1. Introduction and Purpose

This Privacy Policy (“Policy”) is applicable to Finovatives and all its associated websites, mobile applications, platforms, and services (collectively referred to as “Platform,” “Service,” or “Website”). This Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.finovatives.com and utilize our services, including our investment portfolio management tools and trading platforms. Please read this Privacy Policy carefully to understand our practices regarding your personal data. If you do not agree with our practices, please do not use our Platform. By accessing and using Finovatives, you acknowledge that you have read, understood, and agree to be bound by all the terms and conditions outlined in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

When you register an account with Finovatives, subscribe to our services, or interact with our Platform, you may provide us with various types of personal information. This includes but is not limited to your full name, email address, phone number, postal address, date of birth, government-issued identification numbers, and financial account details. When you complete your user profile, you may voluntarily provide additional information such as your investment preferences, risk tolerance, trading experience level, educational background, and professional details. If you initiate a transaction or make a purchase through our Platform, we collect payment information including credit card numbers, debit card details, bank account information, and transaction history. During customer support interactions, we collect information about your inquiries, complaints, feedback, and any communications you have with our support team. If you choose to upload documents for verification purposes, such as identity proofs, address proofs, or financial statements, we collect and store these documents securely.

2.2 Information Automatically Collected

As you navigate through our Platform, we automatically collect certain technical information about your device and usage patterns. This includes your IP address, device type, operating system, browser type, and unique device identifiers. We collect information about your interactions with our Platform, including the pages or features you access, the time and duration of your visits, the content you view, and actions you perform on our service. Through cookies, web beacons, pixel tags, and similar tracking technologies, we collect information about your browsing habits, preferences, and how you use our Platform. Our servers automatically log information about your requests, including the date, time, size of data transmitted, and the website from which you navigated to our Platform. If you access our service through a mobile application, we may collect information about your mobile device, including the device model, operating system, unique identifiers, mobile network information, and location data if you grant permission.

2.3 Third-Party Information

We may receive information about you from third-party sources to verify your identity, assess creditworthiness, and comply with regulatory requirements. This includes information from credit bureaus, identity verification service providers, financial institutions, and government databases. Our service providers, partners, and data processors may share information with us related to your transactions, account status, and service usage. If you connect your social media accounts or third-party financial services to our Platform, we may collect information from those sources with your consent. We may also receive information from publicly available sources and regulatory authorities as required by law.

3. How We Use Your Information

3.1 Service Delivery and Account Management

The primary purpose for which we collect and use your information is to provide you with access to our Platform and deliver the services you have requested or subscribed to. We use your information to create and maintain your account, process your registrations, authenticate your identity, and enable you to access personalized features and tools. Your information helps us deliver investment portfolio management services, provide real-time market data, facilitate trading transactions, and offer technical analysis tools. We use your contact information to send you transactional communications, account notifications, confirmations of transactions, important updates about your account, and service announcements. Your personal data is essential for maintaining accurate records of your account activity, transaction history, investment portfolio, and holdings.

3.2 Verification and Compliance

We use your information to verify your identity and age to ensure compliance with legal requirements, Know Your Customer (KYC) norms, and Anti-Money Laundering (AML) regulations as prescribed by the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), and other applicable Indian financial regulations. We may share your information with regulatory authorities, government agencies, and compliance verification service providers as required by law. Your information is used to assess your eligibility for our services, verify that you are not involved in sanctioned activities or illegal business, and maintain compliance with financial sector regulations. We retain records of verification documents and information as mandated by applicable laws and regulations.

3.3 Communication and Marketing

With your consent, we use your contact information to send you promotional materials, product updates, newsletters, marketing communications, and information about new features or services that may be of interest to you. You can opt out of promotional communications at any time by clicking the unsubscribe link in our emails or adjusting your notification preferences in your account settings. We use your information to respond to your inquiries, address your concerns, provide customer support, and gather feedback about your experience with our service. Your information helps us personalize your experience on our Platform, recommend relevant products and features based on your investment preferences, and tailor content to your interests.

3.4 Platform Improvement and Analytics

We analyze your usage patterns, interactions with our Platform, and feedback to improve our services, enhance user experience, optimize Platform performance, and develop new features. We use aggregated and de-identified data for statistical analysis, market research, trend analysis, and business intelligence purposes. Your information helps us understand user behavior, identify technical issues, monitor service quality, and implement security measures. We conduct analytics to measure the effectiveness of our marketing campaigns, track conversion rates, and identify areas for improvement in our Platform and services.

