Privacy Policy | NiveshPe

1. Objective

This Privacy Policy ("Policy") describes how Futurewell Fintech Private Limited ("NiveshPe", "Company", "We", "Us", or "Our"), a company incorporated under the Companies Act, 2013, collects, uses, processes, stores, and protects your information when you access or use the NiveshPe website, mobile application, WhatsApp interface, or related digital services (collectively, the "Platform").

By visiting or using the Platform, you ("User", "You", "Your") agree to the collection and use of your information in accordance with this Policy and the Terms & Conditions of the Platform. If you do not agree with the terms herein, please discontinue use of the Platform.

Compliance Statement: This Policy is issued in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA).

2. Definitions

For the purpose of this Privacy Policy:

"Personal Data": Means any data relating to an identified or identifiable individual, including name, date of birth, PAN, Aadhaar, address, contact details, and bank information.
"Non-Personal Data": Refers to aggregated or anonymized information that cannot identify you, such as device type, IP address, and browsing patterns.
"Processing": Means collection, storage, use, disclosure, or erasure of data.
"User": Refers to any person who accesses or uses the NiveshPe Platform or services.

3. Legal Basis for Processing

We process your personal data under the following lawful bases:

Consent: When you voluntarily provide information or permit access
Contractual necessity: To perform services or fulfil your investment transactions
Legal obligation: To comply with requirements under SEBI, AMFI, FIU-IND, Income Tax Act, and other regulations
Legitimate interest: For fraud prevention, risk management, and improving Platform experience

4. Categories of Information Collected

Depending on how you interact with our Platform, we may collect the following categories of data:

a. Personal Information

Includes your:

Name, date of birth, gender, PAN, Aadhaar, address, contact number, and email ID
Bank account details, IFSC, nominee details, and income range
KYC details and supporting documents retrieved from KRAs
Identity verification data, such as live video or signature
IP address, device identifiers, and session logs

b. Transactional Information

Payment and investment details, SIP/Redemption instructions, order IDs, and transaction status
Linked bank account data and transaction frequency
Investment preferences and portfolio summaries

c. Non-Personal / Technical Information

Browser type, operating system, device model, IMEI, language, and referring URLs
Analytics data such as time spent, pages visited, and clickstream information
Cookies, pixel tags, and session analytics for system performance and fraud detection

d. User Communications

Chat, email, or WhatsApp communications with our customer support or chatbots
Call recordings, feedback, and survey responses (used for quality assurance and dispute resolution)

5. Use of Your Information

We use the Personal, Non-Personal, Transactional, and Communication data for lawful business purposes, including:

To provide, operate, and improve our Platform and Services
To process investment instructions and facilitate transactions through BSE StarMF, NSE NMF II, AMCs, or RTAs
To verify KYC and prevent fraud under SEBI and PMLA requirements
To personalize your experience and recommend relevant products
To communicate with you about transactions, offers, updates, or system notices
To detect, prevent, and protect against unauthorized or illegal activity
To enforce our Terms & Conditions and maintain the integrity of the Platform
To enable group companies or affiliates to offer services lawfully integrated with NiveshPe
To contact you for feedback, support, or grievance resolution
For any other purpose after obtaining your explicit consent

Important Consent: You specifically consent to our collection, processing, storage, and transfer of your information to authorized third parties — including AMCs, KRAs, RTAs, banks, payment gateways, and regulators — solely for enabling investment services and legal compliance.

We may analyse user behaviour in aggregate form to improve system functionality and product performance. Such research data will be anonymized and non-identifiable.

NiveshPe may use anonymized and aggregated data for analytical, product development, and marketing insights. Such information does not identify any individual user and is outside the scope of personal data protections under law.

6. Cookies and Tracking Technologies

We use cookies, pixel tags, and similar tools to:

Remember user preferences and improve navigation
Enhance Platform functionality and security
Analyse user behaviour for operational insights

You can disable cookies via browser settings; however, doing so may affect functionality or restrict access to some services.

