Our Privacy Philosophy.
At Synthara Labs, privacy is not a boilerplate compliance checklist item. It is a fundamental, non-negotiable architectural boundary under the hood of FinPilot.
1. Strict Tenant Isolation Boundaries
FinPilot does not utilize shared data pools. When your Chartered Accountant firm onboards, our system assigns a unique, immutable tenant key to your profile. Every query executed on client repositories, GSTR tax reconciliations, and private files is systematically gated by this key. We enforce this boundary server-side on our API Controllers, meaning under no circumstances can an employee or client of another firm view or query your records.
2. Data Ownership and Portability
You retain absolute legal ownership of all financial documents, spreadsheets, metadata, and advisory reports uploaded to or generated by FinPilot. We do not lock you in. At any point during your engagement or even after subscription expiry, our administration panel provides high-performance exporters to download all records in standard CSV and original PDF formats. Your client documents remain your sovereign administrative assets.
3. Regulatory Compliance & Data Sovereignty
We comply strictly with the Information Technology Act, 2000 (India), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI), and the Digital Personal Data Protection (DPDP) Act, 2023. Synthara Labs maintains zero public third-party sharing APIs. We never sell, monetize, or lease your operational logs or client profiles. All financial analytics and data structures are accessed strictly by authenticated firm employees and approved partners who hold valid JWT credentials.
4. Sensitive Personal Data or Information (SPDI) We Process
To operate FinPilot, we collect and process sensitive personal data or information (SPDI) with your explicit consent. This includes your:
- Personal Identifiers: Name, Email Address, Contact Number, and Profile Images.
- Financial & Identity Credentials: PAN, GSTIN, scale of practice, and intended firm name.
- Ledger & Audit Documents: Uploaded spreadsheets, PDF invoices, and tax registers (stored securely in encrypted Cloudinary and MongoDB vaults).
This data is processed exclusively to provision secure, isolated workspace environments, facilitate GST reconciliations, verify firm partner applications, and maintain required operational security trails.
5. Your Sovereignty & Rights under DPDP Act 2023
Under the Digital Personal Data Protection (DPDP) Act, 2023, you hold the sovereign right to govern how your personal data is handled. This includes:
- Right to Access: Retrieve a clean summary of your stored personal profile and corporate workspace logs.
- Right to Correction & Completion: Update or complete any inaccurate profile details directly inside the dashboard.
- Right to Erasure & Withdrawal: Request absolute deletion of your personal records or withdraw your consent. Upon request, we execute a permanent purge of your tenant database (excluding logs required for statutory financial audits or CERT-In 180-day compliance logs).
6. Grievance Redressal & Designated Officer
In accordance with Rule 5(9) of the Information Technology Rules, 2011 and Section 13 of the DPDP Act 2023, we have appointed a designated Grievance Officer (and Data Protection Officer) to handle any queries, concerns, or grievances regarding personal data processing.
Designated Grievance Officer: Mr. Nishit Sharma
Designation: Founder & Chief Security Architect, Synthara Labs
Email: nishitsharma128@gmail.com
Office Address: Synthara Labs, New Delhi, Delhi, India
We commit to acknowledging your grievance within 36 hours and resolving it within the legally prescribed 15-day timeline.