INVE TECHNOLOGIES PRIVATE LIMITED ("we", "us", or "our") operates the website https://drishti.money and the "Drishti Money" Android mobile application (package app.drishti.money) distributed via Google Play (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

a) Personal Information

When you register or use our Service, we may collect:

Name and email address (if provided in your profile)
Phone number in E.164 format (e.g. +91XXXXXXXXXX). On the Android app this is the primary sign-in identifier; we send a one-time SMS verification code via Google Firebase Authentication and store only the verified number. We never receive or store the SMS content itself.
Date of birth (if provided)
PAN card number (if provided for portfolio verification)

b) Financial Information

To provide portfolio analysis, we may collect:

Stock holdings data (ticker symbols, quantities, average buy prices)
Broker account connection details (via Zerodha Account Aggregator integration)
Portfolio risk profile and preferences

We do not store your broker login credentials. Broker integration uses secure, encrypted tokens through Account Aggregator frameworks.

c) Usage Data

Pages visited, features used, and interaction patterns
Device information, browser type, and IP address
API usage logs for rate limiting and service improvement

d) Mobile App Data

When you use the Android mobile app, we may also collect:

App version, Android OS version, and device model
Crash and stability logs (no personally identifiable content)
Play Integrity tokens — short-lived attestations issued by Google Play Services that prove the app installation is genuine. Used only to prevent fraud and abuse; not linked to user identity in our systems.

2. How We Use Your Information

We use the collected information to:

Provide, maintain, and improve our portfolio analysis services
Generate risk analysis reports, red flag detection, and crash simulations
Process subscription payments and manage your account
Send service-related communications (account alerts, updates)
Monitor and enforce usage limits based on your subscription plan
Ensure security and prevent fraud or abuse

3. Data Sharing and Disclosure

We do not sell your personal or financial data. We share information with the following sub-processors who act on our behalf under standard data-processing agreements:

Google Firebase Authentication: Sends the SMS one-time password and issues a verified identity token used to create your account. Receives the phone number you enter during sign-in.
Google Play Integrity API: Verifies that the Android app install is genuine, to prevent fraud and account takeover. Does not receive personal data.
Razorpay: Processes subscription payments. Card and bank details are entered into Razorpay's hosted checkout and never reach our servers.
Broker integrations (Zerodha Account Aggregator): Solely to fetch your portfolio holdings with your explicit consent. We never receive your broker password.
AI service providers (Anthropic, Google Vertex AI): Anonymized or aggregated portfolio data is sent to generate analysis. Phone numbers, email addresses, and PAN are not included in these requests.
Hosting providers: The website is served by Vercel and the backend API runs on Railway. Both providers process data on our behalf only.
Legal requirements: When required by law, regulation, or legal process.

4. Data Security

We implement industry-standard security measures to protect your data, including:

HTTPS encryption for all data in transit
Encrypted storage for sensitive tokens (e.g., broker access tokens use Fernet encryption)
Content Security Policy (CSP) headers and XSS protection
Token-based authentication with automatic session invalidation

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention and Account Deletion

We retain your personal data for as long as your account is active or as needed to provide the Service. To request deletion of your account and all associated data (phone number, holdings, risk profile, broker tokens, and usage logs):

Email info@drishti.money from the email address or phone number registered on your account, with the subject line "Account Deletion Request".
We acknowledge receipt within 2 business days and complete deletion within 7 business days.
Anonymized aggregate analytics (no personally identifiable content) may be retained for service-improvement purposes.

Broker access tokens are automatically invalidated upon expiry and are not retained beyond their validity period.

6. Cookies and Tracking

We use essential cookies and local storage for authentication (auth tokens) and user preferences. We do not use third-party advertising or tracking cookies.

7. Third-Party Links

Our Service may contain links to third-party websites (e.g., broker platforms, stock exchanges). We are not responsible for the privacy practices of these external sites.

8. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If you believe we have collected such information, please contact us immediately.

9. Your Rights

You have the right to:

Access and review the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and associated data
Withdraw consent for broker data access at any time
Opt out of non-essential communications

To exercise any of these rights, contact us at info@drishti.money.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

INVE TECHNOLOGIES PRIVATE LIMITED
Email: info@drishti.money
Website: https://drishti.money