Stack security policy cover image
back-button

Privacy policy

We are always committed to keeping your data secure, your private information private, and maintaining transparency regarding our practices.

Invacia Labs Private Limited operate mobile applications and website https://stackfinance.co under brand names Stack Finance. Stack Finance is committed to operating its website and mobile applications with the highest ethical standards and required internal controls. We take your privacy extremely seriously. Your privacy is important to us and maintaining your trust is imperative. This Policy forms part and parcel of the Terms of Use and other terms on the Stack Finance Platform ("Terms of Use"). The Privacy Policy should always be read in conjunction with the Terms and Conditions

This Privacy Policy is applicable to a User who avails the Platform and Services. The term "User" for the purposes of this Privacy Policy shall mean You, in the capacity of an individual, a guest user, browser and/ or representative of an entity, who visits, accesses, uses, downloads, deals with, avails Services and/ or transacts through Stack Finance Platform. For the purpose of this Policy, wherever the context so requires "You" or "Your" shall mean User and the term "We", "Us", "Our" shall mean Company (collectively known as The Platform and Services).

1. Collection of Information

We collect Personal Information (defined below) from You when You register or set up an account with Us on the Platform. You can browse certain sections of the Platform without being a registered member, however, to avail certain Services on the Platform (such as investing in funds) You are required to register with Us.

This Privacy Policy applies to information (“Personal Information”) that:

  1. You may provide to Us voluntarily while registering on Our Platform for using Our Services, such as mobile number, email address, password, date of birth, gender, Permanent Account Number (PAN), signature, marital status, nominee details, We may also ask You for certain financial information, including Your billing address, bank account details, credit card number, expiration date and/or other payment related details or other payment method data, and debit instructions or other standing instructions to process payments for the Services. We may ask You to provide certain additional information about Yourself such as income details, documents such as Address Proof or Bank Statements etc. on a case to case basis. All information disclosed by You shall be deemed to be disclosed willingly and without any coercion. No liability pertaining to the authenticity/ genuineness/misrepresentation/fraud/negligence, etc. of the information disclosed shall lie on the Company nor will the Company be in any way responsible to verify any information obtained from You;
  2. We may retrieve from Your records available with third party including from Know Your Customer (KYC) such as name, KYC details, KYC status, father’s name, occupation, address details and related documents.;
  3. Further, if You choose to invest through the Platform, We will also collect information about Your transactions including transaction status and details and Your investment behaviour; and
  4. When and if You download and/or use the Platform through Your mobile, We may receive information about Your location, Your IP address, and/or Your mobile device, including a unique identifier number for Your device. We may use this information to provide You with location-based Services including but not limited to search results and other personalized content. You can withdraw Your consent at any time by disabling the location-tracking functions on Your mobile. However, this may affect Your holistic experience of certain functionalities on Our Platform.

We may aggregate personal information that does not identify you individually for better product design, research and developing customized marketing offers either by us or any affiliated or unaffiliated third party consultants or service providers.

Further, we collect personal information when you are using our Financial Planning tools or registering with us for setting up an Investment Account. This information is primarily collected for regulatory compliance with applicable laws in order to enable and/or activate your account with AMCs and to enable you to conduct online transactions.

This information will be stored with us and shared with select third parties such as our group companies, Asset Management Companies (AMC), Registrar and Transfer Agents, BSE and affiliate companies, payment gateway providers in order to enable us to complete your registration as a client with us and to process any transaction requests that you authorise, maintain a record of your transactions and holdings, generate and send reminders, alerts, notifications to you for transactions, upcoming funds transfers etc.

We may collect personal information about your transactions, and how you interact with third parties such as your bank when you conduct banking transactions such as the purchase and/or redemption of units in a mutual fund scheme. This information helps us to provide our services to you. We encourage you to read the Terms and Conditions to understand further about how your information is collected and used.

Non-Personal Information
The Company shall also collect non-personal information pertaining to the behaviour of the User (Behavioural information), while using/browsing the Stack Finance Platform, messages posted by the User on Stack Finance Platform etc.

When You register using Your other accounts like on Facebook, Twitter, Gmail etc. We shall retrieve Information from such accounts to continue to interact with You and to continue providing the Services.

