Effective date: 22 May 2026

This Privacy Policy explains how LegisNexa Private Limited ("FinzBooks", "we") handles personal data collected through https://finzbooks.com and the FinzBooks application at https://app.finzbooks.com.

What we collect

You give us:

  • Account details — name, email, phone, company name, GSTIN, PAN
  • Billing details — address, payment instrument (handled by Razorpay; we don't store card numbers)
  • Business data — invoices, bills, contacts, items, ledger entries, bank statements, GST returns
  • Documents — bills, receipts, contracts you upload for processing

We collect automatically:

  • Usage logs — pages visited, features used, API calls, timestamps, IP address
  • Device info — browser, OS, screen size for responsive layout
  • Cookies — first-party only, for session and preferences (no third-party advertising trackers)

How we use it

  • To provide the Service — render dashboards, calculate GST, generate invoices, run AI extraction
  • To process payments — billed via Razorpay; we share only what Razorpay needs
  • To send transactional emails — invoices, password resets, expiry warnings (not marketing)
  • To improve the product — aggregate, de-identified analytics
  • To comply with law — tax records retention, GST filings, lawful requests

We don't sell your data. We don't run third-party advertising on the Service.

Where it lives

GST-related data (invoices, returns, ledgers) is stored in Mumbai, India — meeting Reserve Bank of India and CBIC data-localisation expectations. AI model calls may transit to OpenAI / Google Gemini for document extraction; we send only the document content, never customer identifiers.

Third-party processors

| Service | Purpose | Where | |---|---|---| | Razorpay | Payment processing | India | | AWS (Mumbai) | Application hosting + database | India | | OpenAI / Google Gemini | AI document extraction | USA / India | | Google Workspace | Transactional email | USA | | Vercel | Marketing website hosting | USA |

We have data-processing agreements with each. We never give them more than they need.

Retention

Active accounts: data retained for the duration of the subscription plus 8 years after closure, to comply with Indian Income Tax Act (Section 44AA) and GST record-retention rules.

Inactive (cancelled) accounts: you can request immediate deletion at any time; we'll honour it except for data we're legally required to retain (e.g., GST records).

Your rights

You can, at any time:

  • Access — download your data from the account settings (Excel/JSON exports)
  • Correct — edit account info directly in the app
  • Delete — close your account from settings; full deletion within 30 days subject to legal retention
  • Object / restrict — contact us if you want to limit how we process specific data

To exercise a right, email gigi@finzbooks.com.

Security

  • TLS 1.2+ in transit, AES-256 at rest
  • Multi-tenant logical isolation (per-org row-level filters; cross-org access blocked at the API)
  • Role-based access (Owner / Accountant / Viewer)
  • Daily encrypted backups, 30-day retention
  • Production database in private subnet (no public access)
  • Audit logs for sensitive actions

See https://finzbooks.com/security for the full posture.

Children

The Service is for businesses; we don't knowingly collect data from anyone under 18. If you believe we have, email us and we'll delete it.

Changes

We'll post any updates here with a new "effective date" and notify active users by email at least 14 days before material changes take effect.

Contact

Privacy questions, data-subject requests, or complaints:

LegisNexa Private Limited — Privacy Officer Email: gigi@finzbooks.com Registered office: #17, 35th Main Rd, 5th Cross, KAS Officers Colony, BTM 2nd Stage, Bengaluru, Karnataka 560068, India

If you're unsatisfied with our response, you may complain to the Data Protection Board of India under the Digital Personal Data Protection Act, 2023.