General

At Midfin360, we take privacy and security seriously. This Privacy Policy explains how Midfin360 and MidFin Wealth process information collected through our websites, mobile apps and other online services (the "Platform" or "Application"), and when you otherwise interact with us, including customer care channels.

The Platform enables Users to access online financial products and services (for example mutual fund distribution, National Pension System (NPS) services, portfolio tracking and related services — collectively "Services"). This Policy applies to all Users of the Platform and outlines:

• The types of information collected (including personal and sensitive personal data);
• Purposes and methods of collection, use, processing, retention and destruction;
• How and to whom we disclose information; and
• How we protect Users' personal information when accessing the Platform.

We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided us data, please contact info@midfin360.com and we will delete it promptly.

Purpose and Scope of this Policy

This Policy explains our practices and procedures regarding the collection, storage, processing and sharing of information you provide via the Platform. "Using" and "processing" include use of cookies and actions such as collection, storage, transfer, evaluation, deletion, disclosure, management, modification and use of information.

• This Policy is applicable to all Users. By using the Platform or providing information you agree to be bound by this Policy.
• Read this Policy together with any other specific policies we provide at the time of collection.
• We may update this Policy; updated versions will be posted on the Platform and notified to Users where appropriate.
• Data collected via the Platform is stored on secured servers located in India, and we are bound by applicable Indian laws.
• This Policy does not apply to third-party websites or apps; please check their privacy practices separately.

Collection of Personal Data

To provide Services, we may collect personal and sensitive personal data (as defined under applicable law). Examples include but are not limited to:

Onboarding / Registration

• Personal details: name, date of birth, gender, nationality, parents' names, marital status, photo.
• Contact information: address, PIN, location, phone number, email, nominee details.
• Financial information: bank account number, account name, IFSC code.
• KYC documents: PAN, Aadhaar (redacted), video/online or offline verification documents as required by regulators.
• Employment details: occupation, income, employer, designation (for CKYCR and regulatory retention).
• Device information: camera/microphone access, device model, IP address, location, device identifiers.
• Contact access: contacts (only with explicit consent for payment-related services).
• Payment info: card details, billing address, transaction history, standing instructions.
• SMS data: stored/processed with consent to facilitate payments, OTPs, and verification.
• Device binding: where required we may request linking a device/SIM for security and regulatory reasons (with prior consent).
• Browser information: plugins, cookies and related browser metadata.

KYC, Credit & Investment Data

• We may fetch KYC details from regulated registries (CKYC, CVL, MFU) with your consent.
• Credit information may be obtained from authorised providers (e.g., Experian, CRIF High Mark) with explicit consent.
• You may permit us to access your Gmail (read-only, financial-related content) to auto-track investments and expenses — this can be disconnected at any time.
• You can upload investment statements (PDF/Excel) or provide credentials for portals such as EPFO or NPS Tier I for consolidating investment data (stored encrypted).

Processing of Personal Information

We process personal data for purposes including (but not limited to):

• Providing and facilitating the Services (investment aggregation, analytics, risk profiling, advisory).
• Processing transactions, communicating about queries and regulatory needs.
• Value-added services and customer support (including call/chat recordings for quality and training).
• KYC and regulatory compliance.
• Customizing platform content, sending alerts, notices and verification messages.
• Fraud prevention, audits, troubleshooting, and compliance with applicable laws.
• Collecting installed application metadata and logs to improve app functionality.

Disclosure of Data

We may disclose personal information where required by law or where necessary to provide Services, including to:

• Third-party service providers and contractors (payment processors, analytics providers, fraud detection, database management, maintenance).
• Partner AMCs, MFU, registrars and other financial product providers required for the Services you use.
• Regulatory or government authorities when legally required (court orders, investigations, lawful requests).
• In the event of a merger, acquisition or business transfer (we will notify affected users where required).

We maintain a strict no-spam policy and do not rent or sell personal information to unaffiliated third parties without consent, except as described in this Policy or required by law.

Non-Personal Data & Cookies

We collect aggregated non-personal data for research and service improvement. The Platform uses cookies; you will be prompted to accept cookies when using the Platform.

Cookies do not inherently contain personal information unless you supply it. You may refuse cookies via browser settings, though some features may require cookies (for authentication, for example).

Your Rights & How to Exercise Them

Under applicable law (including the Digital Personal Data Protection Act, 2023), you have rights such as:

• Right to access your personal data and information about its processing.
• Right to correction (rectify inaccurate data).
• Right to erasure / deletion in certain circumstances (subject to legal retention requirements).
• Right to data portability in a structured, machine-readable format.
• Right to withdraw consent for processing activities based on consent.

Response Time: We will respond within 30 days; complex requests may take up to an additional 60 days with notification. To exercise rights, we will ask you to identify yourself. For deletion/account closure use the Platform Settings or contact info@midfin360.com.

Disclaimer of Information

We do not control or endorse content posted by users or third parties. You are responsible for the accuracy of information you provide. We may refuse to update or delete certain records where legally restricted (for example, prosecution-related documents).

Security

• SSL Encryption: We use SSL when transmitting sensitive information.
• Employee confidentiality: Employees and processors with access to personal data are bound by confidentiality obligations.
• Industry standards: We follow industry best practices and require third-party processors to implement adequate measures.
• OTP security: No administrator has knowledge of your OTP; do not share OTP, MPIN or login credentials.
• Breach notification: If you suspect unauthorized use, notify info@midfin360.com immediately. We will notify the Data Protection Board of India and affected users in accordance with law.

Compliance

We comply with applicable laws and regulations including:

• Information Technology Act, 2000
• Digital Personal Data Protection Act, 2023
• Prevention of Money Laundering Act, 2002
• SEBI and PFRDA regulations and guidelines

Retention Period

We retain personal data only as long as necessary for processing and to meet legal/regulatory requirements. Examples:

• KYC documents: 5–8 years after account closure (regulatory requirements)
• Transaction records: 8 years from transaction date
• Communication records: 3 years
• Technical & analytics data: 2 years or until purpose is served

Anonymized aggregated data may be retained indefinitely for research and statistical purposes.

Changes to this Policy

We may update this Policy at any time. Changes are effective on posting. Users are encouraged to review the Policy periodically. If you disagree with changes, discontinue use of the Platform or contact us at info@midfin360.com.

Questions or Complaints

If you have questions or complaints about our processing of personal data, write to us at info@midfin360.com. Our team will assist you.