Privacy Policy / Data Notice

1. Scope

This Privacy Policy / Data Notice applies to visitors to the Finverno website, SME applicants and users, investors, vendors, fuel partners, service providers, and other individuals who interact with Finverno through our website, portals, documents, communications, workflows, or financing processes.

Finverno may act as a business operator collecting information directly from you, and in some cases may also receive data from SMEs, investors, counterparties, or service providers in connection with platform operations, onboarding, procurement, financing, dispute handling, collections, compliance, and support.

2. Information We Collect

Depending on your relationship with Finverno, we may collect the following categories of information:

• Identity and contact data: name, email address, phone number, designation, organization, address, signatory details, and login identifiers.
• KYC and company records: PAN, GSTIN, registration documents, cancelled cheques, bank letters, incorporation records, authorization records, and related compliance documents.
• Project and procurement data: BOQs, drawings, schedules, invoices, purchase requests, delivery records, vendor information, work orders, client references, and supporting project records.
• Financing and payment data: financing applications, payment submissions, bank details, repayment records, escrow or controlled-collection information, and transaction history.
• Usage and technical data: IP address, browser/device metadata, access logs, timestamps, workflow actions, error logs, and related security records.
• Communications data: support tickets, emails, notices, acknowledgements, chats, call notes, and dispute correspondence.
• Professional and relationship data: client names, vendor contacts, employee/representative details, role-based access records, and contractual relationship metadata.

3. Sources of Information

• Directly from you when you submit forms, create accounts, upload documents, complete workflows, or contact us.
• From SMEs, investors, vendors, and counterparties who share records in connection with projects, procurement, financing, and platform operations.
• From service providers engaged for identity verification, storage, document management, communications, analytics, hosting, or support.
• Automatically through website and platform usage, security logging, and infrastructure monitoring.

4. How We Use Information

We may use information for the following purposes:

• account creation, authentication, and access control
• SME onboarding, KYC, compliance review, and due diligence
• procurement operations, document handling, vendor coordination, delivery tracking, and project workflows
• commercial review, financing evaluation, collections support, escrow-linked repayment workflows, and fraud prevention
• investor onboarding, agreement execution, payment processing, statements, and regulatory reporting
• customer support, dispute resolution, audit support, legal enforcement, and incident response
• system administration, monitoring, analytics, service improvement, and security
• meeting contractual, regulatory, tax, audit, legal, and evidentiary obligations

5. Data Usage Authorization and Responsibilities

Where SMEs, investors, vendors, or other business users submit records that include employee, signatory, representative, or counterparty information, Finverno relies on the submitting party to ensure that such information is shared lawfully and with any required notices or authorizations.

Finverno may process business records and related digital personal data for legitimate platform, contractual, compliance, audit, fraud-prevention, support, and legal-enforcement purposes. Finverno may also retain electronic audit trails, uploaded documents, workflow logs, acknowledgements, and execution records as evidence of platform activity and contractual performance.

6. Sharing and Processor Categories

We do not sell personal data. We may share information only where reasonably necessary with:

• Cloud and infrastructure providers for hosting, storage, compute, backup, and security operations.
• Communications providers for email, OTP, and transactional messaging.
• Document, workflow, and analytics providers used to run the platform, generate files, process forms, and monitor usage.
• Professional advisers such as lawyers, auditors, accountants, and consultants subject to confidentiality obligations.
• Regulators, courts, law enforcement, or government authorities where required by law, order, regulation, or legal process.
• Counterparties and transactional participants where needed to process procurement, financing, payment, escrow, dispute, or recovery workflows.

7. Retention Logic

Finverno retains information for as long as reasonably necessary for the purpose for which it was collected, and longer where required for legal, regulatory, tax, accounting, audit, dispute, fraud, or evidentiary reasons. Our working retention logic is as follows:

• SME onboarding, KYC, and agreement records: during the relationship and typically for up to 8 years after termination, rejection, expiry, or closure, unless a longer period is required by law or dispute.
• Procurement, project, invoice, payment, financing, and audit records: typically for up to 8 years after transaction closure or relationship end, and longer where recovery, dispute, or legal process is ongoing.
• Investor onboarding, payment, and agreement records: typically for up to 8 years after the relationship or applicable regulatory reporting period ends.
• Support tickets and operational correspondence: typically for up to 3 years after closure unless needed for dispute, audit, or legal reasons.
• Security logs, access records, and technical monitoring data: typically for 12 months, and longer where required for incident investigation, fraud review, or legal compliance.
• Marketing preferences and contact opt-in records: until consent is withdrawn or no longer required, plus a reasonable suppression/logging period.

We may anonymize or aggregate information instead of deleting it where appropriate for analytics, product improvement, risk analysis, or historical reporting.

8. Internal Vendor / Processor Controls

Finverno applies internal controls to reduce privacy, confidentiality, and security risk when using vendors and processors. These controls may include:

• role-based access and least-privilege permissions
• need-to-know sharing and access logging
• contractual confidentiality and data-processing restrictions
• vendor onboarding review and periodic reassessment for critical providers
• segregated environments, encryption in transit/at rest where supported, and backup controls
• incident escalation, credential rotation, and access revocation on role change or separation
• documented retention and deletion workflows where operationally feasible

No system is completely risk-free, but Finverno aims to apply reasonable administrative, technical, and organizational safeguards proportionate to the nature of the information we process.

9. Your Rights and Data Requests

Subject to applicable law, you may request access, correction, updating, deletion, or clarification in relation to digital personal data held by Finverno. You may also request details of processing, raise a concern, or withdraw consent where consent is the basis for processing.

Finverno may need to verify identity, authority, or relationship status before acting on a request. We may retain information where required for legal obligations, security, fraud prevention, dispute handling, audit, or contractual recordkeeping.

To submit a privacy or data request, contact us using the details below.

10. Contact for Privacy and Data Requests

For privacy questions, data requests, correction requests, or complaints, please contact:

Email: privacy@finverno.com

Phone: +91 99725 08604

Address: Finverno Private Limited, 403, 3rd Floor, 22nd Cross Road, 2nd Sector, HSR Layout, Bengaluru - 560102, Karnataka, India

11. Changes to This Notice

Finverno may update this Privacy Policy / Data Notice from time to time to reflect operational, contractual, product, legal, or regulatory changes. The latest version will be posted on this page with an updated effective date.