Privacy Policy

1. Who we are

IFA Central ("we", "us", "our") is a customer relationship management (CRM) tool for Mutual Fund Distributors and Registered Investment Advisors operating in India.

The service is operated by Srikanth Dindakurti, sole proprietor, based in Bangalore, Karnataka, India.

We can be reached at: admin@ifacentral.com

This Privacy Policy explains what data we collect, how we use it, and what rights you have. It is written in plain English so you can actually understand it.

2. Important context: who is the "user" here?

IFA Central is a B2B (business-to-business) tool. There are two kinds of people whose data flows through this service:

(a) The MFD / RIA who signs up — this is the "User". You are operating this service. The data is yours.

(b) The clients of the MFD / RIA — these are individuals whose information the MFD enters into IFA Central. They are your clients, not ours. We process their data only on your behalf.

In Indian data protection terminology (DPDP Act 2023):

• For your own account data: we are the "Data Fiduciary" (the one in charge of the data)
• For your clients' data: you are the Data Fiduciary; we are a "Data Processor" acting on your instructions

This distinction matters because your clients' data is your responsibility, not ours. We just store it for you and give you tools to manage it.

3. What we collect

About you (the MFD / RIA — our direct user)

When you sign up and use IFA Central, we collect:

• Your full name
• Your email address
• Your mobile number
• Your firm name
• Your AMFI ARN number
• Your password (stored as a one-way bcrypt hash — we never have access to your plaintext password)
• IP address and login timestamps (for security and to detect unauthorized access)
• Activity log of actions you take within the service (when you logged in, what changes you made, what reports you ran) — this is for audit purposes and to help diagnose issues

About your clients (entered by you, into your account)

You may enter the following information about your clients:

• Name
• Contact details (phone number, email, address)
• Family member details (if you choose to record them)
• Investment records — SIPs, lump-sum investments, insurance policies
• Business ledger entries (transactions you log)
• Tasks, reminders, tele-calling logs
• Free-text notes you write about them

What we deliberately do NOT collect:

• We do not collect your clients' date of birth
• We do not collect your clients' PAN, Aadhaar, or other government IDs
• We do not collect bank account numbers, signed documents, or photos
• We do not have a field for collecting passwords or login credentials of your clients' other services
• We do not collect biometric data, health information, or political/religious affiliations

If you choose to put information into our free-text "Notes" field, we obviously cannot prevent you from typing whatever you want — but the system itself does not have structured fields for sensitive identity information.

4. How we use the data

Your data is used for one purpose: to provide the IFA Central service to you.

Specifically:

• Your account data lets us authenticate you, send you password-reset emails if you request one, and contact you about your account
• Your clients' data is stored and presented back to you when you use the service — that's the entire point of a CRM

We do NOT use your data for any of the following:

• Selling, sharing, or transferring it to marketing partners
• Training machine learning models or AI systems
• Aggregate analytics across firms or any kind of market research
• Advertising
• Any purpose other than running the service for you

This is a deliberate, written commitment. If we ever change this, we will tell you in advance and you will be able to delete your account if you disagree.

5. Where the data is stored

Our service runs on Hostinger, a third-party hosting provider.

• Primary servers are located in India (Asia region)
• Backup copies may be stored in Singapore as part of Hostinger's disaster-recovery infrastructure

Singapore is not currently restricted under the Digital Personal Data Protection Act, 2023 ("DPDP Act"), so this transfer is permitted under Indian law. We will update this section if regulations change.

If you have a strict requirement that your clients' data must remain only in India, contact us — we cannot currently guarantee this with our infrastructure, and you may need to use a different service.

6. Who can access your data

The following parties may technically access the data stored in IFA Central:

1. You and anyone you give your login credentials to. Please do not share your password.
2. Srikanth Dindakurti (the operator). I have database access for purposes of diagnosing technical issues you report, maintaining and updating the service, and responding to lawful legal requests (court orders, etc.). I will not access your data for any other purpose. I will not look at your clients' details unless you explicitly ask for help with something requiring it.
3. Hostinger's infrastructure staff in their normal capacity as a hosting provider. They have technical access to the servers (as is true of any cloud provider). Hostinger has its own privacy commitments — see their privacy policy at hostinger.com.

