1. Introduction

This Privacy & Data Protection Policy ("Policy") outlines the practices followed by Mr. Krishna Kumar Pathak, a SEBI Registered Research Analyst (Registration No. INH300009914), operating under the brand name WealthFino, with respect to the collection, use, storage, processing, and disclosure of personal and sensitive personal information.

This Policy applies to all individuals ("User" or "You"), including free and paid users or clients, who access, register on, or engage with our website, mobile application, digital platform, or any other services—whether offered free of charge, by subscription, or for a fee.

By accessing or using any of our services, and by voluntarily submitting your personal information, you provide your informed and explicit consent to the collection and processing of your data in accordance with the terms of this Policy.

2. Scope

This Privacy Policy applies to all users, clients, vendors, and partners ("you" or "User") who access or interact with the services of WealthFino, operated by:

• Name: Krishna Kumar Pathak
• SEBI Registered Research Analyst: INH300009914
• Brand Name: WealthFino
• BSE Enlistment No.: 5590

It governs the lawful collection, processing, storage, and transfer of Personal Data as per:

• The SEBI (Research Analyst) Regulations, 2014
• SEBI circulars, BSE/NSE norms
• The Information Technology Act, 2000
• The Digital Personal Data Protection Act, 2023

All data handled is strictly for permitted research analyst activities such as:

• Client onboarding and KYC Data
• SEBI-compliant research reports
• Subscription-based research services
• Record maintenance and regulatory reporting

We do not offer portfolio management or execution-based advice. All data processing is secure, transparent, and within the framework of Indian law.

3. Applicability

This Privacy Policy applies to all individuals who:

• Visit or use the mobile application, website, or online/offline platforms associated with WealthFino;
• Subscribe to services, research reports, or any form of communication offered by the Research Analyst;
• Share personal data for verification, KYC, or engagement purposes.

4. Information Collected

5. Purpose of Collection

Your personal information is collected and processed for lawful and specific purposes, including but not limited to:

• Compliance with SEBI regulations and other statutory requirements;
• Responding to queries, communicating investment ideas, and engagement;
• Verifying identity and maintaining accurate records for audits;
• Prevention of fraud, misuse, or unauthorized transactions.

6. Consent & Authorization – Client Declaration

By accessing or using our services, website, platform, or mobile app, and by voluntarily submitting your personal details, you clearly and willingly agree to the following:

1. Consent for Data Use
   You give your free, specific, and informed consent to allow us to collect, store, use, and process your Personal Data and Sensitive Personal Data, in line with the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023.
2. Aadhaar-linked e-KYC Verification
   You authorize us to verify your identity using OTP sent to your Aadhaar-linked mobile number for completing e-KYC or electronic consent procedures, in line with the Aadhaar Act, 2016 and UIDAI regulations.
3. Data Retrieval & Verification
   You allow us to retrieve and verify your KYC details via official APIs or UIDAI tools. This may include:
   • PAN No (Permanent Account Number)
   • Mobile number linked to Aadhaar
   • Name & Registered Email ID
   • Date of Birth (DOB)
   • Other KYC details as permitted by SEBI or UIDAI
4. Permitted Use Only
   You understand that your data will only be used for SEBI-compliant purposes, such as:
   • KYC verification
   • Risk profiling
   • Access to regulated research content or services
5. Regulatory Sharing
   You permit us to lawfully share your verified data with SEBI-registered KRAs (KYC Registration Agencies), stock exchanges, or regulatory authorities, only for audit, compliance, or recordkeeping.
6. Legal Validity of Consent
   You agree that your OTP-based verification or digital acceptance is a legally valid form of consent, enforceable under:
   • Information Technology Act, 2000 (Sec. 5)
   • Aadhaar Act, 2016
   • Indian Evidence Act, 1872
7. Data Protection Assurance
   You confirm that you are aware this data usage is protected under Indian privacy laws and handled as per UIDAI's and SEBI's official circulars and compliance norms.

7. Data Sharing & Disclosure

We may disclose your information:

• To comply with legal obligations, statutory authorities, or regulatory investigations;
• To SEBI, BSE, NSE, or KYC Registration Agencies (KRAs);
• To auditors, legal advisors, consultants, or technical service providers under confidentiality agreements;
• When legally required by law enforcement, court orders, or regulators.

We do not sell, rent, or distribute your personal data to third parties for commercial gain.

8. Data Security & Protection

We adopt commercially reasonable security standards, including:

• SSL encryption for communication;
• Firewalls and access control systems;
• Secure data hosting environments;
• Limited access to sensitive data only by authorized personnel;
• Routine audits, monitoring, and policy updates.

9. Data Retention

Your data is retained for a minimum period of 5 years or such longer period as required by SEBI or applicable Indian laws.

10. Limitation of Liability

To the fullest extent permissible under law:

• Mr. Krishna Kumar Pathak shall not be liable for any direct, indirect, incidental, special, or consequential loss or damage of any kind arising from:
  • Loss, misuse, theft, or unauthorized access of data;
  • Server failure, data breach, cyber-attack, or system outage;
  • Any errors, delays, or omissions in data transmission;
  • Mobile app or website downtime, bug, update failures;
  • Any missed communication, notification failure, or transaction delay;
  • Use of any third-party software, APIs, hosting providers, or integrations.

You understand and agree that all services are provided on an "as is" and "as available" basis without warranties of any kind.

11. Third-Party Disclaimer

• We may include or use third-party APIs, plug-ins, or platforms for analytics, communications, or payment processing.
• We do not control these third parties and are not responsible for their content, data handling, privacy practices, or service delivery.
• Any access to or use of such third-party platforms is at the user's own risk.

12. Indemnification

You agree to indemnify, defend, and hold harmless Mr. Krishna Kumar Pathak, his brand WealthFino, affiliates, representatives, and employees from and against any claims, losses, damages, costs, or legal liabilities arising out of:

• Breach of this Privacy Policy or misuse of services;
• Unauthorized access or fraudulent use of data;
• Violation of any applicable law, regulation, or third-party rights.

13. Grievance Officer

In accordance with Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011:

• Grievance Officer: Mr. Krishna Kumar Pathak
• Mobile No.: +91 98834 55700
• Email: wealthfino@gmail.com
• Address: RS-39/43, 5/3C Golden Park, Sankarpur West, Near Rabindranath Co-operative, Durgapur, West Bengal - 713206

14. Updates and Amendments

We reserve the right to update this Privacy Policy at any time without prior notice. Continued use of the services or website shall constitute your consent to such changes.

15. Governing Law & Jurisdiction

This Privacy Policy and any dispute arising out of or in connection with it shall be governed by and construed in accordance with the laws of India. The courts of Durgapur, West Bengal shall have exclusive jurisdiction in relation to any matter arising under this Policy.