Legal Document

Privacy Policy

Effective Date: April 29, 2026 Last Updated: April 29, 2026

01 Introduction

This Privacy Policy describes how Ranjan Yaduvanshi (operating under the brand name "Capital Trackers", SEBI Registered Research Analyst, Registration Number INH000025957) ("we", "us", "our") collects, uses, stores, shares, and protects your information when you use the Capital Trackers mobile application, website, and related services (collectively, the "Services").

By downloading, installing, accessing, or using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.

Data Controller / Owner Details

Field	Details
Name	Ranjan Yaduvanshi
Trade / Brand Name	Capital Trackers
SEBI Registration No.	INH000025957
Registered Address	B-68, Fourth Floor, Paryavaran Complex, South Delhi, Delhi
Email (Privacy Contact)	ranjanhrc@gmail.com
Phone	011-49065992
Website	www.capitaltrackers.in

02 Information We Collect

We collect the following categories of information when you use our Services. The categories below align with our Google Play Data Safety declaration.

2.1 Personal Information You Provide

Name (full name as per PAN)
Contact information — email address, mobile number, residential address
Identity information — PAN number, last four digits of Aadhaar (for KYC compliance)
Date of birth, gender, nationality, marital status
Financial information — occupation, annual income range, investment experience, risk tolerance
Demat / Trading account details (DP ID, Client ID, broker name) — only if voluntarily provided
Bank account details for fee refunds (only if you opt to share them)
Photograph (for KYC purposes)
Communications — emails, in-app messages, support requests, feedback you send to us

2.2 Information Collected Automatically

Device information — device model, operating system version, unique device identifiers, mobile network information
App activity — features used, screens viewed, taps, session duration, search queries within the app
Diagnostic data — crash logs, performance data, error reports
Approximate location (city/region level) — derived from IP address; no precise GPS location is collected unless you grant explicit permission
App version, install/uninstall status, language preference

2.3 Information from Third-Party Services

KYC Registration Agency (KRA) — we may receive verified KYC data from a SEBI-recognised KRA when you onboard as a fee-paying client
Payment processors — transaction status (success/failure) when you pay through CeFCoM (BSE Limited) or other authorised payment gateways

2.4 Information We DO NOT Collect

      We never collect: trading account login credentials, passwords, OTPs, bank account passwords, precise GPS location, contacts list, SMS messages, call logs, photos/media (other than KYC photographs you voluntarily upload), or health, biometric, sexual orientation, religious, or political data.
    

03 How We Use Your Information

Purpose	Description
Account creation & KYC compliance	To register you as a client, verify your identity, and meet SEBI / KRA / AML obligations.
Delivery of research services	To send you research reports, market updates, model portfolios, and IPO analysis as part of your subscription.
Fee collection & receipts	To process subscription payments, generate invoices, and issue refunds where applicable.
Customer support	To respond to your queries, resolve grievances, and maintain a record of interactions as required under Regulation 25(1) of the SEBI (Research Analysts) Regulations, 2014.
App functionality & analytics	To operate, maintain, and improve the app; understand which features are used; and fix bugs.
Security & fraud prevention	To detect, prevent, and respond to security incidents, abuse, fraud, or violations of our terms.
Legal & regulatory compliance	To comply with SEBI regulations, RAASB requirements, the Prevention of Money Laundering Act, 2002, and other applicable laws.
Communications	To send service-related notifications, regulatory disclosures, and (with your consent) marketing communications.

04 Legal Basis for Processing

Consent — you have given your consent at the time of registration, KYC, and acceptance of our Terms and Conditions.
Contractual necessity — to perform the research services you have subscribed to.
Legal obligation — to comply with SEBI regulations, RAASB requirements, KYC norms, the Prevention of Money Laundering Act, 2002, the Income Tax Act, 1961, and other applicable laws.
Legitimate interests — to operate, secure, and improve our Services, prevent fraud, and protect our rights, where such interests are not overridden by your rights.

