Who we are

FirmsNest is a software platform that gives Indian chartered-accountancy firms a branded client portal. When a firm uses FirmsNest, that firm is the controller of its clients' personal data; FirmsNest processes that data on the firm's instructions, as its processor.

Data we process

Accounts: the name, email, role, and authentication data of the people who sign in to a firm's portal.
Engagement data (on a firm's behalf): the information a firm's clients provide to run an engagement — scoping answers, documents, and tax identifiers. Aadhaar is stored as the last four digits only; bank-account details are not collected or stored.
Operational logs: audit records of actions and amounts, deliberately kept free of personal-data strings.

Where your data lives

All data is hosted in an India region, consistent with the Digital Personal Data Protection Act, 2023. We do not transfer personal data outside India.

Payments

Client fees are paid to each firm through that firm's own Razorpay account or UPI ID. FirmsNest never holds, routes, or takes a share of client money, and does not store card or bank-credential data for those payments.

How we protect it

Each firm's data is isolated and enforced at the database, so one firm can never read another's records. Sensitive fields are encrypted, and access is restricted to authorised, authenticated users.

Retention

Engagement documents and audit records are retained for seven years, consistent with professional record-keeping norms, unless a firm instructs otherwise.

Your rights

Under the DPDP Act, data principals may seek access to, correction of, or erasure of their personal data. Because each firm controls its clients' data, such requests are handled with and through the relevant firm.

Contact

Questions about this policy: support@firmsnest.in.