1. PRIVACY POLICY 

Key Sections Covered: 

• Regulatory Compliance Framework: Full alignment with DPDP Act 2025, RBI KYC/AML guidelines, PMLA 2002, and SEBI requirements 

• Data Collection Categories: Detailed breakdown of personal, financial, KYC, and behavioral data collected 

• Processing Purposes: 7 key purposes including service delivery, regulatory compliance, fraud prevention, and communication 

• Legal Basis: Consent, legal obligation, contractual necessity, and legitimate interest 

• Data Retention Periods: Specific timelines for each data category (7 years for KYC/transactions per PMLA requirement) 

• Data Sharing: Clear guidelines on third-party sharing with safeguards for payment gateways, custodians, regulators, and technology partners 

• User Rights: Complete DPDP Rules 2025 rights including access, correction, erasure, portability, and complaint filing 

• Security Safeguards: Technical (encryption, tokenization, MFA), operational (training, access logs), and organizational measures (DPO, DPIA, audits) 

• Breach Notification: Detailed 4-step breach response protocol with timeline and stakeholder notifications 

• Children & Persons with Disabilities: Mandatory parental/guardian consent frameworks 

• International Data Transfers: Confirmation of India-only localization compliance 

• Cookies & Tracking: Transparent cookie management with user opt-out options 

Contact & Escalation: Dedicated DPO, grievance officer, and regulatory complaint procedures