LEGAL DOCUMENT

Privacy Policy

Last updated: June 2026 · Effective: June 2026

This Privacy Policy is an electronic record under the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and is in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act). It does not require a physical or digital signature. By using PivChart, you agree to the terms of this Privacy Policy.

1. Who We Are

PivChart ("we", "us", "our") operates the website pivchart.com — a technical charting and pattern recognition platform for Indian equity markets. For any privacy-related concerns, contact us at support@pivchart.com.

2. What Personal Data We Collect

Category	Data Collected	Purpose
Account Data	Full name, email address, hashed password	Account creation, authentication, communication
Usage Data	Stocks scanned, scan timestamps, watchlist symbols	Service delivery, daily scan quota management
Chat Data	Messages posted, timestamps, stock symbol context	Community chat feature
Session Data	JWT tokens, session timestamps	Authentication and security
Technical Data	Browser type (inferred from requests)	Service optimisation and security

We do not collect: payment information, financial data, biometric data, health data, or any sensitive personal data as defined under the SPDI Rules 2011.

📋 IT (SPDI) Rules 2011, Rule 3: Sensitive personal data includes passwords, financial information, health conditions, biometrics, and sexual orientation. We collect passwords only in irreversibly hashed form (PBKDF2-SHA256 with 100,000 iterations) and never store plaintext passwords.

3. How We Use Your Data

To provide, maintain and improve the PivChart service
To authenticate your account and manage sessions
To enforce daily scan limits and plan restrictions
To deliver email verification codes and system notifications
To moderate community chat content
To respond to your support enquiries
To comply with applicable laws and regulations

We do not sell, rent, or trade your personal data to any third party. We do not use your data for advertising profiling.

4. Data Storage and Security

Your data is stored with our cloud infrastructure provider in a managed, encrypted database. Our infrastructure provider holds SOC 2 Type II certification and employs industry-standard security measures.

Security measures we implement include:

Password hashing using PBKDF2 with SHA-256 and 100,000 iterations
JWT-based session tokens with 24-hour expiry
HTTPS encryption for all data in transit
Encrypted storage of API keys and secrets using hardware-level secret management
No plaintext storage of sensitive credentials

📋 IT Act 2000, Section 43A & SPDI Rules 2011, Rule 8: We implement reasonable security practices and procedures commensurate with the sensitivity of the information held, consistent with international standard IS/ISO/IEC 27001.

5. Third-Party Services

Category	Purpose	Data Shared
Cloud infrastructure & database provider	Hosting, database, edge computing, CDN	Account data, scan history, watchlist, chat messages — stored securely in encrypted infrastructure
Transactional email delivery service	Sending verification codes and system emails	Your email address only, for the purpose of delivery
Real-time messaging infrastructure	Delivering live chat messages to connected users	Chat message content, delivered via secure channels — no personally identifiable information
Font delivery service	Loading web fonts for the user interface	Standard browser request (IP address) — no personal data stored by provider

We do not disclose the names of specific technology vendors as part of our operational security practices. All providers are bound by data processing agreements and industry-standard security certifications.

6. Cookies and Local Storage

PivChart does not use tracking cookies or advertising cookies. We use browser localStorage solely to store:

Your authentication token (JWT) — to keep you logged in
Your theme preference (dark/light mode)
Your chat disclaimer acceptance status

This data never leaves your device and is not transmitted to any third party.

7. Data Retention

Account data: Retained until you delete your account
Scan history: Retained for 90 days, then automatically purged
Chat messages: Retained indefinitely unless deleted by moderation
Session tokens: Expire after 24 hours and are purged from DB
Email OTPs: Expire after 24 hours and are deleted upon verification

8. Your Rights

Under India's DPDP Act 2023 and IT Act 2000, you have the following rights:

Right to access: Request a copy of the personal data we hold about you
Right to correction: Update your name via your Profile settings
Right to erasure: Request deletion of your account and associated data
Right to withdraw consent: You may close your account at any time
Right to raise concerns: Contact us directly for any privacy-related concerns

To exercise any of these rights, email support@pivchart.com with the subject "Privacy Request".

📋 DPDP Act 2023: India's Digital Personal Data Protection Act 2023 grants Data Principals (users) rights including access, correction, erasure, and grievance redressal. Core provisions are being implemented in phases through 2027; we commit to compliance with all applicable provisions.

9. Children's Privacy

PivChart is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us immediately and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the platform after any update constitutes acceptance of the revised policy. The "Last updated" date at the top of this page indicates when the most recent changes were made.

📬 Contact Us for Privacy Concerns

If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please reach out to us directly. We take all privacy concerns seriously and will respond promptly.

Email: support@pivchart.com
Subject line: "Privacy Request" or "Data Concern"
Response time: We aim to respond within 30 days