1. INTRODUCTION

1.1 LEGAL BASIS AND APPLICABILITY

This Privacy Policy (“Policy”) is published and made available in compliance with the provisions of Section 43A of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and the Digital Personal Data Protection Act, 2023 (“DPDP Act”), to the extent applicable and enforceable. Fundist Technologies Private Limited also endeavors to align its privacy practices with internationally accepted data protection principles, including certain principles under the General Data Protection Regulation (EU) 2016/679 (“GDPR”), wherever applicable.

1.2 ENTITY OPERATING THE PLATFORM

This Policy pertains to the processing of personal data by Fundist Technologies Private Limited, a company incorporated under the Companies Act, 2013, having its registered office at 3rd Floor, BPTP Centra One, Sector 61, Gurgaon, Haryana 122011 (hereinafter referred to as “Fundist”, “we”, “our” or “us”, which expression shall, unless repugnant to the context or meaning thereof, be deemed to include its successors and permitted assigns). Fundist is the owner and operator of a proprietary web-based platform (“Platform”), which serves as a facilitative interface enabling interactions between (i) individuals, founders, entrepreneurs or corporate entities seeking to raise capital (“Founders”), and (ii) angel investors, family offices, venture capital firms, syndicates, corporates, private equity firms, incubators, accelerators, educational institures, non profit organizations, foundations, trust funds, banks, NBFCs, venture debt funds, accredited individuals or any other individuals or institutions seeking to invest, loan, grant, award or seeking any other financial or non financial interest in Founders or other Users of the Plaform  (“Investors”).

1.3 NATURE OF SERVICES

Fundist merely provides technological access to the Platform and assumes a facilitative role in enabling Founders and Investors to discover and interact with each other. Fundist expressly disclaims any fiduciary, advisory, broker, or intermediary responsibility in respect of the communications, negotiations, decisions, or transactions that may arise between Founders and Investors independent of Fundist’s involvement. Fundist does not provide investment advice, valuation services, due diligence services, or any professional financial consultation.

1.4 SCOPE AND ACCEPTANCE

This Policy sets out the manner in which Fundist collects, receives, stores, processes, uses, discloses, transfers, and protects personal data or sensitive personal data or information (collectively, “Personal Data” or “Data”) submitted or made available by users of the Platform, whether registered or unregistered, including but not limited to natural persons, authorized signatories, employees, agents, representatives, directors, partners, and other associated individuals (“User”, “you” or “your”). This Policy is an electronic record generated by a computer system and does not require any physical or digital signature.

By accessing, browsing, registering, submitting information through, or otherwise using the Platform in any manner whatsoever, you voluntarily provide your express, free, informed, and unambiguous consent to the collection and processing of your Personal Data in accordance with this Policy. If you do not agree to be bound by any provision herein, you are advised to refrain from accessing or using the Platform. Fundist shall not be liable for any consequences arising from such refusal.

1.5 BINDING EFFECT AND RELATIONSHIP TO OTHER AGREEMENTS

This Policy shall be read in conjunction with the Terms and Conditions or any other contractual document that may be executed between Fundist and the User. In the event of any conflict or inconsistency between the provisions of this Policy and any other agreement, the terms of this Policy shall prevail solely in respect of Personal Data and data protection obligations, unless expressly overridden by such agreement and to the extent permitted under applicable law.

1.6 MODIFICATIONS AND USER RESPONSIBILITY

Fundist reserves the unilateral right to update, revise, amend, or modify this Policy at its sole discretion, without prior notice. Such modifications shall be deemed effective upon publication on the Platform. It is your sole responsibility to review the Policy periodically and remain informed of any changes. Your continued access or use of the Platform after such publication shall be deemed to constitute your acceptance of the revised Policy.