05 Sharing of Your Information

We do not sell, rent, or trade your personal information. We share your information only in the limited circumstances described below.

5.1 With Service Providers (Data Processors)

Cloud hosting and database providers (Google Firebase — for app data storage, authentication, and analytics)
App analytics providers (Google Analytics for Firebase, Firebase Crashlytics)
KYC Registration Agencies (SEBI-recognised KRAs) — for KYC verification and upload, as mandated by SEBI
Payment gateways and CeFCoM (BSE Limited) — for processing fee payments
Cloud notification services (Firebase Cloud Messaging) — to deliver push notifications
Email service providers — to send transactional emails and research reports
SMS gateway providers (such as MSG91) — for OTP-based authentication

All such service providers are contractually bound to use your data only to provide services to us and to maintain appropriate security and confidentiality.

5.2 With Regulators and Authorities

Securities and Exchange Board of India (SEBI)
Research Analyst Administration and Supervisory Body — BSE Limited (RAASB)
KYC Registration Agencies (KRAs)
Income Tax Department, Financial Intelligence Unit (FIU), and other authorised regulators / law enforcement when required by law, court order, or SEBI direction

5.3 In Connection with Business Transfers

If our research analyst registration is transferred or if there is a change in control (subject to SEBI prior approval as required under the RA Regulations), we may transfer your information to the new entity. You will be notified at least 15 days in advance of any such transfer.

5.4 With Your Consent

We may share your information with other parties if you give us specific, informed consent to do so.

06 Data Retention

Type of Data	Retention Period
KYC documents and client records	5 years from the end of the client relationship (as required by SEBI Regulation 25)
Research reports and recommendations sent to you	5 years
Client interaction records (emails, calls, support)	5 years
Fee payment records and invoices	5 years (or longer, as required by tax laws)
Complaint records	5 years (or until dispute resolution, whichever is later)
App analytics and crash data	Up to 14 months (Google Firebase default), or earlier if you request deletion
Marketing preferences	Until you withdraw consent

Once retention periods expire, your data is securely deleted or anonymised, except where continued retention is required by law or SEBI direction.

07 Your Rights

Right to access — request a copy of the personal data we hold about you.
Right to correction — request correction of inaccurate or incomplete data.
Right to deletion — request deletion of your personal data and your account, subject to our legal and regulatory obligations to retain certain records.
Right to withdraw consent — withdraw consent for marketing communications or other consent-based processing at any time.
Right to portability — receive your data in a structured, commonly used, machine-readable format.
Right to object — object to processing based on legitimate interests.
Right to lodge a complaint — with SEBI, the Data Protection Board of India (under the Digital Personal Data Protection Act, 2023), or another supervisory authority.

To exercise any of these rights, please email us at ranjanhrc@gmail.com with your full name and registered mobile number. We will respond within 30 days.

08 Account & Data Deletion

In compliance with Google Play's User Data policy, you may request deletion of your account and the data associated with it as follows:

In-App: Open the app → Profile / Settings → Account → "Request Account Deletion"
By Email: Send a deletion request from your registered email address to ranjanhrc@gmail.com with the subject line "Account Deletion Request – Capital Trackers"
Online: Visit www.capitaltrackers.in/account-deletion and submit the form

On receipt of a verified deletion request, we will delete your account profile, marketing preferences, and app analytics data within 30 days. KYC records, financial transaction records, complaint records, and other legally required data will be retained for the minimum period required by law (typically 5 years). Once deleted, your account cannot be restored.

09 Data Security

Encryption in transit — all data transmitted between your device and our servers is encrypted using HTTPS / TLS.
Encryption at rest — sensitive data stored in Google Firebase / Firestore is encrypted at rest by the cloud provider.
Access controls — access to personal data is restricted to authorised personnel on a need-to-know basis.
Authentication — access to your account is protected by OTP-based authentication; we never ask for your trading account or bank account credentials.
SEBI CSCRF compliance — we comply with applicable provisions of the SEBI Cybersecurity and Cyber Resilience Framework for Regulated Entities.

