Skip to main content

Privacy Policy

Last Updated 13 April 2026
Effective Date April 7, 2026
Jurisdiction Pune, Maharashtra

Contents

  1. Introduction & Scope
  2. Information We Collect
  3. How We Use Your Information
  4. How We Share Your Information
  5. Data Storage & Security
  6. Data Retention
  7. Your Rights
  8. Cookies & Tracking
  9. Third-Party Links
  10. Children's Privacy
  11. WhatsApp & Messaging
  12. Changes to This Policy
  13. Grievance Officer & Contact

1. Introduction & Scope

RupeeCase is operated by QC Alpha Technologies Pvt Ltd (parent company, Algo Vendor application pending with SEBI), with research and advisory services provided by QC Alpha Research Pvt Ltd (100% subsidiary, SEBI Research Analyst registration pending).

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use:

  • Our website (rupeecase.com and invest.rupeecase.com)
  • Our mobile applications
  • Our services, tools, and calculators
  • Our WhatsApp and email communications

This policy is governed by the Digital Personal Data Protection (DPDP) Act, 2023, the Information Technology Act, 2000, and relevant SEBI regulations.

Important: By accessing RupeeCase, you consent to the collection and use of your personal data as described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

We collect personal data in several categories to provide you with effective investment strategy execution and compliance with regulatory requirements:

Category Data Type How Collected
Identity Data Full name, email address, phone number, PAN, date of birth, nationality Broker KYC (5paisa or other brokers), account registration form
Financial Data Broker account ID, portfolio holdings, trade history, order history, account balance, margin usage Broker API integration (via OAuth 2.0 token), real-time sync
Usage Data IP address, browser type, device type, pages visited, session duration, clicks, scroll depth Automatically via web server logs and Google Analytics
Communication Data WhatsApp messages, email messages, support ticket content, feedback WhatsApp Business API, email, contact forms
Calculator/Tool Data Option pricing inputs, portfolio calculations, hypothetical scenarios Client-side processing only (not stored on servers)

Data We Do NOT Collect

  • We do NOT store passwords or OAuth access tokens in plain text
  • We do NOT collect biometric data
  • We do NOT collect data from minors under 18 (see Section 10)
  • We do NOT sell calculator inputs or hypothetical scenario data to third parties

3. How We Use Your Information

We use your personal data for the following purposes:

Service Delivery

  • Execute investment strategies from the 16-strategy marketplace (e.g. Allcap, Midcap Smallcap, Allcap Multi-Asset) on your linked broker account
  • Sync portfolio data from your broker account in real-time
  • Send trade confirmations, rebalance alerts, and execution updates via WhatsApp and email
  • Provide technical support and resolve account issues

Regulatory Compliance

  • Maintain audit logs and transaction records (required by NSE Algo Vendor guidelines)
  • Report to SEBI, NSE, and BSE as required by regulation
  • Verify identity and prevent fraud
  • Comply with anti-money laundering (AML) and know-your-customer (KYC) requirements

Platform Improvement

  • Analyze usage patterns to improve user experience
  • Identify bugs and optimize system performance
  • Conduct A/B testing on features and UI changes

Marketing & Communication

  • Send updates about new features, market insights, and educational content
  • Notify you about account activity and security alerts
  • Conduct surveys and gather feedback
Marketing Opt-Out: You can opt out of marketing emails and WhatsApp messages by clicking the unsubscribe link in the message or replying "STOP" to WhatsApp messages. Transactional messages (trade confirmations, alerts) cannot be disabled.

4. How We Share Your Information

We share your personal data only with the following parties, and only for the purposes specified:

Broker Partners

We share your broker account credentials and trading data with your connected broker (e.g., 5paisa) solely to execute strategies and retrieve portfolio data. You control this integration via OAuth 2.0 authentication.

QC Alpha Research Pvt Ltd (Subsidiary)

We may share anonymized market research and trend data with our research subsidiary to improve investment strategies and provide better advisory. Your personal identity is never disclosed.

Regulators & Authorities

We disclose personal data to:

  • SEBI (Securities and Exchange Board of India) for compliance reporting
  • NSE (National Stock Exchange) for algo vendor regulations
  • BSE (Bombay Stock Exchange) for market oversight
  • Law enforcement and government agencies when legally required

Cloud Infrastructure Providers

We use AWS and Cloudflare for hosting and content delivery. These providers process your data under strict data processing agreements and are bound by confidentiality obligations.

Third-Party Services

  • Google Analytics | for website analytics (anonymized)
  • Meta (WhatsApp Business) | for messaging (see Section 11)
  • Email Service Provider | for email delivery and transactional messages

What We Do NOT Do

  • We do NOT sell your personal data to advertisers or data brokers
  • We do NOT share your data with competitors
  • We do NOT use your data for unauthorized marketing
  • We do NOT transfer your data outside of India without compliance with DPDP Act requirements

5. Data Storage & Security

Server Location

All personal data is stored on servers located in India (compliant with SEBI Algo Vendor requirements for data residency). We do not transfer your data internationally.

