Privacy Policy

Effective from May 2026 • Last updated 12 May 2026

FirmEFlow is a product of MPRAM Business Advisors Private Limited(“we”, “us”, “FirmEFlow”). This policy explains what personal data we collect, how we use it, and what your rights are under the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the GDPR (for EU/UK customers).

1. What we collect

• Account data — name, work email, mobile, firm name, GSTIN.
• Usage data — pages viewed, features used, error logs, IP and device metadata.
• Customer content — documents, client records and filings you upload (processed only to operate the service).
• Payment data — handled by Razorpay (India) and Stripe (global); we never see card details.

2. How we use it

• To operate, support and improve the service.
• To send transactional messages (invoices, security alerts, product updates).
• To meet legal and regulatory obligations (GST, income tax, ICAI guidance).
• With your consent, for marketing — you can opt out anytime.

3. Data residency

India customer data is stored and processed in AWS Mumbai (ap-south-1). EU customers can request EU-only processing. We never sell personal data.

4. Sub-processors

We use vetted sub-processors (AWS, Razorpay, Stripe, Resend) for hosting, payments and transactional email. A current list is available on request.

5. Your rights

Access, correct, delete, port your data, or withdraw consent. Email privacy@firmeflow.com and we'll respond within 30 days.

6. Contact

Grievance officer: Privacy Team, MPRAM Business Advisors Private Limited. Email privacy@firmeflow.com.

This summary is provided in good faith and is not legal advice. The detailed binding version is available on request to enterprise customers under our Data Processing Agreement (DPA).