Privacy Policy

1. Who We Are

Vault Financial Technologies Pvt. Ltd. ("Vault", "we", "us", or "our") operates an AI-powered wealth management platform. We are the data controller responsible for the personal information you provide to us through our Platform. If you have any questions about this Privacy Policy or our data practices, you may contact us at info@getvault.in.

2. Information We Collect

Information You Provide Directly

When you register or use the Platform, we may collect:

• Account details — name, email address, mobile number, date of birth, and password.
• Identity verification documents — PAN card, Aadhaar number, and other KYC materials as required by applicable regulations.
• Financial profile data — income range, investment objectives, risk tolerance, and related preferences.
• Communications — messages, queries, or feedback you send to us.

Information Collected Automatically

When you access the Platform, we automatically collect:

• Usage data — features accessed, pages visited, and actions taken within the Platform.
• Device and technical information — device type, operating system, browser type and version.
• Network data — IP address, server log entries, and approximate location derived from IP.
• Cookie and tracking data — as described in Section 9.

Third-Party Financial Data

With your explicit authorisation, we retrieve financial data from your connected accounts, including portfolio holdings, transaction history, and account balances, via brokers, depositories, mutual fund registrars, and banks through APIs or RBI-licensed account aggregators.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Platform and its features.
• Personalise financial insights, recommendations, and analytics for you.
• Process KYC verification and comply with applicable regulatory requirements.
• Send you transaction confirmations, service updates, and account notifications.
• Send marketing communications, where you have provided consent.
• Detect, investigate, and prevent fraudulent activity or security breaches.
• Conduct internal product research and develop new features.
• Resolve disputes and enforce our Terms and Conditions.

4. Information Sharing

We do not sell your personal information. We may share your information with:

• Service providers — trusted third parties who help us operate the Platform, including cloud infrastructure providers (such as AWS and Google Cloud), payment processors, and analytics services. These providers are contractually obligated to protect your data and may only use it to provide services to us.
• Financial institution partners — brokers, depositories, and registrars where required to execute transactions or retrieve account data on your behalf.
• RBI-licensed account aggregators — to facilitate secure data retrieval under the Account Aggregator framework.
• Government and regulatory authorities — where required to comply with applicable law, legal process, or a valid governmental request.
• Acquirers or successors — in connection with a merger, acquisition, or sale of all or substantially all of our assets, subject to the acquirer agreeing to honour the commitments made in this Privacy Policy.

5. Data Retention

We retain your personal data for as long as your account remains active. After account closure, we retain data for the following minimum periods to comply with applicable law:

• Up to 7 years for data required under financial regulations.
• Up to 5 years for transaction records.
• Reasonable periods as necessary for dispute resolution and enforcement of our agreements.

Once data is no longer required, it is securely deleted or irreversibly anonymised.

6. Data Security

We implement industry-standard security controls to protect your information, including:

• AES-256 encryption for data at rest.
• TLS 1.3 for data in transit.
• Multi-factor authentication for account access.
• Role-based access controls limiting internal access to your data on a need-to-know basis.
• Regular vulnerability assessments and penetration testing.
• SOC 2-aligned cloud infrastructure with continuous monitoring.

While we take these measures seriously, no system is completely immune from security threats. We encourage you to use a strong password and to report any suspected unauthorised access to info@getvault.in immediately.

7. Your Rights

You have the following rights with respect to your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request erasure of your data, subject to our legal retention obligations.
• Consent withdrawal — withdraw consent for processing activities that rely on consent, at any time.
• Grievance redressal — file a formal complaint regarding our data practices.
• Nomination — nominate a representative to exercise these rights on your behalf.

To exercise any of these rights, please email info@getvault.in with the subject line "Privacy Request". We will respond within 30 days of receiving a valid request.

8. Children's Privacy

The Platform is not directed toward individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will take steps to delete that data promptly. If you believe we may have collected information from a minor, please contact us at info@getvault.in.

9. Cookies and Tracking

We use cookies and similar tracking technologies on the Platform. These fall into the following categories:

• Strictly necessary — essential for the Platform to function; these cannot be disabled.
• Analytics — help us understand how users interact with the Platform so we can improve it.
• Preference — remember your settings and personalisation choices.
• Marketing — used to deliver relevant advertisements and measure campaign effectiveness, where consent has been obtained.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect Platform functionality.

10. International Data Transfers

Your data is primarily collected, stored, and processed within India. Where international transfers are necessary — for example, to cloud infrastructure providers with servers outside India — we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms, to protect your data in accordance with applicable law.

11. External Links

The Platform may contain links to third-party websites or services. This Privacy Policy applies only to the Vault Platform. We are not responsible for the privacy practices of any third-party sites and encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the revised policy on the Platform and update the "Last updated" date at the top of this page. Where required by law, we will notify you directly of significant changes. Your continued use of the Platform after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

• Email: info@getvault.in
• Website: getvault.in