🔒 Legal Document

Privacy Policy

Effective Date: January 1, 2026
Last Updated: May 1, 2026
Version 2.1
TFC – The Finance Club ("TFC", "we", "our", or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our financial services. Please read it carefully. If you disagree with its terms, please discontinue use of our services.

01🏢Introduction

TFC – The Finance Club is a financial services and wealth management company incorporated in India and headquartered in Surat, Gujarat. We provide investment advisory, trading education, portfolio management, and related financial services to individual and institutional clients.

This Privacy Policy applies to all personal data collected through:

  • Our website at www.tfc.in and all associated subdomains
  • Our mobile application(s) and web portals
  • Email, telephone, or any other communications with our team
  • Any offline or in-person interactions related to our services
ℹ️

This policy is compliant with the Information Technology Act, 2000, the IT (Amendment) Act, 2008, applicable SEBI regulations, and India's Digital Personal Data Protection Act, 2023 (DPDPA).

02📋Information We Collect

We collect information that you voluntarily provide to us and information that is automatically collected when you use our services.

Information You Provide Directly:

  • Identity Information: Full name, date of birth, gender, photograph
  • Contact Information: Email address, phone number, residential/business address
  • Financial Information: PAN card, Aadhaar number, bank account details, income details, investment history
  • KYC Documents: Government-issued ID, proof of address, passport-size photographs
  • Account Credentials: Username, password (stored in encrypted form)
  • Communication Data: Messages, emails, feedback, support tickets, survey responses

Information Collected Automatically:

  • IP address, browser type, operating system, device identifiers
  • Pages visited, time spent, links clicked, scroll depth
  • Referring URLs and exit pages
  • Session duration and frequency of visits
  • Geographic location (country/city level, not precise GPS)
Data Category Examples Legal Basis
Identity & KYC PAN, Aadhaar, passport, photo ID Legal obligation (SEBI/PMLA)
Financial Data Bank details, portfolio, transactions Contractual necessity
Contact Data Email, phone, address Consent / legitimate interest
Usage Data IP address, browser logs, cookies Legitimate interest / consent
Marketing Data Preferences, opt-ins, survey responses Consent

03⚙️How We Use Your Information

We use the information we collect for specific, lawful purposes only. We will never use your data in ways that are incompatible with the purposes described below:

  • Service Delivery: To create and manage your account, process transactions, and provide financial advisory and wealth management services
  • KYC & Compliance: To comply with SEBI, PMLA, RBI, and other regulatory requirements including Know Your Customer (KYC) verification and anti-money laundering checks
  • Communication: To send service-related notifications, account updates, market alerts, and respond to your queries
  • Personalization: To tailor investment recommendations, educational content, and service offerings to your financial profile and goals
  • Security: To detect, prevent, and address fraud, unauthorized access, technical issues, and suspicious activity
  • Analytics & Improvement: To understand how users interact with our platform and improve our products and services
  • Marketing: To send promotional communications about new services, events, and offers — only with your prior consent and with an easy opt-out mechanism
  • Legal Compliance: To comply with applicable laws, court orders, or government/regulatory requests
⚠️

We do not sell, rent, or trade your personal information to third-party marketers under any circumstances.

04🔗Information Sharing & Disclosure

We may share your information only in the following limited and controlled circumstances:

  • Regulatory Authorities: SEBI, RBI, AMFI, stock exchanges, depositories (NSDL/CDSL), and other statutory bodies as required by law
  • Service Providers: Trusted third-party vendors who assist us in operating our platform (payment processors, cloud hosting, email services, analytics providers) — bound by strict confidentiality agreements
  • Financial Institutions: Banks, brokers, mutual fund houses, and insurance companies necessary to execute your investment transactions
  • Professional Advisors: Legal counsel, auditors, or accountants when necessary for professional services
  • Business Transfers: In connection with a merger, acquisition, or sale of company assets — you will be notified via email and/or a prominent website notice
  • With Your Consent: Any other disclosure for which you have given us explicit prior consent

All third-party service providers are contractually required to handle your data in accordance with this Privacy Policy and applicable data protection laws.