Despite these measures, no system is 100% secure. If a data breach affects your personal information, we will notify you and the relevant authorities without undue delay, as required by law.

10 Children's Privacy

Our Services are intended for users who are 18 years of age or older. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from a child under 18, we will delete it as soon as possible. If you believe a child has provided us with personal information, please contact us at ranjanhrc@gmail.com.

11 Permissions Used by the App

Permission	Purpose
Internet	Required for app functionality — fetching research reports, sending data to our servers.
Network State	To detect connectivity and adapt content accordingly.
Notifications	To send you research alerts, market updates, and account notifications. You can disable notifications anytime in your device settings.
Camera (optional)	Only if you choose to upload KYC documents directly using the camera. Used only at the moment of capture; no images are stored without your action.
Storage / Photos (optional)	Only if you choose to upload KYC documents from your gallery.
Read SMS / Auto-OTP (optional)	Only if your device supports auto-fill of OTP via SMS Retriever API. We do not read other SMS messages.

12 Third-Party Services & SDKs

Service	Purpose	Privacy Policy
Google Firebase (Auth, Firestore, FCM)	Backend storage, login, push notifications	policies.google.com/privacy
Google Analytics for Firebase	App usage analytics	policies.google.com/privacy
Firebase Crashlytics	Crash reporting and diagnostics	policies.google.com/privacy
FlutterFlow	App development platform (no end-user data collection)	flutterflow.io/privacy
MSG91 (or equivalent SMS provider)	OTP delivery for authentication	msg91.com/privacy-policy
Payment Gateways / CeFCoM (BSE)	Fee collection	Refer to respective gateway
KYC Registration Agencies (KRA)	KYC verification and storage	Refer to respective KRA

13 International Data Transfers

Some of our service providers (notably Google Firebase) may store and process data on servers located outside India. We rely on the security and contractual safeguards offered by these providers, who are subject to industry-standard data protection practices. Where required by Indian law, we ensure that adequate safeguards are in place for any cross-border transfer of personal data.

14 Cookies and Similar Technologies

Our website at www.capitaltrackers.in uses cookies and similar technologies to maintain login sessions, remember preferences, and analyse traffic. You can control cookies through your browser settings. Disabling cookies may affect website functionality.

15 Marketing Communications

With your consent, we may send you marketing emails, SMS messages, or push notifications about new research services, market updates, or promotional offers. You can opt out at any time by clicking the "unsubscribe" link in our emails, replying STOP to SMS messages, or disabling notifications in your device settings. Opt-out does not affect transactional or regulatory communications, which we are required by SEBI to send.

16 Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy.
Notify you through the app, by email, or via a prominent notice on our website at least 7 days before the change takes effect.
For significant changes, we will obtain your renewed consent where required.

17 Compliance with Indian Laws

This Privacy Policy is governed by the laws of India. We comply with applicable laws including:

The Digital Personal Data Protection Act, 2023 (DPDP Act)
The Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
The Securities and Exchange Board of India (Research Analysts) Regulations, 2014
The Prevention of Money Laundering Act, 2002 and PMLA Rules, 2005
SEBI Master Circular for Research Analysts dated February 06, 2026
SEBI Cybersecurity and Cyber Resilience Framework (CSCRF) for Regulated Entities

Disputes shall be subject to the exclusive jurisdiction of the courts at New Delhi, India.

18 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact our Privacy Point of Contact:

Privacy Point of Contact

Ranjan Yaduvanshi

Designation

SEBI Registered Research Analyst & Data Controller

ranjanhrc@gmail.com

Phone

011-49065992

Postal Address

B-68, Fourth Floor, Paryavaran Complex, South Delhi, Delhi

Response Time

Within 30 days of receipt of your request

If you are not satisfied with our response, you may also file a complaint with:

The Data Protection Board of India (under the DPDP Act, 2023)
SEBI — via SCORES at scores.sebi.gov.in
Online Dispute Resolution — smartodr.in