Privacy Policy

This Privacy Policy explains how Finvastra Advisors Private Limited and Finvastra Wealth Private Limited (collectively “Finvastra,” “we,” “us,” or “our”) collect, use, store, and protect your personal data when you visit www.finvastra.com or use our services. By accessing our website or submitting any enquiry form, you acknowledge that you have read and understood this Policy.

1. Who We Are

Finvastra operates through two registered entities in India:

Entity	Registration Type	Regulatory Authority
Finvastra Advisors Private Limited	Direct Sales Agent (DSA) / Financial Advisory	Respective Lending Banks & Lender Agreements
Finvastra Wealth Private Limited	Mutual Fund Distributor / Investment Advisor	SEBI / AMFI / APMI (APRN08373)

Registered Office: Unit 305, 3rd Floor, Imperial Towers, 7-1-617/A, 616 & 615, Ameerpet, Hyderabad, Telangana 500038, India.

2. Data We Collect

2.1 Information You Provide Directly

Data Field	Why Collected	Mandatory?
Full Name	To address you correctly in communications	Yes
Mobile Number	For advisor callbacks and WhatsApp advisory	Yes
Email Address	For sending advisory summaries and updates	Yes (contact form)
City / Location	To match with relevant lenders and advisors	Yes
Service Interest	To route enquiry to correct advisory team	Yes
Loan Amount & Stage	To contextualise advisory and lender matching	Optional
PAN Card	Only on CIBIL Check tool — required by TransUnion CIBIL API	CIBIL page only
Date of Birth	Only on CIBIL Check tool — required by TransUnion CIBIL API	CIBIL page only
Message / Query	To understand and respond to your specific requirement	No

2.2 Information Collected Automatically

• Usage Data: Pages visited, time spent, links clicked, browser type, device type, operating system, referral URL.
• IP Address: Collected for security monitoring, fraud prevention, and approximate geolocation for service routing.
• Cookies & Similar Technologies: Analytics cookies (Google Analytics via GTM), preference cookies (dark mode setting), and consent cookies. See Section 6 for full cookie details.

3. Legal Basis for Processing (DPDP Act 2023)

Under India’s Digital Personal Data Protection Act 2023, we process your personal data on the following lawful bases:

• Consent: You provide explicit consent via the consent checkbox on every form before we process your data.
• Legitimate Interest: Improving our services, fraud prevention, internal analytics, and security monitoring.
• Legal Obligation: Compliance with IRDAI, SEBI, RBI, and AMFI regulatory requirements for record-keeping.
• Contractual Necessity: When you engage our advisory services, processing your data is necessary to deliver that service.

4. How We Use Your Data

• Advisory Delivery: Connecting you with the right financial advisor for your loan, wealth, or insurance requirement.
• Lender Matching: Identifying and presenting suitable lender options based on your profile, city, and loan requirement.
• Communication: Calling or messaging you via the mobile number you provided, as consented in the form.
• Personalisation: Tailoring website content, calculators, and advisory recommendations to your profile.
• Analytics & Improvement: Analysing aggregate, anonymised usage patterns to improve our website and services.
• Regulatory Compliance: Maintaining records as required by IRDAI, SEBI, RBI, and other applicable regulators.
• Fraud Prevention & Security: Detecting and preventing fraudulent enquiries and protecting the integrity of our platform.

5. Data Sharing & Disclosure

5.1 With Lenders and Financial Institutions

Your data is shared with banks, NBFCs, HFCs, or insurance companies only when you explicitly request us to submit an application or compare offers on your behalf. This sharing is covered by the consent you provide in our forms. We do not share data with lenders speculatively without your instruction.