1.7 GRIEVANCE REDRESSAL

In accordance with Rule 5(9) of the SPDI Rules, any questions, concerns, or grievances relating to the processing of your Personal Data, or requests for exercise of rights under applicable data protection laws, may be addressed to the designated Grievance Officer or Data Protection Officer at the following contact details:
privacy@fundist.in 

2. DATA WE COLLECT

2.1 Categories of Information Collected

(A) PERSONALLY IDENTIFIABLE INFORMATION (PII)

Fundist may collect and process such information that directly or indirectly identifies or may be used to identify a natural person, including but not limited to:

1. Full name, contact number, email address, residential and official address;
2. Government-issued identification documents such as Permanent Account Number (PAN), Aadhaar Number, passport, voter ID, or driving license;
3. Know Your Customer (KYC) documentation including proof of identity and proof of address;
4. Financial and professional background including employment details, qualifications, designation, and net worth statements;
5. Financial data such as bank statements, company financials, management information systems (MIS) reports, and other similar documents, as applicable;
6. Business, entity, or corporate details of Founders or Investors including company incorporation documents and shareholder data;
7. Documents and proprietary content voluntarily provided including business plans, investment memorandums, pitch decks, strategic presentations, financial projections, and related materials;
8. Social media or digital profile information, if voluntarily disclosed;
9. Communication records such as email correspondences, transcripts of virtual meetings, messaging interactions, Chats, call recordings, and other information exchanged through the Platform.
10. Data obtained from publicly available sources, including but not limited to websites and social media platforms.

2.2 Modes and Means of Collection

The above categories of data may be collected through one or more of the following mechanisms:

1. Directly from the User at the time of registration or onboarding;
2. Through forms, surveys, documentation uploads, declarations, or submission of information in response to requests raised by Fundist;
3. When the User participates in fundraising opportunities, completes KYC/AML compliance, engages in investor communication, or submits investment-related documents;
4. Automatically, when the User visits, navigates, interacts with, or utilizes features of the Platform, including through passive data collection tools;
5. Through integration with third-party service providers (e.g., e-signature platforms, payment processors, or video conferencing tools), subject to your consent and applicable terms.

2.3 User Responsibility and Legal Compliance

You represent and warrant that any data or information submitted to Fundist shall be lawful, accurate, complete, current, and not misleading, and that you are duly authorised to submit such data, including any third-party data. Fundist shall not be liable for the accuracy or authenticity of the information provided by you. You further undertake to update your information as and when any changes occur and agree that failure to do so may result in suspension or termination of your access to the Platform.

2.4 Lawful Basis for Collection

All data collected shall be processed on one or more lawful bases as provided under applicable data protection legislation, including:

1. With your explicit consent;
2. Where necessary for the performance of a contract or to take steps at your request prior to entering into a contract;
3. Where processing is required for compliance with a legal obligation;
4. Where processing is necessary for the purposes of the legitimate interests pursued by Fundist or by a third party, provided such interests are not overridden by your fundamental rights and freedoms.

“Legitimate Interests” shall mean the interests pursued by Fundist, or by any third party, in the proper administration, development, protection, and promotion of its business and operations, which may include, without limitation: ensuring the security, integrity, and proper functioning of the Platform and related services; preventing and detecting fraud, misuse, or other unlawful activities; conducting statistical analysis, market research, and data analytics; facilitating business development, innovation, and service improvement; maintaining and strengthening business relationships; and undertaking direct marketing or promotional activities relating to Fundist’s offerings, provided always that such interests are not overridden by the fundamental rights and freedoms of the data subject, as safeguarded under applicable data protection laws and regulations.

3. PURPOSE OF COLLECTION AND USE OF PERSONAL DATA

1. Fundist collects, stores, processes, and utilizes Personal Data for legitimate interests and lawful purposes, in accordance with applicable data protection legislation and regulatory frameworks. Such purposes include, inter alia, the facilitation of Users’ access to and use of the Platform, including enabling introductions, deal origination, negotiation, closure activities, and related functions that are integral to the Platform. For these purposes, Fundist may collect information customarily known as Know Your Customer (KYC) and Anti-Money Laundering (AML) data—not strictly for verification or authentication of Users’ identities, but principally to enable the operation, administration, and use of the Platform and its associated services in compliance with applicable legal and industry standards.
2. The Personal Data may further be processed for the provision, maintenance, optimization, and personalization of the Platform; the initiation, tracking, and management of communications and business interactions; and the transmission of system-generated notifications, transactional communications, service updates, and, where permitted by applicable law or consented to by the User, promotional or marketing content.
3. Additionally, Fundist may process Personal Data to ensure compliance with its obligations under applicable statutes, rules, regulations, judicial or quasi-judicial orders, governmental directives, or law enforcement requirements. Fundist may also process such data to monitor, detect, investigate, and prevent fraudulent, malicious, or unauthorized activities on the Platform, or conduct that contravenes Fundist’s Terms and Conditions, Privacy Policy, or other governing documents.
4. Furthermore, Fundist may use Personal Data for internal research, analytics, performance monitoring, market assessment, and for enhancing the usability, functionality, and security of the Platform. All such processing shall be undertaken on lawful grounds, including but not limited to: the User’s consent (where applicable); the performance of a contract; compliance with legal obligations; and/or the pursuit of Fundist’s legitimate interests, provided such interests do not override the fundamental rights and freedoms of the data subject.

