General Consent
This Privacy Policy explains how Qatobit collects, stores, uses, and protects your data. The capitalized terms "Qatobit," "We," "Us," and "Our" refer to Qatobit Technologies Private Limited (CIN: U62099TN2023PTC163297), located at No: 8, Third Floor Akshaya HQ, Old Mahabalipuram Road, Kazhipattur Village, Thiruporur Taluk, Kancheepuram District, Chennai, Tamil Nadu – 603103; its affiliates, holding companies, and assigns.
"User," "You," "Your," and "Yourself" refer to users of the Online Platforms whose Personal Information is collected under this Privacy Policy. By registering on the Online Platforms or using any medium — including mobile app, website, web app, or mobile site — you consent to Our use and disclosure of Your Personal Information as outlined here. If you do not agree, do not register or access the Online Platforms.
Personal Data and Sensitive Personal Data
Data Protection Law means any applicable data protection, security, or privacy laws, including India's IT Act 2000, DPDP Act 2023, and related regulations.
Personal Data means any information that identifies you directly or indirectly:
- Directly identifiable: name, government ID (PAN, Aadhaar), email, phone.
- Indirectly identifiable: date of birth, IP address, device ID, location data, transaction history, or household details.
Sensitive Personal Data includes:
- Biometrics (e.g., facial recognition for KYC).
- Financial details — bank accounts, cards, payment instruments, wallet addresses.
- Passwords or authentication data.
- Physical, physiological, or mental health data (if provided).
- Data we process, store, or handle under lawful contracts.
Our Legal Basis for Data Processing
We process your Personal Data only as permitted by law:
- Legitimate Interests — service communications, promotions, and events without overriding your rights. Opt out via email unsubscribe.
- Contractual Necessity — onboarding, executing trades, managing accounts, or fulfilling service obligations.
- Legal/Regulatory Compliance — DPDP Act, IT Act, PMLA for KYC/AML, FIU-IND reporting, tax requirements, or court orders.
- Your Consent — for optional purposes (e.g., marketing), withdrawable anytime via account settings.
Types of Information Collected
When you use Qatobit's Online Platforms, we collect, store, and process your Personal Data in compliance with India's DPDP Act 2023, IT Act 2000, and other applicable laws. We collect only data necessary for account creation, KYC verification, transactions, and ongoing use.
Individual Users
- Identification Details: Full name for account registration and profile setup.
- National Identifiers: Government ID (PAN, Aadhaar hash, passport) for KYC/AML compliance.
- Contact Details: Email, phone number, postal address.
- Financial Data: Bank account details, tax ID, crypto wallet addresses, transaction history.
- Location Data: IP address or geolocation for fraud detection and jurisdiction checks.
- Employment/Business Info: Job title, employer (if relevant for risk profiling).
- Additional Info: Data from compliance reviews, support chats, surveys, or law enforcement requests.
Corporate / Institutional Users
- Entity Details: Legal name, registration number, incorporation documents, business address.
- Ownership Structure: Names, IDs, and ownership percentages of beneficial owners (>10%), directors, authorized signatories.
- Individual Data: Full KYC for key persons (as per Individual Users section above).
- Financials: Source of wealth/funds, projected investment amounts, business description.
How We Collect It
- Directly from You: During signup, KYC upload, transactions, or support interactions.
- Automatically: Device info, IP, usage logs, cookies (see Cookie Policy).
- Third Parties: KYC providers, liquidity partners (anonymized), public sources, credit bureaus (with your consent where required).
Consent to Communication
By accepting this Privacy Policy, you expressly consent to receive communications from Qatobit, its affiliates, and authorized partners via email, SMS, phone calls, in-app messages, and push notifications. To opt out of non-essential marketing messages, use the unsubscribe link in emails, adjust your account dashboard settings, or email privacy@qatobit.com. Transactional and service communications cannot be opted out of.
Information Sharing and Disclosure
We share your Personal Data and Sensitive Personal Data with third parties only as necessary for our Services or legal obligations. We never sell your data.
Who We Share With
- Service Providers: KYC/AML verifiers, liquidity partners (anonymized trade data only), cloud hosts, payment processors, auditors — under strict data protection contracts.
