Nithi Trade← Back to home

Privacy Policy

Last updated: 2026-05-23

This Privacy Policy describes what data Nithi Trade collects, why we collect it, and how we handle it.

1. Data we collect

From you, directly

  • Account: name, email, phone number, password (hashed).
  • KYC: PAN, Aadhaar number, identity documents (encrypted at rest).
  • Payments: handled entirely by Razorpay; we receive only the transaction status and a customer ID — never your card number or bank details.
  • Preferences: enabled strategies, risk limits, notification settings.

From your use of the Platform

  • Trade history, positions, paper / live P&L.
  • Engine signals you saw and whether you acted on them.
  • Server-side logs (IP, user agent, request path, timestamp) retained 30 days.

From Zerodha (if you link your Kite account)

  • Your Kite user ID, name, email, broker-level holdings, orders, and tick data — received under your authorisation via Kite Connect OAuth.

2. Why we use it

  • To operate the Platform — execute paper / live trades on your behalf, render charts, generate explanations.
  • To comply with KYC and tax / audit requirements.
  • To send transactional emails (trade fills, daily digests, billing receipts).
  • To improve the Platform — anonymised aggregate analytics, never re-identified.

3. Who we share it with

We do not sell your data. We share only with service providers we need to operate:

  • Zerodha Kite Connect — for market data and order routing.
  • Razorpay — for subscription billing.
  • Resend — for transactional and digest emails.
  • Indian authorities when required by law (court order, SEBI / RBI / income tax notice).

4. Where it lives

All data is stored in PostgreSQL on a private VPS hosted in India. Backups are encrypted and retained 14 days locally. We may add off-site backup providers (in India) in future; this policy will be updated before any provider is added.

5. Security

  • Passwords stored as bcrypt hashes; we never have your plaintext.
  • KYC documents encrypted at rest with Laravel's app-key encryption.
  • Broker access tokens encrypted at rest; never logged.
  • HTTPS-only via Let's Encrypt; HSTS enabled.
  • Admin access protected by 2FA.

6. Your rights

You can, at any time:

  • Access your data — visible in the Settings, Trades, and Positions pages.
  • Export your trade history — CSV / PDF download on the Trades page.
  • Update profile fields from Settings.
  • Delete your account — email support@nithi.co.in; we remove your account and personal data within 30 days, retaining only the minimum required by law (financial records for 7 years per Income Tax Act).

7. Cookies

We use a small set of strictly-necessary cookies for authentication and CSRF protection (Sanctum session cookie, XSRF-TOKEN). No advertising or third-party tracking cookies.

8. Children

The Platform is not intended for users under 18. We do not knowingly collect data from minors. If we learn we have, we delete it.

9. Changes

Material changes to this policy will be notified by email 14 days in advance.

10. Contact

Data Protection Officer: support@nithi.co.in.

Questions about this policy? Email support@nithi.co.in.