4. LEGAL BASIS AND CONSENT

Fundist processes Personal Data strictly in accordance with the lawful bases prescribed under applicable data protection and privacy legislation. Such processing is undertaken based on:

(i) the explicit, informed, and voluntary consent of the data subject, where such consent is mandated;
(ii) the necessity of processing for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
(iii) compliance with a legal or regulatory obligation to which Fundist is subject; and
(iv) the pursuit of Fundist’s legitimate interests, including but not limited to ensuring the functionality and security of the Platform, provided such interests do not override the fundamental rights and freedoms of the data subject. In respect of Sensitive Personal Data or Information (SPDI), including but not limited to financial details, identity verification documents, and biometric identifiers (if any), Fundist undertakes such processing solely upon receipt of express and affirmative consent from the User, which shall be obtained during the onboarding process or at the time of uploading relevant documentation to the Platform. The User shall retain the right to withdraw such consent at any time, subject to contractual and legal limitations, it being clarified that such withdrawal shall not affect the lawfulness of any processing carried out prior to such withdrawal.

5. SHARING AND DISCLOSURE OF PERSONAL DATA

Fundist does not sell, lease, license, trade, or otherwise commercially exploit any Personal Data or Sensitive Personal Data or Information (SPDI) belonging to Users.

Disclosure of such data shall occur solely under limited and legally permissible circumstances, as enumerated below, and always subject to appropriate contractual, technical, and organizational safeguards:

(i) Intra-Group Transfers and Service Providers: Personal Data may be shared within Fundist’s corporate group and with duly appointed third-party service providers (including but not limited to Amazon Web Services, data analytics platforms, IT security service providers, and payment gateway processors), solely for the purpose of enabling Platform operations and under legally binding confidentiality, data protection, and restricted use obligations.

(ii) Financial Institutions: Personal Data may be disclosed to scheduled banks, non-banking financial companies (NBFCs), and regulated financial intermediaries, only where the User has voluntarily applied for or consented to the provision of loans, credit products, or related services.

(iii) Compliance with Law: Fundist may disclose Personal Data to governmental authorities, regulators, law enforcement agencies, or courts of competent jurisdiction where such disclosure is required by applicable statute, rule, regulation, directive, subpoena, or judicial/quasi-judicial order.

(iv) Enforcement and Fraud Prevention: Fundist reserves the right to disclose data where reasonably necessary for the purposes of detecting, preventing, investigating, or taking action against fraud, data breaches, cybersecurity threats, abuse of the Platform, violations of Fundist’s terms and conditions, or applicable legal provisions.

(v) Consent-Based Disclosure: Fundist may share certain Personal Data, including but not limited to investment documents or pitch decks, with expressly identified third parties where the User has provided prior, specific, informed, and unambiguous consent for such disclosure.

(vi) Users and Investors: Fundist may disclose data to other Users and Investors of the Platform for successfully facilitating the intended use of the Platform.

6. DATA SUBJECT RIGHTS

Subject to the provisions of applicable data protection legislation, including the Information Technology Act, 2000 read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (as amended), and/or any successor legislation thereto, Users shall have the following rights with respect to their Personal Data:

(i) Right of Access – The right to obtain confirmation as to whether Fundist is processing Personal Data concerning the User, and where such is the case, access to such data and associated processing information.

(ii) Right to Rectification – The right to request the correction or updating of inaccurate or incomplete Personal Data without undue delay.

(iii) Right to Erasure (Right to be Forgotten) – The right to request the deletion of Personal Data in circumstances where the data is no longer necessary for the purposes for which it was collected, or where the User has withdrawn consent, subject to applicable legal retention obligations.

To exercise the aforementioned rights or to submit a request for erasure of data, Users may contact Fundist at privacy@fundist.in, or through the Platform’s designated grievance redressal or support interface.

