Your data is protected at every step
We built FinCraze Advisors with security as the foundation, not an afterthought. Here's exactly how we protect your financial information.
How we protect your data
Six layers of protection applied to every client engagement.
AES-256 encryption at rest
Every document you upload and every piece of information you share is encrypted with AES-256 โ the same standard used by banks and financial institutions.
TLS 1.3 in transit
All data sent between your browser and our servers travels over TLS 1.3, protecting against interception, tampering, and man-in-the-middle attacks.
Strict need-to-know access
Only the CA assigned to your case can view your documents. Internal staff access is role-based, logged, and audited monthly.
Zero document retention
Once your return is filed or your case is closed, all uploaded documents are permanently deleted from our servers within 30 days โ no archiving, no secondary storage.
Your credentials stay yours
We never store your ITD portal credentials. You provide temporary OTP access only when required for filing โ all other workflows use secure, time-limited tokens.
India-resident servers
All customer data is stored on servers located within India, ensuring compliance with Indian data localisation norms.
Privacy commitments
Your trust matters more than any feature. These are non-negotiable commitments, not aspirational guidelines.
- We never sell, trade, or share your personal or financial data with third parties
- Your information is used solely to provide the service you've requested
- We collect only what is required for accurate filing or advisory
- You can request data deletion at any time by emailing privacy@fincrazeadvisors.in
- We do not use your data for advertising or marketing analytics
- All CA team members sign an NDA with explicit data-handling clauses
Document handling lifecycle
Every document you share follows a strict, auditable flow from upload to deletion.
Encrypted upload
You upload documents via our secure portal or WhatsApp. Files are encrypted on arrival.
Isolated CA workspace
Your assigned CA accesses documents in an isolated environment. Downloads to personal devices are blocked.
Filing / advisory
Your CA completes the task using the documents. No copies are made outside the secure workspace.
Confirmation to you
You receive the acknowledgement or report. All original documents remain encrypted in our system.
Post-closure deletion
Within 30 days of case closure, all documents are permanently purged and deletion confirmed to you on request.
Security questions
Is my Aadhaar or PAN safe with you?
Yes. Your PAN and Aadhaar data are stored in encrypted fields and are never visible in plain text outside our secure filing interface. Access is restricted to your assigned CA only.
Do you store my ITD portal password?
No. We never store your income tax portal credentials. For e-filing, we use OTP-based or authorised representative login, which does not require us to know or store your password.
What happens if I want my data deleted?
Email privacy@fincrazeadvisors.in with subject 'Data Deletion Request'. We will confirm deletion within 7 business days and send a deletion certificate.
Are you CERT-In compliant?
We follow CERT-In guidelines for cybersecurity incident reporting and have documented response procedures for any data events.
Can I see what data you hold about me?
Yes. You can request a data summary at any time. We will provide a complete breakdown of data we hold within 5 business days.
Do third-party tools like payment gateways store my data?
Payment data is processed via PCI-DSS certified gateways (Razorpay) and we never receive or store your card details. Only transaction confirmations reach our systems.
Still have security questions?
Our team is happy to explain exactly how your data is handled. Reach out via email or WhatsApp.