We do NOT share your data with:

• Marketing companies
• Analytics services (we do not currently use Google Analytics or similar)
• Other MFDs / firms using IFA Central — every firm's data is strictly isolated
• Any government authority unless legally compelled

7. Cookies and tracking

We use a single session cookie to keep you logged in. This is essential — without it, the site cannot function. No third-party tracking cookies, no advertising pixels, no analytics scripts.

If we ever introduce optional analytics (e.g., to understand which features are used), we will tell you about it in advance via an update to this policy, make it optional (give you a way to opt out), and use a privacy-respecting tool.

8. How long we keep your data

While your account is active: we keep your data for as long as you keep using the service.

If you delete your account or stop using it:

• We keep your data for 90 days after the last sign-in or after you request deletion
• After 90 days, we permanently delete your account and all data associated with it
• This 90-day window exists in case you want to come back — many people return after a brief gap

During the 90-day window, you can sign in normally and continue using the service (which resets the clock), request immediate deletion of your data instead of waiting (email us), or request an export of your data before it's deleted.

Some technical exceptions (we keep slightly longer):

• Audit logs of major actions (data exports, deletions) may be kept for 1 year for security and regulatory reasons, even after your account is deleted
• Anonymized/aggregate operational data (e.g., "the system handled X requests this month") does not contain your data and is kept indefinitely

9. Your rights under the DPDP Act

The Digital Personal Data Protection Act, 2023 (India's national privacy law) gives you specific rights as a Data Principal. These include:

• Right to access: ask us what data we have about you
• Right to correction: ask us to fix incorrect data
• Right to erasure: ask us to delete your data
• Right to data portability: ask us to export your data in a usable format
• Right to grievance redressal: raise a complaint about how we handle your data

To exercise any of these rights, email admin@ifacentral.com with a clear description of what you want. We will respond within 30 days.

For your clients' data: since you (the MFD/RIA) are the Data Fiduciary for your clients' data, your clients should contact YOU about their rights — not us. We will help you fulfill any such requests when you ask us to.

10. Security

We take reasonable care to protect your data:

• All connections to the service use HTTPS encryption in transit
• Passwords are stored as bcrypt hashes, never in plaintext
• Repeated failed login attempts trigger temporary account lockout
• We use server-side CSRF tokens to protect against cross-site attacks
• Database access is restricted to whitelisted IP addresses at the database server level
• Daily automated backups are maintained by Hostinger

However, we are honest about limits:

• IFA Central runs on shared hosting infrastructure (not a dedicated server). The infrastructure is reasonably well-secured for a service of this scale, but it is not banking-grade or government-grade infrastructure.
• We are a small operation. If you handle very large sums of money or extremely sensitive client data, you may want a service with more security investment.
• No system is 100% secure. Despite our reasonable precautions, we cannot guarantee that data will never be exposed in a breach.

If a security breach affecting your data occurs, we will notify you by email within 72 hours of becoming aware of it, describe what happened, what data was affected, and what we're doing about it, and notify the Data Protection Board of India as required by law.

11. Children

IFA Central is a B2B tool for financial professionals. It is not directed at or intended for use by children under 18. We do not knowingly collect data from anyone under 18. If you believe a minor's data has been entered into the system, contact us immediately and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do:

• Material changes will be communicated via email to your registered address
• The "Last Updated" date at the top will reflect the change
• Previous versions of the policy will be available on request

Continued use of the service after a material change means you have accepted the updated policy. If you disagree with a change, you can delete your account before it takes effect.

13. Grievance Officer

In accordance with the DPDP Act 2023, the designated Grievance Officer for IFA Central is:

Srikanth Dindakurti
Email: admin@ifacentral.com
Location: Bangalore, Karnataka, India

If you have a complaint about how your data is being handled, contact the Grievance Officer first. We aim to respond within 30 days.

If you are not satisfied with our response, you have the right to escalate the matter to the Data Protection Board of India established under the DPDP Act.

14. Contact

For any privacy-related question, request, or complaint:

Email: admin@ifacentral.com

This is the fastest and best way to reach us. We typically respond within 2 business days.