7. COOKIES AND TRACKING TECHNOLOGIES

Fundist utilizes first-party and third-party cookies, web beacons, pixel tags, and other similar tracking technologies (“Tracking Technologies”) for the following purposes:

1. To identify and authenticate User sessions, devices, and usage patterns across the Platform.
2. To enable, optimize, and personalize the technical functionality, responsiveness, and performance of the Platform and its features.
3. To collect aggregated usage statistics, analyze trends, and inform product development, system diagnostics, and service enhancement initiatives.
4. Users may exercise control over the deployment of certain Tracking Technologies through browser-level cookie management settings. However, Users acknowledge that disabling or restricting cookies may impair or restrict access to certain functionalities or features of the Platform.
5. Fundist disclaims any control over third-party cookies or similar technologies deployed by external service providers or integrated partners. The processing of data via such third-party technologies shall be governed exclusively by the privacy policies of the respective third parties.

8. MINORS AND AGE RESTRICTIONS

The services and features made available on the Platform operated by Fundist are intended solely for the use and access of individuals who have attained the age of eighteen (18) years or above and are legally competent to contract under applicable laws in India, including but not limited to the provisions of the Indian Contract Act, 1872. Fundist does not knowingly solicit, collect, store, or process any personal data or sensitive personal data or information (SPDI) from individuals who are under the age of eighteen (18) years. In the event that it comes to the knowledge of Fundist, through any reasonable means or notification, that it has collected or is in possession of data belonging to a minor or a person otherwise not competent to contract, Fundist shall, to the extent permitted by law, promptly delete or render such data inaccessible from its records and systems. If you are the parent or legal guardian of a minor who you believe has submitted personal data to Fundist, you are requested to immediately contact the Data Protection Officer at privacy@fundist.in to facilitate appropriate remedial action in accordance with applicable data protection laws.

9. THIRD-PARTY LINKS, SITES, AND SERVICES

9.1 Hyperlinking to External Platforms

The Platform may contain hyperlinks, redirections, APIs, plugins, or embedded functionalities that lead you to websites, services, or applications operated by third parties (“Third-Party Sites”). These Third-Party Sites are not owned, controlled, or operated by Fundist and are provided solely for your convenience or functionality enhancement.

9.2 No Endorsement or Control

The inclusion of any such Third-Party Sites or services does not constitute or imply endorsement by Fundist of the content, practices, or privacy standards followed by such third parties. Fundist makes no representations or warranties, express or implied, regarding the availability, accuracy, security, or content of such Third-Party Sites. You access such sites entirely at your own risk and discretion.

9.3 Independent Privacy Policies

Each Third-Party Site shall have its own independent terms of service and privacy policy governing the collection, use, and disclosure of your information. Fundist strongly advises you to review such terms and policies before interacting with, submitting data to, or transacting on such Third-Party Sites. Fundist shall not be responsible or liable for any data breach, loss, misuse, or unauthorized access arising out of your use of such external links or sites.

10. DATA BREACH RESPONSE AND NOTIFICATION MECHANISM

10.1 Definition and Applicability

For the purposes of this Clause, a “Data Breach” shall mean any unauthorized or unlawful access, acquisition, disclosure, alteration, loss, destruction, or misuse of Personal Data or Sensitive Personal Data or Information stored or processed by Fundist , whether accidental or intentional, that compromises the confidentiality, integrity, or availability of such data.

10.2 Commitment to Notification

In the event that Fundist becomes aware of or has reason to believe that a Data Breach has occurred which is likely to result in harm to you or affect your privacy rights, Fundist shall:

• Promptly assess the scope, nature, and impact of such breach;
• Take immediate and reasonable steps to contain, investigate, and mitigate the breach;
• Notify the affected User(s) via email or in-Platform communication, and, where required under law, notify the relevant government authority, data protection board, or regulatory body;
• Such notification shall, to the extent feasible, be made within seventy-two (72) hours of the discovery of the breach, or such shorter period as may be mandated under applicable law, including the DPDP Act, 2023 (once notified).

10.3 Contents of Notification

The notification shall contain, inter alia:

• A summary description of the breach incident;
• The categories of Personal Data or SPDI involved;
• Measures taken or proposed to be taken to address the breach;
• Recommendations for you to mitigate any potential adverse effects;
• Contact details of the designated Grievance Officer or Data Protection Officer.

