At FirmsData (“FirmsData”, “Company”, “we”, “us”, or “our”), we recognize and respect the immense importance of safeguarding your personal and organizational information. Our commitment to the privacy, security, and responsible handling of your data is foundational to our services, which revolve around secure information management in our Virtual Data Room (“VDR”) platform, accessible via www.firmsdata.com and related web and mobile services. As a platform built for robust corporate and financial data management, FirmsData is acutely conscious of its duty to comply with all applicable legal and regulatory requirements, including—but not limited to—the Information Technology Act, 2000, the Digital Personal Data Protection Act (DPDPA), 2023, and associated rules and standards established by Indian authorities. When appropriate and in the best interest of our users, we also align our practices with relevant global data protection guidelines and sector-specific security standards.
Scope and Applicability of This Policy
This Privacy, Security, and Data Handling Policy (“Policy”) governs all data collection, processing, use, disclosure, storage, and protection activities undertaken by FirmsData with respect to any information provided to us by our clients, users, or third-party partners. It applies broadly to every individual or entity that accesses, interacts with, or utilizes any aspect of the FirmsData platform, including web and mobile applications, customer support channels, our APIs, and all other access points. By choosing to access or use FirmsData’s services, users acknowledge and agree to be bound by this Policy, consenting to the handling and protection of their data as described herein.
The purpose of this Policy is to provide all stakeholders—whether individual users, corporate clients, administrators, or representatives of associated organizations with comprehensive clarity regarding how their information is managed at every stage of interaction with FirmsData. This transparency not only meets legal requirements, but is also motivated by our core organisational values.
Categories of Information Collected
FirmsData collects a wide range of data points during the lifecycle of user interactions with our VDR and other associated services. The information we collect is limited to what is strictly necessary to operate, secure, and continuously improve the platform while enabling the broad spectrum of functionality required in contemporary data room environments. Among the primary categories of data we gather are basic personal identification elements such as full names, respective company or business entity affiliations, official email addresses, and contact telephone numbers. Where users choose to provide them, optional account profile photographs may also be collected. For users associated with enterprise or team accounts, we record organizational domains and assign user roles and permission levels that reflect the access rights and responsibilities conferred by their organization’s administrators.
Furthermore, FirmsData maintains authentication credentials including encrypted passwords, detailed logs of account login and activity (including timestamps, IP addresses, geographic locations where permissible by law, and device-specific information), billing and payment information in cases where paid services or transactions are involved, as well as user preference settings which customize the service experience.
The scope of our data collection extends far beyond simple account management, encompassing operational and service-related data critical to VDR functionality. This includes, for example, the entire corpus of documents, files, and folders uploaded by users to the platform, along with all associated versions and metadata. We systematically capture and store metadata such as file sizes, file types, creation and modification timestamps, and, where applicable, digital signature and approval records. Every action taken within the VDR such as document sharing, editing, downloading, printing, redacting, or deleting files is logged to preserve a comprehensive audit trail. This includes records of collaboration among team members, histories of internal comments or task assignments, records of remote access, and compliance-related logs that may be relevant for regulatory review.
Additionally, FirmsData collects technical and analytical data to enhance system reliability and to monitor the integrity and efficiency of our services. This data includes cookies, session tokens, browser and device details, runtime diagnostics, system error and crash analytics, and records from third-party integrations (such as federated authentication, external storage, or productivity tools). Network and usage data, such as IP addresses and bandwidth consumption, are monitored for security and service optimization purposes. When required for platform security or localization compliance, and when legally permissible, geolocation data may also be temporarily processed.
Purposes and Lawful Basis for Data Processing
The information FirmsData collects is processed and used with explicit purpose and legal justification. At its core, data processing enables secure authentication and authorization of users, ensuring that only properly credentialed individuals may gain access to their designated resources. The secure storage, management, and facilitation of all business workflows spanning uploading, sharing, collaborating, signing, and reviewing sensitive documents is fundamental to our platform’s value proposition.
