a. Personal and Contact Details:

Your name, email address, phone number, user credentials (username and password), billing or communication address, and, where applicable, GST number or other tax-related identifiers.

b. Service Interaction Data:

Information you voluntarily provide while using our services, communicating with our customer support team, participating in feedback surveys, responding to marketing campaigns, or updating your account settings and preferences.

c. System and Technical Information:

We may automatically collect certain non-personal and technical data such as your device type, operating system, browser version, IP address, access time, referring URLs, and user interaction metrics. This helps us improve platform functionality, enhance security, and provide a smoother user experience.

d. Public and Third-Party Information:

We, or our authorized service partners, may collect information that is publicly available or legitimately obtained through third-party databases, online or offline channels, subject to their respective terms of use and privacy practices.

e. Payment and Transaction Data:

In the event of any financial transaction or paid service, you may be redirected to a secure third-party payment gateway. Such service providers may collect sensitive financial details, including your banking information, PAN, GST number, debit or credit card details, or UPI credentials. Please note that AUM Sampann does not store or have access to such payment information, and we are not responsible for the privacy or security practices of these third-party providers. We strongly advise you to review the privacy policy of the relevant payment gateway before proceeding with any transaction. AUM Sampann does not store or directly process payment credentials. Such information is handled by authorized payment processors governed by their own privacy and security policies. Users are advised to review such third-party terms before transacting.

f. Cookies and Similar Technologies:

We may use cookies, log files, web beacons, and similar technologies to understand user behavior, monitor usage patterns, and enhance your experience on our platform. These technologies also help us deliver customized content and improve the overall usability of our services.

g. Disclaimer Regarding User-Provided Data:

Please note that AUM Sampann shall not be responsible for any data, documents, or other information that you may voluntarily share with us outside the secure environment of our App or Platform including through emails, messages, postal correspondence, or any other external medium. We may not be able to track or secure such information and therefore disclaim any liability arising from its disclosure or misuse.

h. Purpose of Collection:

The information we collect is essential for the provision of our services and enables us to tailor the App experience to your individual needs. We do not sell, rent, or otherwise commercially exploit your personal or financial information under any circumstances. Our sole objective in collecting this data is to maintain service integrity, enhance your experience, and fulfil our legal and contractual obligations.

a. User Verification:

To verify your identity, validate your credentials, and maintain the security and integrity of your account and transactions.

b. Service Enhancement and Personalization:

To understand your preferences, analyse user interaction and engagement, customize the App interface, and provide a more relevant and seamless experience.

c. Regulatory and Legal Compliance:

To comply with applicable laws, regulatory requirements, audits, taxation norms, or lawful requests from government authorities.

d. Customer Support and Communication:

To respond to your queries, provide user assistance, deliver notifications, alerts, and other service-related communications relevant to your use of the Platform.

e. Research and Analytics:

To aggregate and anonymize user data for internal analysis, market research, product development, and business strategy purposes, without revealing any personally identifiable information.

f. Internal Administration:

For maintaining internal records, operational efficiency, fraud prevention, and performance monitoring of our systems and services.

g. Enforcement of Terms:

To enforce our policies, terms of use, and agreements, and to protect our rights, property, and users from misuse or unauthorized activity. All processing activities are undertaken in a fair, transparent, and lawful manner consistent with user consent and legitimate purposes.

b. KYC and Verification Documents:

Know Your Customer (KYC) documentation, identity verification records, and related compliance materials shall be retained for a period of seven (7) years from the date of account closure or termination of the business relationship, in accordance with PMLA requirements and RBI Master Directions on KYC.

c. Transaction and Payment Records:

Records of financial transactions, payment confirmations, invoices, and billing information shall be retained for a minimum of seven (7) years to meet accounting, taxation, and audit requirements under applicable Indian laws, including the Companies Act, 2013, and GST regulations where applicable.

d. Communication Records:

Emails, customer support interactions, chat logs, feedback submissions, and other communications between you and AUM Sampann shall be retained for a period of three (3) years from the date of communication, unless a longer retention period is necessary for dispute resolution, legal proceedings, or regulatory compliance.

e. Technical and System Logs:

Server logs, IP address records, access logs, security logs, and system diagnostic data shall be retained for a period of one (1) year from the date of collection, unless a longer retention is required for security investigations, fraud prevention, or legal compliance. Aggregated and anonymized analytics data may be retained indefinitely for research and business intelligence purposes, provided such data cannot be used to identify individual users.

f. Marketing and Consent Records:

Records of your marketing preferences, consent history, and opt-out requests shall be retained indefinitely to ensure we honor your communication preferences and maintain an accurate record of consent compliance under the Digital Personal Data Protection Act, 2023.

g. Periodic Review and Purging:

AUM Sampann conducts periodic reviews of stored data at least annually to identify and delete information that has exceeded its retention period or is no longer necessary for its original purpose. Automated deletion protocols are implemented where technically feasible to ensure timely removal of expired data.

h. Secure Data Destruction:

When data is deleted or purged, we employ secure deletion methods including cryptographic erasure, overwriting, and physical destruction of storage media where applicable, to prevent unauthorized recovery or reconstruction of deleted information.

b. Technology and Infrastructure Service Providers:

We engage trusted third-party service providers to support our technology infrastructure and platform operations, including:

• Cloud hosting providers for secure data storage and computing services;
• Authentication and security service providers for identity verification, fraud detection, and cybersecurity services;
• Analytics and performance monitoring tools to analyze user behavior, improve platform performance, and enhance user experience;
• Customer support platforms to manage and respond to your queries and service requests; and
• Email and communication service providers to deliver notifications, alerts, and service-related communications.

These service providers act as data processors on our behalf and are contractually bound to process your data only in accordance with our instructions and applicable data protection laws. They are prohibited from using your data for their own purposes or disclosing it to other parties without authorization.

c. Payment Gateways and Financial Service Providers:

As stated in our Collection of Information section, when you make payments or financial transactions through our Platform, you are redirected to third-party payment gateways. These payment processors may collect and process your payment card details, bank account information, UPI credentials, and related financial data pursuant to their own privacy policies and security standards. While we carefully select reputable payment service providers compliant with industry standards (including PCI-DSS for card payments), we do not have control over their data practices and recommend that you review their privacy policies independently.

d. Regulatory and Governmental Authorities:

We may disclose your personal and financial information to regulatory authorities, government agencies, law enforcement bodies, tax authorities, or judicial forums when required or permitted by law, including but not limited to:

• Compliance with court orders, subpoenas, warrants, or other legal processes;
• Fulfilling obligations under the Prevention of Money Laundering Act, 2002 (PMLA), including reporting to the Financial Intelligence Unit-India (FIU-IND);
• Responding to requests from SEBI, RBI, Income Tax Department, Enforcement Directorate, or other financial sector regulators;
• Cooperation with law enforcement investigations relating to fraud, cybercrime, or other illegal activities;
• Protection of national security or public safety; and
• Compliance with KYC and anti-money laundering verification requirements.

We shall disclose only such information as is legally required and may, where permitted by law, inform you of such disclosure requests unless prohibited from doing so.

e. Professional Advisors and Auditors:

We may share your data with our legal counsel, financial advisors, auditors, accountants, and other professional consultants who require access to such information to provide services to us, advise us on legal or regulatory compliance, or conduct audits. Such professionals are bound by professional confidentiality obligations and data protection duties.

f. Business Transfers and Corporate Transactions:

In the event of a merger, acquisition, corporate restructuring, sale of assets, bankruptcy, or any other change in corporate control involving AUM Sampann, your personal data may be transferred to the acquiring or successor entity as part of the business assets. We shall endeavor to notify you of any such transfer and ensure that the receiving entity commits to protecting your data in accordance with this Policy or provide you with an opportunity to withdraw consent if the transferee's privacy practices materially differ from ours.

g. Analytics and Marketing Partners (with Consent):

With your explicit consent, we may share anonymized or pseudonymized data with analytics partners, market research firms, or advertising platforms to:

• Understand user trends and improve our services;
• Deliver personalized investment insights and recommendations;
• Provide you with relevant offers from our financial services partners; and
• Measure the effectiveness of our marketing campaigns.