Any personally identifiable information provided by You will not be considered as sensitive if it is freely available and / or accessible in the public domain like any comments, messages, blogs, scribbles available on social platforms like Facebook, twitter etc. Further, any posted/uploaded/conveyed/communicated by users on the public sections of the Sites becomes published content and is not considered personally identifiable information subject to this Privacy Policy. The Company/its partners/vendors/ service providers etc. may also contact You from time to time through any mode of communication about updating Your personal information in order to provide the Users with such features that We believe may benefit / interest You.

We may use the information we collected online in conjunction with the personal information you have provided us with, or information that is publicly available from other sources. We may use this information to customize your experience and our communication with you both online and offline.

When we use other companies to provide services for us, we require them to protect the confidentiality of personal information about you that they receive from us. The information is disclosed on a need-to-know basis. We may use third party service providers to enable us in providing some services to you such as sending e-mail messages to you and tracking them on our behalf, collecting a fee for our services, and providing technical support that can contact you regarding an issue with any feature or functionality on our website.

When you provide us with your personal information either while setting up an account with us or later, it is kept maintained by the division that is responsible for your account management. You can view and/or update/edit this information by logging on to your account through our website, e-mailing us or calling customer service.

As we add more services or wish to inform you of some additional benefits that we offer either directly or in partnership with any third party, we may use the information we have collected to offer you customized recommendations as well as marketing communications through any medium including e-mail, SMS etc. You will have the option to opt out of such communications at any time.

If You send us correspondence, such as emails or letters, or if other users or third parties send us correspondence about Your activities or postings on the Platform, We may collect and retain such information into a file specific to You for responding to Your request and addressing concerns in relation to Your use of the Platform. We shall be entitled to retain Your Personal Information and other information for such duration as may be required for the purposes specified hereunder and will be used by Us only in accordance with this Privacy Policy.

The Personal Information, any non-personal information and behavioural information (collectively called as Information) is stored by the company on servers owned by its or its group companies or by third parties in India. Only on your explicit consent Stack Finance collects account information from respective institutions [as selected by you], by providing your account details and the corresponding password. The credentials are dual-encrypted, first by a unique-to-user key pair and second by our master key. These credentials are then passed to the institutions to screen scrape the data from the institutions website/platform. Data in transit is also encrypted using TLS and bank-grade public-private key exchange. This will enable Stack Finance to consolidate accurate information and present the same to you.

2. Use of Your Information

We use the Personal Information and other Non-Personal Information, for the following: (i) to provide and improve the Services on the Platform that You request; (ii) to resolve disputes and troubleshoot problems; (iii) to help promote a safe service on the Platform and protect the security and integrity of the Platform, the Services and the users; (iv) collect money from You in relation to the Services, (v) inform You about online and offline offers, products, services, and updates; (vi) customize Your experience on the Platform or share marketing material with You; (vii) to detect, prevent and protect Us from any errors, fraud and other criminal or prohibited activity on the Platform; (viii) enforce and inform about our terms and conditions; (ix) to process and fulfil Your request for Services or respond to Your comments, and queries on the Platform; (x) to contact You; (xi) to allow Our business partners and/or associates to present customised messages to You; (xii) to communicate important notices or changes in the Services provided by the Company, use of the Platform and the terms/policies which govern the relationship between You and the Company and with Our affiliates as set out in paragraph 3 below for providing services to You; and (xiii) for any other purpose after obtaining Your consent at the time of collection.

You also specifically agree and consent to Us collecting, storing, processing, transferring and sharing information (including Personal Information) related to You with third parties such as Banks, financial institutions, credit information companies, entities registered under applicable laws with Securities Exchange Board of India, National Stock Exchange of India Limited/BSE Limited/Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI)/payment gateways/ collecting banks/KRAs etc. solely for the purpose of reviewing your profile and processing your transaction requests for the Services or for such other products/services offered by us or our group, affiliate or associates.

In addition to the above, We identify and use Your IP address to help diagnose problems with Our server, resolve such problems and administer the Platform. Your IP address is also used to help identify you and to gather broad demographic information.

