Privacy Policy

Effective date: September 27th, 2024

Welcome!  Thank you for visiting Nobias Analyst India Pvt. Ltd., a company incorporated in India under the Companies Act, 2013, and having its registered office at 14TH Floor, Unit No 1417, One Lodha Palace, Lodha Codename No 1, Senapati Bapat Marg, Lower Parel, Mumbai, Maharashtra 400018 (“Nobias”, "us", "we", or "our") offering.  To help inform you, we provide this notice/policy (“Privacy Policy”) explaining our online information practices and the choices users can make about the collection and use of information/Personal Data you submit or we collect through our website, www.nobias.com, our browser extensions, and the related websites, mobile applications, services, tools, and other applications that link to this Privacy Policy (collectively, the “Service”).  The Service is owned and operated by or on behalf of Nobias.


BY USING THE SERVICE, YOU AGREE TO THE COLLECTION, PROCESSING, AND USE OF PERSONAL DATA IN ACCORDANCE WITH THIS PRIVACY POLICY.

  1. Definition and Interpretation 

  • "Consent" means the voluntary, informed, and unambiguous agreement by the Data Principal to the processing of their Personal Data, as indicated by a clear affirmative action given under the notice by Data Fiduciary.

  • Data Fiduciary” means any person who alone or in conjunction with other persons determines the purpose and means of processing of user’s / Data Principal’s Personal Data; 

  • Data Principal” means the individual to whom the Personal Data relates and where such individual is: (i) a child, includes the parents or lawful guardian of such a child; (ii) a person with disability, includes his/her lawful guardian, acting on his/her behalf;

  • Data Processor” means any person who processes Personal Data on behalf of a Data Fiduciary. 

  • Personal Data” means any data about an individual who is identifiable by or in relation to such data. 

  • "Data Fiduciary”, “Data Processor”, "Company", "We", "Us", "Our" or “Nobias” refers to Nobias , the entity responsible for collecting, processing, and safeguarding your Personal Data as described in this Privacy Policy. 

  • Data Principal”, "User", "You", or “Your" refers to any individual or entity accessing or using our services, website, or mobile application.

2. Personal Data We Collect

Categories and Types of Personal Data

We collect the following categories and types of data including personal information through our Services: 

  1. Contact Information: your name, either in full or first and/or last name, telephone or mobile number and email address; 

  2. Other identifying information: date of birth, residential address, gender, PAN , IP address, login ID;

  3. Financial Information: credit / debit card information, bank account details; 

  4. Internet or other electronic activity: your browsing and click history, including information about how you navigate within our services and which elements of our services you use the most; 

  5. Commercial information:  articles viewed on our website and the investment portfolio information that you put in; 

  6. Inferences: inferences drawn from the categories described above in order to reflect your preferences and make suggestions to you”;

  7. You may be required to provide certain additional information depending on the services that you wish to use, at your discretion;

  8.  We may also retrieve information from centralized Know Your Customer (KYC) databases such as CVL KRA, NDML KRA, CERSAI (CKYC) if required;

  9. For use of some services, we may be required to perform a Know Your Customer registration check and register/update your KYC if not already registered/updated. In such cases, we will require you to provide your KYC information and upload documentary evidence of your identity, address and financial details.

We shall assume that any information provided to us by you or collected by us about you has been voluntarily disclosed by you, without any coercion by any person. While we may make efforts to validate the information provided by you, we are not bound to do so and we shall be entitled to rely on the same, assuming such information to be genuine, complete and correct.

3. Use of Personal Data

Nobias uses the collected information including any Personal Data for various purposes, such as the following:

  • Transactional Purposes: We use your contact information, financial information, and commercial information to: 

    • provide you with the Services;

    • create, maintain and manage your account; 

    • notify you about changes to our Service; 

    • allow you to participate in interactive features of our Service when you choose to do so; 

  • Analytical Purposes: We use your internet activity and browsing history to analyze the Service and prepare aggregated reports using aggregate information about our users.

