Privacy Policy

Under the DPDP Act, 2023, Rahul Rajgopal Wealth Advisor is the Data Fiduciary — the entity that determines the purpose and means of processing your personal data.

• Name: Rahul Rajgopal
• Entity: Rahul Rajgopal Wealth Advisor
• SEBI Registration No.: INA000021933
• Registered Address: F1/38, Sector-2A, Vaishali, Ghaziabad – 201019, UP
• Operations Address: 3rd Floor, Netedge Tower, Sector 62, Noida – 201309, UP
• Data Privacy Contact / Nodal Officer: Rahul Rajgopal — contact@rahulrajgopalwealth.com

We collect only the data necessary to provide advisory services and comply with regulatory obligations. This includes:

2.1 Identity & Contact Data

• Full name, date of birth, gender
• Email address, phone number
• Residential address (city, state, country — for NRI clients, country of residence)
• PAN number (where required for KYC and SEBI record-keeping purposes)

2.2 Financial Data

• Annual income, monthly savings, and expense patterns
• Net worth details — assets (investments, real estate, EPF, etc.) and liabilities
• Existing investment portfolio details
• Insurance coverage, loans, and EMI obligations
• Financial goals and investment horizon
• Risk tolerance and investment experience

2.3 Payment Data

• Payment transaction reference numbers and timestamps
• Payment method type (UPI, card, NEFT — not full card numbers)
• Note: Full payment card numbers, CVVs, and bank account numbers are never stored by us. All payment processing is handled by Razorpay, a PCI-DSS compliant payment gateway. Razorpay's privacy policy applies to payment data.

2.4 Technical & Usage Data

• IP address and approximate geographic location (city/country level)
• Browser type, device type, and operating system
• Pages visited, time spent, and interaction patterns
• Referral source (how you found our website)

2.5 Communication Data

• Emails, messages, and correspondence with the adviser
• Grievance submissions and complaint records
• Consent records and audit trail documentation

We process your personal data for the following specific, lawful purposes:

• Providing advisory services: Generating your personalised Wealth Diagnostic Report and delivering investment advisory outputs
• Risk profiling and suitability assessment: As mandated by SEBI Regulations to ensure advice is appropriate for your circumstances
• Payment processing: Facilitating secure payment for services via Razorpay
• Regulatory compliance: Maintaining records as required by SEBI (Investment Advisers) Regulations, 2013 — minimum 5 years retention
• KYC compliance: Verifying identity as required by SEBI and anti-money laundering regulations
• Communication: Sending service-related communications, report delivery, and advisory correspondence
• Grievance redressal: Processing and resolving complaints and escalations
• Platform improvement: Analysing usage patterns to improve service quality (using anonymised or aggregated data only)
• Legal obligations: Complying with court orders, regulatory directions, or law enforcement requests

We do not use your personal data for targeted advertising, profiling for commercial purposes unrelated to advisory services, or sale to third parties.

Under the DPDP Act, 2023, we process your personal data on the following bases:

• Consent: You voluntarily provide financial data through the intake form, having been informed of the purpose of collection
• Contractual necessity: Processing necessary to deliver the advisory service you have engaged and paid for
• Legal obligation: SEBI Regulations mandate record-keeping of client data and advisory interactions for a minimum of 5 years
• Legitimate use: As defined under Section 7 of the DPDP Act — specifically for fulfilment of obligations under applicable law

We do not sell, rent, or commercially share your personal data. Limited data sharing occurs only in the following circumstances:

• Razorpay (Payment Processor): Transaction data necessary to process payments. Razorpay is PCI-DSS compliant and governed by its own privacy policy.
• Vercel (Hosting Provider): Platform hosting and content delivery. Server logs may contain IP addresses and technical data.
• SEBI / BSE IAASB: As required by regulatory obligations — SEBI may request client records during audits or investigations.
• Law enforcement / Courts: Where required by a court order, legal process, or regulatory direction under applicable Indian law.
• Professional advisers: Chartered Accountants or Company Secretaries engaged for compliance audit, who are bound by confidentiality obligations.