We may occasionally ask You to complete optional online surveys. These surveys may ask You for Your contact information and demographic information (like zip code, age, or income level). We use this information to tailor Your experience at the Platform, providing You with content that We think You might be interested in and to display content according to Your preferences. We use Your Personal Information to send You promotional emails, however, We will provide You the ability to opt-out of receiving such emails from Us. If You opt out, the Company may still send You non-promotional emails, such as emails about the Services and Your account on the Platform.

Unless and until, You explicitly give Your consent to Us, to do so, We will not share Your Personal Information with another user of the Platform and vice versa.

3. Sharing of information

We may make Your Personal Information and/or other Non-Personal Information available to Our affiliates to enable them to provide Services through the Platform to You. Please note that all information shared with our affiliates or made available to our affiliates will be governed by the terms of this Privacy Policy. In addition to the Personal Information and in order to provide Services to You, affiliates may also collect Your Aadhaar, finger – print details and signature solely for completing the account opening procedures and authenticating Your transactions on the Platform. The act of providing Your Aadhaar is voluntary in nature and the Company hereby agrees and acknowledges that it will collect, use and store such details in compliance with applicable laws and this Privacy Policy.

We may also disclose Your Personal Information to third party vendors, consultants, and other service providers who work for the Company, who are bound by contractual obligations to keep such personal information confidential and use it only for the purposes for which We disclose it to them. This disclosure may be required for Us, for instance, to provide You access to Our Services and process payments including validation of Your bank accounts, to facilitate and assist Our marketing and advertising activities/initiatives, for undertaking auditing or data analysis, or to prevent, detect, mitigate, and investigate fraudulent or illegal activities related to Our Services. We do not disclose Your Personal Information to third parties for their marketing and advertising purposes without Your explicit consent.

The Company may disclose Your information, to the extent necessary: (i) to comply with laws and to respond to lawful requests and legal process, (ii) to protect the rights and property of the Company, Our users, and others, including to enforce the Terms, and (iii) in an emergency to protect the personal safety and assets of the Company, the users, or any person. In such an event the Company is in no manner responsible for informing You or seeking Your approval or consent.

We and Our affiliates may, in compliance with applicable laws, share/transfer/assign all of Your Personal Information and other information with any other business entity(ies), in the event of a merger, sale, re-organization, amalgamation, joint ventures, assignment, restructuring of business or transfer or disposition of all or any portion of Our business.

4. Data accessed from Google

Your personal information with respect to connecting your Gmail account with Stack Finance Application: Compliance w.r.t. Google OAuth API Scopes (Restricted scopes)

We will never rent or sell your information or data to anyone. Stack Finance ensures that it is always in compliance with the restricted scope defined under Google OAuth API policies.

  1. Stack Finance limits use of data to providing or improving your user experience. Connecting your Gmail account with Stack Finance is completely optional and based on your explicit consent for only specific use cases as has been described in this Privacy Policy. You can choose to de-link your Gmail account with the application at any time and/ or you can delete your information by writing to privacy@stackfinance.co
    Alternatively, you can remove access to Stack Finance from Google Mail’s permission settings located at: https://myaccount.google.com/permissions.
  2. We only transfer the data to others if necessary to provide or improve user-facing features that are prominent in the requesting application's user interface. We may also transfer data as necessary to comply with applicable law or as part of a merger, acquisition, or sale of assets with notice to users. All other transfers or sales of the user data are prohibited
  3. We don't use or transfer the data for serving ads, including retargeting, personalized, or interest-based advertising and we do not allow and we prohibit access to any of the third party analytics providers.
  4. We don't allow humans to read the data, unless:
    • (a) We first obtain your affirmative agreement for specific messages;
    • (b) It is necessary for security purposes (such as investigating a bug or abuse);
    • (c) It is necessary to comply with applicable law; or
    • (d) Our use is limited to internal operations and the data (including derivations) have been aggregated and anonymized.

These prohibitions of use of data apply to the raw data obtained from Restricted Scopes and data aggregated, anonymized, or derived from them. Our employees, agents, contractors, and successors comply with the “Google API Services: User Data Policy”.

