gradient

Updated On 6 Feb 2025

Privacy Policy

1. INTRODUCTION


Welcome to Stack Wealth, a comprehensive financial services platform operated through two distinct business entities to ensure regulatory compliance and provide you with the best possible financial services experience.

Stackfin Technology Private Limited operates the technology platform "Stack Wealth - Stock, MF & IPO" which provides a platform to investment advisors to serve their clients while providing tech, marketing, sales, and operational support.

Niranjan Goyal (SEBI Registration: INA000019336), who provides fee-based investment advisory, has availed advisory platform services from Stackfin Technology Private Limited, which operates its own proprietary technology platform "Stack Wealth - Stock, MF & IPO"

Invacia Labs Private Limited operates our distribution platform "Stack Wealth: Mutual Fund App" with ARN - 171554, which distributes commission-based financial products including Mutual Funds, Portfolio Management Services (PMS), Alternative Investment Funds (AIF), Bonds, Fixed Deposits, and Initial Public Offerings (IPO).

This Privacy Policy explains how we collect, use, process, and protect your personal information across both platforms while maintaining strict segregation as required by SEBI regulations. We are committed to protecting your privacy and ensuring transparency in our data handling practices.
Our Commitment to Privacy
Your privacy is fundamental to our business. We understand that you entrust us with sensitive financial and personal information, and we take this responsibility seriously. This Privacy Policy is designed to help you understand:

  • What personal information we collect and why
  • How we use and protect your information
  • Your rights regarding your personal data
  • How we comply with applicable privacy laws, including the Digital Personal Data Protection Act, 2023


Regulatory Compliance and Segregation
As per SEBI regulations, advisory and distribution activities must be kept separate to avoid conflicts of interest. We maintain strict segregation between our advisory platform (Stackfin Technology) and distribution platform (Invacia Labs) to ensure compliance and protect your interests. This segregation extends to our data handling practices, ensuring that information collected for advisory purposes remains separate from distribution activities.


2. INFORMATION WE COLLECT


2.1 Personal Information Collected During Registration


When you sign up for our services, we collect various types of personal information to provide you with personalized financial services and ensure regulatory compliance.

Basic Registration Information:

  • Mobile number for account creation and verification
  • One-Time Password (OTP) verification data
  • Full name as per official documents
  • Email address for communication
  • Date of birth for age verification and suitability assessment
  • Gender for demographic analysis and product suitability

Know Your Customer (KYC) Information: Through our integration with Decentro APIs, we collect comprehensive KYC information including:

  • PAN (Permanent Account Number) details
  • Aadhaar information for identity verification
  • Address proof and current residential address
  • Income details and employment information
  • Bank account information for payment processing
  • Signature and photograph for account verification

Investment Profile and Suitability (IPS) Information: To provide suitable investment advice and products, we collect detailed information about your financial situation and investment preferences:

  • Risk appetite and tolerance levels
  • Investment goals and objectives
  • Liquidity needs and cash flow requirements
  • Current investment portfolio and asset allocation
  • Investment horizon and time preferences
  • Number of dependents and family obligations
  • Net worth assessment including assets and liabilities
  • Previous investment experience and knowledge
  • Income sources and stability


2.2 Financial Data and Portfolio Information


Current Investment Holdings: Through our integration with MF Central APIs, we collect information about your existing mutual fund investments to understand your current asset allocation and provide personalized recommendations:

  • Mutual fund holdings across different AMCs
  • Investment amounts and current values
  • Transaction history and patterns
  • SIP (Systematic Investment Plan) details
  • Redemption history and preferences

Comprehensive Financial Data: Through our partnership with Saafe data aggregator, we collect broader financial information to create comprehensive financial plans:

  • Bank account balances and transaction history
  • Credit card statements and spending patterns
  • Loan details and repayment schedules
  • Insurance policies and coverage details
  • Fixed deposits and recurring deposits
  • Provident fund and retirement savings
  • Real estate and other asset information

Stock Market Data: Through Accord Fintech integration, we access:

  • Stock market data and pricing information
  • Portfolio performance metrics
  • Market research and analysis data
  • Trading patterns and preferences


2.3 Technical and Usage Information


Device and Technical Information:

  • Device type, model, and operating system
  • IP address and location data
  • Browser type and version
  • App version and usage statistics
  • Device identifiers and advertising IDs
  • Network information and connection type

Usage and Behavioral Data:

  • Pages visited and time spent on platform
  • Features used and interaction patterns
  • Search queries and preferences
  • Click-through rates and engagement metrics
  • Session duration and frequency of use
  • Error logs and technical issues encountered