10.4 Cooperation with Authorities and Users

Fundist shall fully cooperate with law enforcement authorities, regulators, and affected Users in connection with any breach investigation. Fundist may, where reasonably necessary, temporarily restrict access to certain services, disable specific functionalities, or implement additional authentication mechanisms until the breach is fully addressed.

10.5 Limitation of Liability

While Fundist undertakes to implement industry-standard security practices and maintain a robust incident response framework, Fundist shall not be held liable for breach incidents that occur due to force majeure events, User negligence, or third-party service provider failures, provided reasonable safeguards were in place. 

11. UPDATES TO POLICY

 We may update this policy periodically. The “Effective Date” will change on the top page. Continued use after updates implies acceptance. We encourage you to review this document regularly.

12. CONTACT INFORMATION

For privacy inquiries, data subject requests, or complaints:
Email: privacy@fundist.in

Address: Fundist Technologies Private Limited, 3rd Floor, BPTP Centra One, Sector 61, Gurgaon, Haryana 122011

13. GOVERNING LAW & DISPUTE RESOLUTION

This policy is governed by Indian law. Disputes will be resolved via arbitration under the Arbitration and Conciliation Act, 1996, as amended and New Delhi jurisdiction will apply.

14. CROSS‑BORDER DATA TRANSFERS

• Personal and sensitive data may occasionally be transferred outside India, including to cloud vendors or service providers abroad.
• Such transfers will comply with legal requirements: we only transfer with your explicit consent, for contract performance, or under legally approved safeguards (e.g., standard contractual clauses or transfer impact assessments)
• Wherever feasible, at least one copy of your sensitive data remains securely stored in India to comply with localization norms.

15. SUB‑PROCESSORS AND VENDOR MANAGEMENT

• We engage sub‑processors only under strict contractual terms: they receive data exclusively for specified purposes, must maintain equivalent data protection standards, may not appoint further sub‑processors without consent, and are bound by confidentiality and breach-notification obligations We reserve the right to audit or inspect vendors to ensure compliance.

16. DATA PROTECTION IMPACT ASSESSMENTS (DPIAS)

1. Fundist, as a responsible data fiduciary, undertakes to conduct a Data Protection Impact Assessment (“DPIA”) prior to initiating any data processing activity that poses a likely high risk to the rights or privacy of individuals, in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and other applicable norms. A DPIA is a structured assessment to evaluate the potential impact, risks, and safeguards of such processing, ensuring it is carried out lawfully, fairly, and securely.
2. High-risk activities may include large-scale SPDI processing, automated profiling, cross-border transfers, and any use of new technologies likely to affect Users’ legal or economic interests. The DPIA shall assess the nature, scope, and purpose of processing, and identify mitigating technical and organizational safeguards.
3. Where necessary, Fundist will consult internal or external experts, and notify the Data Protection Board if residual risk remains. DPIAs shall be documented, retained for compliance, and periodically reviewed to reflect evolving risks. This forms part of Fundist’s broader commitment to privacy-by-design and risk-based governance.

17. AUDIT RIGHTS & RECORD-KEEPING

We maintain records of data processing activities as required by law. We (and, if appropriate, Regulators) reserve the right to audit our data practices, including security, compliance with this Policy, and safeguarding measures. 

18. TECHNICAL & ORGANIZATIONAL SECURITY MEASURES

We implement comprehensive measures to safeguard data, including: encryption of data in transit and at rest like TLS, AES‑256, multi-factor authentication, role-based access controls, firewalls, periodic backups, anti-malware systems, and regular vulnerability assessments.

ACKNOWLEDGEMENT

By registering on the Platform, submitting or uploading any data, information, or documentation, or by otherwise accessing, browsing, or utilizing the services, systems, or features of the Platform made available by Fundist , the User hereby acknowledges, affirms, and unequivocally consents to having read, understood, and agreed to be legally bound by the terms and provisions of this Privacy Policy. Such access and continued usage shall constitute the User’s free, informed, specific, and unconditional consent for the collection, processing, storage, use, and disclosure of their Personal Data and Sensitive Personal Data or Information (SPDI) by Fundist in accordance with the provisions contained herein and in conformity with applicable data protection laws. In the event the User disagree with any of the terms contained herein, they are advised to immediately cease use of the Platform and refrain from submitting any further data.