Privacy Policy
Version 1 · Last updated 16 April 2026
This Privacy Policy (“Policy”) explains how VEST FUNDORA PRIVATE LIMITED, operating through www.vest-fundora.com (“Company”, “We”, “Us”, or “Our”), collects, processes, stores, uses, discloses, and protects your Personal Data when you access or use our Platform. This Policy is drafted in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and applicable rules. By accessing or using the Platform, you agree to this Policy.
1. Definitions
- “Personal Data” means any data that relates to an identifiable individual.
- “Data Principal” means the user whose data is processed.
- “Data Fiduciary” means the Company.
- “Processing” includes collection, storage, use, disclosure, sharing, and deletion.
- “Platform” means the website, mobile application, software, or online services of the Company.
2. Categories of Data Collected
We may collect: Startup/Investor Data (startup profile details, founder information, pitch deck, business plans, financial projections, investor preferences, accreditation/KYC documents, fundraising requirements, communication history); Account Information (name, phone number, email address); Contact Information (address, postal code, city, state); Financial Information (payment ID, transaction details via secure gateways); Technical Data (IP address, device type, browser type, OS, location data); Usage Data (pages visited, time spent, actions performed); Subscription / Service Data (membership plans, subscription history, invoices); Communications (support chats, emails, complaints); and Cookies & Tracking Data (analytics, preferences, session logs).
3. Method of Data Collection
We collect data through user submissions (information you voluntarily provide while creating an account, completing forms, submitting queries, engaging support, making purchases, or communicating with us); automatic tracking tools (IP address, browser type, OS, device identifiers, location logs if enabled, session duration, pages viewed, usage patterns, clickstream data, interaction behaviour); cookies, pixels and analytics (web beacons, tracking pixels, tags, log files, SDKs, and third-party analytics such as Google Analytics); third-party APIs (payment gateways, social login, cloud storage, communication tools, AI platforms); and registration, subscription and payment processes. Restricting automatic tracking through browser settings may limit certain features.
4. Purpose of Processing Personal Data
Your data is processed for: creating user accounts; processing orders and payments; delivering digital services (subscriptions, investor discovery tools, founder dashboards and profile tools); providing services and support; sending alerts, notifications and updates; maintaining security and fraud prevention; improving user experience; compliance with legal obligations; marketing, analytics and business operations; and platform matching & networking (connecting startups with investors, displaying profiles and opportunities, facilitating communication, verifying legitimacy, preventing fraud or fake fundraising activity).
5. Legal Basis for Processing
Data is processed under the DPDP Act, 2023 on the basis of: your free, specific, informed, and unambiguous consent; the performance of a contract or steps taken at your request prior to entering a contract; lawful and legitimate purposes permitted under applicable law (fraud prevention, security monitoring, network protection, grievance handling, due diligence, internal administration); and compliance with legal obligations, governmental directions, court orders, regulatory requirements, tax obligations, audits, investigations, or enforcement actions.
6. Consent Management
Consent must always be free, specific, informed, and unconditional, and you retain the right to withdraw consent at any time. Withdrawal applies prospectively and does not affect the legality of processing carried out prior to withdrawal.
7. User Rights Under DPDP Act
You have the right to access your personal data; correct or update inaccurate data; delete personal data (where permitted); withdraw consent; nominate a person to exercise rights in case of death or incapacity; and register a grievance with the Grievance Officer.
8. Data Retention
Personal Data is retained only for as long as necessary to fulfil the purposes for which it was collected, for the duration required under applicable tax, regulatory, or transactional laws, and until your account is closed or consent is withdrawn, subject to any mandatory legal retention requirements.
9. Data Sharing & Disclosure
We may share data only where necessary with: verification service providers; payment gateways and billing processors; cloud hosting and infrastructure providers; communication tools; analytics vendors and marketing service providers; professional advisors; regulatory bodies, courts, or government authorities where legally required; fraud prevention and security providers; and other registered Platform users (certain profile information, business summaries, startup details, investment interests, and contact request data may be visible to other users subject to account settings and permissions). We do not sell, rent, or trade your Personal Data to third parties.
9A. Confidential Startup & Investor Information. The Company may process pitch decks, founder profiles, business plans, financial projections, investor preferences, fundraising materials, cap table summaries, contact details, and other confidential commercial information submitted through the Platform. Such information shall be accessed, used, stored, or disclosed only for legitimate Platform operations, verification, matching, communication, compliance, security, or where authorized by the relevant User or required by law.
10. Data Transfer Outside India
If data is transferred internationally, it will be done under applicable legal safeguards and third-party processors must ensure adequate protection.
11. Data Security Measures
We use encryption during transmission, secure servers and firewalls, access controls, authentication protocols, and continuous monitoring for threats. However, no system is 100% secure.
12. Cookies and Tracking Technologies
The Platform uses essential cookies, performance cookies, analytics tools, tracking pixels, and advertising tags. Users may disable cookies through their browser settings, though critical functionalities may be impaired.
13. Third-Party Services
The Platform may integrate with third-party tools. We are not responsible for their data practices, privacy policies, or the security or accuracy of external websites. Users must review third-party terms separately.
14. Data Storage Location
Personal Data may be stored on servers located in India or on cloud infrastructures provided by compliant third-party service providers.
15. Children’s Privacy
We do not knowingly process data of individuals under 18 years without guardian consent.
16. Marketing & Communications
Users may receive promotional emails or notifications and may opt-out at any time. Promotional communications are sent subject to applicable consent requirements and users may unsubscribe anytime.
17. Automated Decision-Making
We may use automated tools for order processing, fraud detection, and service personalization. No decisions with significant legal impact are made without human involvement.
18. Data Breach Notification
In case of a breach, necessary steps will be taken to mitigate harm, and authorities and affected users will be informed as required by law.
19. Links to External Websites
The Platform may contain external links. The Company is not responsible for their content, accuracy, practices, or security.
20. Changes to Privacy Policy
The Company may modify this Policy anytime. Updated versions will be posted with the Last Updated date.
21. User Responsibilities
Users must provide accurate information, maintain confidentiality of login credentials, and inform the Company of unauthorized account use.
22. Grievance Officer & Contact Information
As required under the DPDP Act and IT Rules 2021, for privacy concerns or data-related requests — Email: contact@vest-fundora.com. Address: F-113, J M Nagar, Anand Nagar, P.D. Road, Vishnunagar, Thane, Maharashtra, India – 421202. Response Time: Within 30 days.
23. Governing Law & Jurisdiction
This Policy is governed by Indian law. Jurisdiction shall be Thane, Maharashtra, India.