- Regulators/Authorities: FIU-IND, law enforcement, courts, or tax bodies for compliance (e.g., STRs under PMLA).
- Business Partners: Affiliates or legal successors in mergers/acquisitions (with prior notice).
- Professional Advisors: Lawyers and accountants for legal or audit needs.
International Transfers
For users in supported regions, data may transfer to EU/US partners using safeguards like Standard Contractual Clauses or adequacy decisions. Indian residents' data primarily stays in India on compliant servers.
EEA / International Users
If you're in the European Economic Area, we process data under GDPR equivalence. Consent to transfers outside India/EEA is required for full services. Withdrawing consent limits trading but allows withdrawals.
Cross-Border Transfers
Your Personal Data may be transferred to and stored outside India (e.g., EU or US servers) only when lawful and necessary for contractual or legal obligations. Transfers comply with DPDP Act 2023, IT Act, and international standards. Recipients must provide protection equivalent to Indian laws. By using Qatobit, you acknowledge and consent to these transfers.
Data Retention
Qatobit retains your Personal Data only as long as necessary for the purposes outlined here or as required by applicable laws (e.g., PMLA, DPDP Act 2023). We prioritize data minimization and never keep information longer than needed.
| Type of Data | Retention Period |
|---|---|
| Personal Information (KYC, contact details) | 10 years from account closure or service end |
| Transaction Records (deposits, trades, withdrawals) | 5–8 years post-account closure, or longer if legally required |
| Monitoring/Compliance Logs (fraud alerts, STRs) | Up to 10 years or per FIU-IND directives |
Extensions: May extend by 1 year max upon request from regulators. Exceptions apply for fraud prevention, legal claims, disputes, or audit/tax obligations.
Data Destruction Process
- Electronic Data: Permanently deleted from systems and backups using industry-standard secure wipe tools.
- No Destruction During Active Matters: Data involved in investigations, audits, litigation, or open compliance reviews is preserved.
- Physical Records: Shredded using cross-cut shredders if applicable.
You can request data deletion (subject to legal holds) via privacy@qatobit.com.
Children and Persons with Disabilities
Qatobit's Online Platforms are available only to individuals aged 18 or older. We do not knowingly collect Personal Data from minors. For users with disabilities, services may only be accessed with a lawful guardian's direct involvement and explicit, verifiable consent. The guardian must provide proof of authority (e.g., court documents) during onboarding. Contact support@qatobit.com for assistance.
Security
We use industry-standard measures to protect your Personal Data. However, no internet transmission or digital storage is 100% secure, and you acknowledge risks like potential third-party interception of transactions or account data.
Our Security Practices
- Encryption & Access Controls: Data in transit uses TLS 1.3; stored data employs AES-256 encryption. Access restricted to authorized personnel on need-to-know basis.
- Platform Protections: Multi-factor authentication (MFA), device fingerprinting, and real-time fraud monitoring for all logins, trades, and withdrawals.
- Regular Audits: Independent third-party penetration testing and compliance reviews (ISO 27001 aligned).
Your Responsibilities
- Secure your device, passwords, and recovery phrases — storage of sensitive info (e.g., wallet seeds, OTPs) is your responsibility.
- Avoid sharing credentials or clicking suspicious links.
- We are not liable for losses from user negligence, unauthorized device access, or circumvented privacy settings.
Reporting Issues
If you suspect misuse, unauthorized access, or data loss, report immediately via in-app support or email security@qatobit.com. We investigate promptly and cooperate with authorities if needed.
Cookies
Cookies are small text files stored on your device by our website or app. They track user ID, preferences, browsing activity, and session data to analyze traffic and improve functionality. Most are session cookies that auto-delete when you close your browser.
Types of Cookies
| Type | Purpose | Examples |
|---|---|---|
| Essential | Core functionality (login, security) | Session ID, authentication tokens |
| Analytics | Usage insights (anonymous) | Page views, bounce rates |
| Marketing | Personalized ads/offers | Ad tracking (opt-out available) |
Third-Party Cookies
Partners like Google Analytics may set cookies for traffic analysis. We have no control over these, but they follow their own policies. Google Analytics tracks anonymized usage. Opt out via Google Analytics Opt-out or browser settings.
