Privacy Policy

1. Who We Are

Sharewealth Securities Limited is a SEBI-registered stockbroker and Research Analyst headquartered in Thrissur, Kerala, India. We operate a mobile application and website that provide trading, investment, and financial research services on NSE and BSE. By downloading or using our app or website, you agree to this Privacy Policy.

2. Information We Collect

We collect the following categories of information:

• Identity & KYC Data: Full name, date of birth, PAN, Aadhaar (masked), passport or driving licence details, photograph.
• Contact Information: Email address, mobile number, residential and correspondence address.
• Financial Information: Bank account details (IFSC, account number), income details, demat account number, trading and holdings data.
• Device & Usage Data: IP address, device ID, operating system, app version, pages visited, session duration, crash logs.
• Location Data: Approximate location (city/state level) for fraud prevention; precise location only if you explicitly grant permission.
• Biometric Data: Fingerprint or Face ID solely for app login authentication; we do not store raw biometric data on our servers.
• Communications: Messages or queries you send us via in-app chat, email, or phone.

3. How We Use Your Information

We use the information collected for the following purposes:

• Account opening, KYC verification, and demat account creation as required by SEBI and depositories (NSDL/CDSL).
• Processing trades, settlements, and fund transfers on NSE and BSE.
• Delivering research reports, investment recommendations, and portfolio analytics.
• Complying with Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations under PMLA 2002 and SEBI circulars.
• Sending regulatory contract notes, ledger statements, and margin alerts as mandated by SEBI.
• Sending account statements, trade confirmations, and research notifications (with your consent).
• Improving app features, fixing bugs, and preventing fraud or unauthorised access.
• Responding to your support requests and grievances as required by SEBI Complaint Redressal System (SCORES).

4. Legal Basis for Processing

• Contractual necessity: To execute trades and provide brokerage services you have subscribed to.
• Legal obligation: SEBI, RBI, Income Tax, and PMLA regulations require us to collect and retain certain data.
• Legitimate interests: Fraud detection, security monitoring, and service improvement.
• Consent: Marketing communications and optional analytics features — you may withdraw consent at any time.

5. Data Sharing & Disclosure

We do not sell your personal data. We share information only in the following circumstances:

• Regulatory bodies: SEBI, NSE, BSE, NSDL, CDSL, FIU-IND, Income Tax Department, and other statutory authorities when required by law.
• Depositories & Clearing corporations: For demat account services and trade settlement.
• Banks & Payment gateways: For fund transfers, margin payments, and payouts.
• KYC Registration Agencies (KRAs): CKYCRR, CVL, NDML, CDSL Ventures for KYC verification.
• Technology service providers: Cloud infrastructure, analytics, and customer support tools under strict data processing agreements.
• Legal proceedings: When required by a court order, subpoena, or government authority.

6. Data Retention

We retain your personal data for the periods mandated by applicable law:

• KYC records: Minimum 5 years after account closure as required by PMLA 2002.
• Trade records and contract notes: 5 years as required by SEBI (Stock Brokers) Regulations.
• Research records: 5 years as required by SEBI (Research Analysts) Regulations.
• Communication logs: 3 years for dispute resolution purposes.
• App usage logs: 12 months unless required longer for fraud investigations.

7. Data Security

We implement industry-standard technical and organisational security measures including:

• 256-bit SSL/TLS encryption for all data in transit.
• AES-256 encryption for sensitive data at rest.
• Multi-factor authentication (MFA) and TOTP for account access.
• Regular penetration testing and vulnerability assessments.
• Role-based access controls and audit trails for employee data access.
• ISO 27001-aligned information security management practices.

Despite these measures, no system is completely secure. You should promptly report any suspected unauthorised access to support@sharewealthindia.com.

8. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to:

• Keep you logged in during your session (strictly necessary cookies).
• Remember your preferences (functional cookies).
• Analyse usage patterns to improve the platform (analytics cookies — with your consent).

You can manage cookie preferences in your browser settings. Disabling strictly necessary cookies may affect core platform functionality.

9. Mobile App Permissions

Our mobile application may request the following device permissions:

• Camera: For document scanning during KYC (e-KYC) and in-app video IPV.
• Storage/Files: To save contract notes, ledger statements, and research reports.
• Biometrics: For secure login using fingerprint or Face ID (optional).
• Notifications: For trade alerts, margin calls, and research updates (optional).
• Internet: To access live market data, execute trades, and sync account information.

