Privacy Policy

Trade Encore ("we", "us", or "our") operates the website www.tradeencore.com and the Trade Encore mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are a SEBI Registered Research Analyst (Registration No: INH000009269, BSE Enlistment No: 5530) and are committed to protecting your privacy in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Under the DPDP Act, Trade Encore is a Data Fiduciary and you, the user, are a Data Principal. We process your personal data only for lawful purposes with your informed consent or as required by law.

1. Information We Collect

1.1 Personal Information

When you register for an account, subscribe to a plan, or contact us, we may collect:

• Full name
• Email address
• Phone number
• PAN card number and image (for KYC verification as required by SEBI)
• Aadhaar number and image (for KYC verification)
• Payment and billing information (processed securely via Razorpay)
• Google account information (if you sign in via Google)

1.2 Usage Data

We automatically collect certain information when you access our Service, including:

• Device type, browser type, and operating system
• IP address and approximate geographic location
• Pages visited, time spent, and navigation patterns
• Referring URLs and search terms
• Firebase Cloud Messaging (FCM) device tokens for push notifications

1.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and improve our Service. You can control cookie settings through your browser preferences.

2. How We Use Your Information

We use the collected information for the following purposes:

• Account Management: To create and manage your account, verify your identity (KYC), and process subscriptions.
• Service Delivery: To provide research recommendations, market analysis, and investment insights based on your subscription plan.
• Communication: To send you research alerts, blog updates, payment confirmations, invoices, and important service notifications via email, WhatsApp, and push notifications.
• Payment Processing: To process subscription payments securely through our payment partner Razorpay. We do not store your credit/debit card details on our servers.
• Improvement: To analyze usage patterns and improve our Service, content, and user experience.
• Legal Compliance: To comply with SEBI regulations, tax laws, and other applicable legal requirements.
• Customer Support: To respond to your enquiries, stock research requests, and support tickets.

3. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Payment Processors: With Razorpay for processing payments. Razorpay's privacy policy governs their handling of your payment data.
• Authentication Providers: With Google (if you use Google Sign-In) for authentication purposes only.
• Communication Services: With email service providers, WhatsApp Business API, and Firebase Cloud Messaging to deliver notifications you have opted into.
• Legal Requirements: When required by law, regulation, legal process, or governmental request, including SEBI compliance requirements.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Security

We implement reasonable security safeguards as required under the DPDP Act (Section 8(4)) to protect your personal data, including:

• Encrypted data transmission using SSL/TLS (HTTPS) on all connections
• AES-256-GCM encryption for sensitive PII (PAN and Aadhaar numbers) at rest
• Secure password hashing using bcrypt with high work factor
• Access controls limiting PII access to authorized compliance personnel only
• Masking of PAN/Aadhaar in all user-facing displays and API responses (only last 2-4 digits visible)
• PII is never logged in plaintext in server logs or error reports
• Regular security reviews, vulnerability assessments, and code audits
• Secure payment processing through PCI-DSS compliant gateways (Razorpay)
• Rate limiting, CSRF protection, and security headers on all endpoints

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest practical standards and will notify you promptly in the event of any data breach (see Section 13 below).

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law (DPDP Act, Section 8(7)):

• Active accounts: Data is retained for the duration of your active membership and service usage.
• KYC data (PAN, Aadhaar, document images): Retained for 5 years after account closure or last transaction, as required by SEBI (Research Analysts) Regulations, 2014 and PMLA record-keeping norms.
• Activity logs and transaction records: Retained for 5 years for SEBI audit compliance.
• Payment records: Retained as required by GST and Income Tax regulations.
• Deleted accounts: Upon account deletion, PII (PAN, Aadhaar, phone, document images) is immediately scrubbed. Residual anonymized records may be retained for the regulatory retention period.

After the applicable retention period, personal data is permanently and irreversibly deleted from our systems.

6. Your Rights as a Data Principal (DPDP Act, Sections 11-14)

Under the DPDP Act, 2023, you have the following rights as a Data Principal:

• Right to Access (Sec 11(1)): You can obtain a summary of your personal data and the processing activities. Use Dashboard → My Data to view your data instantly.
• Right to Correction & Erasure (Sec 12): You can request correction of inaccurate data or erasure of your personal data. Use Dashboard → My Data → Delete My Data for self-service erasure, subject to regulatory retention requirements.
• Right to Data Portability: You can download all your data in JSON format from Dashboard → My Data → Download All My Data.
• Right to Withdraw Consent (Sec 6(4)): You may withdraw your consent for data processing at any time. Withdrawal does not affect the lawfulness of processing done before withdrawal. For KYC consent withdrawal, contact us directly.
• Right to Grievance Redressal (Sec 13): You have the right to file a complaint with our Grievance Officer (see Section 15) or the Data Protection Board of India.
• Opt-Out of Marketing: You can opt out of marketing communications at any time through your account settings or by contacting us.

