Home
> Privacy Policy

Privacy Policy

Privacy Policy – TheCFOStrategist

Last updated: January 16, 2026

This Privacy Policy describes how TheCFOStrategist (“Company”, “We”, “Us”, “Our”) collects, uses, discloses, and protects your information when you use our website and services and explains your privacy rights. By using our website or sharing your information with us from India, the USA, Canada, the UK, Dubai (UAE), Australia, Singapore, New Zealand or any other location, you agree to the collection and use of information in accordance with this Privacy Policy and applicable law in your jurisdiction.​

Note: We request you to review this policy periodically since it can change without prior notification.

  1. Interpretation and definitions

Words with initial capital letters have meanings defined below; the definitions apply whether used in singular or plural.​

Definitions For this Privacy Policy:

  • Account means a unique account created for you to access our services or parts of our services.​
  • Company (“We”, “Us” or “Our”) refers to TheCFOStrategist, operating from Gurugram, Haryana, India (final legal entity name and address to be inserted on your letterhead).​
  • Country refers to India, with primary operations in the State of Haryana, and clients potentially located in India, the USA, Canada, the UK, Dubai (UAE), Australia, Singapore and New Zealand.​
  • Website / Service refers to TheCFOStrategist website, accessible at thecfostrategist.com, and any related online resources.​
  • Device means any device that can access the Service, such as a computer, smartphone, or tablet.​
  • Personal Data means any information that relates to an identified or identifiable individual.​
  • Service Provider means any natural or legal person who processes data on behalf of the Company, including professional partners and technology vendors.​
  • Usage Data means data collected automatically, generated by your use of the Service (for example, pages visited and time spent).​
  • You mean the individual using the Service, or the company or other legal entity on whose behalf such individual uses the Service.​
  1. Types of data collected

Personal data

When you interact with us (for example, via contact forms, email, consultations, or engagement for services), we may collect:​

  • Identity data: Name, job title, company name.
  • Contact data: Email address, phone number, office address, city, state, postal code, country.
  • Business and financial data (for CFO/advisory work):
    • Business financial statements, management reports, projections and financial models.
    • Tax and regulatory data such as PAN, GST details, corporate registrations, relevant returns and similar identifiers used in your jurisdiction.​
    • Limited banking and payment information as necessary to receive or process payments or to perform agreed CFO/advisory duties.
  • Engagement data: Details about your requirements, project scope, meeting notes and communication preferences.

If you choose not to provide certain information, we may be unable to initiate or continue professional services, respond fully to your queries, or comply with legal obligations.​

Usage data

Usage Data is collected automatically when you use the Website. It may include:​

  • Your Device’s IP address, browser type and version, operating system
  • Pages visited, time and date of visit, time spent on pages
  • Unique device identifiers and other diagnostic data
  1. Tracking technologies and cookies

We use cookies and similar tracking technologies to operate the Website and to improve and analyze our Service.​

  • Cookies (browser cookies): Small files placed on your device to enable features (e.g., remembering preferences).
  • Web beacons, tags and scripts: Used to measure usage, count visitors and verify system integrity.

We may use:

  • Necessary/essential cookies: To operate the Website, prevent fraud and maintain security.
  • Functionality cookies: To remember your preferences (for example, form details or language).
  • Analytics cookies (e.g., Google Analytics): To understand how the Website is used and improve content and user experience.​

You can instruct your browser to refuse cookies or to indicate when a cookie is being sent; some features of the Website may not function properly if cookies are disabled.​

  1. How we use your personal data

The Company may use your Personal Data for the following purposes, to the extent permitted by applicable law:​

Service delivery

  • To provide and maintain our services, including fractional CFO services, financial modelling, business strategy, fundraising support, tax advisory and related professional services.
  • To prepare financial models, analyses, presentations and documentation required for your business, investors, lenders or regulators.

Communication and relationship management

  • To respond to enquiries, schedule and manage consultations and strategy sessions.
  • To send invoices, proposals, engagement letters, statements of work and project updates.
  • To contact you by email, telephone, SMS or other channels regarding your mandates, changes to our services, or important notices.

Improvement and analytics

  • To monitor and analyze usage of the Website, improve performance, usability and content.
  • To support internal training, quality assurance and service development.

Legal, compliance and risk management

  • To comply with applicable laws, including tax, accounting, anti‑money laundering and data protection requirements in relevant jurisdictions.​
  • To maintain records necessary for audits, regulatory filings or dispute resolution.

Marketing (professional and B2B)

  • To provide you (where permissible) with information about services, insights or events similar to those you have already engaged us for or enquired about, or which we believe may be relevant to your professional role, unless you opt out.​

You may opt out of non‑essential marketing communications at any time by using the unsubscribe link in emails or by contacting us; we may still send non‑marketing communications relating to ongoing engagements, legal obligations or service notices.​

  1. Relationship with engagement letters

Where you engage TheCFOStrategist for professional services, the detailed terms governing scope of work, deliverables, fees, intellectual property, limitations of liability and dispute resolution will be set out in the applicable proposal, engagement letter or statement of work executed with you. This Privacy Policy focuses on how we handle personal data and does not modify those contractual terms.

  1. Sharing and disclosure of personal data

We do not sell your Personal Data. We may share your information only in the following circumstances:​

Professional service partners

  • With trusted partners such as legal associates, company secretaries, valuation experts and technology providers (e.g., cloud hosting, CRM, analytics tools) who support delivery of your mandates.
  • Such partners are required to use your data only for the agreed purpose and to maintain appropriate confidentiality and security.

