Legal
Privacy Policy
Effective date: 1 April 2026
Version 1.0
Fundclair Technologies ("Fundclair", "we", "our", "us") is committed to protecting the personal data of all individuals who use our platform. This Privacy Policy explains what data we collect, how we use and store it, who we share it with, and your rights under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable Indian law. By using the Fundclair platform, you consent to the practices described in this policy.
1. Who this policy applies to
This policy applies to:
  • Investors — individuals or entities who have been onboarded to a fund managed through Fundclair
  • Fund Administrators — individuals authorised by a fund manager to operate the Fundclair admin portal
  • Website visitors — anyone who visits fundclair.com
Fundclair acts as a Data Processor on behalf of fund managers, who are the Data Fiduciaries under the DPDP Act. Fundclair is independently a Data Fiduciary in respect of data collected directly for platform operation.
2. Data we collect
We collect only what is necessary to operate the investor reporting platform and comply with applicable law.
  • Identity data: Full legal name, PAN number (encrypted), Aadhaar number (encrypted, used for KYC only), date of birth / date of incorporation, nationality, investor type
  • Contact data: Email address, mobile number, postal address, district, PIN code, city, state, country
  • Financial data: Bank account number (encrypted), IFSC code, account type, commitment amount, source of funds, net worth (approximate), cashflow history, NAV records
  • KYC & compliance data: PAN card copy, Aadhaar / passport copy, address proof, bank statement, cancelled cheque, photograph, demat account details, FATCA / CRS declarations, nominee details (up to 2), joint account holder details, UBO information for entities
  • Fund-related data: Unit class, folio number, commitment, drawn amount, uncalled capital, XIRR, TVPI, DPI, MOIC
  • Usage data: Login timestamps, document access logs, query history, IP address, device type — retained for audit and security purposes
  • Communication data: Content of queries and replies submitted through the platform
3. How we use your data
  • To operate the investor portal and deliver NAV reports, documents, and notices
  • To fulfil SEBI AIF Regulations reporting obligations on behalf of the fund manager
  • To conduct KYC / AML verification as required under applicable law
  • To process capital calls, distributions, and cashflow records
  • To send transactional communications — capital call notices, document notifications, query replies, OTP verification
  • To maintain an audit trail as required by SEBI AIF Regulations and the DPDP Act, 2023
  • To detect, investigate, and prevent fraud, security incidents, and platform abuse
  • To generate shareable fund reports when authorised by the fund administrator
  • To comply with any legal obligation, court order, or regulatory direction
We do not use your data for advertising. We do not sell, rent, or licence your personal data to any third party for marketing purposes. Fundclair products are and will remain ad-free.
4. Data storage & residency
All personal data is stored exclusively within India. Our infrastructure is as follows:
Service
Purpose & Region
Supabase (Postgres)
Primary database — ap-south-1 (Mumbai)
AWS S3
Document & KYC storage — ap-south-1 (Mumbai)
AWS CloudFront
Secure document delivery — India edge nodes
Resend
Transactional email delivery
MSG91
OTP SMS delivery — India
No personal data is transferred outside India without your explicit written consent, except where required by applicable law or a binding legal order.
5. Encryption & security
  • At rest: Sensitive fields (PAN, Aadhaar, bank account number) are encrypted using AES-256-GCM. Encrypted values are prefixed and never stored in plaintext.
  • In transit: All data transmitted between your device and our servers is encrypted via TLS 1.2 or higher.
  • Access control: Role-based access control (RBAC) ensures investors can only access their own data. Fund administrators can only access data within their authorised fund. Super administrators are bound by internal access policies.
  • Authentication: Multi-factor authentication (OTP via mobile) is mandatory for all fund administrators. Session tokens expire after 8 hours of inactivity.
  • Audit logging: All document access and sensitive data operations are logged with timestamp, user identity, and action type.
6. Data retention
We retain your personal data for as long as necessary to fulfil the purposes described in this policy and comply with applicable legal obligations:
  • Investor records: Retained for a minimum of 8 years after the fund's final close, as required by SEBI AIF Regulations, 2012
  • KYC documents: Retained for a minimum of 5 years after the investor relationship ends, as required under the Prevention of Money Laundering Act, 2002
  • Audit logs: Retained for 8 years
  • Usage data: Retained for 2 years or until account deletion, whichever is earlier
Upon receipt of a valid erasure request, personally identifiable information will be anonymised where full deletion would conflict with regulatory retention obligations. You will be informed of any such limitation.
7. Your rights under the DPDP Act, 2023
You have the following rights under the Digital Personal Data Protection Act, 2023:

Right to access — request a summary of the personal data we hold about you and the purposes for which it is processed.

Right to correction — request correction of inaccurate or incomplete personal data.

Right to erasure — request deletion of your personal data, subject to regulatory retention obligations. Use the "Request erasure" button in your investor profile to exercise this right.

Right to grievance redressal — raise a complaint with our grievance officer (contact below). If unresolved within 30 days, you may escalate to the Data Protection Board of India once constituted.

Right to withdraw consent — withdraw consent for processing at any time. Note that withdrawal may affect your ability to use the platform.
We will respond to all data rights requests within 3 business days. Complex requests may take up to 30 days, and we will notify you of any extension.
8. Cookies & tracking
The Fundclair platform uses only essential session cookies required for authentication and security. We do not use advertising cookies, cross-site tracking pixels, or third-party analytics that identify individual users. Aggregate, anonymised usage statistics may be collected for platform improvement.
9. Children's data
The Fundclair platform is intended exclusively for use by adults. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided data to us, please contact us immediately and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in law, our services, or operational practices. Material changes will be communicated via email and displayed as a notice on login. The version number and effective date at the top of this policy will always reflect the current version. Continued use of the platform after notice of a material change constitutes acceptance of the updated policy.
11. Grievance Officer & contact
For data privacy queries, correction requests, erasure requests, or complaints, please contact our Grievance Officer:
Grievance Officer — Fundclair Technologies
admin@fundclair.com
We respond within 3 business days. Escalation to the Data Protection Board of India is available where applicable.