Privacy Policy

Vertofi is a predictive accounting and financial-intelligence platform built for Indian micro, small and medium enterprises (MSMEs) and the professionals who serve them. We help businesses automate accounting, generate GST-compliant invoices, monitor compliance, connect bank data, manage payroll, and receive AI-assisted financial insights — including through WhatsApp. Protecting the confidentiality and integrity of your financial information is fundamental to our service, and this Policy describes how we handle that information in a transparent and lawful manner.

This Policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 of India, and applicable principles of global data-protection regulation where relevant.

The Services are operated by Vertofi (“Vertofi”, “we”, “us”, or “our”). For any question regarding this Policy or your personal data, you may contact us at privacy@vertofi.com or info@vertofi.com. Vertofi acts as a data fiduciary / data controller for the information you provide to operate your account, and as a data processor for the financial records you process through the platform on behalf of your business.

We collect only the information needed to deliver and improve the Services. The categories of information we collect include:

We use the information we collect to:

• Create, authenticate and secure your account and workspace;
• Automate accounting, generate GST-compliant invoices and statutory documents, and reconcile bank, GST and book data;
• Compute financial intelligence such as the Business Health Score, cashflow forecasts, tax warnings and profit-leak detection;
• Operate payroll, vendor and inventory features you choose to use;
• Deliver our WhatsApp assistant and respond to your instructions;
• Process subscriptions, billing and payments;
• Provide customer support and respond to your requests;
• Detect, prevent and investigate fraud, abuse and security incidents;
• Comply with legal, tax, accounting and regulatory obligations; and
• Improve and develop the Services.

We process your information on the lawful bases of performance of our contract with you, your consent (which you may withdraw), our legitimate interests in operating and securing the Services, and compliance with legal obligations. We never sell your personal or financial data.

Vertofi uses artificial intelligence and statistical models to digitise documents, classify transactions, suggest HSN/SAC codes and tax rates, draft accounting entries, and generate financial insights and recommendations. AI processing is performed to deliver features you request. AI-generated outputs are informational aids only and may contain errors; they do not constitute professional financial, tax, legal, accounting or investment advice, and you remain responsible for reviewing and approving all entries, filings and business decisions. Where third-party AI providers are used to process content, we share only the data necessary for the specific task and require appropriate confidentiality and security commitments.

To deliver the Services we integrate with trusted third parties, including: the WhatsApp Business Platform (Meta) for messaging; payment and subscription processors (such as Razorpay) for billing; GST Suvidha Providers and the GST Network for filings and GSTIN verification; RBI-licensed Account Aggregators and banking partners for consent-based bank data; SMS/email delivery providers for one-time passwords and notifications; cloud infrastructure and AI providers for hosting and processing. These providers process information only as needed to perform their function and under contractual confidentiality and security obligations.

We disclose information only in limited circumstances:

• With service providers and integrations acting on our behalf, as described above;
• With professionals (such as your chartered accountant) only when you explicitly grant them access;
• To comply with applicable law, regulation, legal process, or a lawful government request;
• To protect the rights, property, safety and security of Vertofi, our users, or the public, and to prevent fraud;
• In connection with a merger, acquisition, financing or sale of assets, subject to this Policy; and
• With your consent or at your direction.

Any benchmarking or industry analytics we publish are aggregated and anonymised and never identify an individual business.

Financial data is hosted in India. We apply reasonable security practices designed to protect your information, including encryption in transit (TLS) and at rest, strict multi-tenant isolation so no organisation can access another’s data, role-based access controls, hashed credentials, immutable audit logging of sensitive actions, network controls and continuous monitoring. While we work hard to protect your information, no method of transmission or storage is completely secure. See our Security Policy for more detail.

We retain personal and financial information for as long as your account is active and as needed to provide the Services. Because Vertofi processes accounting and tax records, certain data must be retained to meet statutory obligations under Indian tax, GST, companies and accounting law — generally up to eight (8) years, or longer where a specific law, audit, dispute or legal hold requires. When information is no longer required, we delete or irreversibly anonymise it. See our Data Deletion page for how to request deletion and which records may be lawfully retained.

Subject to applicable law and statutory retention requirements, you have the right to:

You may also withdraw consent, including for bank-data connections and WhatsApp communications, at any time. To exercise any right, contact privacy@vertofi.com. We will verify your identity before acting on a request and respond within the timelines required by law.

We use strictly necessary cookies and similar technologies to keep you signed in, remember preferences, secure the Services, and understand aggregate usage so we can improve performance. You can control cookies through your browser settings; disabling some cookies may affect functionality. We do not use cookies to sell your data.

Your financial data is primarily stored and processed in India. Where a third-party integration or infrastructure provider processes limited data outside India, we take steps to ensure such transfers are subject to appropriate safeguards and confidentiality and security commitments consistent with this Policy and applicable law.

The Services are intended for businesses and individuals aged 18 and above and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact privacy@vertofi.com and we will take appropriate action.

We may update this Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the updated Policy here with a revised “Last updated” date and, where appropriate, provide additional notice. Your continued use of the Services after an update constitutes acceptance of the revised Policy.

For questions, requests or complaints about this Policy or your data, contact us at privacy@vertofi.com (privacy matters) or info@vertofi.com (general enquiries).

In accordance with the Information Technology Act, 2000 and rules made thereunder, and the Digital Personal Data Protection Act, 2023, the Grievance Officer can be reached at privacy@vertofi.com. Please include “Grievance” in your subject line along with your name, registered contact details, and a description of your concern. We will acknowledge your grievance and endeavour to resolve it within the timelines prescribed under applicable law.