Privacy Policy

2.1 Personal Information:

• Name and email address (via Gmail authentication)
• Phone number (for OTP-based verification)
• Profile information you voluntarily provide
• Communication preferences

2.2 Financial Information:

• Portfolio data (mutual funds, stocks, investments)
• Financial statements and transaction history
• Investment preferences and goals
• Risk assessment responses

2.3 Technical Information:

• Device information and browser type
• IP address and location data
• Usage patterns and interaction data
• Cookies and similar tracking technologies

3.1 Primary Purposes:

• Provide portfolio analysis and educational insights
• Authenticate and secure your account
• Process and analyze your financial data
• Deliver personalized educational content

3.2 Secondary Purposes:

• Improve our services and user experience
• Send important updates and notifications
• Comply with legal and regulatory requirements
• Detect and prevent fraudulent activities

4.1 Consent: We process your personal data based on your explicit consent, which you can withdraw at any time.

4.2 Legitimate Interests: We may process data for legitimate business interests, such as improving our services, provided it doesn't override your privacy rights.

4.3 Legal Compliance: We process data to comply with applicable laws and regulations, including KYC and AML requirements.

5.1 Third-Party Services: We may share data with trusted service providers who assist in:

• Cloud storage and computing services
• Authentication and security services
• Analytics and performance monitoring
• Customer support tools

5.2 Legal Requirements: We may disclose information when required by law, court order, or government authorities.

5.3 Business Transfers: In case of merger, acquisition, or sale of assets, your information may be transferred with appropriate safeguards.

6.1 Security Measures: We implement enterprise-grade security including:

• AES-256 encryption for data at rest
• TLS encryption for data in transit
• Multi-factor authentication
• Regular security audits and penetration testing
• Access controls and privilege management

6.2 Data Centers: Your data is stored in secure, ISO 27001 certified data centers with 24/7 monitoring.

6.3 Incident Response: We have procedures to detect, respond to, and notify about security incidents as per DPDP Act requirements.

Under the DPDP Act 2023 and other applicable laws, you have the following rights:

• Right to Access: Request information about your personal data we hold
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Data Portability: Request transfer of your data in a structured format
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Grievance Redressal: File complaints with our grievance officer

8.1 Retention Period: We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law.

8.2 Deletion: When retention is no longer necessary, we securely delete or anonymize your data.

8.3 Legal Requirements: Some data may be retained longer to comply with legal, regulatory, or audit requirements.

9.1 Transfer Restrictions: We primarily store and process data within India in compliance with DPDP Act requirements.

9.2 International Transfers: If international transfers are necessary, we ensure appropriate safeguards and obtain required approvals.

10.1 Cookie Usage: We use cookies and similar technologies for:

• Authentication and session management
• User preferences and settings
• Analytics and performance monitoring
• Security and fraud prevention

10.2 Cookie Control: You can manage cookie preferences through your browser settings.

Data Protection Officer:

Grievance Officer: