Privacy Policy — Finoda Pvt Ltd | Data Protection & GDPR | India

Privacy Policy – Finoda Bangalore
Privacy Policy at Finoda — Your Data, Protected

We take privacy seriously — not because a law says we must, but because you're trusting us with something that matters. At Finoda, we handle your personal and financial data with care, transparency, and full respect for your rights.

This policy tells you exactly what data we collect, why we collect it, how we use it, and what you can do if something feels wrong. We've kept it plain and direct — no legal jargon, no vague paragraphs. If you have questions after reading this, reach out to us at info@finoda.in or call 9035294343.

This Privacy Policy applies to the Finoda website (finoda.in) and all services offered through it. It aligns with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the DPDP Rules, 2025, notified by MeitY on 13 November 2025.

Effective Date: April 2026 | Last Reviewed: May 2026

What Data We Collect and Why

We collect only the data we actually need. Nothing more. Here's a breakdown of what we gather when you interact with our website or services:

  • Personal identification data — your name, mobile number, email address, and PAN number. We need this to verify your identity when you open a demat account or request advisory services.
  • Financial details — income range, investment preferences, and risk appetite. This helps us match you with the right products — whether that's a mutual fund SIP, a fixed deposit, or equity trading.
  • KYC documents — Aadhaar, PAN card, and bank details. These are mandatory under Indian financial regulations for account opening and transaction processing.
  • Device and usage data — IP address, browser type, pages visited, and time spent on the site. We use this to improve our website and understand what's actually useful to our users.
  • Communication records — if you send us an email, fill out our contact form, or call us, we store that interaction to follow up properly and improve our service.

So, why do we collect all this? Four main reasons: to deliver our services, to meet regulatory requirements, to improve your experience, and to keep your account safe. We don't collect data "just in case." Every field has a purpose.

Also see: Open a Free Demat Account — secure, quick, and fully guided by our team.

How We Use Your Information

We use your data to run this business properly — and to serve you better every time you come back.

  • Service delivery is the big one. When you open a demat account, we need your details to process the application. When you ask for advice on portfolio management, we need to understand your financial situation first.
  • Communication comes next. We send you account updates, transaction confirmations, and relevant market information. If you've opted in, we may also share insights on products like NPS investments or income tax filing. You can opt out anytime.
  • Regulatory compliance is non-negotiable. Financial services firms in India must maintain records for auditing purposes. We store certain data to meet these legal obligations — not longer than required, and never beyond what regulators specify.
  • Analytics and improvement round things out. We look at anonymised usage patterns to understand which pages are helpful and which need work. This data never identifies you personally.

We never sell your data. We don't share it with advertisers. And we don't use it to build profiles for third-party marketing.

Data Security Measures

Honestly, this is the part most privacy policies gloss over. We won't do that. Here's what we actually do to protect your data:

  • SSL encryption secures every page of our website. Data transmitted between your browser and our servers is encrypted end-to-end. You'll see the padlock icon on your browser — that's standard, and it's active here.
  • Access controls mean that only authorised Finoda team members can view sensitive client data. We operate on a need-to-know basis internally. Not everyone on our team can pull up your KYC documents.
  • Secure data storage — we store your data on servers located within India. This aligns with the data localisation requirements under India's DPDP Act and RBI's Digital Lending Directions, 2025.
  • Third-party processor agreements — when we work with technology partners or service providers (for instance, trading platforms or payment gateways), they're contractually bound to protect your data at the same standard we hold ourselves to.
  • Breach response — in the unlikely event of a data breach, we'll notify you and the relevant authorities without delay, as required under the DPDP Act. Our response protocol is documented, tested, and ready.

We also recommend a few things on your end: use a strong, unique password for any account linked to financial services, don't share your OTPs with anyone, and always access our site via a secure network.

Your Rights Under Indian Data Protection Laws

The DPDP Act, 2023 gives you real rights over your personal data. We support all of them. Here's what you can do:

  • Right to access — you can ask us what personal data we hold about you. We'll tell you within the timeframe specified under the DPDP Rules (generally 7 working days for such requests).
  • Right to correction — if your data is wrong or outdated, you can request an update. Got a new address or phone number? Let us know and we'll fix it.
  • Right to erasure — in certain situations, you can ask us to delete your data. Note that some data must be retained for regulatory reasons — we'll be transparent about what we can and can't delete, and why.
  • Right to withdraw consent — if you've given us permission to use your data for marketing or communication purposes, you can take that back at any time. Withdrawing consent doesn't affect the lawfulness of anything we did before you withdrew it.
  • Right to grievance redressal — if you're not happy with how we've handled your data, you can raise a formal complaint. We have a dedicated Grievance Redressal process to address these concerns properly.
  • Right to nominate — under the DPDP Act, you can nominate another person to exercise data rights on your behalf in case of death or incapacity. This is a relatively new right in Indian law, and we support it fully.

To exercise any of these rights, email us at info@finoda.in with the subject line "Privacy Request." We'll respond within 7 working days.

Cookies and Tracking

Our website uses cookies — small files stored on your device that help us remember your preferences and understand how you use the site.

  • Essential cookies keep the website running. Without them, things like the contact form and navigation break. These can't be disabled.
  • Analytics cookies (like Google Analytics) help us see which pages get traffic, how long people stay, and where they drop off. This data is anonymised and used purely to improve the site.
  • Marketing cookies — we use minimal marketing cookies. If you've landed on our site through a Google ad or social post, these help us understand which campaigns are working. They don't track you across the internet.