Your Choices
- Decline or delete cookies anytime via browser settings (e.g., Chrome: Settings → Privacy → Cookies).
- Blocking cookies may limit features like auto-login or personalized dashboards.
- Manage preferences in your Qatobit account settings or our Cookie Consent banner.
Your Rights, Consent Withdrawal, and Policy Changes
Your Consent and Withdrawal
To withdraw consent, email privacy@qatobit.com with your full name, account ID, and specific request. We stop processing within 30 days unless legally required to continue (e.g., AML records). Withdrawal doesn't affect prior lawful processing. Limiting consent may restrict services like trading.
Your Rights Under DPDP Act and Other Laws
- Access/Correct Data: View or update info via account dashboard or request export.
- Erasure ('Right to be Forgotten'): Request deletion when no legal need to retain (exceptions: compliance, disputes).
- Portability: Get your data in machine-readable format (where automated).
- Restrict Processing: Limit use during disputes over accuracy or legality.
- Object: Challenge processing based on legitimate interests (e.g., marketing).
How to Exercise Rights
Submit written requests to privacy@qatobit.com including your full name, email/phone, account ID, clear description of right(s) exercised, and proof if via representative. We respond within 30 days (extendable to 60 for complex cases).
Complaints
Contact us first at privacy@qatobit.com. Escalate to the Data Protection Board of India if unresolved.
Links to Other Sites
Qatobit's Online Platforms may include links to external websites or services (e.g., liquidity partners, KYC providers, or educational resources). These are provided for convenience only. Clicking these links takes you outside Qatobit's control to third-party sites. We do not operate, endorse, or monitor these sites.
Qatobit is not responsible or liable for content, accuracy, or availability of linked sites; data collection or cookies by third parties; or any loss, harm, or transactions occurring on external platforms. Contact support@qatobit.com if you encounter suspicious links on our platform.
Data Protection
Qatobit complies with all applicable Data Protection Laws (DPDP Act 2023, IT Act 2000, PMLA). We report any theft, loss, or breach of Personal Data to regulators (FIU-IND, Data Protection Board) within required timelines.
- Data Minimization: We collect and access only necessary data for services, legal compliance, or your consent.
- No unauthorized sharing with third parties except as outlined in this Policy (e.g., KYC providers, authorities).
- Anonymized Use: Beyond this Policy, we may analyze de-identified/aggregated data for platform improvements — no re-identification.
Avoid sending Sensitive Personal Data (e.g., full card numbers, passwords, biometrics) via email or unsecured channels. Use in-app secure upload for KYC/banking details. Contact privacy@qatobit.com for data protection concerns.
Changes to This Privacy Policy
We may update this Privacy Policy to reflect legal requirements, business needs, or platform changes. We'll post the revised version on qatobit.com/legal/privacy-policy and notify you via email or in-app alert for material updates. Changes take effect immediately upon posting. Continued use after updates means you accept the new terms.
Severability
If any provision of this Privacy Policy is found invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions will continue in full force and effect. The invalid part will be replaced with a valid term that achieves the same intent as closely as possible.
Data Protection Officer and Grievances
For any concerns about data collection, processing, usage, disclosure, security, this Privacy Policy, or exercising your rights:
Data Protection Officer
Email: privacy@qatobit.com
Subject Line: "Privacy Policy Grievance"
Include: Full name, account ID, detailed issue description, and supporting evidence.
Our Data Protection Officer will acknowledge receipt within 3 business days and aim to resolve within 30 days. Escalation path: Compliance Head → Data Protection Board of India.
Contact Us
For questions, concerns, or grievances about this Privacy Policy, contact our Nodal Grievance Officer:
Qatobit Technologies Private Limited
Email: grievance@qatobit.com
No: 8, Third Floor Akshaya HQ, Old Mahabalipuram Road, Kazhipattur Village, Thiruporur Taluk, Kancheepuram District, Chennai, Tamil Nadu – 603103
We acknowledge complaints within 3 business days and resolve within 30 days per regulatory guidelines. Unresolved issues may be escalated to the Data Protection Board of India.