Privacy Policy

1. Who We Are

MoneyBag Capital Distribution ("we", "us", "our") is an AMFI-registered Mutual Fund Distributor (ARN-332819) headquartered in Guwahati, Assam, India. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit moneybag.in or use our services.

By accessing our website or engaging our services, you consent to the practices described in this Policy. If you do not agree, please discontinue use of our website and services.

2. Legal Framework

This Policy is framed in compliance with:

• Information Technology Act, 2000 and the IT (Reasonable Security Practices and Sensitive Personal Data or Information) Rules, 2011
• Digital Personal Data Protection (DPDP) Act, 2023 (provisions effective as notified)
• Prevention of Money Laundering Act, 2002 (PMLA) and PML (Maintenance of Records) Rules, 2005
• SEBI (Mutual Funds) Regulations, 1996
• AMFI Code of Conduct for Mutual Fund Distributors (revised April 2022)

3. Information We Collect

3.1 Personal and Sensitive Personal Data

• Identity: full name, date of birth, gender, nationality, PAN
• Contact: postal address, email address, mobile number
• Financial identifiers: bank account details, payment instrument details
• KYC documents: address proof, income proof, photograph, signature
• KYC data retrieved from SEBI-authorised KYC Registration Agencies (KRAs) such as CAMS KRA, CDSL Ventures, NDML, and NSDL
• Nominee details and risk profile questionnaire responses
• Transaction records: investment amounts, scheme names, SIP mandates, redemption history
• Demat account details (if applicable)

3.2 Aadhaar Handling

Aadhaar-based e-KYC is voluntary. If used, only the last four digits of the Aadhaar number are retained. Full 12-digit Aadhaar numbers are never stored, in accordance with UIDAI directives.

3.3 Technical / Non-Personal Data

• IP address, browser type, operating system, device identifiers
• Cookies, session tokens, referral URLs, pages visited, time on site
• Location data (only with your explicit consent)

4. How We Use Your Information

• Processing and executing mutual fund investment transactions (SIP, lumpsum, redemption, switch)
• KYC registration and verification as required by SEBI, AMFI, and PMLA
• Account creation, maintenance, and investor servicing
• Sending transaction confirmations, account statements, and regulatory notices
• Compliance with statutory obligations including AML/CFT reporting to FIU-IND
• Central KYC registration with CERSAI / Central KYC Records Registry
• Fraud detection, prevention, and investigation
• Responding to investor queries and grievances
• Marketing communications about our services (with opt-out available at any time)
• Internal analytics to improve our services

5. Data Sharing

We share your information only to the extent necessary to facilitate your investments and meet regulatory obligations. Recipients include:

• Registrar and Transfer Agents (RTAs): CAMS, KFintech
• Asset Management Companies (AMCs) where your investments are placed
• KYC Registration Agencies (KRAs) and CERSAI (Central KYC Records Registry)
• Banks and payment aggregators for transaction processing
• Depositories (NSDL, CDSL) if you hold demat-based units
• Technology service providers (hosting, email, CRM) under strict confidentiality agreements
• SEBI, AMFI, income tax authorities, FIU-IND, law enforcement — when required by law or court order

We do not sell, rent, or disclose your personal data for third-party marketing purposes.

6. Data Security

We implement industry-standard technical and organisational measures to protect your data, including SSL/TLS encryption for data in transit, restricted access controls, and confidentiality obligations for all personnel and service providers. Data is stored on servers located in India.

While we take all reasonable precautions, no system is completely immune to breaches. We are not liable for data breaches resulting from events beyond our reasonable control (such as cyberattacks despite adequate safeguards), provided we take prompt remedial action.

7. Data Retention

KYC documents and transaction records are retained for a minimum of five years from the date of the last transaction, as mandated by PMLA Rule 3. Records may be retained longer if required by ongoing regulatory proceedings or applicable law. Upon expiry of the retention period, data is securely deleted or irreversibly anonymised.

8. Cookies

Our website uses session cookies (essential for functionality), persistent cookies (for your preferences), and analytics cookies (to understand usage patterns). You may disable cookies in your browser settings; however, some features may not function correctly. We do not use cookies to collect sensitive personal or financial data.

9. Your Rights

Subject to applicable law and regulatory retention requirements, you have the right to:

• Access: request a copy of personal data we hold about you
• Correction: request rectification of inaccurate or incomplete data
• Withdrawal of consent: opt out of marketing communications at any time
• Erasure: request deletion of data not required to be retained under PMLA, SEBI, or other applicable law
• Grievance redressal: lodge a complaint with our Grievance Officer (see Section 11)

Under the Digital Personal Data Protection (DPDP) Act, 2023, you are entitled to information about processing, correction, erasure, and grievance redressal as and when the relevant provisions are operationalised.

10. Third-Party Links

Our website may contain links to third-party websites (e.g., AMC portals, AMFI, SEBI). We are not responsible for the privacy practices or content of those websites. We encourage you to review their privacy policies independently.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The revised Policy will be posted on this page with an updated effective date. Continued use of our website after the changes constitutes your acceptance of the revised Policy.

12. Grievance Officer

As required under the IT (Reasonable Security Practices) Rules, 2011, we have appointed a Grievance Officer to address privacy-related concerns: