Privacy Policy

This Privacy Policy explains how iBankCentral, operated by Rusaka Technologies Private Limited, collects, uses, shares, and protects personal data of its users including issuers, investors, legal reviewers, and backend administrators. The policy complies with the Digital Personal Data Protection (DPDP) Act, 2023, the Information Technology (IT) Act, 2000, and other applicable Indian data privacy standards.

1. Scope of This Policy

This Privacy Policy applies to all users of the iBankCentral platform, including visitors, registered users, and associated entities. It governs both online and offline data handling activities undertaken in connection with capital raising, investor onboarding, and regulatory compliance.

2. Personal Data We Collect

• Identity Information: Name, email, phone number, Aadhaar/PAN/DIN, IP address.
• Financial Information: Net worth self-declaration, bank account details (for escrow), investment history.
• Corporate Information: CIN, board resolutions, shareholding structure, pitch decks, valuation reports.
• Behavioral Metadata: Login timestamps, IP logs, document views, NDA acceptance hashes, session activity.
• Communication Records: Helpdesk tickets, investor queries, due diligence follow-ups, chat records.

3. Legal Basis for Collection

We collect personal data under the following lawful grounds:

• To fulfill a legal obligation under Companies Act, 2013 and related MCA compliance forms.
• To execute onboarding contracts and listing service agreements.
• To perform Know Your Customer (KYC) and risk suitability checks.
• With user consent during account creation, document upload, and fund participation workflows.

4. Use of Data

We use collected data for the following purposes:

• Issuing, tracking, and timestamping legal offer documents (PAS-4, MGT-14, PAS-3).
• Displaying company details in investor dealrooms post-NDA and risk declaration.
• Escrow payment validation and ledger generation.
• Regulatory auditing, fraud detection, and access logging for RoC or SEBI inquiries.
• Personalizing investor dashboards and issuer reports.

5. Consent & Withdrawal

Consent is explicitly obtained via checkboxes and digital declarations prior to data collection. You may withdraw consent at any time by emailing privacy@ibankcentral.com. However, doing so may limit your access to platform features or prevent continued regulatory engagement.

6. Data Retention Policy

iBankCentral retains user data as follows:

• Investor and issuer logs: 7 years (mandatory under RoC inquiry window)
• Escrow and payment ledger: 8 years
• IP hashes, login records, and document audit trails: 7 years
• Helpdesk and communication history: 3 years or until resolution

7. Sharing of Data

We may share data only with:

• SEBI-registered escrow banks and payment gateways.
• Professional advisors such as registered valuers, chartered accountants, and legal counsel (under NDA).
• Regulatory agencies (MCA, SEBI, DPIIT, Income Tax Department) upon formal request.
• Third-party vendors involved in background checks or email infrastructure (e.g., OTP/email verification).

8. Security Measures

• All personal and financial data is encrypted at rest using AES-256 standards.
• Data-in-transit is protected by TLS 1.3 and HTTPS enforced end-to-end.
• Access control is enforced using role-based permissioning and 2FA where applicable.
• All offer letters and transactions are digitally signed and hashed for proof-of-origin.
• Backend databases are hosted in secure VPCs (AWS/GCP) with access logs reviewed monthly.

9. Your Rights

As per the DPDP Act, 2023, you have the right to:

• Request access to your personal data.
• Correct inaccuracies in submitted records.
• Withdraw consent or delete your account (except in legal obligation cases).
• Object to non-essential data processing.
• Receive a copy of your data in portable format upon request.

10. Data Breach Protocol

In the event of a data breach, users will be notified via email within 72 hours. We will disclose the nature of the breach, affected datasets, and remedial steps taken. Platform services may be temporarily suspended to contain risk and legal disclosures will be submitted to CERT-In and MCA where applicable.

11. Children’s Privacy

iBankCentral is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. Any such submission will be promptly deleted upon discovery or notification.

12. Cross-Border Data Transfers

iBankCentral primarily stores data in India. However, in rare cases where services or cloud infrastructure are provided through global vendors, data may be processed in jurisdictions such as Singapore or the US. All such transfers are subject to appropriate contractual safeguards and encrypted protocols.

13. Use of Cookies

The platform uses cookies to improve your browsing experience, maintain session states, and analyze usage patterns. By using our website, you consent to cookie deployment. You may manage cookie preferences through your browser settings.

14. Updates to This Policy

iBankCentral may revise this Privacy Policy to reflect new technologies, legal requirements, or changes in processing purpose. Updates will be posted here and notified to users via email. Continued use of the platform constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions, complaints, or requests regarding this Privacy Policy, please contact our Data Protection Officer at privacy@ibankcentral.com. Physical notices may be sent to Rusaka Technologies Pvt. Ltd., Mumbai, India.