subtitle

Legal

subtitle

Privacy Policy

Last updated: April 3, 2026

At Vault, your privacy is fundamental to everything we build. This Privacy Policy explains what information we collect, how we use it, how we protect it, and the choices you have regarding your data. By using the Vault platform, you agree to the practices described in this Policy.

1. Who We Are

Vault Financial Technologies Pvt. Ltd. ("Vault", "we", "us", or "our") operates the Vault AI wealth management platform, accessible via our website and mobile applications. We are the data controller responsible for your personal information.

If you have any questions or concerns about this Policy or our data practices, please reach us at info@getvault.in.

2. Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

  • Account information: name, email address, mobile number, date of birth, and password when you register.
  • Identity verification data: PAN card, Aadhaar number, or other KYC documents required by applicable regulations.
  • Financial profile: income range, investment goals, risk appetite, and family structure.
  • Communication data: messages, queries, or feedback you send us via the contact form, email, or in-app chat.

2.2 Information We Collect Automatically

  • Usage data: pages visited, features used, time spent, click patterns, and search queries within the Platform.
  • Device and technical data: IP address, browser type and version, operating system, device identifiers, and time-zone settings.
  • Log data: server logs recording access times, error reports, and referring URLs.
  • Cookies and similar technologies: see Section 9 for details.

2.3 Financial Data from Third Parties

  • Linked accounts: with your authorisation, we fetch portfolio holdings, transaction history, NAV data, and balance information from brokers, depositories (CDSL/NSDL), mutual fund registrars (CAMS/Karvy), banks, and other financial institutions via APIs or account aggregators.
  • Market data: publicly available market prices, fund data, and economic information from licensed data providers.

3. How We Use Your Information

We use the information we collect for the following purposes:

Purpose Legal Basis
Providing, operating, and improving the Platform and its features Contract performance
Personalising your dashboard, AI responses, and recommendations Contract performance / Legitimate interest
Processing account registration and verifying your identity (KYC) Legal obligation / Contract performance
Generating portfolio analytics, goal projections, and rebalancing suggestions Contract performance
Sending transactional notifications (portfolio alerts, security notifications) Contract performance / Legitimate interest
Sending marketing and promotional communications (with your consent) Consent
Complying with legal obligations including SEBI, RBI, and income-tax regulations Legal obligation
Fraud prevention, security monitoring, and abuse detection Legitimate interest / Legal obligation
Analytics, research, and product development (using aggregated/anonymised data) Legitimate interest
Resolving disputes and enforcing our Terms and Conditions Legitimate interest / Legal obligation

4. Sharing of Your Information

We do not sell your personal information. We may share it in the following limited circumstances:

4.1 Service Providers

We engage trusted third-party vendors to help operate the Platform—including cloud hosting providers (e.g., AWS, Google Cloud), payment processors, email and SMS delivery services, analytics providers, and customer support tools. These vendors process your data only on our instructions and are bound by confidentiality obligations.

4.2 Financial Institution Partners

Where you authorise order execution or account linking, relevant data is shared with the brokers, AMCs, banks, or other financial entities necessary to complete those transactions.

4.3 Account Aggregators

We may use RBI-licensed Account Aggregators to fetch your financial data. These are governed by the Account Aggregator framework under the RBI Master Directions.

4.4 Legal and Regulatory Disclosures

We may disclose your information to government authorities, regulators (SEBI, RBI, IT Department), law enforcement agencies, or courts where we are legally required to do so or where we believe disclosure is necessary to protect rights, property, or safety.

4.5 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described here.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with services. After account closure, we may retain certain data:

  • For up to 7 years where required by financial regulations (e.g., AML/KYC obligations).
  • For up to 5 years for transaction records under the Income Tax Act.
  • For a reasonable period to resolve disputes, prevent fraud, and enforce our Terms.

When retention is no longer required, we securely delete or anonymise your data.

6. Data Security

We implement bank-grade security measures to protect your information, including:

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit.
  • Multi-factor authentication (MFA) for account access.
  • Role-based access controls limiting employee access to personal data on a need-to-know basis.
  • Regular vulnerability assessments, penetration testing, and security audits.
  • SOC 2-aligned controls for our cloud infrastructure.

While we take all reasonable precautions, no method of electronic storage or transmission is 100% secure. We encourage you to use a strong, unique password and enable MFA on your account.

7. Your Rights

Under applicable Indian data protection law (including the Digital Personal Data Protection Act, 2023, once in force), you have the following rights regarding your personal data:

  • Right to access: request a copy of the personal data we hold about you.
  • Right to correction: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data in certain circumstances.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to grievance redressal: raise a complaint with our Grievance Officer or the Data Protection Board of India.
  • Right to nominate: nominate another individual to exercise rights on your behalf in the event of death or incapacity.

To exercise any of these rights, email us at info@getvault.in with the subject line "Privacy Request". We will respond within 30 days.

8. Children's Privacy

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will take steps to delete such information.

9. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Strictly necessary cookies: essential for the Platform to function (e.g., session management, authentication).
  • Analytics cookies: help us understand how users interact with the Platform (e.g., Google Analytics). Data is aggregated and anonymised where possible.
  • Preference cookies: remember your settings and preferences (e.g., language, display mode).
  • Marketing cookies: used to deliver relevant advertisements with your consent.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Platform.

10. International Data Transfers

Your data is primarily stored and processed within India. Where we use third-party service providers located outside India, we ensure that appropriate safeguards are in place (such as Standard Contractual Clauses or equivalent mechanisms) to protect your data in compliance with applicable laws.

11. Links to Third-Party Websites

The Platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any external sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting the revised Policy on the Platform and updating the "Last Updated" date at the top. Where required by law, we will seek your consent for material changes.

Your continued use of the Platform after the effective date of the revised Policy constitutes your acceptance of the changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

You may also review our Terms and Conditions for more information about your rights and obligations when using the Vault platform.