Service providers and contractors

  • With third‑party service providers that assist us in operating the Website, processing payments, storing data, sending communications or analyzing usage.

Business transfers

  • In connection with any merger, acquisition, restructuring or sale of some or all of our business or assets, subject to appropriate safeguards.

Legal and regulatory requirements

  • Where required by applicable law, regulation, court order or government authority.
  • To protect our rights, privacy, safety or property, and that of our clients or the public, or to detect, prevent or address fraud, security or technical issues.

Where possible, we will seek to minimise the data shared and will share only what is reasonably necessary for the specific purpose.​

  1. Data security and confidentiality

Given the sensitivity of financial and business data, we apply reasonable and appropriate technical and organisational measures to protect your information.​

  • Confidentiality: Access to your data is restricted to our personnel and partners who need it to perform specific assignments and who are bound by professional or contractual confidentiality obligations.
  • Technical safeguards: We use measures such as SSL encryption for data transmitted via the Website and secure servers or cloud environments for storage, in line with reasonable security practices.

However, no method of transmission over the internet or method of electronic storage is 100% secure; we cannot guarantee absolute security but strive to protect your information to the best of our ability and in line with applicable law.​

  1. Retention and cross‑border transfer of data

We retain Personal Data only for as long as necessary for the purposes described in this Policy or as required by applicable law and professional standards (for example, accounting and tax record‑keeping requirements and limitation periods for claims).​

Your information may be stored or processed on servers located outside your jurisdiction, including in India, the USA, the UK, the EU or other countries, where data protection laws may differ. Where we transfer your data across borders, we seek to ensure that appropriate safeguards are in place consistent with applicable data protection laws (for example, contractual protections under GDPR‑style regimes).​

  1. Your rights and choices

Subject to applicable laws (including India’s data protection framework and, where relevant, GDPR/CCPA‑type rights), you may have some or all of the following rights in relation to your Personal Data:​

  • Right to access: To request information about the Personal Data we hold about you.
  • Right to rectification: To request correction of inaccurate or incomplete data.
  • Right to deletion (erasure): To request deletion of your Personal Data, subject to our retention obligations under law or contracts.
  • Right to withdraw consent: Where processing is based on consent (for example, certain marketing or optional information), you may withdraw consent at any time; this will not affect prior lawful processing.​
  • Right to object or restrict: To object to or request restriction of certain processing, in line with applicable laws.
  • Data portability (where applicable): To request a copy of certain data in a structured, commonly used format.
  • Right to Nominate (India Users): In accordance with Section 14 of the Digital Personal Data Protection Act, 2023, Data Principals in India have the right to nominate an individual who shall, in the event of death or incapacity, exercise their rights under this Policy. To register a nominee, please submit a request to our Grievance Officer.

To exercise your rights or update your information, please contact us at grievance@thecfostrategist.com.

If you withdraw consent or request deletion of certain information, we may be unable to initiate or continue providing some or all CFO/advisory services, particularly where the data is necessary for delivery, compliance, defence of legal claims or record‑keeping.​

We may, to the extent permitted by law, refuse or charge a reasonable fee for manifestly unfounded or excessive requests, including repetitive requests.​

  1. GDPR notice

Where GDPR applies, our legal bases for processing Personal Data may include: consent, performance of a contract, compliance with legal obligations, legitimate interests (such as providing and improving services to corporate clients, preventing fraud and securing our systems), vital interests and public interest, as applicable.​

EEA/UK users have additional rights under GDPR, including detailed access, rectification, erasure, portability and objection rights as described above; these can be exercised by contacting us at grievance@thecfostrategist.com. You also have the right to lodge a complaint with your local supervisory authority.​

  1. CCPA/CPRA notice

For California residents, this section supplements the Policy. You may have the right to request that we disclose what categories of personal information we collect, use, disclose and (if applicable) sell, and to request deletion of personal information, subject to certain exceptions.​

We do not sell your personal information as that term is defined under CCPA/CPRA. Requests can be submitted via grievance@thecfostrategist.com; we may need to verify your identity before acting on your request and may deny certain requests where an exception applies under CCPA/CPRA.​

  1. Children’s privacy

Our Website and services are targeted at founders, CXOs, investors and business stakeholders and are not directed to individuals under 18 years of age.

For users located in India, we do not knowingly collect Personal Data from individuals under the age of 18 without verifiable parental consent. For users in other jurisdictions, we adhere to the local age of digital consent (e.g., 13 in the USA, 16 in the UK/EU). By using our Services, you represent that you are of the age of majority in your jurisdiction.

  1. Links to other websites

The Website may contain links to third‑party websites, tools or services (such as Google products, SaaS tools, or professional resources). We have no control over, and are not responsible for, the content, security or privacy practices of such third parties; you are encouraged to review their privacy policies separately before using them.​

  1. Updates to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in law, technology or our practices. Any changes will be posted on this page with an updated “Last updated” date, and material changes may be notified via email or a notice on the Website where appropriate.​

Your continued use of the Website after changes take effect will constitute your acknowledgement of the updated Policy.​

  1. Contact and grievance

If you have any questions, requests or grievances regarding this Privacy Policy or our data handling practices, you may contact us at:

Email: grievance@thecfostrategist.com

We will use reasonable efforts to respond within a reasonable time and in accordance with applicable law in the relevant jurisdiction.