NFRS Insights LogoNFRS Insights

Elevate Your Edge in Financial Reporting.

NFRS Insights LogoNFRS Insights

Privacy Policy

Last Updated: 8th February, 2026

1. Introduction

Welcome to NFRS Insights ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application (the "Service"). This policy applies to all users worldwide. By accessing or using our Service, you agree to the terms of this Privacy Policy.

2. Who is the Data Controller?

For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, the Data Controller is:

Kamal Aryal
Kamalaryal.ab@gmail.com

3. Information We Collect

We collect information that you voluntarily provide to us and information that is automatically collected when you use the Service.

A. Information You Provide (Directly)

When you register for an account or use our features, we may collect:

  • Account Data: Name, email address, password (stored in encrypted format via Firebase Authentication).
  • User Content: Any data, text, or files you upload to the app (stored via Cloud Firestore or Firebase Storage).
  • Communications: Information provided when you contact support.

B. Information Collected Automatically (Technical Data)

When you access the Service, our infrastructure (powered by Google Firebase) automatically collects:

  • Device Information: IP address, browser type, operating system, and device model.
  • Usage Data: Access times, pages viewed, and the routes taken through the app.
  • Log Data: Error logs and crash reports (via Firebase Crashlytics, if applicable) to help us fix issues.

4. How We Use Google Firebase

We use Google Firebase, a backend-as-a-service provided by Google, to host and manage our application. Google acts as a Data Processor on our behalf. Below are the specific Firebase services we use and how they handle your data:

  • Firebase Authentication: Used to manage user log-ins. It stores email addresses, passwords (hashed), and user identifiers (UIDs).
  • Cloud Firestore / Realtime Database: Used to store your user data and app content.
  • Firebase Hosting: Used to deliver the web app to your browser. This service may log your IP address for security and diagnostic purposes.

For more information, please visit the Google Privacy Policy.

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or UK, we process your data based on:

  1. Contractual Necessity: We need your email and account data to provide the Service to you (e.g., to let you log in).
  2. Legitimate Interests: We process technical logs and usage data to improve security, prevent fraud, and fix bugs.
  3. Consent: Where required (e.g., for optional cookies or marketing emails), we will ask for your explicit consent.

6. International Data Transfers

Our Service is hosted on Google Cloud Platform infrastructure. Depending on your location and Google's server configuration, your data may be transferred to, stored, and processed in the United States or other countries outside of your jurisdiction.

We rely on Google's Data Processing Terms and Standard Contractual Clauses (SCCs) to ensure that your data remains protected in accordance with global standards, including the GDPR.

7. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes set out in this Privacy Policy.

  • Account Data: Retained as long as your account is active. You may request deletion at any time.
  • Backup Data: Deleted periodically in accordance with our backup cycles (typically within 30-90 days of deletion request).

8. Your Rights (Global)

Regardless of where you live, we grant you the following rights:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct inaccurate data.
  • Right to Deletion (Right to be Forgotten): You can ask us to delete your account and associated data.
  • Right to Portability: You can request your data in a structured, commonly used format.

For California Residents (CCPA): We do not sell your personal information. You have the right to request disclosure of the specific pieces of personal information collected about you.

To exercise any of these rights, please contact us at kamalaryal.ab@gmail.com.

9. Security

We implement industry-standard security measures, including:

  • Encryption: Data is encrypted in transit (HTTPS) and at rest (on Google's servers).
  • Access Controls: We use strict Firebase Security Rules to ensure that users can only access data they are authorized to see.

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

Our Service is not directed to children under the age of 13 (or the relevant age of digital consent in your country). We do not knowingly collect personal information from children. If we become aware that we have collected such data, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: