Legal · Privacy · India

Privacy policy for Saventh users in India

Saventh respects your privacy. We collect only what we need to run a zero-cost workplace financial wellness programme and optional mutual fund services. We do not sell personal data. Employers see aggregated insights by default. You can access, correct, or request deletion of account data subject to Indian law and securities regulations.

**Purpose-limited** — Data used for wellness, literacy, and regulated investing — not unrelated advertising profiles.
**Transparent** — This policy explains what we collect, why, and who we share with (AMCs, KRA, BSE, payment partners).
**Secure** — Encryption in transit, access controls, and audit logging for sensitive financial data.
**Your rights** — Access, correction, withdrawal of consent, and grievance under DPDP Act 2023 where applicable.

Contact privacy team

Definitions

Term	Meaning
Saventh / we / us	Half Billion Technology Pvt Ltd, operating the Saventh brand and related apps and websites.
You / user	Any individual or organisation using Saventh services, including employees, HR users, investors, advisors, and partners.
Personal data	Information that identifies you directly or indirectly, including name, mobile, email, PAN, Aadhaar (where collected for KYC), device IDs, and usage logs.
Sensitive personal data	Financial information, biometric data (if used for KYC), and health data — only where law permits and with explicit consent.
Data fiduciary	Saventh, as the entity determining purpose and means of processing personal data under the Digital Personal Data Protection Act, 2023 (DPDP Act).
Data processor	Third parties processing data on Saventh's instructions (cloud hosting, SMS, analytics, payment gateways).
Employer / organisation	A company enrolled in Saventh's workplace programme.
Spoke apps	Subdomains such as `investor.saventh.com`, `hr.saventh.com`, `learn.saventh.com`.

Who this privacy policy applies to

**saventh.com** marketing site and account routers (`/signup`, `/get-started`)
**Saventh mobile apps** (Investor, Learn — iOS and Android)
**Spoke web apps** listed on [`/sitemap`](../legal/html-sitemap.md)
**Employer and partner portals** authenticated via Saventh identity

Audience	Typical data processed
Salaried employees	Profile, employer link, Learn progress, optional MF KYC & holdings
HR / employers	Admin contact, roster uploads, aggregated engagement reports
Retail investors	Full KYC, bank mandate, transaction history
Partners / advisors	Business contact, referral IDs, commission statements

What personal data we collect

We do not knowingly collect data from children under 18 for investing services. Workplace literacy for minors is out of scope unless counsel approves institutional programmes.

Category	Required?	Purpose
Mobile + OTP	Yes (account)	Authentication
PAN + KYC docs	If investing	AMFI/SEBI compliance
Employer roster	If HR uploads	Workplace access
Analytics cookies	Optional	Site improvement

How and why we use personal data

1. **Provide services** — Create accounts, deliver Learn content, execute mutual fund orders on BSE Star MF, generate statements.

2. **Workplace programme** — Map you to your employer, show HR aggregated adoption metrics, run financial fitness sessions.

3. **Compliance** — Meet AMFI, SEBI, KRA, RBI payment, and tax reporting obligations; respond to regulatory requests.

4. **Security & fraud prevention** — Detect abnormal login, mandate tampering, or referral abuse.

5. **Support** — Resolve tickets per [`/grievance`](../support/grievance.md).

6. **Product improvement** — Anonymised analytics to improve UX (toggle where offered).

7. **Marketing** — Only with consent: product updates, session invites, educational newsletters. Unsubscribe anytime.

Automated decisions: Risk profiling for mutual fund suitability may use rule-based or algorithmic scoring. You may request human review via `/contact`. Saventh does not make solely automated decisions with legal effects without disclosure.

Who we share data with

We do not sell your personal data to data brokers. Co-brand partners (e.g. `/partners/fatakpay`) receive data only under written agreements and disclosed scopes.

International transfers: Primary processing is in India. If any subprocessors store data outside India, we implement contractual safeguards per DPDP Act and RBI guidelines. *[Counsel to list subprocessor countries.]*

Recipient	Data shared	Purpose
Asset Management Companies (AMCs)	KYC, orders, folio	Fund account opening & servicing
BSE Star MF / BSE	Orders, KYC status	Exchange execution
KRA / CKYC	KYC documents	Central KYC registry
Payment banks / NPCI	Mandate, debit requests	SIP and payment collection
Cloud & SMS providers	Encrypted payloads	Hosting, OTP delivery
Your employer (HR)	Aggregated metrics by default	Programme reporting
Regulators / law enforcement	As required by law	Legal compliance

How long we keep your data

After retention periods, data is deleted or irreversibly anonymised. Backup tapes may persist for **[90 days]** before overwrite.

