Privacy Policy

Last Updated: May 20th, 2026

Welcome to Flyweal Labs Pvt Ltd ("Flyweal", "we", "our", or "us"). We are committed to protecting the privacy and security of the personal and financial data of both our Registered Investment Advisers ("RIAs" or "Partners") and the retail investors ("Clients" or "Users") who use our platform.

This policy outlines how we collect, use, and protect your data in compliance with the Digital Personal Data Protection Act (DPDPA), 2023, and the Securities and Exchange Board of India (SEBI) guidelines.

1. Information We Collect

Because Flyweal operates a dual-sided WealthTech ecosystem, we collect different data depending on your role.

For RIAs (Partners):

• Identity & Credential Data: Name, business address, SEBI Registration Number, PAN, GSTIN, and professional qualifications.

• Practice Data: Total Assets Under Advice (AUA), client roster, fee structures, and operational metrics.

• Billing Information: Bank account details and payment methods for your SaaS subscription.

For Clients (Retail Investors):

• Identity & KYC Data: Name, email, phone number, PAN, and demographic details.

• Financial Data (Consent-Driven): Through the RBI-regulated Account Aggregator (AA) network, we collect real-time data on your mutual funds, stocks, bank balances, and insurance policies. This is only collected with your explicit, revocable digital consent.

• Behavioral & Profiling Data: Risk tolerance scores, investment goals, and suitability assessment responses.

2. How We Use Your Data

We use your data strictly to operate the Flyweal "Wealth OS" and provide our services.

For RIAs: To verify your SEBI standing, facilitate client matchmaking, calculate tiered billing, and generate compliance audit trails. For Clients: To create your 360° financial dashboard, route your execution orders to your connected brokers (e.g., Zerodha, Upstox), and allow your matched RIA to monitor your portfolio.

How our Agentic AI uses Data: Flyweal’s proprietary "Strategy Studio" uses Client financial data to generate draft financial plans, asset allocations, and tax-harvesting strategies.

• Zero External Training: Your personal financial data is strictly siloed. It is never used to train public AI models (like ChatGPT, Claude or Gemini).

• Human-in-the-Loop: The AI only generates drafts. No automated advice is sent to a Client without explicit review, validation, and approval by their human SEBI-registered RIA.

3. Data Sharing & Third Parties

Flyweal does not sell, rent, or lease your personal or financial data. We share data only to facilitate your chosen services:

• Between Client and RIA: A Client’s financial data is shared seamlessly with their chosen RIA to facilitate fiduciary advice.

• Execution Brokers: If a Client clicks "Execute", relevant trade data is routed via secure Broker APIs.

• Regulatory Bodies: We may disclose data to SEBI or other legal authorities if required by law, or to assist RIAs in their mandatory compliance audits.

4. Data Security & Retention

We employ bank-grade, 256-bit encryption for all data at rest and in transit. Financial data synced via the Account Aggregator network is encrypted end-to-end. As required by SEBI regulations, we retain digital audit trails, risk profiling, and communication logs for a minimum of five (5) years, even if an account is closed.

5. Your Rights & Consent Revocation

Under the DPDPA, you have the right to access, correct, or request the deletion of your personal data.

• Account Aggregator Consent: Clients can revoke Flyweal’s access to their live financial data at any time via the AA portal or their Flyweal Action Center. Revoking access will stop live tracking but will not delete historically generated advisory reports.

Contact Our Grievance Officer: For data privacy concerns, email: support@flyweal.com