Cookies and Tracking Technologies: We use various tracking technologies to enhance your experience:

  • Essential cookies for platform functionality
  • Analytics cookies for usage analysis
  • Preference cookies for personalization
  • Marketing cookies for relevant advertising
  • Session cookies for security and authentication


2.4 Communication and Support Information


Customer Support Interactions:

  • Support tickets and queries
  • Chat conversations and call recordings
  • Feedback and survey responses
  • Complaint details and resolution history
  • Email communications and responses

Marketing and Communication Preferences:

  • Subscription preferences for newsletters
  • Communication channel preferences
  • Marketing consent and opt-out requests
  • Notification settings and preferences


3. HOW WE USE YOUR INFORMATION


3.1 Primary Service Delivery


Advisory Services (Stackfin Technology Platform): For our fee-based advisory services, we use your information to:

  • Conduct comprehensive risk profiling and suitability assessment
  • Develop personalized investment strategies and asset allocation
  • Provide ongoing portfolio monitoring and rebalancing recommendations
  • Offer financial planning services including retirement and tax planning
  • Deliver insurance and investment advisory consultations
  • Generate performance reports and portfolio analysis
  • Provide market insights and research recommendations

Distribution Services (Invacia Labs Platform): For our commission-based distribution services, we use your information to:

  • Facilitate mutual fund investments through BSE Star MF platform
  • Process applications for PMS, AIF, and other investment products
  • Enable bond and fixed deposit investments
  • Facilitate IPO applications and allotments
  • Provide product information and comparison tools
  • Process transactions and maintain investment records


3.2 Regulatory Compliance and Legal Obligations


KYC and AML Compliance:

  • Verify your identity and address as required by law
  • Conduct ongoing due diligence and monitoring
  • Report suspicious transactions to regulatory authorities
  • Maintain records as required by PMLA and other regulations
  • Ensure compliance with SEBI investor protection guidelines
  • Procedures and regular employee training on AML standards and best practices
  • Assessment of income source and financial background

SEBI Compliance Requirements:

  • Maintain segregation between advisory and distribution clients
  • Ensure suitability of investment recommendations
  • Provide required disclosures and risk warnings
  • Maintain detailed records of all transactions and advice
  • Report to SEBI as required by regulations

Tax and Financial Reporting:

  • Generate tax reports and statements
  • Provide information for tax filing purposes
  • Comply with TDS and other tax obligations
  • Maintain records for audit and regulatory purposes


3.3 Platform Operations and Security


Account Management:

  • Create and maintain your user accounts
  • Authenticate your identity for secure access
  • Manage subscription plans and billing
  • Process payments and refunds
  • Maintain transaction history and records

Security and Fraud Prevention:

  • Monitor for suspicious activities and fraud
  • Implement security measures and access controls
  • Conduct risk assessments and monitoring
  • Protect against cyber threats and data breaches
  • Ensure platform integrity and reliability

Technical Operations:

  • Provide platform functionality and features
  • Optimize performance and user experience
  • Troubleshoot technical issues and errors
  • Implement updates and improvements
  • Maintain system backups and disaster recovery


3.4 Personalization and Enhancement


Personalized Experience:

  • Customize platform interface and content
  • Provide relevant product recommendations
  • Tailor marketing communications and offers
  • Optimize user journey and experience
  • Deliver targeted educational content

Analytics and Insights:

  • Analyze usage patterns and preferences
  • Generate insights for service improvement
  • Conduct market research and analysis
  • Develop new products and features
  • Measure platform performance and effectiveness


4. INFORMATION SHARING AND DISCLOSURE


4.1 Third-Party Service Providers and Partners


We work with carefully selected third-party partners to provide our services. Information sharing is limited to what is necessary for service delivery and is governed by strict contractual obligations.

Technology and Infrastructure Partners:

Decentro: We share basic identification information with Decentro to access their KYC APIs for user verification and account creation. This includes name, mobile number, PAN, and Aadhaar details necessary for identity verification.

MF Central: We share your PAN and basic details with MF Central to fetch your existing mutual fund investment information. This helps us understand your current asset allocation and provide better recommendations.

Signdesk: For digital signing of advisory agreements, we share your name, email, mobile number, and Aadhaar details with Signdesk to enable secure e-signing processes.

Accord Fintech: We share minimal information required to access stock market data and research relevant to your portfolio and investment preferences.

Razorpay: For payment processing, we share transaction details, amount, and basic customer information. For our distribution platform, payments are processed directly between users and AMCs/fund houses as per SEBI guidelines.