Data type	Retention period
Account profile	Until deletion request + 30-day grace, unless investing
MF transaction & KYC	Minimum [X years] per SEBI/AMFI record-keeping (counsel to set)
Support tickets	[24 months] after closure
Marketing consent logs	[36 months] after unsubscribe
Anonymised analytics	Indefinitely

Your privacy rights in India

Subject to applicable law, you may:

Data Protection Officer / contact: [Name, email — counsel to appoint] · privacy@saventh.com

Response timeline: We aim to respond within [30 days] of verified request.

If unsatisfied, you may lodge a complaint with the **Data Protection Board of India** once operational under the DPDP Act.

Access

Request a copy of personal data we hold about you

Correction

Update inaccurate profile or KYC data (some KYC changes require re-verification)

Withdraw consent

Stop optional processing (marketing, non-essential cookies). Core services may still need necessary data

Erasure

Request deletion where no legal retention obligation exists

Nominate

Appoint an individual to exercise rights in case of death or incapacity (DPDP Section 14)

Grievance

Raise privacy complaints via [`/grievance`](../support/grievance.md)

Cookies and similar technologies

Manage preferences via the cookie banner on first visit or browser settings. Spoke apps may use local storage for auth tokens — clearing app data logs you out.

Cookie type	Purpose	Control
Essential	Login session, security	Required
Analytics	Page views, funnel metrics	Opt-out banner
Marketing	Campaign attribution (UTM)	Opt-out where used

How we protect your data

No method is 100% secure. Report suspected breaches immediately to security@saventh.com.

TLS 1.2+ for data in transit
Role-based access control for employee-facing admin tools
Encryption at rest for sensitive fields *(counsel to confirm scope)*
Periodic security reviews and vulnerability patching
Incident response procedure with user notification where legally required

Children's data

Saventh investing services are for adults (18+). Learn content in workplaces is intended for employed adults. We do not knowingly collect children's personal data. Contact us to remove inadvertent submissions.

Changes to this policy

We may update this policy for legal, product, or regulatory reasons. Material changes will be notified via email, in-app notice, or a prominent site banner. Continued use after the effective date constitutes acceptance where permitted by law.

Half Billion Technology Pvt Ltd · [Registered address]

privacy@saventh.com · [`/contact`](../global/contact.md)

Related policies: [`/legal/terms`](./terms.md) · [`/legal/regulatory`](./regulatory.md) · [`/grievance`](../support/grievance.md)

Frequently asked questions

Does Saventh share my mutual fund holdings with my employer?

By default, no. HR dashboards show aggregated programme metrics such as session attendance and Learn completion — not individual portfolio values. Any expanded reporting requires employer contract terms and employee consent.

Is Saventh compliant with India's DPDP Act?

Saventh aligns its privacy programme with the Digital Personal Data Protection Act, 2023, including notice, consent, security, and grievance mechanisms. Final compliance sign-off is maintained by our legal and compliance teams.

Where is my KYC data stored?

KYC is submitted to Saventh and transmitted to KRA/CKYC and AMCs as required for mutual fund investing. Saventh retains copies per AMFI/SEBI record-keeping rules on secure Indian infrastructure.

Can I use Saventh without sharing my PAN?

Yes for literacy and workplace features. PAN and full KYC are required only when you choose to invest in mutual funds through Saventh (ARN 324457).

How do I opt out of marketing emails?

Click Unsubscribe in any marketing email or update preferences in app Settings. Transactional messages (OTP, order confirmations) cannot be opted out while you use investing services.

Mutual fund investments are subject to market risks. Read all scheme-related documents carefully. Saventh is an AMFI-registered mutual fund distributor (ARN 324457).

Saventh Investment is an AMFI Registered Mutual Fund Distributor.

Disclaimer: Mutual fund investments are subject to market risks. Please read the scheme information and other related documents carefully before investing. Past performance is not indicative of future returns. Please consider your specific investment requirements before choosing a fund, or designing a portfolio that suits your needs.

Saventh Investment makes no warranties or representations, express or implied, on products offered through the platform of Saventh Investment. It accepts no liability for any damages or losses, however, caused, in connection with the use of, or on the reliance of its product or related services. Terms and conditions of the website are applicable.
Investments in Securities markets are subject to market risks, read all the related documents carefully before investing.

AMFI Registered
ARN - 324457