You may withdraw your consent for such sharing at any time through your account settings or by contacting our Grievance Officer. We do not share personally identifiable information for marketing purposes without your express consent.

h. Aggregate and Anonymized Data:

We may share aggregated, anonymized, or de-identified data that does not identify you individually with third parties for research, analytics, benchmarking, industry reports, or business intelligence purposes. Such data cannot be used to identify you and is not subject to the restrictions applicable to personal data.

i. Contractual Safeguards:

All third parties with whom we share your personal data are required to:

• Implement appropriate technical and organizational security measures to protect your data;
• Process data only for the specified purposes and in accordance with our instructions;
• Not disclose your data to other parties without authorization;
• Delete or return data upon completion of the service relationship or as per agreed retention periods; and
• Comply with applicable data protection laws including the Digital Personal Data Protection Act, 2023.

We conduct due diligence on third-party service providers before engagement and periodically review their compliance with contractual obligations and security standards.

b. Methods of Investment Data Collection:

We collect investment data through the following methods:

• Direct User Input: Information you manually enter into the Platform, including portfolio details, transaction records, and investment goals;
• API Integration: Automated data retrieval from investment platforms, mutual fund companies, RTAs, and financial institutions through secure Application Programming Interfaces (APIs) based on your authorization;
• Account Aggregation Services: Use of licensed account aggregation service providers regulated by the Reserve Bank of India to fetch and consolidate your investment information from multiple sources with your consent;
• Email Parsing: With your permission, analysis of transaction confirmations, account statements, and investment-related emails to extract portfolio information; and
• Document Upload: Analysis of portfolio statements, transaction confirmations, and other investment documents that you upload to the Platform.

c. Purpose and Use of Investment Data:

We use your investment data for the following specific purposes:

• Portfolio Aggregation: To consolidate and display your investments across multiple platforms in a unified dashboard, providing you with a comprehensive view of your overall portfolio;
• Performance Tracking: To calculate and display returns, track portfolio performance, analyze asset allocation, and provide insights into your investment growth;
• Transaction Execution: To facilitate and execute investment transactions (purchases, redemptions, switches) on your behalf through integrated investment platforms;
• Investment Analytics: To generate reports, analyze investment patterns, assess risk exposure, and provide personalized financial insights;
• Goal Planning: To help you set and track financial goals, retirement planning, tax planning, and investment strategy recommendations;
• Alerts and Notifications: To send you timely alerts about portfolio changes, corporate actions, maturity dates, dividend declarations, and other investment-related events;
• Tax Reporting: To assist you in generating capital gains statements, tax reports, and other documentation for income tax filing purposes; and
• Service Improvement: To enhance our platform features, improve data accuracy, and develop new investment-related services based on aggregated user trends.

d. Storage and Security of Investment Credentials:

Where you authorize AUM Sampann to access your investment accounts on third-party platforms by providing login credentials or granting API access:

• All credentials are encrypted using industry-standard encryption protocols (AES-256 or higher) before storage;
• Credentials are stored in secure, access-controlled environments with multi-layered security protections;
• Access to credential stores is restricted to authorized system processes and personnel on a need-to-know basis;
• We implement secure credential vaulting solutions specifically designed for sensitive authentication data;
• Where possible, we use token-based authentication mechanisms instead of storing actual passwords; and
• You may revoke access and delete stored credentials at any time through your account settings.

e. Data Accuracy and Reconciliation:

While we strive to ensure the accuracy of investment data displayed on the Platform:

• Data is retrieved from third-party sources (investment platforms, RTAs, stock exchanges) and we rely on the accuracy of information provided by these sources;
• There may be delays in data synchronization, and the displayed information may not always reflect real-time values;
• We employ reconciliation mechanisms to identify and correct discrepancies, but cannot guarantee complete accuracy at all times;
• You are encouraged to cross-verify critical information with original statements from your investment providers; and
• AUM Sampann shall not be liable for investment decisions made based on data inaccuracies arising from third-party sources or synchronization delays.

f. Investment Data Portability:

You have the right to receive your investment data in a structured, commonly used, and machine-readable format. We provide data export functionality allowing you to download your portfolio information in formats including CSV, Excel, and PDF. Such exported data includes your holdings, transaction history, performance reports, and other investment-related information stored on the Platform.

g. Third-Party Access to Investment Data:

Your investment data may be shared with third parties as described in our Third-Party Data Sharing section, including investment platforms to execute transactions, regulatory authorities as required by law, and analytics partners for anonymized research purposes with your consent. We do not share your detailed investment portfolio information with marketing or advertising partners without your explicit consent.