7. Sharing of Information

Your information may be shared or disclosed as follows:

With Regulated Entities

AMCs, KRAs, RTAs, stock exchanges, payment banks, and custodians to process investments

With Service Providers

Cloud hosts, analytics tools, customer support partners, and technology vendors under confidentiality contracts

With Group Companies / Affiliates

To offer or facilitate related financial services (such as insurance, tax filing, or loans) under separate applicable terms

With Regulators / Authorities

SEBI, AMFI, RBI, FIU-IND, or Income Tax authorities upon lawful requests or audits

For Mergers or Acquisitions

In case of business transfer, merger, or restructuring, subject to confidentiality

For Legal Compliance

To protect our rights, investigate fraud, or respond to legal processes

Data Sharing Policy: We do not sell or rent your data. Data sharing is done only on a need-to-know basis and governed by secure contractual obligations.

8. Technology & Platform Hosting

NiveshPe operates its digital infrastructure through secure third-party technology providers such as AWS, Razorpay, or Google Cloud for hosting, storage, and transaction processing.

While these partners adhere to industry-standard security certifications (ISO 27001, PCI-DSS, etc.), NiveshPe shall not be liable for any outage, disruption, or loss caused by failures or breaches attributable to such service providers.

9. Security Measures

We implement comprehensive security controls to safeguard your data, including:

AES-256 encryption for data at rest and TLS 1.2 for data in transit
Firewalls, intrusion detection systems, and access logs
Role-based employee access and periodic audits
Regular penetration testing and vulnerability scanning

User Responsibility: While we employ industry-standard protections, no system is infallible. You are advised to:

Keep your login credentials, OTPs, and passwords confidential
Report any unauthorized access immediately at support@niveshpe.com

We are not responsible for security breaches resulting from user negligence, malware, or third-party vulnerabilities outside our control.

10. Data Storage and Retention

KYC and transaction data are retained for a minimum of 8 years or longer as mandated by SEBI, AMFI, and PMLA
Data related to active accounts may be retained until account closure or withdrawal of consent
Non-essential or marketing data may be deleted upon user request
Once the retention period lapses, personal data is deleted or irreversibly anonymized

11. Cross-Border Data Transfers

Some third-party vendors (cloud or payment processors) may store or process data outside India. Such transfers are performed:

Under contractual safeguards and confidentiality agreements
In compliance with DPDPA, ensuring equivalent data protection standards

12. User Rights

Under DPDPA, you have the following rights:

Access and confirmation of your personal data processed by us
Correction and completion of inaccurate data
Deletion or erasure of personal data (subject to legal retention requirements)
Consent withdrawal for non-essential processing
Grievance redressal before the Company or Data Protection Board

Important: Withdrawal of consent may affect the provision of certain services. Data required for legal or regulatory compliance cannot be deleted prematurely.

Data Portability: Upon written request, and where technically feasible, you may obtain your personal data in a structured, commonly used, and machine-readable format or request that it be transferred to another platform.

13. Links to Third-Party Sites

Our Platform may contain links to third-party websites or embedded content.

NiveshPe is not responsible for the content, privacy practices, or data security of such sites. We encourage you to read their respective privacy policies before interacting or transacting.

14. Children's Data

NiveshPe does not intentionally collect data from individuals below 18 years of age.

If data of a minor is inadvertently collected, it will be promptly deleted upon discovery.

15. Breach Notification

In case of a data breach likely to result in harm, NiveshPe shall:

Notify affected users and the Data Protection Board of India within 72 hours of detection
Take corrective measures to mitigate potential damage
Cooperate fully with competent authorities

16. Account Deletion & Consent Withdrawal

You may request account deletion by writing to support@niveshpe.com.

Upon verification, your account will be deactivated, and personal data will be deleted or anonymized, subject to mandatory legal retention.

Withdrawal of consent or deletion requests may restrict or disable access to certain services.

17. Policy Updates

NiveshPe reserves the right to modify, amend, or replace this Policy at any time.

Changes will be notified via Platform updates or email communication.

Your continued use after such changes shall constitute acceptance of the updated Policy.

18. Grievance Redressal

Privacy Grievance Officer

Name: Mr. Jazaib Nomani

Email: jazaib@niveshpe.com

Phone: +91-8871702482

Response Time: Complaints will be acknowledged within 7 working days and resolved within 30 days.

If unresolved, users may escalate to:

Data Protection Board of India
SEBI SCORES: https://scores.gov.in

19. Governing Law and Jurisdiction

This Policy shall be governed by and construed in accordance with the laws of India.

Any disputes arising hereunder shall be subject to the exclusive jurisdiction of the courts of Mumbai, Maharashtra.