FutureFundingFutureFunding
Back to Legal & Compliance

Section 4. PRIVACY POLICY

Effective Date: May 10, 2026

4.1 Data Fiduciary Information

  • Data Fiduciary: 44 Krishverse Solutions Private Limited (operating "FutureFunding")
  • CIN: U62099UP2025PTC237116
  • Registered Office: Elite Golf Green, Sector 79, Noida, Gautam Budh Nagar, Uttar Pradesh
  • Data Protection Contact: support@futurefunding.in

4.2 Scope & Applicable Law

This Privacy Policy is issued under and complies with:

  • Digital Personal Data Protection Act, 2023 and the Rules thereunder (when notified);
  • Information Technology Act, 2000 and the SPDI Rules, 2011;
  • Prevention of Money Laundering Act, 2002 for KYC data;
  • Income Tax Act, 1961 and GST Act, 2017 for tax data retention;
  • Indian Telegraph Act, 1885 and TRAI rules for communication.

4.3 Categories of Personal Data

Identity

  • Data Elements: Name, DOB, PAN, Aadhaar reference (no full Aadhaar stored), photo, signature
  • Lawful Basis: Legal obligation (KYC), Contract
  • Retention: 5 years post-closure (PMLA)

Contact

  • Data Elements: Email, mobile, address
  • Lawful Basis: Contract
  • Retention: Active + 5 yrs

Financial

  • Data Elements: Bank account, IFSC, UPI VPA
  • Lawful Basis: Contract, Legal obligation
  • Retention: 8 years (Income Tax Section 149)

Trading

  • Data Elements: Order book, P&L, behavioural metrics
  • Lawful Basis: Contract, Legitimate use
  • Retention: 5 years (SEBI alignment)

Technical

  • Data Elements: IP, device-ID, browser fingerprint, login telemetry
  • Lawful Basis: Legitimate use (security)
  • Retention: 2 years

Payment

  • Data Elements: Transaction reference, gateway IDs
  • Lawful Basis: Legal obligation (GST)
  • Retention: 8 years

Marketing (optional)

  • Data Elements: Preferences, engagement metrics
  • Lawful Basis: Consent
  • Retention: Until withdrawal

4.4 Lawful Bases (DPDP Section 4, Section 7)

Processing is undertaken on these lawful bases:

  • Consent (Section 6 DPDP): For marketing, optional analytics, third-party integrations;
  • Certain legitimate uses (Section 7 DPDP): Performance of contract; legal obligations; employment-related processing for Traders; medical/safety in emergencies; State-function compliance.

Consent is informed, specific, free, unambiguous, and capable of withdrawal. A Consent Manager (when notified) may be used.

4.5 Rights of Data Principal (DPDP Section 11–14)

  • Information access (Section 11): Written request to support@futurefunding.in
  • Correction & erasure (Section 12): Self-service in dashboard, or written request
  • Nominate (Section 14): Form available in dashboard
  • Withdraw consent: Self-service toggle
  • Appeal to Data Protection Board: After internal remedies exhausted

Erasure caveats: Records mandated by PMLA (5 yrs), Income Tax/GST (8 yrs), Companies Act (8 yrs), and SEBI alignment (5 yrs) cannot be erased before statutory periods.

4.6 Significant Data Fiduciary

If notified by the Central Government as a Significant Data Fiduciary, FutureFunding shall: (a) appoint a Data Protection Officer based in India; (b) appoint an independent data auditor; (c) conduct periodic Data Protection Impact Assessments.

4.7 Children & Persons with Disability

The Platform is not available to persons under 18. Where verifiable parental consent is required (DPDP Section 9), processing of children's data and behavioural tracking/targeted advertising is prohibited.

4.8 Data Localization & Cross-Border Transfer

Primary storage is in India. Cross-border transfer occurs only to jurisdictions not notified as restricted under DPDP Section 16, subject to standard contractual safeguards.

4.9 Security Safeguards

Per DPDP Section 8(5) and SPDI Rule 8:

  • AES-256 at rest, TLS 1.3 in transit;
  • Network segmentation; WAF; DDoS protection;
  • RBAC with least-privilege; quarterly access review;
  • MFA mandatory for admin accounts;
  • Vulnerability scans (monthly), VAPT (annual);
  • ISO 27001-aligned ISMS;
  • Breach notification within 72 hours to the Data Protection Board and affected Data Principals (DPDP Section 8(6)).

4.10 Data Processors & Third Parties

FutureFunding engages the following categories of Data Processors under written DPAs:

  • SEBI-registered stockbrokers (execution);
  • Payment aggregators (RBI-licensed);
  • KYC/eKYC providers (UIDAI-empanelled);
  • Cloud infrastructure (India region);
  • Analytics & error-monitoring (aggregated, pseudonymised);
  • Communication providers (email/SMS — DLT-compliant).

4.11 No Sale of Personal Data

FutureFunding does not sell, rent, lease, or trade personal data. Data is shared only as required for service delivery, legal compliance, or with consent.

4.12 Cookies

Governed by Section 10 of this Suite (Cookie & Tracking Policy).