All third-party service providers who process your data are contractually obligated to maintain data security and confidentiality.

We retain your personal data for as long as necessary to fulfil the purposes described in this policy, and as required by law:

• Advisory records and client data: Minimum 5 years from the date of last advisory interaction, as mandated by SEBI Regulations
• Payment records: 5 years from date of transaction, as required for financial record-keeping under applicable law
• Complaint records: 5 years from resolution date, per SEBI grievance redressal requirements
• Website usage data: Maximum 12 months in anonymised form

After the applicable retention period, data is securely deleted or anonymised in a manner that prevents re-identification.

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

• Right to access: Request a summary of the personal data we hold about you and how it is being processed
• Right to correction: Request correction of inaccurate or incomplete personal data
• Right to erasure: Request deletion of your personal data, subject to our legal and regulatory retention obligations
• Right to grievance redressal: File a complaint with us regarding processing of your personal data. If unresolved, escalate to the Data Protection Board of India (once operational)
• Right to withdraw consent: Withdraw your consent for processing at any time, subject to the consequence that we may be unable to continue providing advisory services
• Right to nominate: Nominate another person to exercise your rights in the event of your death or incapacity

To exercise any of these rights, email us at contact@rahulrajgopalwealth.com with the subject line “Data Privacy Request”. We will respond within 30 days.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• SSL/TLS encryption for all data in transit
• Secure cloud hosting on Vercel with access controls
• Payment data handled exclusively by PCI-DSS compliant processors
• Restricted internal access to client data on a need-to-know basis
• Regular security reviews of platform and third-party integrations

In the event of a personal data breach that is likely to cause harm to you, we will notify you and the Data Protection Board of India as required under the DPDP Act, 2023.

This website uses minimal cookies strictly necessary for platform operation, including session management. We do not use tracking cookies for advertising, behavioural profiling, or cross-site tracking.

We may use privacy-respecting analytics tools (such as Vercel Analytics) to understand aggregate traffic patterns. This data is anonymised and does not identify individual users.

You can control cookie settings through your browser. Disabling necessary cookies may affect platform functionality.

For NRI clients whose data may be processed across jurisdictions, we confirm that data is stored on servers within permissible locations as per applicable Indian law. The DPDP Act, 2023 permits transfer of personal data outside India except to countries restricted by the Central Government by notification.

NRI clients retain all rights under the DPDP Act, 2023 as Data Principals whose data is processed in connection with services offered to them in India.

Our services are intended for adults aged 18 years and above. We do not knowingly collect personal data from individuals below the age of 18. If we become aware that a minor has provided personal data without verifiable parental consent, we will delete such data promptly. If you believe a minor has submitted data to our platform, contact us immediately at contact@rahulrajgopalwealth.com.

We may update this Privacy Policy periodically to reflect changes in our practices, regulatory requirements, or legal obligations. Material changes will be communicated by updating the “Last updated” date at the top of this page and, where appropriate, by email notification to existing clients. Continued use of the platform after updates constitutes acceptance of the revised policy.

For any grievance related to the processing of your personal data:

• Nodal Officer: Rahul Rajgopal
• Email: contact@rahulrajgopalwealth.com (Subject: “Data Privacy Grievance”)
• Response time: Within 30 days of receipt
• Escalation: Data Protection Board of India — once fully operational (expected 2027). Current escalation via IT Act, 2000 mechanisms.
• SEBI SCORES (for grievances related to advisory services): scores.sebi.gov.in

For any questions, concerns, or requests related to this Privacy Policy or our data practices:

• Rahul Rajgopal Wealth Advisor
• F1/38, Sector-2A, Vaishali, Ghaziabad – 201019, UP, India
• Email: contact@rahulrajgopalwealth.com
• Phone: +91 93110 33796
• Website: www.rahulrajgopalwealth.com