3.5 Security and Fraud Prevention

Your information is used to protect the security and integrity of our Platform, detect and prevent fraudulent activities, unauthorized access, and cyber threats. We monitor account activity for suspicious patterns, unauthorized transactions, and potential security breaches. Your data helps us implement security measures, conduct investigations into potential violations of our terms of service, and enforce our policies. We use information to prevent identity theft, money laundering, terrorist financing, and other illegal activities on our Platform.

3.6 Legal Obligations and Dispute Resolution

We use your information to comply with legal obligations, court orders, regulatory directives, and law enforcement requests. Your information may be used in legal proceedings, arbitration, or dispute resolution processes if necessary. We retain records and information as required by applicable laws, regulations, and tax authorities in India and other jurisdictions.

4. Data Sharing and Disclosure

4.1 Service Providers and Business Partners

We may share your personal information with third-party service providers who assist us in operating our Platform, providing our services, and conducting our business. These service providers include payment gateways, financial institutions, cloud service providers, email service providers, customer support platforms, data analytics companies, and identity verification service providers. We enter into data processing agreements with all service providers to ensure they handle your information securely and use it only for the purposes we specify. These service providers are contractually obligated to maintain the confidentiality and security of your information and are not permitted to use your data for their own purposes.

4.2 Regulatory and Government Authorities

In compliance with Indian laws and regulations, we may share your information with regulatory authorities including the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Financial Intelligence Unit (FIU), Directorate General of GST Intelligence, Income Tax Department, and other government agencies. We disclose information in response to subpoenas, court orders, legal processes, or official inquiries from law enforcement or government agencies. We comply with regulatory requirements to share information related to KYC/AML compliance, suspicious transaction reporting, and other statutory obligations.

4.3 Financial Institutions

With your consent or as required by law, we may share your information with banks, payment processors, investment platforms, credit bureaus, and other financial institutions to facilitate transactions, verify accounts, assess creditworthiness, and ensure regulatory compliance. These financial institutions may use your information in accordance with their own privacy policies and applicable laws.

4.4 Business Transfers

If Finovatives undergoes a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your information may be transferred as part of that transaction. We will provide you with notice of any such change and any choices you may have regarding your information.

4.5 Legal Compliance and Protection

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to protect our legal rights, enforce our terms of service, protect the safety of our users or the public, or prevent illegal or fraudulent activities.

4.6 Restrictions on Data Sharing

We do not sell, trade, rent, or share your personal information with unaffiliated third parties for their direct marketing purposes without your explicit consent. We do not disclose your financial information, investment details, or sensitive personal data to any entity unless required by law or with your prior written consent.

5. Data Retention and Deletion

5.1 Retention Period

We retain your personal information for as long as necessary to provide our services, fulfill the purposes outlined in this Privacy Policy, and comply with legal and regulatory obligations. Generally, we retain your account information, transaction records, and verification documents for a minimum of seven years from the date of the transaction or account closure, as required by Indian tax laws, securities regulations, and banking norms. Communication records, customer support interactions, and feedback may be retained for a period of five years. Marketing and analytics data may be retained for a period of three years unless you request deletion earlier. We retain security logs and access records for a period of one year for security and audit purposes.

5.2 Data Deletion and Opt-Out

You have the right to request deletion of your personal information, subject to certain legal and regulatory constraints. If you request deletion of your account, we will delete your personal data except information we are required to retain by law, for legitimate business purposes, fraud prevention, or legal proceedings. You can request deletion by sending a written request to our Data Protection Officer at the contact information provided below. We will process your deletion request within thirty days unless we are required to retain the information for legal or regulatory purposes. Even after account closure, we may retain anonymized or aggregated data that cannot be used to identify you.

5.3 Regulatory Retention Requirements

Notwithstanding your deletion request, we must retain certain information to comply with regulatory requirements including Reserve Bank of India directives, tax laws, securities regulations, and anti-money laundering legislation. We retain KYC documents, transaction records, and compliance information as mandated by applicable Indian laws.

6. Data Security and Protection

6.1 Security Measures

Finovatives implements comprehensive technical, administrative, and physical security measures to protect your personal information against unauthorized access, disclosure, alteration, destruction, and misuse. We use industry-standard encryption protocols (SSL/TLS) to secure data transmission between your device and our servers. Your passwords are encrypted using advanced hashing algorithms and are never stored in plain text. We employ firewalls, intrusion detection systems, and network monitoring to protect our infrastructure from unauthorized access. Our Platform undergoes regular security audits, penetration testing, and vulnerability assessments conducted by independent security experts. We maintain secure data centers with restricted physical access, surveillance systems, and environmental controls. Our systems are protected by multi-factor authentication, access control lists, and role-based permissions to limit data access to authorized personnel only.