All permissions are requested at the time of use. You may revoke any optional permission in your device settings at any time without affecting mandatory services.

10. Your Rights

Subject to applicable law, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of data that is no longer necessary, subject to our legal retention obligations.
• Portability: Receive your data in a structured, machine-readable format.
• Withdrawal of consent: Withdraw consent for marketing communications at any time via app settings or by emailing us.
• Grievance redressal: Lodge a complaint with our Grievance Officer or with SEBI via SCORES (scores.gov.in).

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

12. Cross-Border Data Transfers

Your data is primarily stored on servers located within India. Where we use third-party service providers outside India (e.g., cloud infrastructure), we ensure they comply with equivalent data protection standards through contractual safeguards and that transfers comply with applicable Indian law.

13. Third-Party Links

Our app and website may contain links to third-party websites or services (e.g., exchange websites, news portals). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

14. Digital Personal Data Protection Act 2023 (DPDP Act)

We are committed to complying with the Digital Personal Data Protection Act 2023 (DPDP Act) as notified by the Government of India. Under the DPDP Act:

• Data Principal Rights: You (as the Data Principal) have the right to access information about your personal data processed by us, the right to correct inaccurate data, and the right to erasure subject to legal retention obligations.
• Consent Management: Where we rely on your consent to process personal data, you may withdraw that consent at any time through your account settings or by contacting our Grievance Officer. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
• Significant Data Fiduciary: If Sharewealth is designated a Significant Data Fiduciary under the DPDP Act, we will appoint a Data Protection Officer and conduct Data Protection Impact Assessments as required.
• Grievance redressal: Complaints relating to DPDP Act compliance may be addressed to our Grievance Officer. Unresolved complaints may be escalated to the Data Protection Board of India when constituted.
• Nominee / Guardian: In the event of your death or incapacity, a lawful nominee or guardian may exercise your data rights on your behalf in accordance with procedures notified under the DPDP Act.

15. Research Analyst Data Practices

In our capacity as a SEBI-registered Research Analyst (Reg. No. INH000XXXXX), we handle additional categories of data:

• Research subscription data: Name, email, and payment details of subscribers to our research services, retained for the subscription period plus 5 years per SEBI (RA) Regulations.
• Conflict of interest disclosures: We disclose any holding or interest in recommended securities in each research report as mandated by SEBI.
• No sharing of client lists: We do not share research subscriber data with third-party advertisers. Subscriber data is used solely to deliver research reports and related communications.
• Research report records: All published research is archived for a minimum of 5 years as required by SEBI (Research Analysts) Regulations 2014.

16. Nominee & Joint Account Holders

For accounts with nominees or joint holders:

• We collect and verify KYC data for all joint account holders as required by SEBI and PMLA.
• Nominee details including name, relationship, and contact information are stored for the duration of the account and for the statutory period thereafter.
• In the event of the primary account holder's demise, nominee/legal heir data is used solely for account transmission purposes in accordance with depository regulations.

17. Automated Decision-Making & Profiling

We may use automated systems to:

• Assess risk category of clients for margin and exposure purposes.
• Flag unusual trading patterns for compliance review under SEBI surveillance guidelines.
• Send personalised research and product recommendations based on your portfolio and trading history.

You have the right to request human review of any automated decision that significantly affects you. Contact our Grievance Officer to exercise this right.

18. Investor Complaint & Escalation Matrix

For data privacy related complaints, the following escalation path applies:

• Level 1 — Grievance Officer: grievance@sharewealthindia.com — Response within 30 days.
• Level 2 — SEBI SCORES: scores.gov.in — For unresolved complaints after 30 days.
• Level 3 — Data Protection Board of India: When constituted under the DPDP Act 2023, for data-specific grievances not resolved via SEBI SCORES.
• Level 4 — NSE/BSE Investor Cell: For brokerage-related grievances — investorhelpline.nseindia.com.
• Online Dispute Resolution: smartodr.in

19. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via in-app notification or email at least 30 days before they take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy. The date of the most recent revision appears at the top of this page.

20. Grievance Officer & Contact

If you have any questions, concerns, or complaints about this Privacy Policy, DPDP Act compliance, or our data practices, please contact our Grievance Officer: