Privacy Policy

NobleWealthis an AMFI-registered Mutual Fund Distributor (MFD) and IRDAI-licensed insurance agent operating in India. We provide goal-based financial advisory and execution services across mutual funds, PMS, NPS, life and health insurance, and fixed income. Throughout this policy, “we”, “us”, “our” and “NobleWealth” refer to the business; “you” refers to any visitor, lead, prospect or customer using our website, mobile experience or advisor services.

This document explains, in plain language, what data we collect from you, why we collect it, who we share it with, how long we keep it, and what controls you have. We do not bury anything in legalese; if a clause matters to your money or your privacy, it is highlighted.

To open an investment account, comply with KYC/AML regulations, and process transactions, we collect:

• Identity data — full name, date of birth, gender, PAN, Aadhaar (last 4 digits stored after masking), nationality, photograph.
• Contact data — email, mobile, residential address, city, state, PIN.
• Financial data — bank account number + IFSC, income slab, source of wealth, tax-residency, FATCA declarations, nominee details, risk profile.
• Transaction data — folio numbers, SIP commitments, mandates, order history, holdings, capital-gains records.
• Technical data — IP address, device type, browser version, pages visited, session timestamps. Used for security and product analytics only.
• Communication data — emails, WhatsApp messages, call recordings (when applicable) with our advisors.

• Onboarding & KYC — PAN/Aadhaar verification with KRA/CKYCR, NSE UCC registration, FATCA submissions.
• Transaction execution — purchase, redemption, SIP/XSIP, mandate and insurance applications to AMCs, NSE, BSE, NPS-CRA, insurers.
• Account servicing — portfolio statements, capital-gains reports, premium reminders, regulatory disclosures.
• Advisory — goal mapping, periodic rebalancing recommendations, tax-saving suggestions.
• Compliance & regulatory reporting — SEBI, IRDAI, AMFI, FIU-IND, RBI, Income-Tax Department.
• Service improvement — aggregated, anonymised analytics.

• Consent — when you submit a lead form, open an account, or opt into newsletters.
• Contract — to perform our advisory and execution services for you.
• Legal obligation — KYC/AML, FATCA/CRS, tax reporting, regulatory record-keeping.
• Legitimate interest — fraud prevention, security monitoring, business analytics.

• Regulators & depositories — SEBI, IRDAI, AMFI, NSE, BSE, CDSL, NSDL, NPS-CRA, KRA, CKYCR, FIU-IND.
• Asset Management Companies (AMCs) — for purchase, redemption, switch and SIP requests.
• Insurance companies — when you apply for or service a policy.
• Payment processors & banks — to debit your bank account for investments.
• Service providers — IT infrastructure, secure hosting, encrypted email, KYC verification APIs (all under strict confidentiality contracts).
• Law enforcement — only when compelled by a valid order or summons.

Your data is stored on secure servers located in India. We apply industry-standard safeguards:

• TLS 1.3 for all data in transit.
• AES encryption for sensitive credentials at rest.
• bcrypt-hashed passwords with per-session token revocation.
• Role-based access control with audit trails.
• Adherence to SEBI’s Cyber Security and Resilience framework for SEBI-regulated intermediaries.

• KYC documents — minimum 8 years from account closure (PMLA requirement).
• Transaction records — minimum 10 years (SEBI/AMFI requirement).
• Folio and policy records — for the life of the investment + regulatory retention.
• Marketing data — until you unsubscribe, plus a 30-day reconciliation window.

Subject to applicable regulations and retention obligations, you can:

• Access the data we hold about you.
• Correct inaccurate or outdated information through your dashboard.
• Restrict marketing communications by replying STOP to SMS/WhatsApp or clicking Unsubscribe in any email.
• Request deletion of data we are not legally required to retain.
• Withdraw consent (where consent is the legal basis), understanding this may prevent us from continuing to service your account.

We use essential cookies for session management and security. We may use first-party analytics (such as Plausible or anonymised Google Analytics) to understand site usage. We do not use third-party advertising trackers or social-media pixels.

Our services are not directed at minors below 18 years of age. We do not knowingly collect personal data from children. Investments in the name of minors are operated by a legal guardian under the prescribed regulatory framework.

We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered investors and prominently on this page. The “Last updated” date in the document header always reflects the current version.

For any privacy-related question, request, or complaint, contact our Data Protection Officer using the email/phone in the document footer. We respond within 30 days as required under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.