sl
SyntharaLabs
A Technical Trust Manifesto

Our Privacy Philosophy.

At Synthara Labs, privacy is not a boilerplate compliance checklist item. It is a fundamental, non-negotiable architectural boundary under the hood of FinPilot.

Isolated Tenant Databases

Every CA firm has its own unique tenant boundary. Client records, document vaults, ledgers, task flows, and communications are securely segmented at the query level using strict authenticated middleware. No cross-firm data leaks, ever.

Zero AI Model Training on Client Data

Our proprietary OCR and AI parsers operate strictly within ephemeral execution memory. Your client's financial statements, tax registers, and corporate ledgers are never used to train global models. Your data remains yours.

Military-Grade Encryption

All files uploaded to the FinPilot Document Vault are encrypted using AES-256 at rest, and TLS 1.3 in transit. We run our cloud operations on ISO-27001 and SOC 2 Type II aligned datacenters to maintain bank-level compliance.

No-Log Ephemeral API handshakes

When FinPilot communicates with official government tax networks or sandbox validation portals, all session tokens are ephemeral. Credentials are never saved in plaintext, and transaction logs are automatically purged.

1. Strict Tenant Isolation Boundaries

FinPilot does not utilize shared data pools. When your Chartered Accountant firm onboards, our system assigns a unique, immutable tenant key to your profile. Every query executed on client repositories, GSTR tax reconciliations, and private files is systematically gated by this key. We enforce this boundary server-side on our API Controllers, meaning under no circumstances can an employee or client of another firm view or query your records.

2. Data Ownership and Portability

You retain absolute legal ownership of all financial documents, spreadsheets, metadata, and advisory reports uploaded to or generated by FinPilot. We do not lock you in. At any point during your engagement or even after subscription expiry, our administration panel provides high-performance exporters to download all records in standard CSV and original PDF formats. Your client documents remain your sovereign administrative assets.

3. Regulatory Compliance & Data Sovereignty

We comply strictly with the Information Technology Act, 2000 (India), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI), and the Digital Personal Data Protection (DPDP) Act, 2023. Synthara Labs maintains zero public third-party sharing APIs. We never sell, monetize, or lease your operational logs or client profiles. All financial analytics and data structures are accessed strictly by authenticated firm employees and approved partners who hold valid JWT credentials.

4. Sensitive Personal Data or Information (SPDI) We Process

To operate FinPilot, we collect and process sensitive personal data or information (SPDI) with your explicit consent. This includes your:

  • Personal Identifiers: Name, Email Address, Contact Number, and Profile Images.
  • Financial & Identity Credentials: PAN, GSTIN, scale of practice, and intended firm name.
  • Ledger & Audit Documents: Uploaded spreadsheets, PDF invoices, and tax registers (stored securely in encrypted Cloudinary and MongoDB vaults).

This data is processed exclusively to provision secure, isolated workspace environments, facilitate GST reconciliations, verify firm partner applications, and maintain required operational security trails.

5. Your Sovereignty & Rights under DPDP Act 2023

Under the Digital Personal Data Protection (DPDP) Act, 2023, you hold the sovereign right to govern how your personal data is handled. This includes:

  • Right to Access: Retrieve a clean summary of your stored personal profile and corporate workspace logs.
  • Right to Correction & Completion: Update or complete any inaccurate profile details directly inside the dashboard.
  • Right to Erasure & Withdrawal: Request absolute deletion of your personal records or withdraw your consent. Upon request, we execute a permanent purge of your tenant database (excluding logs required for statutory financial audits or CERT-In 180-day compliance logs).

6. Grievance Redressal & Designated Officer

In accordance with Rule 5(9) of the Information Technology Rules, 2011 and Section 13 of the DPDP Act 2023, we have appointed a designated Grievance Officer (and Data Protection Officer) to handle any queries, concerns, or grievances regarding personal data processing.

Designated Grievance Officer: Mr. Nishit Sharma

Designation: Founder & Chief Security Architect, Synthara Labs

Email: nishitsharma128@gmail.com

Office Address: Synthara Labs, New Delhi, Delhi, India

We commit to acknowledging your grievance within 36 hours and resolving it within the legally prescribed 15-day timeline.