Privacy & Security

Privacy Policy

Your privacy matters. Here's how we collect, use, and protect your data.

Last Updated: April 2025
TL;DR: We collect only the data necessary to provide our service. We never sell your personal or financial data to third parties. Your financial information is encrypted and stored securely. You may request deletion of your data at any time.

1. Introduction

This Privacy Policy (“Policy”) describes how Einfoway Consultancy Services (“Company”, “we”, “us”, “our”), the owner and operator of the Wevanta platform (“Service”), collects, processes, stores, uses, and protects personal data of users (“you”, “your”).

Einfoway Consultancy Services acts as the Data Fiduciary under applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023.

By accessing or using the Service, you provide free, informed, specific, and unambiguous consent to the processing of your personal data in accordance with this Policy.

2. Scope and Applicability

This Policy applies to:

  • Website: www.wevanta.com
  • Web and mobile applications
  • All related products, services, and integrations

If you use the Service on behalf of another individual (including family members), you represent that you have obtained valid consent from such individual.

You are responsible for ensuring that appropriate consent has been obtained before providing personal data of any third party.

3. Categories of Personal Data Collected

3.1 Personal Identification Data

  • Name, email address, phone number
  • Login credentials (securely hashed)
  • Profile information

3.2 Financial Data (High Sensitivity Personal Data)

  • Investment holdings and portfolio data
  • Transactions and asset allocation
  • Financial goals, documents, and uploaded records

3.3 Technical and Usage Data

  • IP address and device identifiers
  • Browser type and operating system
  • Activity logs, timestamps, feature usage

3.4 Third-Party Data

  • Google OAuth (name and email only)
  • Data imported through user-authorised integrations

We explicitly do NOT collect:

  • Banking passwords
  • Trading credentials
  • OTPs or authentication secrets

Wevanta does not execute financial transactions and does not collect or store such credentials.

4. Purpose Limitation and Use of Data

We process personal data strictly for specific, lawful purposes:

  • To provide, operate, and maintain the Service
  • To display financial insights, analytics, and reports
  • To personalize user experience and generate informational insights
  • To provide customer support and communication
  • To ensure platform security and fraud prevention
  • To comply with legal and regulatory obligations

Some features of the Service may involve automated processing of data to generate insights, analytics, and summaries. Such outputs are informational in nature and do not constitute financial, investment, legal, tax, or other professional advice, and should not be treated as automated decision-making recommendations.

Personal data will not be retained or processed beyond what is necessary for the purposes stated above, unless required by law.

We may use aggregated and anonymized data (which does not identify any individual) for analytics, research, and service improvement.

We do not sell or rent personal or financial data under any circumstances.

5. Legal Basis for Processing

We process personal data based on:

  • Explicit user consent (primary basis)
  • Performance of contractual obligations
  • Compliance with applicable laws
  • Legitimate interests such as fraud prevention and system security (where applicable and proportionate)

6. Consent Framework

  • Consent is obtained at account creation and data submission
  • Consent is granular where applicable (e.g., integrations, communications)
  • Users may withdraw consent at any time

Withdrawal mechanisms:

Withdrawal applies prospectively and may impact service functionality.

Certain features of the Service may not function if consent is withdrawn or data is deleted.

7. Consent Record and Audit

We maintain records of user consent, including:

  • Timestamp of consent
  • Version of the Privacy Policy accepted
  • Relevant system logs

These records are retained for audit, compliance, and dispute resolution purposes.

8. Data Storage, Security, and Protection

We implement appropriate technical and organizational safeguards:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (where applicable)
  • Secure password hashing (bcrypt or equivalent)
  • Role-based access control (RBAC)
  • Infrastructure security via AWS (India region)
  • Continuous monitoring, logging, and audit mechanisms

Access to personal data within the Company is restricted to authorized personnel strictly on a need-to-know basis.

Despite these safeguards, no system can guarantee absolute security.

We do not guarantee uninterrupted or error-free operation of the Service.

9. Data Sharing and Disclosure

We share personal data only under controlled conditions:

a. Data Processors (Service Providers)

Cloud infrastructure providers, communication providers, and payment processors.

All processors are contractually bound by confidentiality and required to implement appropriate security measures.

b. Legal and Regulatory Authorities

We may disclose personal data where required by law, court order, or lawful government request, subject to applicable legal safeguards.

c. Business Transfers

In case of merger, acquisition, or restructuring, subject to user notification.

d. User-Initiated Sharing

With family members or collaborators explicitly authorized by you.

10. Data Retention and Deletion

  • Data is retained only as long as necessary
  • Active account data is retained during the account lifecycle

Upon deletion request:

  • Data enters a soft-delete state (up to 24 hours)
  • Permanent deletion follows thereafter
  • Backup systems are purged per internal retention schedules

We may retain limited data for:

  • Legal compliance
  • Dispute resolution
  • Fraud prevention

Deletion actions are logged for audit purposes.

11. Data Breach Notification

In the event of a data breach:

  • Immediate containment and mitigation measures will be taken
  • Affected users and authorities will be notified as required by applicable law
  • Incidents will be documented for audit purposes

12. User Rights (DPDP-Aligned)

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Withdraw consent
  • Request data export
  • Nominate a representative (where applicable)

You are responsible for ensuring that the data you provide is accurate and kept up to date to the best of your knowledge. We are not responsible for inaccuracies in user-provided or imported data, except where caused by our own processing error.

To exercise rights: privacy@wevanta.com

13. Cookies and Tracking

We use only essential cookies for:

  • Authentication
  • Session management
  • User preferences

We do not use advertising or behavioral tracking cookies.

14. Children's Data

  • The Service is not intended for individuals under 18 years of age.
  • We do not knowingly collect data from minors.

15. International Data Transfers

  • Data is currently stored within India.
  • If cross-border transfers occur, appropriate safeguards will be implemented.

16. Grievance Redressal

Grievance Officer:
Leena Ajwani
Email: leena@wevanta.com

Primary Contact: grievance@wevanta.com

If you are not satisfied, you may escalate as per applicable law.

17. Changes to Policy

  • We may update this Policy from time to time.
  • Continued use constitutes acceptance.

18. Contact

Privacy: privacy@wevanta.com
Grievance: grievance@wevanta.com
Support: support@wevanta.com

19. Language

In case of any inconsistency, the English version of this Policy shall prevail.