Privacy Policy
In plain English
- We collect the minimum needed to run AIShare — account, billing, usage telemetry.
- We don’t sell your data. Payments go through Razorpay; market data through licensed vendors.
- You can access, correct, export, or delete your data any time at /privacy/requests. We respond within 30 days.
- Under-18 users are not permitted; DPDP parental-consent rules apply (see §9).
- This summary is for convenience only. The full policy below is the binding text.
1. Introduction
AIShare (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (aishare.in) and related services (collectively, the “Service”).
By using our Service, you consent to the data practices described in this policy. If you do not agree with the terms of this privacy policy, please do not access the Service.
Regulatory Notice: AIShare is NOT registered with SEBI (Securities and Exchange Board of India) as an Investment Adviser or Research Analyst. All analysis and signals on this platform are for informational and educational purposes only, not regulated financial advice.
2. Information We Collect
2.1 Personal Information
When you register for an account, subscribe to our service, or contact us, we may collect:
- Full name and email address
- Phone number (optional, for SMS alerts)
- Payment information (processed securely via Razorpay — we do not store card details)
- Account preferences and watchlist data
2.2 Usage Information
We automatically collect certain information when you access our Service:
- Device information (browser type, operating system, device type)
- IP address and approximate geographic location
- Pages viewed, features used, and time spent on the Service
- Referral source and search terms
2.3 Cookies and Tracking
We use essential cookies for authentication and session management. We may use analytics cookies (such as Google Analytics) to understand usage patterns. You can manage non-essential cookies via our cookie banner; your choices are logged in our consent ledger so you can audit and revoke consent at any time.
2.4 Broker Integration Data
If you enable the AI Trading Agent with broker integration (e.g. Angel One SmartAPI), we process the following additional data:
- Broker client code and TOTP secret (stored encrypted on our server)
- Session tokens generated during broker login (held in server memory only, never persisted to disk)
- Order details: symbols, quantities, prices, order IDs, and trade execution status
- Account balance and fund availability (fetched on-demand, not stored)
Broker credentials are used solely to execute orders you authorise through the Trading Agent. They are never shared with third parties, used for analytics, or transmitted outside our server. You can revoke broker access at any time by removing your credentials from the Trading Agent settings.
3. How We Use Your Information
We use the collected information to:
- Provide, maintain, and improve our Service
- Process subscriptions and payments
- Send trading signals, alerts, and notifications you have opted into
- Respond to your inquiries and provide customer support
- Analyze usage patterns to improve our AI models and user experience
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties. We may share data with:
- Payment processors (Razorpay) for subscription billing — only transaction-related data
- Analytics providers (Google Analytics) — anonymized usage data only
- Email service providers (for transactional emails and alerts)
- Law enforcement when required by law or to protect our legal rights
See the full sub-processor list for each vendor's purpose, region, and data processing agreement.
4B. International Transfers
Primary application data is stored in India in our ap-south-1 (Mumbai) database region, with encrypted backups retained in the same region. Two classes of outbound transfer occur:
- AI reasoning calls. Prompts sent to Google Gemini, OpenAI or Anthropic terminate at US endpoints. Prompts are de-identified — they carry market symbols, indicator values and derived features, not account identifiers or PII.
- Operational vendors such as Resend (email), Vercel edge cache and Google Analytics (only with analytics consent) may process request metadata in the US or the EU.
Every outbound transfer uses TLS in transit and is governed by the vendor's published Data-Processing Addendum, linked on the sub-processor page. We do not transfer data to countries restricted under any notification issued by the Central Government of India under Section 16 of the Digital Personal Data Protection Act, 2023. If such a notification is issued we will update the sub-processor list and migrate affected workloads within a reasonable period.
5. Data Security
We implement industry-standard security measures to protect your data:
- HTTPS/TLS encryption for all data in transit
- Encrypted data at rest in our databases
- Regular security audits and vulnerability assessments
- Role-based access control for internal systems
- Secure password hashing (bcrypt/argon2)
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention Schedule
We retain personal data only as long as needed for the purpose it was collected, or as required by Indian law. The table below summarises our retention schedule by category.
| Category | Purpose | Retention | Deletion trigger |
|---|---|---|---|
| Account data | Authentication, billing, support | Until account deletion + 90 days | 90 days post-deletion |
| Trade logs & signal history | Audit, analytics, regulator requests | 7 years | Legal / statutory minimum |
| AI diary / reasoning traces | Model observability and debugging | 18 months | Rolling window |
| Contact-form submissions | Respond to queries | 12 months | Auto-archive |
| Consent events (cookie + DSR) | Evidence of lawful basis under DPDP | 24 months | Rolling window |
| Support tickets | Dispute resolution and continuity | 36 months | From last activity on ticket |
| Razorpay transaction records | Tax / GST / regulatory audit | 7 years | Non-negotiable |
| Encrypted backups | Disaster recovery | 30 days | Rolling window |
If you delete your account, we remove account data within 90 days. Some records above (e.g. transaction and trade logs) must be retained to meet statutory obligations under Indian tax, SEBI and IT Act rules — erasure requests affecting these are honoured only after the applicable retention window lapses.
7. Your Rights (DPDP)
Under applicable Indian data protection laws, you have the right to:
- Access and receive a copy of your personal data
- Correct inaccurate or incomplete data
- Request deletion of your personal data
- Withdraw consent for data processing
- Object to certain processing activities
- Data portability — receive your data in a structured format
To exercise these rights, submit a verified request at /privacy/requests or email privacy@aishare.in. We acknowledge every request immediately and resolve within 30 calendar days.
8. Grievance Redressal
AIShare provides a readily available grievance redressal channel for privacy and data-protection concerns under applicable Indian data-protection law.
- Role
- Grievance Officer, AIShare
- grievance@aishare.in
- Phone
- Available via email on request
- Address
- AIShare, Bangalore, India
We acknowledge every grievance and aim to resolve privacy and data-protection concerns within 30 calendar days. You can also submit a verified data request at /privacy/requests.
9. Third-Party Links
Our Service may contain links to third-party websites or services (e.g., NSE, BSE, brokerage platforms). We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing personal information.
10. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect or process personal data from minors.
Consistent with Section 9 of India's Digital Personal Data Protection Act, 2023 (DPDP), we are required to obtain verifiable parental or lawful-guardian consent before processing any personal data of a child (defined as an individual under 18). We do not undertake any tracking, behavioural monitoring, or targeted advertising directed at children.
- Registration requires the user to confirm they are 18 years or older; accounts found to be held by minors are disabled.
- We do not knowingly serve signals, advertisements, or educational content tailored for users under 18.
- If we learn we have inadvertently collected data from a minor, we will delete it and terminate the associated account.
If you are a parent or guardian and believe your child has provided data to us, please contact privacy@aishare.in — we will action removal within 7 business days.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The “Last updated” date at the top reflects the most recent revision.
See the full privacy change log for a dated summary of every published revision — we preserve every prior version so you can audit what changed and when.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@aishare.in
- Address: AIShare, India
AIShare is NOT a SEBI-registered Investment Adviser or Research Analyst. Data collected is used solely to operate and improve this informational platform. We do not share data for financial advice or investment purposes.
This privacy policy is governed by the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (as applicable).