Privacy Policy
Last updated: 25 May 2026
This policy describes how Scentric Network Private Limited (operating the "Target Capital" platform) processes your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and applicable SEBI regulations.
Data Fiduciary Declaration
Under the DPDP Act, 2023, Scentric Network Private Limited is the Data Fiduciary for personal data processed on the Target Capital platform. You ("the user") are the Data Principal. We process your personal data only for the specific, lawful purposes described in this policy and on the basis of your consent (or other lawful grounds permitted under §7 of the Act).
Data Fiduciary: Scentric Networks Private Limited
CIN: U31909TN2020PTC135006
Registered Office: No. 67/25, Second Floor, 2nd Street, Periyar Nagar,
TNHB Colony, Korattur, Chennai, Tamil Nadu, India – 600080
Email: dpo@targetcapital.ai
1. Personal Data We Collect
In order to provide the Target Capital platform we may collect:
- Identity & contact data: name, email, mobile number, date of birth.
- KYC data: PAN, Aadhaar reference (masked), address proof, bank-account details — collected only when required by SEBI/RBI rules or by your broker.
- Broker connection data: API keys / access tokens for connected brokers (Zerodha, Dhan, Angel One, etc.), stored in encrypted form (Fernet AES-128 with a per-tenant master key).
- Portfolio & trade data: holdings, positions, order history fetched from your broker via authorised APIs.
- Usage & device data: IP address, browser, device type, pages visited, feature interactions (used for security and analytics).
- Payment data: subscription transaction IDs from Razorpay; we do not store card numbers or CVV.
2. Purposes & Lawful Basis
We process your personal data for the following specified purposes:
- To provide the Scentric AI Decision Engine, portfolio analytics and trading-signal services you have signed up for.
- To route orders to your selected broker when you click "Execute".
- To comply with SEBI / exchange / RBI / DPDP / IT Act obligations and respond to lawful requests from regulators or courts.
- To detect, prevent and investigate fraud, security incidents and abuse of the platform.
- To send service communications (account alerts, broker token expiry, signal delivery). Marketing communications are sent only with your separate consent and you may withdraw it at any time.
Lawful basis: your consent under §6 of the DPDP Act for primary processing, and "legitimate uses" under §7 (compliance with law, employment, public interest where applicable).
3. Sharing of Personal Data
We do not sell your personal data. We may share it with:
- Your connected broker(s) — to authenticate, fetch data and place orders on your instruction.
- Data Processors we engage under written contract: cloud hosting (Railway, AWS region: ap-south-1 where applicable), Razorpay (payments), Twilio/Telegram (notifications), Anthropic/OpenAI/Perplexity (AI inference on anonymised prompts wherever possible).
- Regulators, exchanges and law-enforcement — only when required by Indian law or a valid court / SEBI / RBI order.
- Professional advisers (auditors, lawyers, CAs) under confidentiality obligations.
Where personal data is transferred to a processor located outside India, such transfer is made only to jurisdictions permitted by the Central Government under §16 of the DPDP Act and under contractual safeguards.
4. Security Safeguards
We implement "reasonable security practices and procedures" within the meaning of §8(5) of the DPDP Act and the IT (Reasonable Security Practices) Rules, 2011, including TLS in transit, AES/Fernet encryption at rest for broker tokens, per-tenant key isolation, PostgreSQL Row-Level Security, MFA on admin accounts, audit logging and regular vulnerability scanning. In the event of a personal-data breach, we will notify the Data Protection Board of India and affected Data Principals as required by §8(6).
5. Your Rights as a Data Principal
Under §§11–14 of the DPDP Act you have the right to:
- Access — a summary of the personal data we process and the processing activities.
- Correction & erasure — to correct inaccurate data and request deletion where no legal retention obligation applies.
- Withdraw consent — at any time, with the same ease with which it was given.
- Nomination — to nominate another individual to exercise your rights in case of death or incapacity.
- Grievance redressal — to a readily available mechanism (see §8 below).
Requests may be made by email to dpo@targetcapital.ai. We respond within the timelines specified by the DPDP Rules (currently within 30 days).
6. Cookies & Tracking
We use first-party cookies for session management and security, and a limited set of analytics cookies to understand platform usage. You can manage cookie preferences through your browser settings. We do not use cookies for cross-site advertising tracking.
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected or as required by SEBI / IT Act / income-tax rules. Financial and audit-trail records are typically retained for 8 years in line with SEBI record-keeping norms. Broker access tokens are deleted within 30 days of you disconnecting the broker or closing your account.
8. Grievance Officer & Data Protection Officer
Grievance Redressal Officer / Data Protection Officer: Mukund Krishnasamy
Email: dpo@targetcapital.ai / grievance@targetcapital.ai
Phone: +91 72001 89076 (Mon–Fri, 10:00–18:00 IST)
Registered Address: Scentric Networks Private Limited (CIN: U31909TN2020PTC135006), No. 67/25, Second Floor, 2nd Street, Periyar Nagar, TNHB Colony, Korattur, Chennai, Tamil Nadu, India – 600080
We acknowledge complaints within 48 hours and aim to resolve them within 30 days. If you are not satisfied with the resolution, you may escalate to the Data Protection Board of India under §27 of the DPDP Act, or — for investment-related grievances — to the SEBI SCORES portal at scores.sebi.gov.in.