Last updated: July 8, 2026
The ZenCFO ("we," "us," or "our") is a Virtual CFO, accounting, tax, compliance and finance-automation practice based in Chennai, India. Protecting the confidentiality and privacy of your information — especially your financial data — is fundamental to how we work. This Privacy Policy explains what information we collect, how we use and protect it, who we share it with, and the rights available to you. It applies to our website and to the professional services we provide, and is designed to comply with India's Digital Personal Data Protection Act, 2023 (the "DPDP Act") and the Information Technology Act, 2000 and its rules.
We collect the following categories of information:
Contact and identity information
Client financial and business information (during an engagement)
Technical and usage information
We use your information only to provide and support our services, meet legal obligations, and communicate with you. Typical uses include:
We process your personal data on the basis of your consent and, where applicable, for legitimate uses and legal obligations permitted under the DPDP Act. When we rely on consent, it is sought for a specific purpose and you may withdraw it at any time by contacting us — though withdrawing consent needed to deliver a service may limit our ability to provide that service. For client financial records, we act on your instructions to deliver the engagement you have retained us for.
We treat your financial and business records as strictly confidential. Access is restricted to the Qualified Chartered Accountants and team members working on your engagement, on a need-to-know basis. We do not sell, rent, trade or publish your data, and we do not use your financial records for any purpose other than delivering the services you have engaged us for. Confidentiality obligations continue even after an engagement ends.
Your data is stored on secure, access-controlled systems and reputable cloud providers using industry-standard encryption in transit and at rest. We apply role-based access, authentication controls and regular reviews to safeguard your information. We retain records only as long as necessary for the purposes described here or as required by law — for example, books of account and related records are retained in line with the Companies Act, 2013 and the Income-tax Act, 1961 (generally up to 8 years). When data is no longer required, we securely delete or anonymise it.
To deliver our services we use trusted third parties, such as cloud hosting and storage providers, accounting and finance-automation platforms, communication and scheduling tools, and website analytics. These providers process data only as needed to support us and under appropriate confidentiality and data-processing terms. To complete statutory filings, we also submit relevant data to government portals (for example, the GST Network, the Income-tax Department and the Ministry of Corporate Affairs) as required by law and on your behalf.
We do not sell, rent or trade your personal or financial data. We disclose information only: (a) to government, tax or regulatory authorities where legally required, or to make filings on your behalf; (b) to service providers engaged to support our operations, limited to the minimum necessary; and (c) where you have given consent. If required by a valid legal process, we may disclose data to the extent the law mandates.
Our website uses a minimal set of cookies and similar technologies to keep the site working, remember preferences, and collect aggregate analytics that help us improve. You can disable cookies in your browser; some site features may then work less smoothly. We do not use cookies to build advertising profiles of you without consent.
Subject to applicable law, you have the right to:
Our services are intended for businesses and professionals and are not directed at individuals under 18. We do not knowingly collect personal data of children. If we become aware that we have inadvertently collected such data, we will delete it promptly in accordance with the DPDP Act.
We maintain reasonable safeguards to prevent unauthorised access to your data. In the event of a personal data breach that is likely to affect you, we will take prompt remedial action and notify the affected individuals and the Data Protection Board of India as required under the DPDP Act.
We may update this policy to reflect legal, regulatory or operational changes. Material changes will be posted on this page with a revised "last updated" date, and where appropriate we may notify affected clients directly.
For any questions about this policy, or to exercise your rights or raise a privacy concern, contact our Grievance Officer at partner@thezencfo.com or +91 94886 67907, or write to 126, 3rd W Block, Senate Space, Anna Nagar, Chennai. We will acknowledge and respond to complaints within 7 working days.
Questions about this policy?
Reach out to our Grievance Officer at partner@thezencfo.com. We respond within 7 working days.