5. Accessing and updating personal information

When You use the Services or Sites (or any of its sub sites), We make good faith efforts to provide You, as and when requested by You, with access to Your personal information and shall further ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible, subject to any requirement for such personal information or sensitive personal data or information to be retained by law or for legitimate business purposes. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. In any case, where We provide information access and correction, We perform this service free of charge, except if doing so would require a disproportionate effort. Because of the way We maintain certain services, after You delete Your information, residual copies may take a period of time before they are deleted from Our active servers and may remain in Our backup systems.

We encourage You to review, update and correct the personal information that We maintain about You, and You may request that We delete personal information about You that is inaccurate, incomplete or irrelevant for legitimate purposes, or are being processed in a way which infringes any applicable legal requirement.

Your right to review, update, correct etc. Your information is subject to Our records retention policies and applicable law, including any statutory retention requirements.

Retention of Data
We shall retain the records as per applicable laws and such other statutory / regulatory requirements from time to time. In the event any legal / regulatory proceeding is pending, we can retain records for a longer period.
We shall store the data in our database even if the User has chosen not to be contacted and/ or closed his/her account with the Company.
We shall store the data/information/records on a server owned by Us or its group companies in India.
We may keep Our records of the electronic instructions/transactions in any form as permitted under applicable Laws. In this regard, all records, whether in electronic form, magnetic form, documents or any other form with respect to electronic instructions/online transactions shall be conclusive evidence of such instructions/transactions and shall be binding on the User
Personal information collected will not be used for any purposes other than as mentioned herein. You may withdraw your consent for the use of the personal information at any time by deactivating your account. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent. In the event you choose to withdraw your consent for collecting and processing your personal data, we will be unable to provide you with our products and services.

6. Information Security

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of Our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where We store personal data. All information gathered on Stack Finance is securely stored within the Company controlled database. The database is stored on servers secured behind a firewall; access to the servers is password-protected and is strictly limited. However, as effective as Our security measures are, no security system is impenetrable. We cannot guarantee the security of Our database, nor can We guarantee that information You supply will not be intercepted while being transmitted to Us over the Internet. And, of course, any information You include in a posting to the discussion areas is available to anyone with Internet access.

7. Updates / Changes

The internet is an ever-evolving medium. We may alter Our Policy from time to time to incorporate necessary changes in technology, applicable law or any other variant. In any case, We reserve the right to change (at any point of time) the terms of this Policy or the Terms of Use. Any changes We make will be effective immediately on notice, which We may give by posting the new policy on the Sites. Your use of the Sites or Services after such notice will be deemed acceptance of such changes. We may also make reasonable efforts to inform You via electronic mail. In any case, You are advised to review this Policy periodically on the Sites to ensure that You are aware of the latest version.

8. Changes to Privacy Policy

Stack Finance reserves the right to change this policy from time to time. Any changes shall be effective immediately upon the posting of the revised Privacy Policy. If you are not comfortable with any of the changes to Privacy Policy you may choose to discontinue usage of Stack Finance website or mobile applications. You can also email us at privacy@stackfinance.co to update or delete your personal information that Stack Finance has collected. We update this Privacy Policy periodically and we may modify the terms of this policy without prior intimation. It is your responsibility to periodically review the terms of this policy and if you do not agree with the terms of this Privacy Policy or any changes made to this policy, please stop using all Services immediately and write to us at the address mentioned above.

9. Privacy Questions and Access

Your personal information is yours. Under Indian law, you have the right to ask us for a readable copy of all your personal information stored with us.If you have any questions about the accuracy or safety of your information, please do contact us at support@stackfinance.co or privacy@stackfinance.co In certain cases, you may have the ability to view or edit your personal information online. In the event your information is not accessible online and you wish to change or delete your personal information or other information that you may have provided, please contact us immediately at support@stackfinance.co or privacy@stackfinance.co

10. Security and Responsible Disclosure

We at Stack Finance are committed to our client's data and privacy. We blend security at multiple steps within our products with state of the art technology to ensure our systems maintain strong security measures. The overall data and privacy security design allows us to defend our systems ranging from low hanging issues up to sophisticated attacks.

If you are a security enthusiast or a researcher and you have found a possible security vulnerability on Stack Finance, we encourage you to report the issue to us responsibly.

You could submit a bug report to us at security@stackfinance.co with detailed steps required to reproduce the vulnerability.