officer at contact@finkr.ai.

• Session Cookies: We use session cookies strictly necessary for authentication and platform functionality. These are deleted when you close your browser.
• Analytics: We may use privacy-respecting analytics (anonymized, aggregated) to understand feature usage. We do not use third-party advertising cookies or cross-site tracking.
• Cookie Control: You can disable cookies in your browser settings. Note that disabling session cookies will prevent you from logging in to Finkr.

In accordance with the DPDP Act, 2023, we have designated a Grievance Officer to handle data-related complaints and requests:

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice on the platform at least 15 days before the changes take effect. Continued use of Finkr after the effective date constitutes acceptance of the updated policy.

The current version of this policy is always available at finkr.ai/policy.