Privacy Policy


Company (referred to as either "the Company", "We", "Us", "Our" or "the Platform" in this policy) refers to  X2A Soft Labs Private Limited and the wealth42 website.

Personal Information means any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person

Sensitive Personal Data means any information that identifies or can be used to identify an individual directly or indirectly. Examples of Sensitive Personal Data includes, but are not limited to,  Passwords, Bank Account details, Credit/debit card details, Present and past health records, Sexual orientation & Biometric data

Users (referred to as either "You", "Your", or "User" in this policy) refers to any natural or legal person who has agreed to become a service recipient on the wealth42 platform or visits the website with the intention of browsing it.

1. Introduction

1.1 The Platform is a financial tracking, execution and management tool, powered by a set of proprietary software. The Platform will help maintain Users’ financial portfolio and curate personalised strategies. The financial planning would be flexible, in order to evolve as per the Users’ preferences and needs.

The Company is committed to ensuring security of its Users’ data and being transparent about its collection and processing practices. This Privacy Policy is aimed at giving Users the most updated and comprehensive information about the personal information which is being collected, and the steps which have been taken by the Company to ensure that the collection, storage and processing meet the highest ethical standards.

1.3 By agreeing to this Privacy Policy, you agree to the terms specified under here. You may choose to discontinue accessing services of the Platform if any term(s) are disagreeable to you.

1.4 This Privacy Policy shall be binding on the Users.

1.5 For the purposes of this policy, all terms capitalised, but not defined shall have the meaning ascribed to it under the Terms of Service.

2. Minimum Age Requirement

2.1 By agreeing to this policy, Users confirm that they are at least 18 years of age. Anyone below the age of 18 is not permitted to access the services of the Company as the Company does not collect minor’s/children’s data. If the Company comes to realise that an individual not meeting this requirement has accessed the Company’s services, the Company will be suspending their account and deleting their data at the earliest. If anyone suspects that any individual not meeting this requirement has been utilising these services, they may report the same to us by filling this form.

3. Processing of Data

3.1 The Platform shall process Users’ data and provide Users with the service and to manage and improve the service, including sending of communications regarding the service. The list of data collected can be accessed here.

3.2 The Company would be processing the information mentioned in clause 3.2 inter alia for the following purposes-to develop commercial actions and carry out the maintenance and management of the relationship with the usersto create, manage and improve the services being provided by compiling anonymous statistical data and analysis for internal useto prevent fraudulent transactions, monitor activities to prevent theft and facilitate protection against criminal activityto respond to queries, suggestions or complaints made by usersto compile and share with the users any information that they may requestto comply with any (legally binding) requests made by legal/public authorities.

3.3 The legal relationship between the users and the Company emanates from the contractual relationship both the parties have consented to, for the legitimate interests of the User and the Company. The Company would act as an independent service provider for the User, and not as a service provider or agent.

3.4 Personal data of a User would be retained and processed by the Platform for the duration of the User accessing the services being provided by the Company. On the conclusion of this relationship, by withdrawal of the consent by either of the parties to be part of this relationship or otherwise, the data of the user would be retained for a period of 8 years. Post the completion of this period, all the data of the user other than what the Company is required to retain legally or for legitimate reasons shall be permanently deleted from the Company’s databases.

3.5 The data being provided by the users would be stored by third party cloud storage services, like Amazon Internet Services Private Limited and Google Cloud India Private Limited, with servers located in Mumbai, India. Users data would usually be stored in India but the Company may share this information Users’ personal data with third parties outside the jurisdiction of the User. In case  Users’ data is shared with a country that has ratified domestic data protection laws, then the information being shared would be governed by the data protection laws of the country in whose jurisdiction the data is shared. In case of a conflict between Indian regulations and the regulations of the relevant jurisdiction, the more stringent regulations will apply.

In the event that the jurisdiction in which Users’ data is being shared with does not have ratified domestic data protection laws, then the Company will comply with any draft regulations which is under consideration by the relevant governmental authority of that jurisdiction and is available in the public domain for scrutiny on data protection requirements and the requirements under Indian law. In case of a conflict between the above, the more stringent regulations will apply.

3.7 While these minimum requirements would be met for the storage and transit of data, domestic authorities might have access to the data on request as per legal requirements.

3.8 You are allowing the Company to provide access to your profile to limited internal superusers for the purpose of providing you with seamless services. Furthermore, by virtue of being referred by an agent, you hereby grant implicit consent to your agent allowing him/her to access your profile in a controlled manner. Such access to limited team members shall not be used for:
• Harassing/ bullying or intimidating the user
• Discriminating the user on the basis of race, ethnicity, national origin, religion, sex, sexual orientation, gender identity, age, disability, or any other protected characteristic.
• Commercial gains

4. Security

The Platform shall process all personal data in the strictest confidentiality and implement the appropriate technical and organisational measures as required by applicable regulations. The Platform uses industry standard encryption to protect any and all data in transit.

5. Code of Conduct

Following are the measures the Privacy Policy ensures you of-

None of the employees of the Company can read emails/text messages Users provide the Platform access to. Relevant information in relation to processing User’s financial profile would be accessed only by the AI. This would not include any information which Users share directly to the employees of the Company through emails, calls or texts, or information which the Users consent to sharing with Financial Advisers, Financial Institutions and Investment Professionals in relation to the services.

Only the Platform’s software will be utilising the permissions which the application would ask for.

5.3 The Company will not share your browsing data with any third parties other than for improving the services.

5.4 Information in relation to or in the process of accessing services of the Company may be communicated through specific Vendors who provide specialised services. This information shall be retained as per the laws applicable and policies of the Vendors.

