A
ARTHA

Privacy Policy

Last updated: March 9, 2026

Overview

ARTHA ("we", "us", "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what data we collect, how we use it, and your rights as a user. This policy is drafted in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) of India and other applicable data protection laws.

Data We Collect

We collect the following categories of personal data:

Account Information

  • Name and email address (provided during registration)
  • Authentication credentials (managed via Supabase Auth)
  • Subscription status and billing history

User-Entered Financial Data

  • Watchlists and stock preferences
  • Portfolio holdings and transactions (if manually entered by you)
  • Alerts and screener configurations
  • Notes and custom analyses

Usage and Technical Data

  • Pages visited, features used, and interaction patterns
  • Search queries and AI prompts
  • Device type, browser, operating system, and screen resolution
  • IP address and approximate geographic location
  • Session duration and frequency of use

How We Use Your Data

  • Provide, operate, and maintain the financial terminal services
  • Personalize your experience (watchlists, preferences, AI context)
  • Process subscription payments via Razorpay
  • Send service-related communications (account alerts, billing updates)
  • Analyze usage patterns to improve platform features and performance
  • Ensure account security and prevent unauthorized access
  • Comply with applicable legal and regulatory requirements

Portfolio Data Protection

We do not share, sell, or disclose your portfolio data, watchlists, or any user-entered financial information to any third party. Your portfolio holdings, transaction history, and investment preferences are strictly private and are only used to provide you with the services you have requested. This data is never used for advertising, profiling, or any purpose beyond delivering your personalized ARTHA experience.

Data Storage and Security

Your data is stored securely using the following infrastructure:

  • Supabase -- PostgreSQL database for application data, authentication, and user-generated content. Supabase provides row-level security, encrypted connections, and SOC 2 Type II compliant hosting.
  • Vercel -- Application hosting with edge network distribution and automatic HTTPS encryption.

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. We implement industry-standard security measures including access controls, regular security reviews, and monitoring for unauthorized access attempts.

Cookies and Analytics

We use cookies and similar tracking technologies for the following purposes:

Essential Cookies

Required for authentication, session management, and core functionality. These cannot be disabled without affecting your ability to use the Service.

Analytics Cookies

We use the following analytics services to understand how users interact with our platform:

  • Google Analytics 4 (GA4) -- Website traffic analysis, user acquisition channels, and aggregate usage metrics
  • PostHog -- Product analytics, feature usage tracking, funnel analysis, and session replay for debugging
  • Microsoft Clarity -- Heatmaps and session recordings to improve user experience and interface design

You can manage your cookie preferences through the cookie consent banner displayed on your first visit, or through your browser settings. Each analytics provider operates under their own privacy policy.

Third-Party Services

In addition to the analytics services listed above, we integrate with:

  • Razorpay -- Payment processing for subscriptions. We do not store your credit card, debit card, or UPI details. All payment data is handled directly by Razorpay in accordance with PCI DSS standards.
  • Supabase Auth -- Authentication and identity management, including email/password and social login providers.

We do not sell your personal data to any third party. Data shared with third-party service providers is limited to what is necessary to deliver the Service.

Your Rights Under DPDPA 2023

Under the Digital Personal Data Protection Act, 2023 (India), you have the following rights as a Data Principal:

  • Right to Access -- Request a summary of your personal data being processed and the processing activities
  • Right to Correction -- Request correction of inaccurate or misleading personal data
  • Right to Erasure -- Request deletion of your personal data when it is no longer necessary for the purpose it was collected, subject to legal retention requirements
  • Right to Grievance Redressal -- Lodge a complaint with us or with the Data Protection Board of India if you believe your data rights have been violated
  • Right to Nominate -- Nominate another individual to exercise your data rights in the event of your death or incapacity

To exercise any of these rights, contact us at privacy@artha.in. We will respond to your request within 30 days.

Data Export and Deletion

You may request a full export of your data (account information, watchlists, portfolio data, and preferences) at any time by contacting us at privacy@artha.in. We will provide your data in a structured, machine-readable format (JSON or CSV) within 15 business days.

If you choose to delete your account, we will permanently remove your personal data within 30 days, except where retention is required for legal, tax, or regulatory compliance. Analytics data collected prior to deletion is retained in anonymized, aggregated form that cannot be linked back to your identity.

Data Retention

We retain your personal data only for as long as it is necessary to fulfil the purposes outlined in this policy:

  • Account data is retained for as long as your account is active
  • Payment records are retained for 7 years as required by Indian tax regulations
  • Usage analytics are retained for 24 months in identifiable form
  • Server logs are retained for 90 days for security and debugging purposes

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a prominent notice on the Service at least 30 days before they take effect. Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes.

Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDPA 2023, the details of our Grievance Officer are as follows:

ARTHA -- Grievance Officer
Email: privacy@artha.in
Response time: Within 30 days of receiving a complaint

Contact

For questions about this Privacy Policy or your personal data, contact us at:

ARTHA
Email: privacy@artha.in
Website: artha.in