Fintech Primitive: For mutual fund investments through BSE Star MF, we share investment details and KYC information as required for transaction processing.

Amazon Web Services (AWS): We use AWS for cloud infrastructure and data storage. Your information is stored on secure AWS servers with appropriate encryption and access controls.

Smallcase Gateway: For stock transactions, we share portfolio and transaction details to enable investments through your existing broker account.

Saafe Data Aggregator: With your explicit consent, we share account credentials and access permissions to fetch your financial data for comprehensive financial planning.
 

4.2 Regulatory and Legal Disclosures


SEBI and Other Regulators: We may disclose your information to SEBI and other regulatory authorities as required by law or regulation, including:

  • Suspicious transaction reports
  • Regulatory audits and examinations
  • Compliance monitoring and reporting
  • Investigation requests and legal proceedings

Law Enforcement and Legal Proceedings: We may disclose information in response to:

  • Valid legal process including court orders and subpoenas
  • Law enforcement requests and investigations
  • Legal proceedings and dispute resolution
  • Protection of our rights and interests

Tax Authorities: We may share information with tax authorities for:

  • TDS compliance and reporting
  • Tax audit and assessment proceedings
  • Compliance with tax laws and regulations

  • International tax reporting requirements

     

4.3 Business Transfers and Corporate Transactions

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to:

  • Continuation of privacy protections
  • Notice to affected users
  • Compliance with applicable laws
  • Protection of user rights and interests

4.4 Consent-Based Sharing

With your explicit consent, we may share information for:

  • Enhanced service delivery and personalization
  • Third-party product offerings and recommendations
  • Marketing and promotional activities
  • Research and analytics purposes
  • Integration with external financial platforms


5. DATA SECURITY AND PROTECTION


5.1 Technical Security Measures


Encryption and Data Protection:

  • End-to-end encryption for all data transmission
  • AES-256 encryption for data at rest
  • SSL/TLS protocols for secure communication
  • Encrypted database storage and backups
  • Secure key management and rotation

Access Controls and Authentication:

  • Multi-factor authentication for user accounts
  • Role-based access controls for internal systems
  • Regular access reviews and privilege management
  • Secure authentication protocols and standards
  • Biometric authentication where available

Infrastructure Security:

  • Secure cloud infrastructure with AWS
  • Network segmentation and firewall protection
  • Intrusion detection and prevention systems
  • Regular security monitoring and alerting
  • Vulnerability assessments and penetration testing

Application Security:

  • Secure coding practices and standards
  • Regular security code reviews
  • Application security testing and validation
  • Input validation and output encoding
  • Protection against common web vulnerabilities


5.2 Operational Security Measures


Data Governance:

  • Comprehensive data classification and handling procedures
  • Data retention and disposal policies
  • Regular data quality and integrity checks
  • Backup and disaster recovery procedures
  • Business continuity planning and testing

Personnel Security:

  • Background checks for all employees
  • Security awareness training and education
  • Confidentiality agreements and obligations
  • Regular security training and updates
  • Incident response training and procedures

Vendor and Partner Security:

  • Security assessments of all third-party partners
  • Contractual security obligations and requirements
  • Regular monitoring of partner security posture
  • Incident notification and response procedures
  • Compliance with security standards and frameworks


5.3 Compliance and Certification


Regulatory Compliance:

  • Compliance with Digital Personal Data Protection Act, 2023
  • Adherence to SEBI cybersecurity guidelines
  • Implementation of RBI security standards
  • Compliance with international privacy frameworks
  • Regular compliance audits and assessments

Industry Standards:

  • ISO 27001 information security management
  • SOC 2 Type II compliance for service organizations
  • PCI DSS compliance for payment processing
  • Industry best practices and frameworks
  • Continuous improvement and enhancement


6. YOUR PRIVACY RIGHTS


6.1 Access and Transparency Rights


Right to Access: You have the right to access your personal information held by us, including:

Confirmation of whether we process your personal data
Details about the categories of data we collect
Purposes for which your data is processed
Information about data sharing and recipients
Retention periods for your data

Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format, allowing you to:

Transfer your data to another service provider
Use your data for your own purposes
Maintain control over your information
Exercise choice in service providers


6.2 Control and Correction Rights


Right to Rectification: You can request correction of inaccurate or incomplete personal information, including:

Updating contact information and preferences
Correcting financial and investment details
Modifying risk profile and investment objectives
Updating KYC and identity information

Right to Restriction: You can request restriction of processing in certain circumstances:

When you contest the accuracy of data
When processing is unlawful but you prefer restriction over deletion
When we no longer need the data but you need it for legal claims
When you object to processing pending verification of legitimate grounds


6.3 Deletion and Withdrawal Rights


Right to Erasure (Right to be Forgotten): You can request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • Your data has been unlawfully processed
  • Deletion is required for compliance with legal obligations

Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time:

  • Marketing communications and promotional content
  • Optional data collection and processing
  • Third-party data sharing for non-essential services
  • Cookies and tracking technologies


6.4 Objection and Complaint Rights


Right to Object: You can object to processing of your personal data for:

  • Direct marketing purposes
  • Processing based on legitimate interests
  • Automated decision-making and profiling
  • Research and analytics purposes

Right to Complaint: You have the right to lodge a complaint with:

  • Data Protection Board of India
  • SEBI for investment-related privacy concerns
  • Consumer forums for service-related issues
  • Our internal grievance redressal mechanism


7. COOKIES AND TRACKING TECHNOLOGIES


7.1 Types of Cookies We Use


Essential Cookies: These cookies are necessary for the platform to function properly and cannot be disabled:

  • Authentication and session management
  • Security and fraud prevention
  • Load balancing and performance optimization
  • Error detection and troubleshooting
  • Basic platform functionality

Analytics Cookies: These cookies help us understand how users interact with our platform:

  • Usage statistics and patterns
  • Performance metrics and optimization
  • User journey analysis
  • Feature usage and effectiveness
  • Error tracking and resolution

Preference Cookies: These cookies remember your choices and preferences:

  • Language and region settings
  • Display preferences and customization
  • Notification settings
  • Accessibility options
  • Personalization features

Marketing Cookies: These cookies are used for advertising and marketing purposes:

  • Targeted advertising and promotions
  • Campaign effectiveness measurement
  • Cross-platform tracking and attribution
  • Remarketing and retargeting
  • Social media integration


7.2 Cookie Management and Control

Browser Controls: You can control cookies through your browser settings:

  • Block all cookies or specific types
  • Delete existing cookies
  • Set preferences for future cookies
  • Receive notifications when cookies are set
  • Manage third-party cookies separately

Platform Controls: We provide additional cookie controls within our platform:

  • Cookie preference center
  • Granular control over cookie categories
  • Easy opt-out mechanisms
  • Regular consent renewal
  • Clear information about cookie purposes


7.3 Third-Party Tracking


Analytics Providers: We use third-party analytics services to understand platform usage:

  • Google Analytics for web analytics
  • Firebase Analytics for mobile app analytics
  • Custom analytics for specific features
  • Heatmap and user behavior analysis
  • Performance monitoring and optimization

Advertising Partners: For marketing and advertising purposes, we may work with:

  • Google Ads for search and display advertising
  • Facebook/Meta for social media advertising
  • LinkedIn for professional network advertising
  • Industry-specific advertising platforms
  • Affiliate marketing networks


8. DATA RETENTION AND DELETION


8.1 Retention Principles


Legal and Regulatory Requirements: We retain personal data as required by applicable laws and regulations:

  • SEBI regulations require retention of investment advisory records for 5 years
  • KYC documents must be retained as per PMLA requirements.
  • Tax-related information must be kept for statutory periods.

  • Audit and compliance records have specific retention requirements.

     

Business Necessity: We retain data for legitimate business purposes:

  • Ongoing service delivery and support
  • Fraud prevention and security monitoring
  • Legal protection and dispute resolution
  • Regulatory compliance and reporting
  • Business analytics and improvement


8.2 Retention Periods


Account and Profile Information:

  • Active account data: Retained while account is active plus 5 years
  • KYC and identity documents: 5 years after account closure
  • Contact information: 3 years after last interaction
  • Preference settings: Until changed or account closure

Transaction and Investment Data:

  • Investment advisory records: 5 years as per SEBI requirements
  • Transaction history: 7 years for tax and audit purposes
  • Payment information: 3 years after transaction completion
  • Performance data: 5 years for regulatory compliance

Communication and Support Data:

  • Customer support interactions: 3 years after resolution
  • Marketing communications: Until opt-out or 2 years
  • Complaint records: 5 years after resolution
  • Audit trails: 7 years for compliance purposes

8.3 Secure Deletion Procedures

Data Destruction Methods:

  • Secure deletion using industry-standard methods
  • Cryptographic erasure for encrypted data
  • Physical destruction of storage media when necessary
  • Verification of complete data removal
  • Documentation of deletion procedures

Backup and Archive Management:

  • Regular review and purging of backup systems
  • Secure deletion from all storage locations
  • Management of archived data and records
  • Compliance with retention schedule requirements
  • Audit trails for deletion activities


9. INTERNATIONAL DATA TRANSFERS


9.1 Cross-Border Data Sharing


Cloud Infrastructure: Our use of AWS may involve data storage and processing in multiple jurisdictions:

  • Data residency controls and preferences
  • Compliance with local data protection laws
  • Adequate protection measures and safeguards
  • Regular review of data location and processing
  • Transparency about data transfer practices

Third-Party Service Providers: Some of our partners may process data internationally:

  • Contractual protections and safeguards
  • Adequacy decisions and approved mechanisms
  • Standard contractual clauses where applicable
  • Regular monitoring of international transfers
  • Compliance with transfer restriction requirements


9.2 Protection Measures


Legal Safeguards:

  • Standard contractual clauses for international transfers
  • Adequacy decisions from relevant authorities
  • Binding corporate rules where applicable
  • Certification schemes and codes of conduct
  • Regular review and update of transfer mechanisms

Technical Safeguards:

  • Encryption of data in transit and at rest
  • Access controls and authentication measures
  • Monitoring and audit of international access
  • Incident response for cross-border issues
  • Regular security assessments and reviews


10. CHILDREN'S PRIVACY


10.1 Age Restrictions


Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

Verification Measures:

  • Age verification during registration process
  • Parental consent requirements where applicable
  • Regular monitoring for underage accounts
  • Prompt deletion of underage user data
  • Compliance with child protection regulations


10.2 Parental Rights


If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately. We will:

  • Verify the relationship and age of the individual
  • Provide information about data collected
  • Delete the child's information upon request
  • Implement measures to prevent future collection
  • Comply with applicable child protection laws


11. UPDATES TO THIS PRIVACY POLICY


11.1 Policy Changes


We may update this Privacy Policy from time to time to reflect:

  • Changes in our business practices
  • Updates to applicable laws and regulations
  • New features and services
  • Feedback from users and stakeholders
  • Industry best practices and standards


11.2 Notification of Changes


Material Changes: For significant changes to this Privacy Policy, we will:

  • Provide 30 days advance notice via email
  • Display prominent notices on our platform
  • Require explicit consent for material changes
  • Provide clear explanation of changes and impact
  • Offer options to object or withdraw consent

Minor Changes: For minor updates and clarifications, we will:

  • Update the "Last Updated" date
  • Provide notice through platform notifications
  • Maintain version history for reference
  • Ensure continued compliance with laws
  • Monitor user feedback and concerns


12. CONTACT INFORMATION


12.1 Privacy Inquiries


For questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

Email: support@stackwealth.in
Phone: 8884887900
Business Hours: Monday to Friday, 9:00 AM to 6:00 PM IST

Postal Address: Stack Wealth Privacy Team
Unit 001, B-Wing, Ground Floor, Satellite Gazebo, Andheri Ghatkopar Link Road, Chakala, Andheri East, Mumbai 400093     


12.2 Data Protection Officer


Our Data Protection Officer can be reached at: Email: support@stackwealth.in
Phone: 88848 87900


12.3 Grievance Redressal


For privacy-related complaints and grievances: Email: support@stackwealth.in
Phone: 98189 53832

Escalation: If your concern is not resolved satisfactorily, you may approach:

  • Data Protection Board of India
  • SEBI for investment-related privacy issues
  • Consumer forums for service-related concerns


13. REGULATORY COMPLIANCE STATEMENTS


13.1 SEBI Compliance


This Privacy Policy complies with SEBI (Investment Advisers) Regulations, 2013, and related guidelines regarding:

  • Client data protection and confidentiality
  • Segregation of advisory and distribution activities
  • Disclosure requirements and transparency
  • Record keeping and audit requirements
  • Investor protection measures


13.2 Digital Personal Data Protection Act, 2023


This Privacy Policy is designed to comply with the Digital Personal Data Protection Act, 2023, including:

  • Lawful basis for data processing
  • Consent management and withdrawal
  • Data subject rights and procedures
  • Cross-border transfer restrictions
  • Breach notification requirements


13.3 Other Applicable Laws


We also comply with:

  • Information Technology Act, 2000
  • Prevention of Money Laundering Act, 2002
  • Companies Act, 2013
  • Consumer Protection Act, 2019
  • Other applicable privacy and data protection laws

 

This Privacy Policy is effective as of the date mentioned above and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.

 

 

It’s Time to Grow Your Wealth

₹1,000+ cr

AUM

1+ Lac

Investors

stack mb