Encryption & Transmission Security

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • HTTPS-only connections on all RupeeCase domains

Authentication & Access Control

  • OAuth 2.0 for secure broker account linkage (no passwords stored)
  • Two-Factor Authentication (2FA) available for accounts
  • Role-based access control (RBAC) for internal staff
  • Principle of least privilege | employees access only data needed for their role

Audit & Monitoring

  • All data access is logged and audited
  • Automated alerts for suspicious activity
  • Regular security assessments and penetration testing
  • Vulnerability management program

Data Breach Notification

In the event of a data breach, we will notify affected individuals within 72 hours (as required by DPDP Act and IT Rules) and provide guidance on protective measures.

6. Data Retention

We retain your personal data for the following periods, after which it is securely deleted unless legally required to retain longer:

Data Type Retention Period Reason
Account Data (name, email, PAN) Duration of account + 5 years SEBI compliance and regulatory archival
Trade Logs & Transaction History 5 years NSE Algo Vendor regulatory requirement
Communications (WhatsApp, Email, Support) 3 years Dispute resolution and audit purposes
Anonymized Analytics Data Indefinite Historical trend analysis (no personal identifiers)
Account Activity Logs 1 year Security and incident investigation

Deletion Process

When retention periods expire, data is securely deleted using cryptographically secure methods. You can request early deletion of non-regulatory data (see Section 7 for Your Rights).

7. Your Rights Under the Digital Personal Data Protection Act, 2023

Under DPDP Act 2023, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days of your request in a machine-readable format.

Right to Correction

You can request correction of inaccurate or incomplete personal data. We will verify and update within 30 days.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to:

  • Data required for regulatory compliance (5-year retention) cannot be deleted
  • Data needed to execute active strategies cannot be deleted without closing your account
  • Other non-regulatory data will be deleted within 30 days

Right to Withdraw Consent

You can withdraw consent for marketing communications at any time. Withdraw by:

  • Clicking the unsubscribe link in emails
  • Replying "STOP" to WhatsApp messages
  • Emailing [email protected] with "Withdraw Consent" subject line

Right to Nominate

You can nominate a representative to exercise your rights on your behalf. Submit a notarized letter to [email protected].

Right to Grievance Redressal

You can file a formal grievance if you believe we have violated your rights. See Section 13 (Grievance Officer & Contact).

Filing a Complaint with Data Protection Board of India

If we do not resolve your complaint within 30 days, you can escalate to the Data Protection Board of India:

Data Protection Board of India
Website: www.dpb.gov.in
You can file a complaint if the complaint has not been resolved by the Grievance Officer within 30 days.

8. Cookies & Tracking

Essential Cookies

We use essential cookies to maintain your session and provide core functionality:

  • Session Cookie (session_id) | keeps you logged in during your visit
  • Authentication Cookie (auth_token) | stores secure authentication state
  • CSRF Token | prevents cross-site request forgery attacks

These cookies cannot be disabled as they are necessary for RupeeCase to function.

Analytics Cookies

We use Google Analytics to understand user behavior and improve platform performance. Google Analytics cookies:

  • Track aggregate page views and user flow (anonymized)
  • Do NOT collect personally identifiable information
  • Can be disabled via Google's opt-out browser extension

Cookies We Do NOT Use

  • No advertising or third-party tracking cookies
  • No behavioral targeting cookies
  • No cross-site tracking

Manage Cookies

You can control cookies in your browser settings. Most browsers allow you to:

  • View cookies stored by websites
  • Delete cookies on exit
  • Block cookies from third parties
  • Block all cookies (note: some RupeeCase features may not work)

9. Third-Party Links

External Links Policy

RupeeCase may contain links to third-party websites for informational purposes, including:

  • SEBI (sebi.gov.in) | regulatory guidance
  • NSE (nseindia.com) | market data and announcements
  • BSE (bseindia.com) | market data and announcements
  • Broker Websites (5paisa, etc.) | account management and trading

Disclaimer

We are not responsible for the privacy practices, terms of service, or content of third-party websites. This Privacy Policy applies only to RupeeCase. When you follow a link to an external site, please review their privacy policy before providing personal data.

Important: External links are provided as convenience only. We do not endorse or control external sites.

10. Children's Privacy

RupeeCase is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.

Our Policy

  • RupeeCase is designed for adult investors and traders
  • Investment account opening requires age verification (PAN, Aadhaar)
  • We do not knowingly collect data from users under 18
  • If we become aware that a minor has provided personal data, we will delete it immediately

Parents & Guardians

If you believe your child has provided personal data to RupeeCase without authorization, please contact us immediately at [email protected] so we can delete the information.

11. WhatsApp & Messaging Communications

WhatsApp Business Integration

RupeeCase uses WhatsApp Business API (operated by Meta Platforms Ireland Ltd) to send you real-time notifications and updates. WhatsApp messaging is subject to both this policy and Meta's WhatsApp Business Terms of Service.

Types of Messages Sent

  • Trade Confirmations | executed orders, filled prices, quantities
  • Rebalance Alerts | when portfolio actions are triggered or pending
  • Market Updates | market opens/closes, index levels, key events
  • Account Alerts | login notifications, security alerts, margin warnings
  • Educational Content | market insights, strategy tips, webinar invites

Message Frequency

Message frequency depends on market activity and your strategy settings. During high-volatility periods, you may receive multiple alerts per day. Low-activity periods may have minimal messages.