You can manage cookie preferences through your browser settings. Blocking analytics cookies won't affect your ability to use our site.

Data Sharing and Third Parties

We don't share your data with anyone who doesn't need it. But in the course of running a regulated financial services business, some sharing is necessary.

  • Regulatory bodies — if required by law, regulation, or a court order, we may share data with authorities like SEBI, RBI, or income tax departments.
  • Technology providers — our website, CRM, and trading infrastructure are powered by third-party tools. These providers process data on our behalf under strict contractual obligations.
  • Banking and payment partners — for account opening and payment processing, certain data passes through banking infrastructure. These are licensed financial entities with their own regulatory compliance obligations.

We never share your data for commercial gain. No selling, no renting, no swapping lists with other companies.

Data Retention Policy

We keep your data for as long as we need it — and not a day longer.

For active clients, we retain data for the full duration of the client relationship plus seven years after closure (as required under SEBI and income tax regulations). For non-client enquiries and website leads, we retain contact information for up to two years, after which it is deleted unless you've engaged with us further.

Our internal review cycle ensures data that's past its retention period is purged from our systems regularly.

Contact Us for Privacy Concerns

We're real people, reachable at real contact points. If this policy raised any questions, or if you want to exercise your data rights, here's how to find us:

  • Email: info@finoda.in
  • Phone: 9035294343
  • Office Address: VGV Towers, Unit 101, 139/88, 1st Floor, 100 Feet Ring Rd, Jayanagara 9th Block, Bengaluru — Karnataka 560041

Or fill out our Contact Form and our team will get back to you within one business day.

You can also visit our Grievance Redressal page if you have a formal complaint. And if you believe there's been a serious data breach, you also have the right to escalate your concern to the Data Protection Board of India, once fully operational under the DPDP Act's phased rollout (expected May 2027).

Frequently Asked Questions

Q1. What is Finoda's Privacy Policy?

Finoda's Privacy Policy describes how we collect, use, store, and protect your personal and financial data when you use our website or services. It's written to be clear and easy to understand — not buried in legal language. We follow India's Digital Personal Data Protection Act, 2023 (DPDP Act) and associated financial data regulations.

Q2. What personal data does Finoda collect?

We collect data like your name, mobile number, email, PAN card, and financial preferences when you register or open an account. We also collect basic website usage data (like IP address and pages visited) to improve our platform. We don't collect data we don't need.

Q3. Does Finoda sell my personal data?

No. We never sell, rent, or trade your personal data to any third party. Your information is used only to deliver our services, meet regulatory requirements, and improve your experience on our platform.

Q4. How does Finoda protect my financial data?

We use SSL encryption, strict internal access controls, secure India-based servers, and contractual safeguards with our technology partners. In case of a data breach, we follow a documented response plan and notify affected users as required by the DPDP Act.

Q5. Can I request deletion of my data from Finoda?

Yes. Under the DPDP Act, 2023, you have the right to request erasure of your data. However, certain data must be retained for regulatory compliance (for example, KYC records required by financial regulators). We'll tell you clearly what can be deleted and what must be kept — and why.

Q6. How do I update my personal information at Finoda?

Email us at info@finoda.in or call 9035294343 with your update request. You can also use our Contact Form. We process correction requests within 7 working days.

Q7. Does Finoda comply with India's DPDP Act, 2023?

Yes. Finoda aligns with the Digital Personal Data Protection Act, 2023 (notified November 2025) and the DPDP Rules, 2025. This includes proper consent collection, data localisation, breach notification obligations, and user rights management.

Q8. What cookies does Finoda use on its website?

We use three types of cookies: essential cookies (required for basic site function), analytics cookies (to understand site usage through anonymised data), and limited marketing cookies (to measure ad campaign performance). You can manage cookie settings through your browser.

Q9. How long does Finoda keep my data?

For active client relationships, we retain data for the relationship period plus seven years post-closure (as per SEBI and income tax regulations). Non-client enquiry data is deleted after two years if no engagement follows.

Q10. What are my rights under India's data protection law?

Under the DPDP Act, 2023, you have the right to access your data, correct it, request deletion, withdraw consent, raise a grievance, and even nominate someone to act on your behalf. Finoda supports all of these rights. Email info@finoda.in to exercise any of them.

Q11. Does Finoda share data with third parties?

Only when necessary. We share data with licensed technology providers, banking partners, and regulatory authorities — each bound by legal or contractual obligations. We never share your data for commercial purposes or with unrelated companies.

Q12. Can I opt out of marketing communications from Finoda?

Yes, absolutely. Every marketing email we send includes an unsubscribe option. You can also email us at info@finoda.in to opt out. Opting out won't affect your transactional communications like account updates or trade confirmations.

Q13. What should I do if I think Finoda has mishandled my data?

Visit our Grievance Redressal page and raise a formal complaint. Our Grievance Officer will respond within the timeframe required under Indian regulations. If you're still not satisfied, you can escalate to the Data Protection Board of India once it's fully operational.

Q14. Is Finoda's privacy policy GDPR compliant?

While Finoda primarily serves Indian clients and is governed by Indian law (DPDP Act, 2023), we've designed our data practices to align with international standards including GDPR principles — especially around consent, data minimisation, and user rights. If you're an NRI or international user accessing our services, the same standards apply.

Q15. What happens to my data if I close my Finoda account?

Your data won't be deleted immediately on account closure. Regulatory requirements mean we retain certain records for up to seven years after closure. After that period, data is permanently purged from our systems as part of our regular data lifecycle review.

WhatsApp
Call Now