Effective Date: 13 May 2026 · Last Updated: 13 May 2026
Nirva Business Suite ("Nirva", "we", "our") is a cloud-based accounting and HR platform designed for Indian SMEs. Our registered address and data controller details are available on request at privacy@nirva.app.
Business data you enter: Company name, GSTIN, PAN, bank details, invoices, vendor bills, and financial transactions.
Employee data: Names, email addresses, PAN numbers, last 4 digits of Aadhaar, salary information, bank account details (IFSC + account number), and attendance records.
Account data: Email address, name, and encrypted password (via Supabase Auth) or Google/GitHub OAuth tokens.
Usage data: Pages visited, features used, error logs. No advertising tracking.
We use your data solely to provide the Nirva service: generating invoices, processing payroll, computing GST and statutory deductions, and maintaining audit trails. We do not sell, rent, or share your data with third parties except as required to deliver the service (e.g. Supabase for authentication, Railway for API hosting).
All data is stored on servers located in India (ap-south-1, Mumbai). Data in transit is encrypted via TLS 1.3. Data at rest is encrypted using AES-256. We implement role-based access controls, comprehensive audit logging, and regular security reviews.
Financial and payroll records are retained for 7 years to comply with Indian accounting and tax regulations (Income Tax Act, GST Act, Companies Act). Employee records are retained for 5 years post-employment. You may request deletion of non-statutory data at any time.
Under India's Digital Personal Data Protection Act 2023, you have the right to: access your personal data; correct inaccurate data; erase data (subject to statutory retention requirements); withdraw consent; and nominate a representative. Submit requests to privacy@nirva.app. We respond within 30 days.
Nirva uses a single session cookie (nirva_session) for authentication. No advertising or third-party tracking cookies are used.
Nirva uses: Supabase (authentication, data storage — India region); Railway (API hosting); Vercel (web hosting); Anthropic Claude (AI-powered OCR for invoice scanning — only the image you upload is processed, not stored).
Nirva is a business tool not intended for individuals under 18 years of age. We do not knowingly collect data from minors.
We will notify you by email of material changes at least 30 days in advance. Continued use of Nirva after changes take effect constitutes acceptance.
Data Protection Officer: privacy@nirva.app
Grievance Officer: grievance@nirva.app
© 2026 Nirva Business Suite. All rights reserved.