05🛡️Data Security

Protecting your financial data is our highest priority. We implement a multi-layered security framework including:

  • Encryption: All data in transit is protected with TLS 1.3 (256-bit encryption); data at rest is encrypted using AES-256
  • Access Controls: Role-based access control (RBAC) ensures only authorized personnel can access sensitive data on a need-to-know basis
  • Two-Factor Authentication (2FA): Mandatory for all staff accounts; available and recommended for client accounts
  • Regular Security Audits: Periodic penetration testing, vulnerability assessments, and third-party security audits
  • Incident Response: A documented breach response plan with mandatory notification within 72 hours as per applicable regulations
  • Physical Security: Secure data centers with biometric access, 24/7 CCTV monitoring, and redundant infrastructure
⚠️

While we implement industry-best security measures, no method of transmission over the Internet is 100% secure. We encourage you to use strong, unique passwords and never share your login credentials.

06🍪Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform. Here is what we use and why:

Cookie Type Purpose Duration
Essential Session management, login, security tokens — required for the site to function Session
Functional Remember your preferences (language, theme, portfolio layout) 1 year
Analytics Understand usage patterns to improve our platform (e.g., Google Analytics) 2 years
Marketing Deliver relevant advertisements and measure campaign effectiveness 90 days

You can manage cookie preferences through your browser settings or via the cookie consent banner displayed on your first visit. Note that disabling certain cookies may affect the functionality of our services.

07🗃️Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, accounting, or reporting requirements.

  • Active Client Data: Retained for the duration of your relationship with TFC plus 8 years (as required by PMLA and SEBI regulations)
  • KYC Documents: Minimum 5 years from the date of cessation of the client relationship per PMLA requirements
  • Transaction Records: 10 years from the date of transaction
  • Marketing Data: Until you withdraw consent or request deletion, whichever is earlier
  • Website Usage Logs: 12 months from collection
  • Support Communications: 3 years from last interaction

Upon expiry of the applicable retention period, we will securely delete or anonymise your personal information so it can no longer be associated with you.

08⚖️Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable laws, you have the following rights regarding your personal data:

  1. Right to Access: Request a copy of the personal data we hold about you
  2. Right to Correction: Request correction of inaccurate or incomplete personal data
  3. Right to Erasure: Request deletion of your personal data (subject to legal retention obligations)
  4. Right to Withdraw Consent: Withdraw consent for processing activities based on consent at any time
  5. Right to Data Portability: Receive your data in a structured, machine-readable format
  6. Right to Grievance Redressal: Lodge a complaint with our Data Protection Officer or with the Data Protection Board of India
  7. Right to Nominate: Nominate an individual to exercise your rights in the event of your death or incapacity
📧

To exercise any of these rights, email us at privacy@tfc.in with the subject line "Data Rights Request". We will respond within 30 days. Some requests may require identity verification.

09🌐Third-Party Services & Links

Our website and application may contain links to third-party websites, payment gateways, social media platforms, and embedded content. Please be aware that:

  • We have no control over the content, privacy practices, or security of third-party sites
  • This Privacy Policy applies solely to data collected by TFC and does not extend to third-party services
  • We recommend reviewing the privacy policy of any third-party site before providing your personal information

Third-party services we commonly integrate with include: payment processors (Razorpay, PayU), cloud infrastructure providers, KYC verification services, and regulatory depository systems (NSDL/CDSL). Each is bound by their own privacy terms and applicable Indian regulations.

10👶Children's Privacy

Our services are not directed to individuals under the age of 18 years. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@tfc.in and we will promptly delete such information.

In compliance with the DPDPA, 2023, we take special precautions to ensure we do not process children's data without verifiable parental consent.

11🔄Policy Updates & Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will notify you via email to the address on file and/or a prominent notice on our website at least 30 days before the changes take effect
  • For minor changes, the updated policy will be posted on this page
  • Continued use of our services after the effective date constitutes your acceptance of the updated policy
💡

We encourage you to review this Privacy Policy periodically. You can always find the most current version at www.tfc.in/privacy-policy.

12📬Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to our Data Protection Officer:

Company TFC – The Finance Club
DPO Email privacy@tfc.in
Phone +91 98765 43210
Address Surat, Gujarat – 395001, India
Response Time Within 30 business days

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India once it is established under the DPDPA, 2023.