Privacy Policy

1. Introduction

At i2Finserv, your privacy is of utmost importance. This Privacy Policy describes how we collect, use, store, and protect your personal information when you interact with our website, mobile applications, and services. By using our services, you consent to the practices described in this policy. We are committed to compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), SEBI regulations, and other applicable Indian laws.

2. Information We Collect

We collect various types of information to provide and improve our services:

• •Identity Information: Name, date of birth, gender, PAN, Aadhaar (redacted), and photographs
• •Contact Information: Email address, phone number, residential and correspondence address
• •Financial Information: Bank account details, income details, investment history, insurance policies, tax returns
• •KYC Data: Identity proofs, address proofs, income proofs, signature, video verification
• •Goal & Risk Profile: Financial goals, risk appetite, investment horizon, family details
• •Technical Data: IP address, browser type, device information, cookies, and usage patterns
• •Communications: Emails, chat transcripts, WhatsApp messages, call recordings, and feedback

3. Purpose of Data Collection

We collect and use your personal information for the following legitimate purposes:

• •Conducting KYC registration as required by SEBI and regulatory bodies
• •Facilitating investment services including mutual fund transactions, insurance, and financial services
• •Creating personalized financial plans aligned with your goals and risk profile
• •Sharing information with AMCs, RTAs, depositories, and regulators for transaction processing
• •Sending transactional alerts, account statements, and important updates
• •Improving our products, services, and website functionality
• •Addressing customer inquiries, complaints, and providing support
• •Compliance with legal and regulatory requirements

We never sell or rent your personal data to third parties for marketing purposes.

4. Data Sharing & Disclosure

Your information may be shared with the following parties solely for service delivery and compliance:

• •Regulatory Bodies: SEBI, AMFI, stock exchanges, depositories as mandated by law
• •Service Partners: Asset Management Companies (AMCs), Registrar & Transfer Agents (RTAs), insurance companies
• •Payment Processors: Banks and payment aggregators for transaction processing
• •KYC Agencies: KYC Registration Agencies (KRAs) for identity verification
• •Technology Partners: Cloud service providers, CRM systems (under strict data protection contracts)
• •Legal Authorities: Government agencies when required by law or court order

All third parties are bound by confidentiality agreements and data protection standards.

5. Data Security Measures

We implement robust security measures to protect your personal information:

• •Encryption: All data transmission uses SSL/TLS encryption; passwords are one-way encrypted
• •Access Controls: Strict role-based access with multi-factor authentication
• •Secure Storage: Data stored in encrypted, SOC 2 compliant cloud environments
• •Regular Audits: Periodic security audits, vulnerability assessments, and penetration testing
• •Breach Protocol: Incident response procedures with breach notifications as per DPDP Act
• •Employee Training: Regular privacy and security awareness training for all staff

6. Cookies & Analytics

We use cookies and similar technologies to enhance your experience:

• •Essential Cookies: Required for website functionality and secure login sessions
• •Analytics Cookies: Google Analytics and similar tools to understand usage patterns
• •Preference Cookies: Remember your settings and preferences for future visits

You can disable cookies through your browser settings, though this may limit certain functionality.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

• •Active Clients: Data retained throughout the client relationship and for 5+ years thereafter as required by SEBI
• •Transaction Records: Investment and financial records maintained as per regulatory requirements
• •Inquiry Data: Non-client inquiries may be deleted after 2 years unless converted to clients
• •Communications: Email and call records retained for dispute resolution and compliance

8. Your Rights

Under the DPDP Act and applicable regulations, you have the following rights:

• •Access: Request a copy of your personal data held by us
• •Correction: Request correction of inaccurate or incomplete data
• •Withdrawal: Withdraw consent for data processing (may affect service delivery)
• •Deletion: Request deletion of data (subject to legal retention requirements)
• •Portability: Request transfer of your data in a structured format
• •Grievance: Lodge complaints with our Grievance Officer or regulatory authorities

To exercise these rights, contact our Grievance Officer using the details below.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from someone under 18 without appropriate consent, we will take steps to delete such information promptly.

10. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The updated policy will be posted on this page with a revised "Last Updated" date. We encourage you to review this policy regularly. Continued use of our services after any changes constitutes acceptance of the updated policy.