a. Internet Access (INTERNET, ACCESS_NETWORK_STATE)

• Purpose: To communicate with our servers, retrieve investment data, process transactions, synchronize portfolio information, and access real-time market data.
• Data Accessed: Network connectivity status and type (Wi-Fi, mobile data).
• Required: Yes – The app cannot function without internet connectivity.

b. Storage Access (READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE / equivalent iOS permissions)

• Purpose: To save downloaded reports, transaction confirmations, portfolio statements, and CAS files to your device; to upload documents for KYC verification or investment statements.
• Data Accessed: Files and documents stored in designated app directories or user-selected locations.
• Required: Yes for document upload/download features; Limited functionality if denied.
• Scope: We access only files you explicitly select or those stored in the app's designated directories. We do not scan or access other files on your device.

a. Camera Access (CAMERA)

• Purpose: To scan and upload KYC documents (PAN card, Aadhaar, address proof), to capture images of physical investment statements or cheques for upload, and to enable QR code scanning for payment or account linking.
• Data Accessed: Camera feed only when you actively use camera-based features; images are processed only for the specified purpose.
• Required: No – You may manually upload pre-existing images or documents if camera permission is denied.
• Data Retention: Captured images are uploaded to our secure servers for verification and then deleted from the device unless you choose to save them.

b. Notification Permission (PUSH_NOTIFICATIONS / iOS Notification Services)

• Purpose: To send you alerts about portfolio changes, transaction confirmations, SIP payment reminders, important account notifications, security alerts, and service updates.
• Data Accessed: Device notification token used to route push notifications to your device.
• Required: No – You can use the app without notifications, but you may miss important alerts.
• Control: You can manage notification preferences within the app settings and enable/disable specific types of notifications (transaction alerts, market updates, promotional messages, etc.).
• Types of Notifications:
  • Transactional: SIP payment confirmations, transaction status updates, order executions.
  • Informational: Portfolio performance summaries, goal progress updates, market insights.
  • Security: Login alerts, suspicious activity warnings, password change confirmations.
  • Marketing (Optional): Product recommendations, new feature announcements, promotional offers. You can opt-out of marketing notifications while retaining transactional and security alerts.

c. Biometric Authentication (FINGERPRINT, FACE_ID, TOUCH_ID, USE_BIOMETRIC)

• Purpose: To enable secure and convenient login using fingerprint recognition, facial recognition, or other biometric authentication methods supported by your device.
• Data Accessed: Biometric authentication results only (pass/fail); biometric data itself is processed entirely on your device and never transmitted to our servers or stored by AUM Sampann.
• Required: No – You can use traditional password-based authentication if you prefer not to use biometrics.
• Security: Biometric authentication uses your device's secure hardware and operating system features. We do not access, store, or have any knowledge of your biometric data.

d. Contacts Access (READ_CONTACTS)

• Purpose: [Only if applicable] To enable referral features allowing you to invite friends from your contact list, or to auto-fill beneficiary details for transactions.
• Data Accessed: Contact names, phone numbers, and email addresses only when you explicitly use referral or contact selection features.
• Required: No – You can manually enter referral information or beneficiary details.
• Data Usage: Contact information is used only for the specific purpose you initiated and is not stored permanently or used for other purposes without your consent.

e. Location Access (ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION)

• Purpose: [Only if applicable] To detect your approximate location for regulatory compliance (verifying Indian residency for certain transactions), fraud prevention (detecting unusual login locations), or to provide location-based services (finding nearby bank branches or investment centers).
• Data Accessed: Approximate or precise location coordinates depending on the permission granted.
• Required: No – Location access is not required for core app functionality.
• Frequency: Location is accessed only when you use location-dependent features, not continuously in the background.
• Control: You can grant "one-time" or "while using app" location permission and deny background location access.

f. Phone State and Identity (READ_PHONE_STATE, Android only)

• Purpose: To retrieve device identifiers (IMEI, device ID) for fraud prevention, device-specific security measures, and to detect multiple accounts from the same device.
• Data Accessed: Device hardware identifiers, phone number (if applicable), network information.
• Required: No for iOS; May be requested on Android for enhanced security features.
• Alternative: On devices where this permission is denied or unavailable, we use alternative device identification methods.