6. Right to Forget/Erasure

6.1 Users may at all times exercise their right to forget/erasure to have all information they have directly or indirectly provided to the Platform to be erased from the Company’s databases. To do the same, Users may fill this form.

6.2 All data on the Company’s databases will be deleted within the 30 days of receiving the request for erasure. However, the Company would retain any information it is required to retain as per domestic laws.

6.3 Users may after cancellation or withdrawal of their registration, exercise their right to forget/erasure to have all information they have directly or indirectly provided to the Platform to be erased from the Company’s databases. To do the same, Users may fill this form.

6.4 All data on the Company’s databases will be deleted after 180 days of receiving the request for erasure. However, the Company would retain any information it is required to retain as per domestic laws.

7. Data Portability

7.1 Users may at all times exercise their rights to access, rectification, erasure and restriction of processing. For accessing this service, Users may fill this form.

7.2 Users may request and obtain from the Company once a year their information which is available to the Platform in a comprehensible format. This would be a free service which the Company offers.This would also include information about categories of personal information the Platform had disclosed to third parties. Users may submit their request by filling this form.

8. Sensitive Personal Data

8.1 For following best practices and comply with domestic laws, the Company has categorized these kinds of personal data as “Sensitive Personal Data”.

8.2 Sensitive Personal Data, as categorized under clause 8.1 would be subject to special protections to ensure safeguarding of personal data which the Company and Users value more owing to its sensitive nature.

8.3 The protection for sensitive personal data would be afforded to only data which would be submitted through the Platform and would exclude any information which is supplied through any other means including snail mail, email to a personnel's mailbox or chat on a social channel.

9. Right to Opt-out

9.1 If Users do not want the Company to be sharing their Personal Information then they may request to “opt-out” anytime, with the request being fully executed within 30 days. Opt out is not tiered and partial discontinuation of services or restriction on provision of certain kinds of data from the User’s side would not be accommodated. Opt out is a termination of account and constitutes a complete exit from all of the Company's services.  The Company will remove any data which is not required by law to be retained as per this Privacy Policy.

9.2 The option to opt-out should be exercised with caution as the Company’s policy stipulates waiting for a minimum period of 12 months before allowing a User, who opts-out from the Platform and/or Company’s services, to access the Platform or Company’s services again. The Company is not able to sell any information for any of the User’s convenience to any third party if the User decides to opt-out. The Company does not collect any data that the User has opted out of.

10. Disclaimer

10.1 Any Data once deleted, under Clause 6 or Clause 9 of the Privacy Policy or otherwise, will not be retrievable. The Company shall not be responsible for any data lost thereby, nor would it be liable for any.

10.2 As per the The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Company may disseminate certain information of the Users, under its control or possession, not later than seventy two hours of the receipt of an order, from a Government agency which is lawfully authorised for investigative or protective or cyber security activities, for the purposes of verification of identity, or for the prevention, detection, investigation, or prosecution, of offences under any law for the time being in force, or for cyber security incidents.

10.3 While all reasonable measures are being taken by the Company to protect the data, no security measures are perfect or impenetrable. Any and all personal information disclosed online is vulnerable to interception and misuse by unauthorized parties. Hence, the Company does not take complete guarantee of the security of the Users’ personal information, nor would be liable for any such interception.

11. Advertisements and Third Party Vendors

11.1 The Company does not sell, trade or otherwise transfer information to third parties without prior notice. This does not include the Company's website hosting partners, and other partners who help in conducting the business, operating the website or serving the Users. Information may be nonpublic personal information may be released to third parties to comply with relevant domestic laws. Information may also be shared for marketing and advertising purposes.

11.2 The Company may use any other application or website that may require us to extract data from you for the use of tracking services to track user behavior which will help us in understanding and making the product better. There may be use of account aggregation services upon giving the User’s consent which will give the Company access to some or all of the User’s financial information across providers on each platform. The Company does not intend to disclose the Users’ details to third parties without the User’s prior consent. The Company will engage with services of external accounts or financial advisers in order to serve the User only upon confirmation and consent to such disclosure.

11.3 The Company collaborates with various third party vendors to improve and supplement the services being provided to the Users. The Users can access the list of such third parties here.

11.4 Notwithstanding User's registration with National Do Not Call Registry ( In Fully or Partly blocked category under National Customer Preference Register set up under Telecom Regulatory Authority of India), User hereby expresses his interest and accord its willful consent to receive communication (including commercial communication) in relation to the company name. The User further confirms that any communication, as mentioned hereinabove, shall not be construed as Unsolicited Commercial Communication under the TRAI guidelines and User has specifically opted to receive communication in this regard on the telephone number provided by the User.

12. Cookies

Information regarding and operation of any cookies in relation to Users or visitors of the website/application has been consented to by the individual concerned in the Visitor’s Notice.

13. Information regarding updates

The Company possesses the right to modify this privacy policy at any moment. An updated privacy notice shall be sent annually or otherwise when there is a material change in this policy. For any queries or requests in relation to privacy policy, please fill this form.

14. Grievance Officer

Any complaints, abuse or concerns with regards to the use, processing and disclosure of Information provided by the Users or breach of these terms or any applicable law should immediately be informed to the designated Grievance Officer: Astha Gupta

The Users may lodge a complaint against violation of the provisions of statutory law or any matters pertaining to the computer resources made available by the Company by filling this form.

The Grievance Officer shall acknowledge the complaint within twenty four hours and dispose off such complaint within a period of fifteen days from the date of its receipt