Privacy Policy

Last updated: April 25, 2026

My Portfoly ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform available at myportfoly.com (the "Service"). Please read this policy carefully.

1. Information We Collect

1.1 Information You Provide

  • Name, email address, and phone number for account creation
  • PAN number for identity verification (KYC)
  • Financial data you manually enter (income, expenses, investments, loans)
  • Bank account and demat account details for statement import
  • Profile preferences and settings

1.2 Information Collected Automatically

  • Device information, browser type, and operating system
  • IP address and approximate location
  • Usage patterns and feature interactions
  • Session timestamps and duration

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process transactions and send related notices
  • To verify your identity as required by applicable law
  • To generate financial insights, reports, and AI-powered recommendations
  • To communicate product updates, security alerts, and support messages
  • To detect, prevent, and address fraud or security incidents
  • To comply with legal obligations under Indian law

3. Data Storage & Security

Your data is stored on Supabase-powered infrastructure, which is SOC 2 Type II certified. Row-level security (RLS) is enforced at the database level — only you can access your own data. All data is encrypted at rest using AES-256 and in transit using TLS 1.3. PAN is stored with field-level AES-256 encryption and is never held in plain text.

Financial data you enter is stored in India and processed only for the purpose of delivering the Service. We do not sell your financial data to any third party.

PAN and sensitive identity information is handled via certified KYC partners (SUREPASS) and is never stored on our servers in raw form.

4. Sharing of Information

We do not sell, trade, or rent your personal information. We may share data with:

  • Service providers — Supabase (database), Razorpay (payments), SUREPASS (KYC), OpenAI (AI features) — all under strict data processing agreements
  • Legal authorities — when required by Indian law, court order, or government directive
  • Business transfers — in the event of a merger, acquisition, or sale of assets, with prior notice to you

5. Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete personal data
  • Erase your personal data (subject to legal retention requirements)
  • Withdraw consent for processing at any time
  • Nominate a person to exercise these rights on your behalf
  • Grievance redressal within a reasonable timeframe

To exercise any of these rights, email us at privacy@myportfoly.com.

6. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. See our Cookie Policy for details.

7. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law (e.g., financial records under the Income Tax Act, 1961).

8. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us immediately at privacy@myportfoly.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 15 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Grievance Officer (DPDP Act 2023)

In accordance with Section 13 of the Digital Personal Data Protection Act 2023, we have appointed a Grievance Officer to address any concerns regarding the processing of your personal data. You may contact the Grievance Officer for:

  • Complaints about data processing practices
  • Exercising your rights (access, correction, erasure, nomination)
  • Reporting a suspected data breach
  • Withdrawing consent for data processing

Grievance Officer

Pritesh Pravin Dedhia

myPortfoly

Email: grievance@myportfoly.com

Acknowledgement: Within 48 hours of receipt

Resolution: Within 30 days of acknowledgement

11. Contact Us

For general privacy-related queries:

myPortfoly Privacy Team

Email: privacy@myportfoly.com

Response time: Within 72 hours