  • Maintenance and Improvement of Services: We use your contact information, commercial information, internet activity, and browsing history to:

    • provide, maintain and improve the Service; 

    • provide customer care and support; 

    • respond to your inquiries and comments; and 

    • make decisions about our business and third-party partners 

  • Security and Fraud prevention: We use your contact information, other identifying information, financial information, internet activity and browsing history, and inferences to detect, prevent and investigate fraud, security breaches, and potentially prohibited or illegal activities 

    In addition to the purposes mentioned above, we may also process information including your Personal Data for the following purposes:

    • for the specified purpose for which you have provided your Personal Data to us as notified from time to time, unless you have explicitly communicated to us, that you do not want your Personal Data used for a specific purpose.

    • for fulfilling any obligation under any applicable law for the time being in force;

    • for compliance with any judgment, decree or order issued under applicable law for the time being in force ;

    • checking/updating/registering your KYC in centralized KYC databases;

    • for responding to a medical emergency involving a threat to the life or immediate threat to the health of the Data Principal or any other individual;

    • for taking measures to ensure safety of, or provide assistance or services to, any individual during any disaster or breakdown of public order; 

    • streamlining and customizing your experience while using our mobile application or while accessing our Services through the mobile browser or our website.

    • for troubleshooting and identifying any bugs, operational issues, process bottlenecks, errors in the application and for analysing usage and activity trends; and

    • we may use aggregated information that does not identify you individually for better product design, research and for developing customized marketing offers either by us or any affiliated or unaffiliated third-party consultants or service providers.

4. Storage of Your Information 

Information collected is stored on our servers, log files or storage systems owned by us or by third parties specifically providing such storage services. 

4a. Privacy by law

We are part of a regulated and self-policing ecosystem that ensures data safety and protects against data misuse.

  • Nobias is a certified Financial Information User in the Account Aggregator ecosystem and we adhere to technical specifications as prescribed by ReBIT, an undertaking of the Reserve Bank of India.

  • Finvu and CAMSFinserv, both RBI-regulated Account Aggregators, are our partners to ensure that we access your data through a secure and encrypted process.

  • Nobias is regulated by SEBI and is a registered Investment Adviser (SEBI Registration Number:INA000019558).

  • We are a member of Sahamati, an industry alliance coordinating and promoting the Account Aggregator ecosystem in India.

  • We work with third parties that are regulated and adhere to industry-standard compliance and auditing practices.

4b. Privacy by design

We take the following measures in designing our databases:

  • Our database is encrypted using AES 256-bit encryption at rest and we limit access to the database to only authorised Fold services.

  • We encrypt data in transit using TLS/HTTPS protocol when accessed by our clients (iOS/Android/Web app).

  • Our infrastructure is built on top of Amazon Web Services, which has more than 96 industry security certifications, including ISO 27001, PCI DSS, and SOC3.

  • All data is stored only in AWS data centres in India and using Firebase Authentication and Cloud Firestore Security Rules to handle serverless authentication, authorization, and data validation.

  • Transactions are processed only to provide financial insights and automatic categorisation.

  • Nobias does NOT read your emails or messages in any case or scenario. All your financial data is securely fetched through an RBI Licensed Account Aggregator. Though we have received a flood of requests for credit card integration, as credit card data is not yet live on the Account Aggregator (AA) framework, for your protection and Privacy we have created work-arounds that will require some manual inputs on your part but it is the most secure way as it avoids reading your private emails!

5. Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service.

Cookies are files with small amounts of data that may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

You may encounter tracking technologies/cookies from our third party service providers. For example, we use Google Analytics, a web analytics service offered by Google, to track and report website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having your activity on the Service made available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information about how to opt out of having your information used by Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.

The tracking technologies of third parties may collect personal information about your online activities over time and across different websites when you use the Services.

Nobias does not currently respond to browser “Do Not Track” signals.