A critical objective of our information processing is to support legally compliant electronic signature workflows, which often require precise time-stamping, digital witnessing, and detailed approval routing. To fulfill both internal and external regulatory requirements, we maintain meticulous audit trails and activity logs to support compliance functions and facilitate external audits. Advanced permission controls and access hierarchies are enforced to allow granular restrictions on who may view, modify, or act upon each document or resource.
Beyond these essential capabilities, the collected data enables the delivery and management of secure billing and payment processes wherever relevant. FirmsData applies the highest industry standards in payment security incorporating PCI-DSS compliance and leveraging trusted payment gateways to protect users’ transactional information from compromise.
Security and fraud prevention represent another critical foundation for our collection and ongoing monitoring of data. By tracking account activities, flagging suspicious interactions, and correlating usage patterns with historical baselines, we strive to identify and respond proactively to unauthorized access attempts or potential abuses that could endanger either the individual user or the integrity of our larger network.
Technical usage information and performance analytics gleaned from platform activity help us understand how our services are being used in the aggregate, guiding our efforts to optimize features, improve reliability, and design new capabilities. On the user support side, data is employed to troubleshoot issues, respond to queries, and provide notifications about service changes, system status, or new product offerings.
The legal basis for data processing by FirmsData is rooted in multiple factors: the consent granted by users upon account creation and acceptance of the platform’s terms of service; our legitimate business interest in operating, enhancing, and securing our services; direct compliance with Indian and international statutory obligations; and, wherever applicable, the contractual necessity of delivering secured VDR services to our clients according to the agreements entered into.
Principles of Data Sharing and Disclosure
FirmsData strictly adheres to the principle that your personal information is not, under any circumstances, sold, rented, or bartered to third parties for profit or commercial gain. Nevertheless, limited data must occasionally be shared with vetted external service providers who are essential to our operational infrastructure. These third-party partners such as cloud hosting vendors, payment processors, and specialized customer support providers operate strictly under our directives, are bound by rigorous confidentiality and security commitments, and are required at all times to comply with the data protection standards outlined in this Policy.
For collaborative environments associated with enterprise or team accounts, certain elements of your profile such as your name, email address, and profile photograph may be accessible to other authorized users within your corporate domain. This internal sharing facilitates efficient teamwork and transparency and is controlled through robust permission and access settings administered by your organization’s designated representatives.
On rare occasions, FirmsData may be compelled to disclose information in response to legal obligations, regulatory inquiries, or enforceable court orders. Such disclosures are made only after due validation of the request’s legitimacy and with respect for user privacy. We may also disclose information if necessary to protect the rights, property, or safety of FirmsData, our users, or the general public, or to investigate suspected fraud, security breaches, or policy violations. In the event of a business reorganization, such as a merger, acquisition, or asset sale, user data may be transferred in accordance with legal requirements and with advance notice to affected users.
Cookies and Tracking Technologies
To ensure secure, seamless, and tailored user experiences, FirmsData employs cookies and similar tracking mechanisms across our interfaces. These technologies help authenticate user sessions, maintain secure access, store user preferences (such as language or theme settings), and monitor system performance for signs of malfunction, abuse, or degradation. Cookies also support our ongoing analysis of how various features and workflows are used, enabling continual platform enhancement. Users retain the ability to control or disable cookies through their browser settings, recognizing, however, that certain platform functionalities may be degraded as a result.
Comprehensive Security Controls and Practices
Safeguarding our users’ data is of paramount importance at FirmsData. We have invested in a robust, multi-layered security architecture combining state-of-the-art technologies, organizational protocols, and continuous vigilance. All user data is encrypted at rest using advanced AES-256 encryption, with additional protection of data in transit secured via TLS 1.3 or higher encryption protocols. Access to sensitive information is strictly controlled with multi-factor authentication requirements for all users and staff, along with a system of role-based and object-level permissions that restrict data access to only those with the requisite clearance.
Within the VDR, files and documents are protected through layered controls, including dynamic watermarking (which may embed user-specific or time-specific identifiers on viewed or exported documents), the ability to set document expiry dates, and advanced redaction tools which allow sensitive content to be permanently masked or removed. System infrastructure is monitored in real time through automated alerts and logging systems, with regular vulnerability scanning and third-party penetration testing conducted to assess defenses against emerging threats.
