Privacy Policy

1. Introduction

Finaceal Pvt. Ltd. ("Finaceal," "we," "our," or "us") is an offshore accounting support firm headquartered in Sanepa, Lalitpur, Nepal, serving licensed CPA firms and small to mid companies in the United States. We are committed to protecting the privacy and security of the information entrusted to us by our clients and website visitors.

This Privacy Policy describes how we collect, use, store, and protect information in connection with our services and website (finaceal.com). By using our website or engaging our services, you agree to the practices described in this Policy.

2. Who This Policy Applies To

This Policy applies to:

• Authorized representatives and personnel of CPA firms that engage Finaceal's services ("Clients").
• Visitors to the Finaceal website.

Finaceal does not have a direct relationship with the end clients of the CPA firms we support. The CPA firm is solely responsible for managing privacy obligations with respect to their clients' data, including compliance with IRC §7216 and applicable state privacy laws.

3. Information We Collect

a. Information Provided by Clients

In connection with service delivery, Clients may provide us with:

• Business contact information (name, title, firm name, email address, phone number, mailing address)
• Financial records, accounting data, and bookkeeping files
• Tax source documents and supporting schedules
• Payroll data and related records
• Software access credentials for authorized platforms (QuickBooks Online, Xero, Zoho Books, Drake, Lacerte, UltraTax, TaxDome, Gusto, ADP, Paychex, and others)

b. Information Collected Through the Website

When you visit finaceal.com, we may automatically collect:

• IP address and general geographic location
• Browser type and device information
• Pages visited, time spent, and navigation patterns

c. Communications

We retain records of email communications, inquiry submissions, and consultation-related correspondence for service and compliance purposes.

4. How We Use Your Information

We use the information we collect solely for the following purposes:

• To deliver bookkeeping, tax preparation, payroll, financial reporting, and advisory services as agreed with the Client.
• To communicate with Client representatives regarding ongoing engagements, deliverable status, and service updates.
• To maintain accurate internal records of engagements, invoices, and correspondence.
• To respond to inquiries submitted through our website or contact channels.
• To improve website functionality and user experience.
• To comply with applicable legal, regulatory, and professional obligations.

We do not use client financial data or taxpayer information for any purpose beyond the specific services authorized by the Client.

5. IRC §7216 and Taxpayer Data

Finaceal handles US taxpayer information exclusively as a subcontractor to the licensed CPA firm. We do not solicit, access, or retain taxpayer data beyond what is necessary to complete the services requested by the CPA firm. All taxpayer data received is handled in accordance with the requirements of IRC §7216 and IRS Treasury Regulation §301.7216-2.

The CPA firm is responsible for obtaining all required client consents before transmitting taxpayer information to Finaceal. Finaceal will not use, disclose, or retain such information for any unauthorized purpose.

6. Sharing of Information

Finaceal does not sell, rent, or trade any personal, financial, or taxpayer information.

We may share information only in the following limited circumstances:

• Service Delivery: With trusted technology platforms and software providers necessary to perform contracted services (e.g., cloud accounting software, secure file transfer tools). All such providers are subject to confidentiality obligations.
• Legal Compliance: Where disclosure is required by applicable law, court order, or regulatory authority.
• Client Authorization: Where you have expressly authorized a specific disclosure in writing.

We do not share Client data with any third party for marketing, analytics, or commercial purposes.

7. Data Security

Finaceal maintains a formal Written Information Security Program (WISP) and implements the following safeguards:

• AES-256 encryption for all data at rest and in transit
• Multi-factor authentication (MFA) across all systems and user accounts
• Biometric access controls for physical premises
• Role-based access controls limiting data access to authorized personnel only
• Regular security assessments and annual internal audits
• A 24-hour breach notification commitment to affected clients

Our security framework is aligned with the NIST Cybersecurity Framework (CSF) and CIS Controls v8 IG1, and our practices are designed to support the FTC Safeguards Rule requirements applicable to the CPA firms we serve.

Despite these measures, no system can guarantee absolute security. Clients are encouraged to use secure, encrypted channels when transmitting sensitive documents.

8. Data Retention

We retain client and engagement data only for as long as necessary to fulfill the contracted services and comply with applicable legal and regulatory requirements. Financial records and tax-related documents are retained in accordance with IRS record-keeping guidelines and applicable Nepal law. Upon engagement termination, Client data is returned or securely destroyed in accordance with the agreed data handling protocols.

9. Cookies and Website Analytics

Our website uses cookies and similar tracking technologies to enhance user experience and analyze website traffic. The types of cookies we may use include:

• Essential cookies: Required for core website functionality.
• Analytics cookies: Used to understand how visitors interact with our website (e.g., pages viewed, time on site). We do not use analytics data to identify individual users.

You may manage or disable cookies through your browser settings. Disabling cookies may affect the functionality of certain website features.

10. Your Rights

Clients and website visitors may, subject to applicable law, request the following:

• Access to the personal information we hold about you.
• Correction of inaccurate or outdated information.
• Deletion of your information where legally permissible and where no overriding legal obligation requires retention.

To submit a request, contact us at info@finaceal.com. We will respond within a reasonable timeframe and in accordance with applicable law.

11. Third-Party Websites

Our website may contain links to third-party websites. Finaceal is not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or security practices. The revised date at the top of this page will reflect the most recent update. Where changes are material, we will notify active clients by email.

13. Contact

For questions, concerns, or requests related to this Privacy Policy or our data practices, please contact:

• Finaceal Pvt. Ltd.
• Address: Sanepa, Lalitpur, Kathmandu, Nepal
• Phone: +977 9802348583, +977 9802348580
• Email: info@finaceal.com