6. Transfer Of Personal Data

Your Personal Data may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located outside the India and choose to provide information to us, please note that we transfer the data, including personal information, to India and process it there.

7. Sharing Of Information

Information collected may be shared with:

  • The Nobias Corporate Family: We may share the information we collect about you with the Nobias’s affiliates and subsidiaries. The Personal Data may be disclosed (i) to provide joint content and our services; (ii) to help detect and prevent potentially illegal acts, violations of our policies, fraud, and/or data security breaches; (iii) to guide decisions about our or a third party’s business operations, products, services, and communications; and (iv) for processing and storage of information. 

  • Service Providers: We may disclose your Personal Data to third party service providers under contract who help with our business operations (such as, but not limited to, payment processing, developing, designing, maintaining, improving, and supporting the Services, fraud investigations, promotions and marketing, and site analytics and operations). These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

  • Other Persons with Your Consent: We may provide your personal information to other third parties to whom you explicitly direct us to share it with.

  • Legal and Law Enforcement: We may disclose your Personal Data governmental agencies or regulatory authorities including the Securities Exchange Board of India and the BSE Limited, for compliance with applicable law. We may also disclose your information to law enforcement or regulators or authorized third parties, in response to a verified request relating to a criminal investigation, alleged illegal activity, or any other activity that may expose us, you, or any other user to legal liability. 

  • Change of Control –: We may disclose your Personal Data to other business entities, should we plan to merge with or be acquired by that business entity. Should such a combination occur, we will make reasonable efforts to request that the new combined entity follow this Privacy Policy with respect to your personal information or provide prior notice if there are any material changes to this Privacy policy.

8. Breach of Personal Data

In the event of a breach of Personal Data, the Data Fiduciary shall give each affected Data Principal, intimation of such breach only if required by applicable law. Any such intimation shall be in such form and manner (as applicable) as may be prescribed by applicable laws.

9. Security

  • To register for our services, you may need to login and set a password to protect the privacy and security of your information. For added security, we require passwords to meet specific complexity standards. It is essential that you keep your login id and password confidential. We recommend that you update your password periodically. We are not liable for any unauthorized access to your account if you share your credentials leading to a breach of this Privacy Policy or our Website’s Terms of Use.

  • Each time you log in to our website or mobile app, we employ advanced security measures, including the latest authentication protocols, session timeouts, and firewalls, to protect your account from unauthorized access. 

  • We may offer login options through identity providers like Google or Facebook for convenient account creation and registration. By using these credentials, you can avoid the need to create and remember a new user ID and password. However, in such case, the security of your login data would be governed by the terms and conditions of the respective providers. While we take precautions to safeguard your information, we cannot be held responsible for any security breaches at these providers, if you share your login details, or if your social media account is compromised. It is your responsibility to maintain the confidentiality of your social login information and use these services with due care and caution.

  • The security of your Personal Data is important to us, but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policies of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.


11. Your Choices

You can control how and when you want to receive promotional emails/notifications from Nobias by following the instructions within the emails/notifications we send to you or by contacting us via email at support@nobias.com.

12. Changing Your Account Information

Registered users can change the email address and information associated with their account by contacting us via email at support@nobias.com. It is your responsibility to make sure that your personal information in your account is accurate. You should promptly update your personal information if it changes or becomes inaccurate.  We may retain some information from closed accounts so that we can comply with law, prevent fraud, assist with investigations, resolve disputes, analyze or troubleshoot programs, or take other actions permitted by law. Likewise, if your account is terminated or suspended by us, we may maintain some information to prevent re-registration.

13. Children's Privacy

Our Service is directed to a general audience. The Service is not intended for children under the age of 18. We do not knowingly collect Personal Data from anyone under the age of 18. If you believe your child has provided us with Personal Data without your consent, please contact us at support@nobias.com. If we become aware that we have collected Personal Data from a child without legal guardian’s consent, we will take steps to remove that Personal Data from our servers.