To exercise any of these rights, use the self-service options in your Dashboard or contact us at contactus@tradeencore.com. We will respond within 30 days.

7. Third-Party Data Processors (DPDP Act, Section 8(2))

We engage the following third-party Data Processors to provide our Service. Each processor is contractually bound to protect your data:

• Google Sign-In (Google LLC): Account authentication — processes only name, email, and profile picture.
• Razorpay Software Pvt. Ltd.: Payment processing — processes payment and billing information. We do not store card details on our servers.
• Firebase (Google LLC): Push notification delivery — processes device tokens only.
• Google Gemini AI (Google LLC): AI-powered OCR for KYC document extraction, and AI assistant for market analysis queries. User messages sent to the AI assistant may be processed by Google's AI models.
• Fyers API (Fyers Securities): Fetching live market data — no personal user data is shared.
• Google Maps (Google LLC): Displaying our office location on the contact page.

We do not sell, trade, or rent your personal data to any third party. Data is shared only as described above or when required by law.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

9. Push Notifications and Communication Preferences

With your consent, we may send you push notifications through our mobile application and web browser. You can opt out of push notifications at any time by adjusting your device or browser settings. We may also communicate with you via email and WhatsApp for service-related updates. You can manage your communication preferences through your dashboard or by contacting us.

10. Google API Services User Data Policy

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google account data (name, email, profile picture) for authentication and account creation purposes. We do not use Google user data for advertising or share it with third parties beyond what is necessary to provide our Service.

11. Use of AI and Automated Processing

We use AI-powered tools in the following areas of our Service:

• KYC Document OCR: PAN and Aadhaar card images may be processed by Google Gemini Vision AI for automatic extraction of document numbers and names. Images are sent securely and are not retained by the AI service beyond processing.
• AI Assistant: Our in-dashboard AI assistant uses Google Gemini to answer market-related queries. Messages you type in the assistant are processed by Google's AI models. Do not share sensitive personal information (PAN, Aadhaar, bank details) in the AI chat.
• Research Generation: We may use AI tools to assist in formatting, screening, and delivering research content.

AI processing is conducted with appropriate safeguards. Automated decisions are not used to determine your eligibility for services.

12. Consent Management

Under the DPDP Act, we obtain your consent at the following points:

• Account Registration: By creating an account, you consent to processing of your name, email, phone, and password for account management and service delivery.
• KYC Submission: Before collecting PAN/Aadhaar data, we obtain specific, informed consent through a dedicated consent screen explaining what data is collected, why, how it is protected, and how long it is retained.
• Cookie Consent: A cookie consent banner allows you to accept or reject optional (analytics) cookies. Essential cookies for authentication are always active.
• Marketing Communications: Marketing emails and WhatsApp notifications require separate opt-in consent, which can be withdrawn at any time from your Dashboard.

All consent actions are logged with timestamps for audit purposes. You may withdraw consent for any specific processing activity at any time — see Section 6.

13. Data Breach Notification (DPDP Act, Section 8(6))

In the event of a personal data breach that is likely to cause harm to Data Principals, we will:

• Notify the Data Protection Board of India without unreasonable delay
• Notify affected Data Principals via email with details of the breach, data affected, and remedial measures
• Take immediate steps to contain the breach and mitigate harm
• Maintain a record of all breaches and responses for regulatory review

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

15. Grievance Officer

In accordance with the DPDP Act, 2023 (Section 13), the Information Technology Act, 2000, and rules made thereunder, the name and contact details of the Grievance Officer are provided below. The Grievance Officer will acknowledge your complaint within 48 hours and resolve it within 30 days:

16. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: contactus@tradeencore.com
• Phone: +91 96991 87139
• Address: C/O Aster Coworking, 301, Trimurti Honey Gold, Ashok Nagar, Range Hill Rd, Pune 411007
• Website: www.tradeencore.com/contact