Legal

Privacy Policy

Last updated: June 2026

Figures Advisors LLP (“Figures,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard personal data when you use our India website, contact us, or engage our services. We handle personal data in a manner consistent with India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and other applicable laws.

1. Information We Collect

Information You Provide Directly

We collect personal data you voluntarily provide to us, including:

  • Contact information — name, email, phone number, company name, and role when you submit a form, request a consultation, or contact us.
  • Engagement information — financial, tax, corporate, and compliance details necessary to evaluate and deliver our services.
  • Communications — messages, emails, and attachments you send to us in the course of an enquiry or engagement.

Information Collected Automatically

When you visit our Website, we and our service providers may automatically collect device and browser data (IP address, browser type, operating system), usage data (pages viewed, links clicked, navigation paths), and cookie data. See our Cookie Notice for details.

Information from Third Parties

We may receive information about you from referral partners, financial institutions or accounting platforms you authorise us to connect with, and publicly available business directories.

2. How We Use Personal Data

We use personal data for the following purposes:

  • Service delivery — to provide the advisory, accounting, bookkeeping, tax, and compliance services you engage us for;
  • Communications — to respond to enquiries, schedule calls, and communicate about your engagement;
  • Billing and administration — to raise invoices, process payments, and manage your account;
  • Legal and regulatory compliance — to meet our obligations under applicable law, including tax, audit, and corporate regulations;
  • Service improvement — to analyse how our Website and services are used so we can improve them;
  • Security — to detect and prevent fraud, unauthorised access, and other harmful activity.

We may use modern technology, including artificial-intelligence-assisted tools, to deliver and improve our services. We do not use your personal data to train third-party or publicly available AI models, and your data is used only for the purposes described in this Policy.

3. Legal Basis and Consent

We process personal data on the basis of your consent and/or to perform a contract, to comply with legal obligations, or for other legitimate uses permitted under the DPDP Act and other applicable law. Where we rely on consent, you may withdraw it at any time by contacting us, without affecting the lawfulness of processing carried out before withdrawal.

4. Sharing and Disclosure

We do not sell your personal data. We may share it only in the circumstances described below.

Service Providers

We engage trusted service providers to help us operate, including cloud storage, accounting and practice-management software, document management, and communication tools. These providers are contractually bound to use your data only to provide services to us and to maintain appropriate security measures.

Professional Advisers

We may share information with Chartered Accountants, auditors, or legal advisers engaged to assist in delivering services on your behalf. Such professionals are subject to applicable confidentiality obligations.

Legal and Regulatory Requirements

We may disclose information where required by law, court order, or a regulatory or government authority, or where we believe disclosure is necessary to protect the rights, safety, or property of Figures, our clients, or the public.

Business Transfers

If Figures is involved in a merger, reorganisation, or transfer of business or assets, your personal data may be transferred as part of that transaction, subject to appropriate safeguards.

With Your Consent

We may share information with your express consent in circumstances not described above.

5. Cross-Border Transfers

Because we support an India–US corridor, personal data may be processed in or transferred to jurisdictions outside India, including the United States. Where we do so, we take steps to ensure the data remains protected in accordance with the DPDP Act and other applicable law, including through appropriate contractual safeguards with recipients.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this Policy, including to satisfy legal, accounting, tax, audit, and regulatory requirements. Financial and accounting records are typically retained for a minimum of eight (8) years in accordance with the Companies Act, 2013 and applicable provisions of the Income-tax Act. Enquiry and marketing data is retained for a shorter period unless you become a client.

When retention is no longer necessary, we will securely delete or anonymise your personal data, or where that is not possible, securely store and isolate it from further use.

7. Security

We maintain reasonable technical and organisational safeguards designed to protect personal data against unauthorised access, disclosure, loss, misuse, or alteration. These include encrypted transmission (TLS/SSL), access controls, and the use of reputable service providers with appropriate security commitments.

No method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security. In the event of a personal data breach, we will notify the Data Protection Board of India and affected individuals as required under the DPDP Act.

8. Your Rights

Subject to applicable law, as a data principal under the DPDP Act you may have the right to:

  • Access — request a summary of the personal data we process about you and the processing activities undertaken;
  • Correction and completion — request that we correct, complete, or update inaccurate or incomplete data;
  • Erasure — request that we erase your personal data, subject to legal and regulatory retention obligations;
  • Withdraw consent — withdraw any consent you have given, at any time;
  • Nominate — nominate another individual to exercise your rights in the event of death or incapacity;
  • Grievance redressal — raise a grievance with us regarding our processing of your personal data.

To exercise any of these rights, please contact us at info@figuresglobal.com. We may need to verify your identity before processing your request and will respond within the timeframes required by applicable law.

9. Children's Data

Our services and Website are directed to businesses and their principals and are not intended for children. We do not knowingly collect personal data of children except as permitted by law, and where required we will obtain verifiable parental or guardian consent in accordance with the DPDP Act. If you believe we have inadvertently collected a child’s data, please contact us at info@figuresglobal.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The current version, with its effective date, will always be posted on this page. Material changes will be communicated to active clients where appropriate.

11. Contact

For privacy enquiries or to exercise your rights, please contact us:

Figures Advisors LLP
4th Floor, Rishab Arcade, Sanjay Nagar Main Rd, MET Layout, R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India
Email: info@figuresglobal.com