6.2 Data Protection Standards

We implement data protection standards compliant with the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and International standards including ISO 27001. We maintain an information security policy that defines guidelines for data handling, access control, incident response, and breach notification. Our employees receive regular security training and awareness programs about data protection, privacy regulations, and secure handling of sensitive information. We conduct background checks and maintain confidentiality agreements with all employees and contractors who have access to personal information.

6.3 Limitation of Liability

While we strive to protect your information using reasonable security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your information. We are not responsible for unauthorized access to your information resulting from causes beyond our control, including hacking, unauthorized access to our systems, or transmission of false or fraudulent information by third parties.

6.4 Breach Notification

In the event of a data breach that compromises your personal information, we will promptly notify you and relevant regulatory authorities as required by applicable laws. We will provide information about the nature of the breach, the potential impact on your information, steps we are taking to address the breach, and recommended actions you can take to protect yourself.

7. Your Rights and Choices

7.1 Access to Your Information

You have the right to access the personal information we hold about you. You can request a copy of your personal data by submitting a written request to our Data Protection Officer. We will provide you with your information in a portable format within thirty days of receiving a valid request. You can access and download your account information, transaction history, investment portfolio data, and other personal records through your account dashboard on our Platform.

7.2 Correction and Amendment

You have the right to request correction of inaccurate, incomplete, or outdated personal information. If you identify any errors in your account information, you can update your profile directly through your account settings. For information that cannot be updated through the Platform, you can submit a written request to our Data Protection Officer requesting correction. We will verify the requested changes and update our records within thirty days of receiving a valid request.

7.3 Objection to Processing

You have the right to object to the processing of your personal information for certain purposes, including direct marketing, profiling, and automated decision-making. You can opt out of promotional communications, marketing emails, and non-essential notifications at any time. If you wish to object to other processing activities, you can submit a written request to our Data Protection Officer explaining your objection.

7.4 Withdrawal of Consent

If you have provided consent for processing of your information, you have the right to withdraw that consent at any time. If you withdraw consent, we will cease processing your information for the specified purpose, though we may continue processing as required by law or for other legitimate purposes. Withdrawal of consent will not affect the legality of processing that occurred before the withdrawal.

7.5 Right to Data Portability

You have the right to obtain your personal information in a structured, commonly used, and machine-readable format and have it transmitted to another organization if technically feasible. You can request a copy of your data in a portable format by submitting a written request to our Data Protection Officer.

7.6 Cookie Control

You can control cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling cookies may affect the functionality and user experience of our Platform. You can access and adjust your cookie preferences through our Cookie Preference Center or your browser settings.

8. Children’s Privacy

Our Platform is not intended for children under the age of eighteen years. We do not knowingly collect personal information from children. If you are under eighteen years of age, you should not use our Platform or submit any information to us. If we become aware that we have collected information from a child under eighteen, we will promptly delete such information and terminate the child’s account. Parents or guardians who believe their child has provided information to us can contact our Data Protection Officer to request deletion of the information.

9. Third-Party Links and Services

Our Platform may contain links to third-party websites, applications, and services that are not operated by Finovatives. This Privacy Policy applies only to Finovatives and does not cover third-party websites or services linked from our Platform. We are not responsible for the privacy practices, security measures, or content of third-party sites. When you access third-party websites, you are subject to their privacy policies. We recommend reviewing the privacy policies of any third-party services before providing your personal information.

10. International Data Transfers

If you are accessing our Platform from outside India, please note that your information may be transferred to, stored in, and processed in India and other countries where we or our service providers operate. By using our Platform, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws. We will implement safeguards to ensure your information is protected during international transfers, including using standard contractual clauses, adequacy decisions, or your explicit consent.

11. California Privacy Rights and GDPR Compliance

11.1 California Consumer Privacy Act (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act. You have the right to know what personal information is being collected, used, and shared. You have the right to delete personal information collected from you, subject to certain exceptions. You have the right to opt out of the sale of your personal information. Finovatives does not sell personal information as defined by CCPA. You have the right to non-discrimination for exercising your CCPA rights. To exercise your rights, please submit a request to our Data Protection Officer.

11.2 European General Data Protection Regulation (GDPR)

If you are a resident of the European Union or European Economic Area, your personal