FINEASE RESEARCH PRIVATE LIMITED
Privacy Policy
Effective Date: March 20, 2026 • Last Updated: March 20, 2026
Version 1.0 • Applicable to iOS Mobile Application & Website
Apple App Store Compliance Notice
This Privacy Policy has been drafted to comply with Apple App Store Review Guidelines §5.1.1, the Digital Personal Data Protection Act 2023 (DPDP Act), the Information Technology Act 2008, and applicable SEBI/PFRDA data regulations. It must be hosted at a publicly accessible URL and that URL must be submitted in App Store Connect before app submission.
1. Introduction
This Privacy Policy describes how Finease Research Private Limited (“Finease”, “Company”, “we”, “our”, or “us”) collects, uses, processes, stores, and protects personal data when users (“User”, “you”, “your”) access our mobile application, website, and related services (collectively, the “Platform”).
Finease operates as a financial technology (FinTech) facilitation platform. Our Platform provides:
- IPO application facilitation (via SEBI-registered broker partners)
- Physical gold and silver purchase facilitation (via BIS-certified fulfillment partners)
- National Pension System (NPS) account opening facilitation (via PFRDA-registered PoP partners)
- Stock screener and financial analytics tools
- Financial news, calculators, and market insights
Finease itself is not a stock broker, investment adviser, portfolio manager, or financial intermediary. All regulated transactions are executed by licensed third-party partner entities.
Important: By downloading, installing, or using the Finease mobile application or website, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree, please uninstall the application and discontinue use of the Platform.
2. Applicable Laws & Regulatory Framework
This Privacy Policy is governed by and complies with the following laws and regulations:
- Digital Personal Data Protection Act, 2023 (DPDP Act), India
- Information Technology Act, 2000 and IT (Amendment) Act, 2008
- Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
- Securities and Exchange Board of India (SEBI) data protection obligations
- Pension Fund Regulatory and Development Authority (PFRDA) data guidelines
- Apple App Store Review Guidelines §5.1.1 (Privacy Policy requirements)
- Apple’s App Tracking Transparency (ATT) Framework requirements
3. Data We Collect
We collect only the data that is necessary to provide our services. The following table maps our data collection to Apple’s App Store Privacy Nutrition Label categories:
| Apple Data Category | Data We Collect | Purpose |
|---|---|---|
| Contact Information | Full name, email address, mobile number, residential address | Account creation, KYC, service delivery, communication |
| Identifiers | User ID (internal), PAN card number | Account identification, regulatory KYC compliance |
| Financial Information | Bank account details (for ASBA/UPI IPO bids), UPI ID | IPO bid processing via ASBA/UPI mechanism only |
| Sensitive Personal Data | PAN, KYC documents, Aadhaar (if voluntarily provided for NPS) | Regulatory compliance; NPS account opening via PoP partner |
| Usage Data | Features accessed, screens viewed, interaction logs, session duration | Improving platform experience, analytics |
| Diagnostics | Crash logs, performance data, error reports | App stability, bug fixing, performance optimization |
| Device Information | Device model, OS version, app version, device language | Compatibility, support, security |
| Location (coarse) | City-level location (if permission granted) | Service availability checks, regional financial data |
3.1 Data We Do NOT Collect
- We do not collect precise GPS location without explicit user permission
- We do not collect contacts, photos, or media from your device
- We do not collect biometric data
- We do not access your microphone or camera
- We do not collect data from children under 18 years of age
3.2 How Data is Collected
- Directly from you: When you register, complete KYC, or use platform features
- Automatically: Usage logs, device data, and crash reports collected during app use
- From partners: KYC verification results from regulated third-party partners
4. Consent & How We Obtain It
Finease obtains your explicit, informed consent before collecting or processing your personal data, in compliance with the DPDP Act 2023 and Apple’s App Store guidelines.
4.1 Onboarding Consent
Upon first launch of the application, you will be presented with this Privacy Policy and our Terms & Conditions. You must actively tap “I Agree” to proceed. Users who do not accept cannot access the platform.
4.2 Service-Specific Consent
For services requiring additional sensitive data (e.g., PAN for NPS, bank details for IPO), a separate, specific consent screen will be shown at the time of that service enrolment, explaining exactly what data is needed and why.