5.2 With Service Providers

We use the following categories of third-party service providers who may process your data on our behalf under strict data processing agreements:

Category	Purpose	Data Shared
Analytics (Google Analytics via GTM)	Aggregate website usage analytics	Anonymised behavioural data, IP
Communication (WhatsApp Business API)	Advisor communication	Mobile number, name
Credit Bureau (TransUnion CIBIL)	CIBIL score retrieval (CIBIL Check tool only)	Name, PAN, DOB, mobile
Website Hosting (GitHub Pages)	Static file delivery	IP address, browser metadata

5.3 Legal Disclosure

We may disclose your data when required by law, court order, regulatory direction, or to protect the rights, property, or safety of Finvastra, our users, or the public.

6. Cookies & Tracking Technologies

We use the following types of cookies on our website:

Cookie Type	Name / Source	Purpose	Duration
Essential	fv_cookie_consent	Stores your cookie consent preference	1 year
Preference	finvastra-theme (localStorage)	Stores your dark/light mode preference	Persistent
Analytics	Google Analytics (_ga, _gid)	Website traffic and usage analytics (anonymised)	2 years / 24h
Marketing	Meta Pixel, LinkedIn Insight (via GTM)	Conversion tracking for advertising	Varies

Analytics and marketing cookies are only set after you click “Accept All” in our cookie consent banner. If you select “Essential Only,” only the consent preference cookie is set. You can change your preference at any time by clearing your browser’s local storage and cookies.

7. Data Retention

We retain your personal data for the following periods:

Data Type	Retention Period	Reason
Enquiry form data (name, mobile, city, service)	3 years from submission	Advisory follow-up and regulatory record-keeping
CIBIL Check data (name, PAN, DOB)	1 year from submission	CIBIL API compliance and audit trail
Analytics data (anonymised)	26 months (Google Analytics default)	Service improvement
Communication records	5 years from last interaction	IRDAI / SEBI regulatory requirements

Upon expiry of the applicable retention period, or upon receipt of a valid deletion request (see Section 8), data is permanently deleted from our systems.

8. Your Rights Under DPDP Act 2023

As a Data Principal under India’s Digital Personal Data Protection Act 2023, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to our legal and regulatory retention obligations.
• Right to Withdraw Consent: Withdraw your consent for processing at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Grievance Redressal: Lodge a complaint with our Grievance Officer (see Section 13) and, if not satisfactorily resolved, with the Data Protection Board of India.
• Right to Nominate: Nominate another individual to exercise rights on your behalf in the event of death or incapacity.

To exercise any of these rights, email privacy@finvastra.com with your full name, mobile number, and the specific right you wish to exercise. We will respond within 30 calendar days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• HTTPS/TLS 1.3 Encryption: All data transmitted between your browser and our servers is encrypted.
• Access Controls: Personal data is accessible only to authorised personnel who require it to perform their functions.
• No Storage of Sensitive Credentials: We never store bank account details, passwords, or full Aadhaar numbers in our systems.
• Regular Security Reviews: Our systems and processes are reviewed periodically for security vulnerabilities.
• IT Act 2000 Compliance: Our information security practices comply with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011.

For our full data security practices, see our Security Policy.

10. Children’s Privacy

Our services are intended for adults (18 years and above). We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected data from a minor without parental consent, we will delete it promptly. Parents or guardians who believe we have inadvertently collected data about a child should contact us at privacy@finvastra.com.

11. Cross-Border Data Transfers

Our website is hosted on GitHub Pages (infrastructure managed by GitHub, Inc., a Microsoft subsidiary). Server locations may include regions outside India. Where personal data is transferred outside India, such transfers comply with applicable Indian data protection laws and are governed by appropriate contractual safeguards.

Analytics data processed by Google Analytics may be transferred to servers outside India. Google processes this data under its standard contractual clauses and Privacy Shield-equivalent frameworks.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this Policy periodically. Your continued use of our website after changes are posted constitutes your acceptance of the updated Policy.

13. Grievance Officer & Contact

In accordance with the Digital Personal Data Protection Act 2023 and the Information Technology Act 2000, the details of our Grievance Officer are:

If you are not satisfied with our response, you may contact the Data Protection Board of India once it is operational, or approach the appropriate judicial authority.