Opting In & Out

Opting In

WhatsApp messaging is opt-in. You must explicitly consent to receive WhatsApp messages during account setup or through your account settings.

Opting Out

You can opt out at any time by:

  • Replying "STOP" to any WhatsApp message
  • Disabling WhatsApp notifications in your RupeeCase account settings
  • Contacting [email protected] with "Disable WhatsApp" subject line

Note: You cannot opt out of critical transactional messages (trade confirmations, security alerts) while your account is active.

Message Content & Privacy

  • Messages contain only your trade data and account alerts
  • You control message recipients via your account settings
  • Messages are end-to-end encrypted by WhatsApp

Meta's Role & Data Processing

Meta (WhatsApp's parent company) processes message data according to WhatsApp Business Terms and Privacy Policy. Meta may:

  • Process messages for delivery and security
  • Retain message metadata (timestamps, phone numbers) for platform operation
  • Use aggregated data to improve WhatsApp Business services

For details on Meta's data handling, see: www.whatsapp.com/privacy

WhatsApp Business API: Messages are sent via Meta's WhatsApp Business API. Your phone number and message content are processed by Meta in accordance with their Privacy Policy. We do not control Meta's data practices.

12. Changes to This Policy

Updates & Notifications

We may update this Privacy Policy to reflect legal changes, regulatory updates, or platform improvements. We will:

  • Post the updated policy on this page with a new "Last Updated" date
  • Notify you via email if material changes are made
  • Show in-app notifications for significant policy changes

Material Changes

Material changes (e.g., new uses of data, expanded sharing) will be communicated at least 30 days in advance. Continued use of RupeeCase after the effective date constitutes acceptance of the updated policy.

Your Consent

If you disagree with policy changes, you can:

  • Close your RupeeCase account (see account settings)
  • Request data deletion (subject to retention periods in Section 6)
  • Contact us to discuss concerns (see Section 13)

13. Grievance Officer & Contact

RupeeCase Grievance Officer

Tanmay Kurtkoti

Position: Founder & CEO, Grievance Officer
Email: [email protected]
Address: Pune, Maharashtra 411038, India
Response Time: Within 30 days (IT Rules 2021) / 21 days (SEBI)

How to File a Grievance

You can file a formal grievance regarding data privacy, data misuse, or privacy rights violations by:

Option 1: Email

Send an email to [email protected] with:

  • Subject: "Privacy Grievance" or "Data Protection Complaint"
  • Your name, email, and phone number
  • Detailed description of the issue
  • Any supporting documentation
  • Proposed resolution if applicable

Option 2: In-App Grievance Form

Submit a grievance through your RupeeCase account settings (Help → File a Complaint).

Grievance Processing

We will:

  • Acknowledge receipt of your complaint within 5 business days
  • Investigate your complaint thoroughly
  • Provide a resolution or status update within 30 days
  • Escalate complex cases to senior management if needed

Escalation & External Redressal

If Not Satisfied with Our Response

You have the right to escalate your complaint to:

1. SEBI SCORES (for brokerage/investment-related complaints)

SEBI Centralized Complaint Management System (SCORES)
Website: scores.sebi.gov.in
You can file a complaint against RupeeCase if you believe we have violated securities regulations or investor protections.

2. SMART ODR Portal (for consumer disputes)

SMART Online Dispute Resolution (ODR) Portal
Website: smartodr.in
A government-approved alternative dispute resolution platform for consumer complaints. Filing is free and easy.

3. Data Protection Board of India

For data privacy violations specifically (not resolved within 30 days by us), file a complaint with:

Data Protection Board of India
Website: www.dpb.gov.in
You can escalate complaints under the Digital Personal Data Protection Act, 2023.

Company Information

QC Alpha Technologies Pvt Ltd
(Parent Company & Platform Operator)

Address: Pune, Maharashtra 411038, India
Email: [email protected]

QC Alpha Research Pvt Ltd
(100% Subsidiary, Research Analyst)

Address: Pune, Maharashtra 411038, India
Email: [email protected]

Regulatory Disclaimer

This Privacy Policy is subject to the laws of India, specifically:

  • Digital Personal Data Protection (DPDP) Act, 2023
  • Information Technology Act, 2000
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • SEBI (Investment Advisers) Regulations, 2013 (if applicable)
  • SEBI (Algo Trading) Regulations

Jurisdiction: Pune, Maharashtra

Newsletter

What's working, what isn't.

Strategy launches, monthly performance notes, and podcast calls that printed. Two or three emails a month. Built for people who actually read them.

By subscribing you agree to our Privacy Policy. RupeeCase is not a SEBI registered Investment Adviser. Nothing in the newsletter is personalised investment advice.

Built on India's regulated market infrastructure
NSE
Order routing
BSE
Backup venue
SEBI
Markets regulator
NISM
Certified author
About Pricing Risk Profile Tools Sitemap
Privacy Policy Terms Disclaimers Grievance
RupeeCase is brought to you by Tanmay Kurtkoti.