All production servers and databases utilized by FirmsData are hosted in world-class, ISO/IEC 27001-certified AWS data centers located in India to fulfill data localization requirements mandated by Indian law. Our business continuity planning encompasses automated data backups, disaster recovery protocols, and clearly defined incident response plans, ensuring service availability and rapid recovery in the event of operational disruptions or cyberattacks. Every FirmsData employee is required to undergo regular security awareness training, operates under enforceable non-disclosure obligations, and is vested with specific responsibilities for maintaining both physical and digital information security.
Policy on Retention and Deletion of Data
Policy on Retention and Deletion of Data FirmsData retains personal and service-related data exclusively for as long as required to enable the proper delivery of our contracted services, maintain accurate records for accounting and legal compliance, and resolve any outstanding user queries or disputes. When a user requests the deletion of their data or closes their account, we promptly erase all associated information from our active operational systems. Deletion from encrypted backup archives occurs pursuant to our established retention and purge schedules. Certain minimal data (such as transaction or billing histories, and resolved log events) may be retained where necessary to comply with statutory requirements, resolve disputes, enforce agreements, or protect against fraudulent activity, but only for the minimum period mandated by applicable Indian legislation.
Cross-Border Data Transfer and Storage
FirmsData is committed, by default, to storing and processing data within the jurisdiction of India, in line with Indian localization mandates. In exceptional circumstances involving, for example, securely managed technical support, disaster recovery, or integration with international service providers data may be transferred or accessed outside of India. Such transfers are always conducted with the strictest safeguards in place, ensuring that the receiving entities adhere to contractual, organizational, and technical measures that comply with Indian data protection laws, and that user data remains subject to the full scope of this Policy’s protections.
User Rights and Choices
As a user of FirmsData, you are vested with multiple rights regarding your personal data. You may access, review, and modify the personal and organizational information linked to your account at any time through the FirmsData platform dashboards and account management interfaces. Users may request deletion of their account and associated data, subject to retention exceptions detailed previously. Furthermore, you may withdraw your consent for specific types of data processing or opt out of non-essential communications, such as marketing messages, at your discretion using clearly provided account preferences or unsubscribe links.
We remain committed to handling all data access requests and queries regarding our data processing promptly and transparently. If you have concerns about your rights, wish to object to particular processing activities, or require clarification regarding how your information has been used, you are encouraged to contact our Data Protection Team using the contact information provided at the end of this Policy.
Children’s Data and Eligibility
FirmsData’s services are intended solely for adult users, and the platform may not be used by individuals under the age of 18. We do not knowingly collect, store, or process information relating to minors. Any data inadvertently collected in contravention of this principle will be deleted promptly upon discovery in accordance with the requirements of Indian law.
Updates to This Policy
As FirmsData continues to evolve in response to changes in technology, legislative frameworks, and the needs of our user base, this Policy may be updated periodically. When such modifications are significant in nature, we will provide clear and timely notification to users via email or system alerts within the FirmsData platform. By continuing to use the platform after updates are implemented, users signify their acceptance of the revised Policy. We encourage all users to regularly review this Policy to remain informed of any material changes.
Contact and Support for Data Privacy Matters
If you have any questions, concerns, complaints, or specific requests relating to your data privacy, this Policy, or our security practices, FirmsData’s Data Protection Team is ready to assist you. Please direct your correspondence to contact@firmsdata.com, or visit/contact our registered office in Noida, Uttar Pradesh, India. Our support and data protection teams are also available via the phone contacts provided here on our official website.
Conclusion: Our Commitment
FirmsData regards your trust as its highest priority. We remain steadfastly committed to maintaining world-class standards of data security, privacy, and operational transparency. Every policy, technological measure, and business process we implement is designed to protect your most sensitive information and to empower your organization to manage and transact business securely, confidently, and in accordance with all prevailing data protection laws of India and globally recognized best practices.