Privacy Policy

Nirva Technologies Pvt Ltd ("Nirva", "we", "our") operates the Nirva Finance OS and HR & Payroll OS platform at app.nirva.in. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.

We collect information you provide directly, including: • Business information: company name, GSTIN, PAN, address, bank details for invoice generation • Employee data (HR module): employee names, contact details, PAN, Aadhaar last 4 digits, bank account details, salary information, attendance and leave records • Account information: name, email address, mobile number, password (hashed) • Usage data: pages visited, actions performed, timestamps — for audit trail purposes only

We use your information to: • Provide, maintain, and improve the Nirva platform • Generate GST-compliant invoices, payslips, and statutory filings • Send payment reminders and notifications you have configured • Comply with applicable laws including the GST Act, Income Tax Act, EPF Act, and ESIC Act • Detect and prevent fraud or unauthorised access

Your data is stored on servers located in India (Mumbai region) using Supabase / PostgreSQL. We implement industry-standard security measures including: • Encryption at rest (AES-256) and in transit (TLS 1.2+) • Access controls and audit logging for all data access • Regular security assessments Employee PAN, Aadhaar, and bank account information is stored with field-level access restrictions. Aadhaar is stored as last 4 digits only — the full number is never stored.

We do not sell your data. We share data only: • With service providers who help us deliver the platform (cloud infrastructure, email delivery) under data processing agreements • When required by law, court order, or government authority • With your explicit consent We do not share employee data with any third party for advertising or marketing purposes.

Under India's Digital Personal Data Protection Act 2023, you have the right to: • Access personal data we hold about you • Correct inaccurate personal data • Erase personal data (subject to legal retention requirements) • Withdraw consent for data processing • Nominate a person to exercise rights on your behalf To exercise these rights, contact us at privacy@nirva.in. We will respond within 30 days.

We retain your data for as long as your account is active or as required by law: • GST and financial records: 7 years (as required by GST Act) • Payroll and employment records: 8 years (as required by EPF and ESIC regulations) • Account data: deleted within 90 days of account closure on request You may request deletion of data not subject to statutory retention requirements at any time.

We use essential cookies only — no advertising or tracking cookies. The cookies we set are: • nirva_session: authentication session (expires in 8 hours) • nirva_theme: your light/dark mode preference (local only) We do not use third-party analytics cookies or advertising networks.

We will notify you of material changes to this policy by email and by posting a notice in the app at least 14 days before the change takes effect. Your continued use of the service after the effective date constitutes acceptance.

For privacy questions, data requests, or concerns: Email: privacy@nirva.in Company: Nirva Technologies Pvt Ltd Registered in India For urgent data breach notifications, we will contact the affected account within 72 hours.