4.3 Withdrawing Consent
You may withdraw consent at any time by:
- Deleting your account (via Profile → Settings → Delete Account)
- Contacting us at the details in Section 15
Please note: Withdrawing consent may result in inability to access certain services. Withdrawal does not affect data already lawfully processed before withdrawal.
5. App Tracking Transparency (ATT) — Apple iOS
Finease is committed to user privacy and complies fully with Apple’s App Tracking Transparency (ATT) framework (iOS 14.5 and later).
Finease does NOT track users across third-party apps or websites for advertising purposes. We do not use the IDFA (Identifier for Advertisers). We do not share user data with advertising networks or data brokers.
Any analytics tools used within the app operate on anonymized, aggregated data only and are limited to improving app functionality. These tools do not track you across other apps or websites.
6. How We Use Your Data
We use collected data strictly for the following purposes:
| Purpose | Data Used |
|---|---|
| Account creation & authentication | Name, email, phone, password |
| KYC verification & regulatory compliance | PAN, address, KYC documents |
| IPO bid facilitation via broker partner | Bank account / UPI ID, PAN |
| NPS account opening via PoP partner | PAN, KYC, address, nominee details |
| Physical gold/silver order fulfillment | Name, delivery address, contact |
| Customer support | Account info, issue details |
| App performance & bug fixes | Crash logs, diagnostics, device info |
| Fraud prevention & security | Usage patterns, device info, login data |
| Legal & regulatory compliance | All data as required by law |
| Service improvement & analytics | Anonymized usage data only |
We do NOT use your data for: advertising profiling, selling to third parties, or any purpose not listed above.
7. Third-Party Services & Data Sharing
7.1 Regulated Financial Partners
To deliver our core services, we share specific user data with the following categories of regulated third-party partners. All partners are contractually required to maintain equivalent data protection standards as described in this Policy.
| Partner Type | Data Shared | Purpose |
|---|---|---|
| SEBI-Registered Broker (IPO) | PAN, UPI/bank details, KYC status | IPO bid processing via ASBA/UPI |
| PFRDA-Registered PoP (NPS) | PAN, KYC docs, address, nominee info | NPS account opening & management |
| BIS-Certified Gold Supplier | Name, delivery address, phone | Physical gold/silver order fulfillment |
| KYC Verification Partner | PAN, identity documents | Regulatory KYC/AML compliance |
Each partner operates under its own Privacy Policy and applicable regulatory framework. We recommend reviewing their respective privacy policies.
7.2 Technology & Analytics Partners
We may use third-party technology services (such as cloud hosting, crash analytics, and app performance monitoring) that process limited technical data. These include:
- Cloud hosting providers: for secure data storage (data stored in India or per DPDP Act requirements)
- Crash analytics tools: for app stability monitoring (anonymized data only)
- Push notification services: for IPO alerts, market news, and service updates
These technology partners do not receive personal financial data or identity documents.
7.3 Legal Disclosures
We may disclose user data to government authorities, regulators (SEBI, PFRDA, RBI), or courts if required by law, court order, or to protect the rights and safety of users or the Company.
7.4 What We Never Share
- We never sell personal data to any third party
- We never share data with advertising networks or data brokers
- We never share data for any purpose beyond those described in this Policy
8. Data Security
We implement industry-standard security measures to protect your personal data:
- End-to-end encryption for all data transmitted between the app and our servers (TLS 1.2 or higher)
- AES-256 encryption for sensitive data stored at rest
- Secure API integrations with all regulated partner entities
- Role-based access controls — only authorized personnel access user data
- Regular security audits and vulnerability assessments
- Multi-factor authentication for administrative access
8.1 Data Breach Notification
In the event of a personal data breach that is likely to result in harm to users, Finease will:
- Notify the Data Protection Board of India as required under the DPDP Act, 2023
- Notify affected users via registered email/SMS within 72 hours of becoming aware of the breach
- Describe the nature of the breach, data affected, and remedial actions taken
While we implement robust security measures, no system can guarantee absolute security. We encourage users to maintain strong passwords and not share credentials with third parties.
