Skip to main content
Back to Home
Privacy & Data Protection

Privacy Policy

How we collect, use and protect personal data across every Fininvo product and our mobile apps.

Last Updated

June 22, 2026

Effective Date

July 22, 2026

Version

4.0

Global Compliance Standards

DPDP 2023 + Rules 2025
GDPR
CCPA/CPRA
ISO 27001
SOC 2
IT Act 2000

This document is published by Fininvo, a trade name of Prashbi Global Services Pvt. Ltd., a company incorporated under the laws of India (CIN: U52100KA2020PTC133490), with its registered office at Tholons Tower, 346 HIG, 17th Cross Rd, Dollars Colony, R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India. References to "Fininvo", "we", "us", or "our" in this document refer to Prashbi Global Services Pvt. Ltd..

1

Our Privacy Commitment

Prashbi Global Services Pvt. Ltd. is committed to protecting your privacy. We adhere to India's Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025, as well as the GDPR and CCPA where they apply. This policy explains what personal data we process, why, and the rights available to you.

No data selling Encryption in transit and at rest Data minimisation
2

The Notice We Provide (DPDP Rules 2025)

Before or at the time we ask for your consent, we give you a clear, plain-language notice. Consistent with the DPDP Rules, 2025, that notice is presented on its own and includes:

  • An itemised description of the personal data we collect.
  • The specified purpose for which it is processed and the goods or services enabled.
  • How you can withdraw consent as easily as you gave it.
  • How you can exercise your rights and make a complaint to us and to the Data Protection Board of India.
  • The contact details of the person who can answer questions about the processing.
3

Information We Collect

Account Data

  • Name, email, phone
  • Company, job title
  • Billing information
  • Authentication credentials

Business & HR Data

  • Employee and customer records
  • Financial transactions
  • Payroll and salary data
  • Documents you upload

Jobs & Recruit Data

  • Resume, work history, education
  • Job applications and status
  • Recruiter notes (employer side)
  • Salary expectations

Technical & Cookie Data

  • IP address, device, browser
  • Access timestamps
  • Feature usage analytics
  • Session and preference cookies
4

How We Use Your Data

Service Delivery

Providing and maintaining the products you subscribe to.

Matching & Applications

For Jobs and Recruit, processing applications and connecting seekers with employers.

Security & Fraud Prevention

Detecting threats, preventing unauthorised access and duplicate or fraudulent activity.

Product Improvement

Analysing aggregated, anonymised usage to improve features.

Communication

Service updates, security alerts, support, and marketing with your consent.

Legal Compliance

Meeting tax, accounting and regulatory requirements and enforcing our terms.

5

Legal Basis & Consent

We process personal data on these grounds:

Contract / Service

Necessary to provide the service or, under DPDP, certain legitimate uses.

Consent

Marketing, optional cookies, and other processing where consent is required.

Legal Obligation

Tax, accounting and regulatory compliance.

Legitimate Interest

Security, fraud prevention and product improvement (GDPR).

You can withdraw consent at any time, with the same ease as you gave it, without affecting processing already carried out.

6

Jobs & Recruit: Sharing Between Seekers and Employers

When you apply

Your profile (name, contact, resume, experience, education, skills) is shared with the employer for the specific role you applied to. We do not share your data with companies you have not applied to.

Employer obligations

Employers may use candidate data only to evaluate that candidate for that role, must protect it with industry-standard safeguards, and must not disclose a candidate's job-seeking activity to their current employer.

We do not display fabricated match percentages, and we do not sell seeker profiles for advertising.

Records shared with an employer are thereafter also governed by that employer's own privacy practices.

7

Mobile Applications

The Fininvo HR and Payroll employee app and the Fininvo Jobs Seeker app process personal data as follows:

Device permissions

The apps request permissions such as notifications, camera and location only for features you use. You can grant or deny each permission, and change it later in device settings.

Push & analytics

Push notifications can be disabled at any time. We process an install identifier and basic crash and usage analytics to keep the apps reliable.

In-app consent

At first launch the app shows this Privacy Policy and the Terms of Service, and records your acknowledgement.

App stores

App-store data-handling disclosures are kept consistent with this policy. Google Sign-In, where used, shares only your name, email and profile picture.