14. Personal Data Access, Correction and Erasure Rights

The Data Principal has the right to request from the Data Fiduciary, to whom they had previously granted consent for the processing of their Personal Data:

  • a summary of Personal Data which is being processed by such Data Fiduciary and the processing activities undertaken by that Data Fiduciary with respect to such Personal Data;

  • save and except where authorised by any law, the identities of all other Data Fiduciaries and Data Processors with whom the Personal Data has been shared by such Data Fiduciary, along with a description of the Personal Data so shared; and

  • save and except where authorised by any law, any other information related to the Personal Data of such Data Principal and its processing, as may be prescribed.

The Data Principal shall have the right to correction, completion, updating and erasure of their personal data for the processing of which he/she has previously given Consent, in accordance with any requirement or procedure under any law for the time being in force. The Data Fiduciary shall, upon receiving a request for correction, completion or updating from a Data Principal: 

  • correct the inaccurate or misleading personal data;

  • complete the incomplete personal data; and

  • update the personal data.

The Data Principal shall make a request in such manner as may be prescribed, to the Data Fiduciary for erasure of their personal data, and upon receipt of such a request, the Data Fiduciary shall erase their personal data unless retention of the same is necessary for the specified purpose or for compliance with any law for the time being in force.


15. Nomination Rights of Data Principal 

The Data Principal shall have the right to nominate, in such manner as may be prescribed, any other individual, who shall, in the event of death or incapacity of the Data Principal, exercise the rights of the Data Principal under this Privacy Policy or as prescribed under the applicable law. 

16. Duties of Data Principal

The Data Principal shall: 

  • comply with the provisions of all applicable laws for the time being in force while exercising rights the Data Principal is entitled to under any law;

  • ensure not to impersonate another person while providing their Personal Data for a specified purpose;

  • ensure not to suppress any material information while providing their personal data for any document, unique identifier, proof of identity or proof of address issued by the State or any of its instrumentalities;

  • ensure not to register a false or frivolous grievance or complaint with a Data Fiduciary; and

  • furnish only such information as is verifiably authentic, while exercising the right to correction or erasure. 


17. Retention and Withdrawal of Personal Data 

Where Consent given by the Data Principal is the basis of processing of Personal Data, such Data Principal shall have the right to withdraw their Consent at any time by writing to us at [•]. Please note that the consequences of the withdrawal shall be borne by you, and such withdrawal shall not affect the legality of processing of the Personal Data based on Consent before its withdrawal. 

If a Data Principal withdraws her consent to the processing of personal data as provided above, the Data Fiduciary shall, within a reasonable time, cease and cause its Data Processors to cease processing the personal data of such Data Principal unless such processing without her consent is required or authorised under the provisions applicable law for the time being in force in India.

Data Fiduciary shall, unless retention is necessary for compliance with any law for the time being in force, erase personal data, upon the Data Principal withdrawing their Consent or as soon as it is reasonable to assume that the specified purpose for which the Consent was provided by the Data Principal is no longer being served, whichever is earlier. The purpose referred herein above shall be deemed to be no longer be served, if the Data Principal does not––

  • approach the Data Fiduciary for the performance of the specified purpose; and

  • exercise any of their rights in relation to such processing, for such time period as may be prescribed, and different time periods may be prescribed for different classes of Data Fiduciaries and for different purposes.


18. Grievance Redressal 

Any discrepancies or grievances with regard to content and or comment or breach of this Privacy Policy shall be taken up with the designated Grievance Officer as mentioned below via in writing or through email signed with the electronic signature to Lara Menezes_(“Grievance Officer”)

Ms. Lara Menezes, Grievance Officer

1417 One Lodha Place, Tulsi Pipe Rd, Upper Worli, Lower Parel, Mumbai, Maharashtra 400013.

For queries regarding processing of personal data, contact us at nobias.in with a request using the form.


19. Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.


20. Contact Us

Data Protection Officer: Mr. Mohit Pandey.

If you have any questions about this Privacy Policy, please contact us by email at: support@nobias.com