9. Data Retention & Deletion
9.1 Retention Periods
| Data Type | Retention Period |
|---|---|
| Account & profile data | Duration of account + 1 year post deletion |
| KYC documents & PAN | As required by SEBI/PFRDA/PMLA regulations (minimum 5–8 years) |
| Transaction records (IPO, NPS, Gold) | As required by applicable financial regulations |
| Usage & analytics data (anonymized) | Up to 2 years |
| Crash logs & diagnostics | 90 days |
| Customer support records | 3 years from resolution |
9.2 Account Deletion
Users can delete their account at any time directly from the application:
Steps to Delete Your Account:
- Open the Finease app
- Go to Profile (bottom navigation)
- Tap Settings
- Tap Delete Account
- Confirm deletion
Upon confirmation, the following personal data will be permanently deleted: Full Name, Email Address, Mobile Number, Date of Birth, Address, PAN details, KYC information, and any other user-related personal data — subject to mandatory regulatory retention requirements under applicable law.
10. Your Rights Under DPDP Act 2023
As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:
| Your Right | How to Exercise |
|---|---|
| Right to access your personal data | Submit request to office@thefinease.com |
| Right to correct inaccurate data | Update in-app or email office@thefinease.com |
| Right to erasure (data deletion) | Use in-app Delete Account or email us |
| Right to withdraw consent | Delete account or email us |
| Right to grievance redressal | Contact Grievance Officer (see Section 14) |
| Right to know data sharing details | Review this Policy or contact us |
| Right to nominate a representative | Contact us for the nomination form |
We will respond to all data rights requests within 30 days of receipt. Some requests may be limited by mandatory legal retention requirements.
11. Push Notifications
The Finease app may send push notifications for:
- IPO opening, closing, and allotment status alerts
- Gold and silver price alerts (if opted in)
- NPS account status updates
- Important platform announcements and regulatory communications
Push notifications require your permission, which is requested at first app launch. You can manage notification preferences at any time in:
- iOS: Settings → Notifications → Finease
- In-App: Profile → Notification Preferences
Disabling push notifications will not affect core app functionality but may result in missed time-sensitive alerts.
12. Children’s Privacy
The Finease Platform is strictly intended for users who are 18 years of age or older. We do not knowingly collect personal data from individuals under 18.
If we become aware that personal data has been collected from a minor, we will promptly delete such data. If you believe your child has provided personal information to us, please contact us immediately at the details in Section 15.
13. Cookies & Tracking Technologies
The Finease website uses cookies and similar tracking technologies for:
- Session management (maintaining your logged-in session)
- Platform functionality and preference storage
- Anonymized usage analytics to improve the website
The Finease iOS mobile application does NOT use browser cookies. App session management uses secure, encrypted tokens stored in iOS Keychain.
We do not use tracking pixels, third-party advertising cookies, or cross-site tracking technologies.
You may disable cookies in your browser settings. This may affect certain website features but will not impact the mobile application.
14. Grievance Redressal & Data Protection Officer
In accordance with the DPDP Act 2023 and Apple App Store requirements, we have designated a Grievance Officer and a point of contact for all privacy-related matters:
Grievance Officer — Privacy & Data Protection
Email: office@thefinease.com
Address: FF – 1, First Floor, Shapath V, Sarkhej Gandhinagar Highway, Prahlad Nagar, Ahmedabad, Gujarat – 380015
15. Contact Us
For any questions, concerns, or requests related to this Privacy Policy:
Finease Research Private Limited
Email: office@thefinease.com
Website: www.thefinease.com
Address: FF – 1, First Floor, Shapath V, Sarkhej Gandhinagar Highway, Prahlad Nagar, Ahmedabad, Gujarat – 380015
16. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
- Changes in applicable laws or regulations (including DPDP Act notifications)
- New platform features or services
- Updated security practices
- Apple App Store guideline changes
Material changes will be notified to users via:
- In-app notification upon next login
- Email to registered email address
- Updated “Last Updated” date on this page
Continued use of the Platform after notification constitutes acceptance of the revised Policy. If you do not agree to changes, you must discontinue use and delete your account.
17. Account Deletion and Data Removal
Users can delete their account directly from within the application by following these steps:
Steps to Delete Account:
- Go to Profile
- Navigate to Settings
- Click on Delete Account
Upon account deletion, we remove the following user data:
- Full Name
- Email Address
- Mobile Number
- Date of Birth
- Address
- PAN or identity details (if required for regulatory services such as NPS)
- KYC related information when applicable
- Any other user-related personal information
Data deletion is performed subject to applicable legal and regulatory retention requirements, if any.
— END OF TERMS & CONDITIONS —
Finease Research Private Limited • FF – 1, First Floor, Shapath V, Sarkhej Gandhinagar Highway, Prahlad Nagar, Ahmedabad, Gujarat – 380015