8

Your Privacy Rights

Right to Access

Request a copy of your data

Right to Correction

Correct inaccurate data

Right to Erasure

Request data deletion

Right to Portability

Export in a machine-readable format

Right to Object

Object to certain processing

Right to Withdraw Consent

Withdraw consent at any time

Right to Nominate

Nominate another to exercise rights (DPDP)

Right to Complain

Complain to the Data Protection Board

Exercise your rights. Email privacy@fininvo.com or use the privacy controls in your account. We respond within 30 days.

9

Grievance Officer

In compliance with the DPDP Act and the IT Act, you may contact our Grievance Officer for any concern about how your personal data is handled.

Grievance Officer

Office of the Grievance Officer, Prashbi Global Services Pvt. Ltd.

Email: grievance@fininvo.com

Tholons Tower, 346 HIG, 17th Cross Rd, Dollars Colony, R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India

We acknowledge complaints within 48 hours and aim to resolve them within 30 days (and in any case within the statutory 90 days). If you are not satisfied, you may approach the Data Protection Board of India.

10

Data Retention

We retain personal data only as long as needed for the stated purpose, then delete or anonymise it.

Data TypeRetention Period
Active account data (ERP/HRMS/Payroll)Duration of the account
Post-termination data30 days for export, then deleted
Financial and tax recordsAs required by law (typically 7 years)
Job seeker profileWhile the account is active; deleted within 30 days of account deletion
Applications shared with employersRetained by the employer under their own policy
Security and fraud logsUp to 1 year
Analytics (anonymised)Retained in aggregate
11

Security Measures

Reasonable security safeguards

AES-256 at rest

Data encrypted at rest

TLS 1.3 in transit

Encrypted in transit

Access controls

Role-based, least privilege

MFA

Multi-factor authentication available

ISO 27001 / SOC 2 aligned

Certification in progress

Breach response

Notification within 72 hours where required

12

International Data Transfers

Your data may be processed outside your jurisdiction. We protect cross-border transfers through:

Standard Contractual Clauses

EU-approved SCCs with processors

Data residency options

India, EU or US data centres where offered

Processing agreements

Signed with all sub-processors

Encryption

All cross-border transfers encrypted

Transfers of Indian data principals' data occur only to countries not restricted by the Central Government under the DPDP Act.

13

Children's Privacy

AGE RESTRICTION

The platform is a business product intended for organisations and professionals and is not directed to individuals under 18 years of age.

Under the DPDP Act, we do not process the personal data of children (under 18) without verifiable parental or guardian consent. Under COPPA (US) we do not knowingly collect data from children under 13, and under GDPR not from children under 16 where applicable.

If you believe a child has provided personal data to us, contact privacy@fininvo.com and we will delete it promptly.

14

DPDP Act 2023 & DPDP Rules 2025 (India)

As an Indian company (CIN: U52100KA2020PTC133490), we act as a Data Fiduciary and comply with the DPDP Act, 2023, the DPDP Rules, 2025 and the IT Act, 2000.

Lawful processing

  • Processing only for lawful, specified purposes.
  • Purpose limitation and data minimisation.
  • Itemised notice before consent.

Data principal rights

  • Access, correction and erasure.
  • Grievance redressal.
  • Nomination of another person to exercise rights.

Consent management

  • Clear, specific, informed consent.
  • Withdrawal as easy as giving consent.
  • Consent records maintained.

Fiduciary obligations

  • Reasonable security safeguards.
  • Breach notification to the Board and affected individuals within 72 hours where required.
  • Purpose-based retention and deletion.
15

California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

Right to know what personal information is collected
Right to request deletion
Right to opt out of sale or sharing (we do not sell data)
Right to non-discrimination
Right to correct inaccurate information
Right to limit use of sensitive personal information

Contact Our Privacy Team

Data Protection Officer

dpo@fininvo.com

Grievance Officer

grievance@fininvo.com

EU Representative

eu-rep@fininvo.com

Registered Office

Prashbi Global Services Pvt. Ltd.
Tholons Tower, 346 HIG, 17th Cross Rd, Dollars Colony,
R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India

CIN: U52100KA2020PTC133490

Terms of ServiceCookie PolicyData Processing Agreement