๐ DPDP Act 2023 Compliant
Privacy Policy
Last Updated: 21 March 2026 ยท Effective: 1 January 2026 ยท Version 2.0
๐ Summary (Plain Language): STOXGEN aapka data collect karta hai portal chalane ke liye โ naam, email, mobile, payment info. Aapka data kabhi sell nahi hota. Sirf zaroorat ke services (Razorpay, WhatsApp) ke saath share hota hai. Aap kabhi bhi apna data delete kara sakte hain.
Section 01
What Data We Collect
1.1 Data You Provide Directly
- Account Data: Full name, email address, mobile number, date of birth
- KYC Data: PAN card number, Aadhaar (last 4 digits), bank account details (for subscription refunds only)
- Payment Data: Processed via Razorpay โ we do NOT store card numbers or UPI credentials. We store: Plan name, amount, transaction ID, date
- Trading Journal Data: Trade entries, notes, P&L records you manually enter
- Watchlist & Portfolio: Stocks you add to watchlist or portfolio tracker
- Communications: Support tickets, forum posts, messages you send us
1.2 Data Collected Automatically
- Device Data: IP address, browser type, operating system, screen resolution
- Usage Data: Pages visited, features used, time spent, clicks, search queries
- Log Data: Server logs, error reports, API calls made
1.3 Data from Third Parties
- Market data from Finnhub (public stock data โ no personal data)
- If you login via Google/Apple: We receive name and email only
Section 02
How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|
| Account creation & login | Name, email, mobile, password | Contract performance |
| Subscription management | Email, payment history, plan | Contract performance |
| Sending price alerts | Mobile (WhatsApp/SMS), email | Consent |
| AI predictions & analysis | Watchlist, portfolio (anonymized) | Legitimate interest |
| Customer support | Name, email, account history | Contract performance |
| Fraud prevention | IP, device, payment patterns | Legal obligation |
| Marketing emails | Email (only if you opt-in) | Consent |
| KYC verification | PAN, bank details | Legal obligation |
| Product improvement | Anonymized usage data | Legitimate interest |
โ
We DO NOT: Sell your data to advertisers ยท Share data with unrelated companies ยท Use your trading data to trade against you ยท Access your actual broker account
Section 03
Data Sharing & Third Parties
We share your data with trusted service providers under strict data processing agreements:
| Service Provider | What We Share | Why |
|---|
| Razorpay (India) | Name, email, mobile, amount | Payment processing |
| WATI (WhatsApp) | Mobile number, alert text | Price alert delivery |
| Anthropic (USA) | Stock query text only โ NO personal data | AI analysis |
| Finnhub (USA) | Only stock symbol queries โ NO personal data | Market data |
| Hostinger (Lithuania) | Server hosting โ data stays in India DC | Web hosting |
| Cloudflare (USA) | IP, request metadata | CDN & security |
Law Enforcement: We may share data with Indian government/law enforcement only when legally required (court order, SEBI investigation, IT Act compliance). We notify users where permitted by law.
Section 04
Data Security
- Encryption at Rest: All sensitive data (PAN, bank details) encrypted using AES-256
- Encryption in Transit: HTTPS/TLS 1.3 on all connections
- Password Hashing: bcrypt algorithm โ we cannot see your password
- JWT Tokens: Authentication tokens expire in 24 hours
- Rate Limiting: API abuse prevention via Redis
- Regular Backups: Daily encrypted database backups
- Security Audits: Quarterly vulnerability assessments
๐ Data Breach Protocol: If a data breach occurs, we will notify affected users via email within 72 hours and report to CERT-In as required under IT Act. We maintain an incident response plan.
Section 05
Your Rights under DPDP Act 2023
Under India's Digital Personal Data Protection Act 2023, you have the following rights:
- Right to Access: Request a copy of all personal data we hold about you
- Right to Correction: Update incorrect or incomplete data via Profile settings
- Right to Erasure: Request deletion of your account and all associated data
- Right to Restrict Processing: Opt out of marketing, AI analysis, data analytics
- Right to Data Portability: Export your data in JSON/CSV format
- Right to Grievance: Raise complaint with our Data Protection Officer
- Right to Nominate: Nominate a person to exercise rights on your behalf
To exercise any right: Email [email protected] with subject "Data Rights Request". We respond within 30 days.
Escalation: If unsatisfied, you may approach India's Data Protection Board at digitalindia.gov.in
Section 06
Cookies & Tracking
| Cookie Type | Name | Purpose | Duration |
|---|
| Essential | be_session | Login session | 24 hours |
| Essential | be_csrf | Security token | Session |
| Preferences | be_theme | Dark/Light mode | 1 year |
| Preferences | be_lang | Hindi/English | 1 year |
| Analytics | _ga, _gid | Google Analytics | 2 years |
| Performance | cf_clearance | Cloudflare DDoS protection | 1 year |
You can disable non-essential cookies in your browser settings. Note: disabling session cookies will prevent login.
Section 07
Data Retention
- Active account data: Retained while account is active
- After account deletion: Personal data deleted within 30 days, anonymized transaction records kept for 7 years (Income Tax Act requirement)
- Payment records: 7 years (GST compliance)
- KYC documents: 5 years after relationship ends (PMLA)
- Server logs: 90 days
- Marketing consent records: 3 years
Section 08
Children's Privacy
STOXGEN is intended for users aged 18 years and above. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us at [email protected] and we will delete the account immediately.
Section 09
Policy Changes
We may update this policy to reflect changes in our practices or legal requirements. We will notify you via:
- Email notification for material changes (30 days advance notice)
- In-app banner notification
- Updated "Last Modified" date at top of this page
Continued use of the portal after changes constitutes acceptance of the updated policy.