Skip to content
Support
Online
Hi there šŸ‘‹
How can we help you?
We are offline at the moment. We usually respond between 9AM to 6PM IST on all days except Sundays.
Please leave a message and we shall get back to you at the earliest.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Privacy Policy

At Capital Nexus , we are committed to protecting your personal and financial information in accordance with the highest standards of data security and privacy. As a SEBI-regulated entity, we strictly adhere to all applicable regulations including SEBI's Cybersecurity and Cyber Resilience Framework (CSCRF), KYC norms, data localization requirements, and the Digital Personal Data Protection Act. This Privacy Policy explains how we collect, use, store, and protect your information when you use our investment platform and services.

This policy is effective from January 1, 2024, and may be updated to reflect changes in regulatory requirements or our practices. We will notify you of any material changes and encourage you to review this policy regularly to stay informed about how we protect your information.

As a SEBI-regulated financial services provider, Capital Nexus operates under strict regulatory oversight. We may be required to disclose your information to SEBI, other regulatory authorities, government agencies, judicial bodies, or law enforcement when mandated by applicable laws, regulations, or court orders. Such disclosures are made only as legally required and in compliance with our regulatory obligations to protect the integrity of the securities market.

Information We Collect

In compliance with SEBI's KYC (Know Your Customer) norms and regulatory requirements, we collect the following information:

  • Identity Information: Full name, date of birth, gender, nationality, and residential address as per oļ¬ƒcially valid documents.
  • Regulatory Documents: PAN (Permanent Account Number), Aadhaar number, passport, driving license, or other SEBI-accepted identity and address proofs.
  • Financial Information: Bank account details, income proof, net worth declaration, and investment experience as required for risk profiling.
  • Investment Data: Transaction history, portfolio holdings, investment preferences, and risk tolerance assessment.
  • Digital Footprint: Device information, IP addresses, and usage patterns for fraud prevention and system security monitoring.

How We Use Your Information

We process your information for the following regulatory and business purposes:

  • Regulatory Compliance: Completing KYC verification as mandated by SEBI, conducting due diligence checks, and maintaining records as required by securities market regulations.
  • Investment Services: Processing buy/sell orders, maintaining demat accounts, providing portfolio statements, and facilitating corporate actions
  • Risk Management: Monitoring transactions for suspicious activities, conducting periodic risk assessments, and implementing fraud prevention measures
  • Customer Communication: Sending regulatory notifications, investment confirmations, market updates, and service-related communications
  • Service Enhancement: Analyzing usage patterns to improve our platform functionality and developing new investment products

We do not sell, rent, or lease your personal information to third parties for marketing purposes. Information sharing occurs only when required for service delivery, regulatory compliance, or as mandated by law.

Data Localization & Storage

In compliance with SEBI's Cloud Framework and data localization requirements, all your data and transaction records are stored and processed within the legal boundaries of India. This ensures that SEBI retains its rights of access, search, and seizure over regulated entity data as required by securities market regulations. Our data storage practices include: Maintaining all customer data, transaction logs, and system records within Indian data centers Ensuring data remains in legible and usable format for regulatory access when required Implementing regular data backups and disaster recovery procedures within India Restricting cross-border data transfers except as permitted under applicable regulations

Cybersecurity & Data Protection

As required by SEBI's Cybersecurity and Cyber Resilience Framework (CSCRF), we have implemented comprehensive security measures to protect your information:

  • Security Operations Center (SOC): 24/7 monitoring of security events and continuous threat detection.
  • Multi-Factor Authentication (MFA): Required for all user access to enhance account security.
  • Encryption Standards: 256-bit encryption for data in transit and at rest, with cryptographic key management.
  • Regular Security Assessments: Annual vulnerability assessments and penetration testing (VAPT) as mandated by SEBI.
  • Incident Response: Established procedures for cybersecurity incident detection, reporting, and response in compliance with CERT-In guidelines

Third-Party Service Providers

When we engage third-party service providers for cloud services or other business operations, we ensure they meet SEBI's stringent requirements. All service providers must demonstrate compliance with our data localization requirements, security standards, and regulatory obligations. We maintain contractual agreements that protect your data and ensure service providers notify us immediately of any cybersecurity incidents.

Your Privacy Rights

Under applicable data protection laws and SEBI regulations, you have the right to access, correct, or request deletion of your personal information, subject to our regulatory record-keeping obligations. You can update your information through your account dashboard or by contacting our customer support. Please note that certain information must be retained for regulatory compliance even after account closure.

Data Retention & Compliance

We retain your information in accordance with SEBI regulations and other applicable laws. KYC documents and transaction records are maintained for the periods specified by regulatory authorities. Data retention periods vary based on the type of information and regulatory requirements, ensuring we meet our compliance obligations while respecting your privacy rights.

Incident Reporting & Response

In line with SEBI's cybersecurity framework, we have established robust incident management procedures. Any cybersecurity incidents affecting your data are promptly reported to relevant authorities including SEBI and CERT-In as required. We maintain detailed incident logs and forensic capabilities to support investigations and ensure transparency in our security practices.

External Links & Third-Party Websites

Our platform may contain links to external websites or integrated services for enhanced functionality. These third-party sites operate under their own privacy policies, and we cannot control their data practices. We recommend reviewing the privacy policies of any external sites you visit and exercising caution when sharing personal information.

Contact Information

For any questions about this Privacy Policy, your data rights, or our data protection practices, please contact our Data Protection Oļ¬ƒcer or customer support team. We are committed to addressing your privacy concerns promptly and transparently. You may also reach out to SEBI's investor grievance portal if you have concerns about our data handling practices that remain unresolved.

Regulatory Compliance Statement

This Privacy Policy is designed to comply with all applicable regulations including SEBI (Know Your Client) Regulations, SEBI's Cybersecurity and Cyber Resilience Framework, SEBI's Cloud Framework for data localization, Prevention of Money Laundering Act (PMLA) requirements, and the Digital Personal Data Protection Act. Our privacy practices are subject to regular audits and assessments to ensure ongoing compliance with evolving regulatory standards.