1. Introduction

FileBRSR ("we", "us") is committed to protecting the privacy and security of your personal information. This policy explains how we collect, use, store, and protect data when you use our platform at filebrsr.com.

2. Information We Collect

Account Information: Name, email address, company name, designation, and contact details provided during registration.

Uploaded Documents: Annual reports, sustainability reports, and other PDF documents you upload for AI extraction. These are processed to extract structured ESG data.

Usage Data: Pages visited, features used, extraction history, and platform interactions (via PostHog analytics).

Payment Information: Billing details processed via Razorpay. We do not store credit card numbers on our servers.

Assessment Data: Responses to readiness assessments, supplier self-assessments, and ESG questionnaires.

3. How We Use Your Data

To provide AI-powered BRSR extraction and report generation services
To calculate ESG scores, carbon emissions, and compliance metrics
To send service-related notifications (extraction complete, filing reminders, deadline alerts)
To improve our AI models and extraction accuracy (anonymized and aggregated only)
To generate industry benchmarks and sector-level analytics (no individual company data exposed)
To process payments and manage subscriptions
To respond to support requests and communicate service updates

4. Data Storage & Security

All data is stored in India on AWS infrastructure (Mumbai region) and Supabase (managed PostgreSQL). We implement:

AES-256 encryption at rest for all stored data
TLS 1.3 encryption for all data in transit
Row-Level Security (RLS) ensuring users can only access their own data
Service-role access controls for backend operations
Regular security audits and vulnerability assessments
Automatic data backup with point-in-time recovery

5. Data Sharing

We do not sell your data. We share data only with:

AI Processing: Google (Gemini), Anthropic (Claude), and Groq for document extraction — documents are processed in-memory and not retained by these providers
Payment Processing: Razorpay for handling subscription payments
Email: Resend for transactional email delivery
Analytics: PostHog for anonymized usage analytics (self-hosted instance)
Legal Requirement: When required by law, court order, or government regulation

6. Data Retention

Active accounts: Data is retained as long as your account is active.
Deleted accounts: We delete your data within 30 days of account deletion request.
Uploaded PDFs: Original uploaded files are retained for 90 days after extraction, then automatically deleted. Extracted structured data is retained with your account.
Assessment responses: Retained for 3 years for regulatory compliance purposes.

7. Your Rights

Under applicable Indian data protection laws, you have the right to:

Access: Request a copy of all personal data we hold about you
Correction: Update or correct inaccurate personal information
Deletion: Request deletion of your account and associated data
Export: Download your data in a machine-readable format (JSON/CSV)
Objection: Opt out of marketing communications at any time

To exercise these rights, email us at support@filebrsr.com. We will respond within 30 days.

8. Cookies & Tracking

We use essential cookies for authentication and session management. We use PostHog for product analytics (page views, feature usage). We do not use third-party advertising cookies or trackers. You can disable non-essential cookies in your browser settings.

9. Children's Privacy

FileBRSR is a B2B platform designed for corporate compliance professionals. We do not knowingly collect data from individuals under 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes via email at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

11. Contact Us

For privacy-related questions or to exercise your data rights:
Email: support@filebrsr.com
Data Protection Officer: dpo@filebrsr.com
Website: filebrsr.com