Privacy & Data

Privacy Policy

Paisaverse respects your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when you use Paisaverse's website, application, and related services (collectively, the "Services"). By using the Services, you agree to this Privacy Policy.

Last updated: May 2026 · Paisaverse Private Ltd.

Section 1

What we collect

Note on beta. Paisaverse is currently in beta. This policy describes how we handle your data today. Our team is small, our practices are evolving, and we are deliberately conservative about what we collect. Before we exit beta and offer the Services publicly to paid users, this policy will be reviewed and updated. We will notify beta users by email if material changes are made.

Paisaverse respects your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when you use Paisaverse's website, application, and related services (collectively, the "Services"). By using the Services, you agree to this Privacy Policy.

A. Information you provide

  • Account details — name, email address, or authentication method.
  • Profile settings — country of residence, DTAA treaty country, and base currency. These three settings are independent and determine how your portfolio is displayed and what tax rules are applied.
  • Support communications — anything you send us by email or in-app message.

B. Information from uploads

When you use our upload features, we process:

  • Brokerage tradebooks from Zerodha, Angel One, or our CSV template, containing trade dates, buy/sell details, quantities, prices, and broker charges.
  • Any other financial files you choose to upload.
What we do not do. We do not ask for your bank or broker passwords. We do not ask for PINs, OTPs, or any sensitive authentication information. We do not directly connect to your brokerage account — all data comes in via file upload.

C. Technical data collected automatically

When you use the Services, we receive standard technical information that any web server produces:

  • Device and browser type.
  • IP address.
  • Basic operational logs — when requests are made and whether they succeeded or failed.

We do not track which features you use or how you navigate the app. We do not use any analytics tools, advertising networks, or behavioral tracking technologies. We do not build a profile of your activity. The basic logs we do have exist for one reason only: keeping the platform running and secure.

D. Data we generate from your inputs

Based on what you upload and how you configure your settings, our engine produces:

  • Capital gains computations (short-term and long-term).
  • Portfolio values in your chosen base currency.
  • DTAA treaty position indicators.
  • TDS refund eligibility estimates.
  • Home country tax estimates (for the countries where we've mapped local rules).
  • Corporate action adjustments (splits, bonuses, dividends, mergers, demergers).
This generated data is treated with the same protections as your uploaded data. It is informational — it is not tax advice, and we always recommend reviewing it with a qualified tax professional before filing.

E. Exchange rate data

To convert your portfolio and compute tax estimates, we use exchange rate data from third-party providers and, where applicable, daily spot rates published by the central banks of countries we support. This data is not personal to you, but it is combined with your inputs to produce outputs.

Section 2

How we use your information

We use the information described above to:

  • Operate the Services and provide you access to your portfolio.
  • Run the computations you've configured (cost basis, tax estimates, treaty position).
  • Communicate with you about your account, beta updates, and support requests.
  • Maintain and secure the platform (debugging issues, preventing abuse, keeping infrastructure healthy).
We do not sell your personal information. We do not share it with advertisers. We do not use it to train AI models.

If you are in the EEA, UK, or another jurisdiction with similar laws, we process your data under the following legal bases: contract (to provide the Services you've signed up for), legitimate interests (to keep the platform secure and improve it), and consent (for any optional features or communications where consent is required).

Section 3

Where your data lives and who can see it

Where Paisaverse operates

Paisaverse is incorporated and operated by Paisaverse Private Ltd., a company registered in India. Our team works across India and Europe, and we serve users globally — primarily Indian residents and NRIs in Europe and the UAE.

Where your data is stored

Your data is stored on cloud infrastructure physically located in France, within the European Union. We chose European hosting deliberately, since most of our users are based in the EU and we want their data to live close to them.

Because Paisaverse is an Indian-registered company, our team in India accesses this data to operate the Services. If you are an EU resident, this means your data is stored in the EU but is processed by a company based outside the EU. This processing is subject to applicable data protection laws, including the EU GDPR (which applies to companies offering services to EU residents) and India's Digital Personal Data Protection Act, 2023.

Sub-processors

We rely on a small number of third-party providers to operate the Services — currently limited to cloud hosting infrastructure. We do not use third-party analytics, advertising tools, or behavioral tracking services. If we add new sub-processors as we exit beta, we will update this policy and notify users where required.

When we share

We only share information when:

  • Required by law — to comply with a valid legal request, court order, or regulatory requirement in India, the EU, or another jurisdiction where we are subject to legal process.
  • To protect users or the platform — to prevent fraud, abuse, or security incidents.
  • In a business transfer — if Paisaverse is acquired, merged, or reorganized, your data may transfer to the new entity, subject to the same protections in this policy.

Section 4

How we protect your data

Security

  • In transit: all communication with our Services is encrypted using TLS.
  • At rest: data is stored on encrypted infrastructure where supported by our hosting provider.
  • Access: only authorized members of the Paisaverse team can access user data, and only for legitimate operational reasons.

No system is 100% secure, but we take reasonable measures to protect what you share with us. If we become aware of a security incident affecting your personal information, we will notify affected users without undue delay and, where required, the relevant authorities.

Retention

  • While your account is active — we keep your data so the Services work.
  • After account deletion — uploaded trade data, derived computations, and portfolio records are permanently removed from our servers within 30 days.
  • Legal exceptions — limited information (such as basic security logs) may be retained longer where required by law or for legitimate security purposes.

Cookies

We use only essential cookies — the minimum needed for the Services to function (authentication, security, and your settings). We do not use third-party cookies. We do not use analytics or advertising cookies. You can control cookies through your browser settings, though disabling essential cookies will prevent the Services from working.

Section 5

Your rights, choices, and how to reach us

Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct or update it.
  • Request its deletion.
  • Object to or restrict certain types of processing.
  • Request a copy in a portable format.
  • Withdraw consent (where processing is based on consent).

To exercise any of these rights, email privacy@paisaverse.com. We aim to respond within 30 days. Some requests may take longer to process during beta, and we will keep you informed if so. If you are in the EEA or UK, you may also lodge a complaint with your local data protection authority — for example, the CNIL in France (cnil.fr) or the BfDI in Germany. If you are in India, you may approach the Data Protection Board of India once it is operational under the Digital Personal Data Protection Act.

Marketing

If we send you marketing emails, every email will include an unsubscribe link. You can opt out at any time.

Children

Paisaverse is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us information, please contact us at privacy@paisaverse.com and we will delete it.

Contact

For any privacy questions, requests, or concerns:

Email: privacy@paisaverse.com

Data controller: Paisaverse Private Ltd., a company incorporated in India.

We may update this Privacy Policy as the product evolves. Material changes will be notified by email and via an in-app notice. The "Last updated" date at the top of this page reflects the most recent version.