Privacy Policy

Last updated: 9 April 2026

This Privacy Policy explains how Prowessca Technology Solutions (OPC) Private Limited (“Prowessca”, “we”, “our”, “us”), the operator of the Fincentive.One website and platform (the “Platform”), collects, uses, stores, discloses and protects your personal data when you visit https://fincentive.one or use our services. We are committed to protecting your privacy in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and all other applicable Indian laws.

1. Who we are

Prowessca Technology Solutions (OPC) Private Limited is a company incorporated under the Companies Act, 2013, having:

CIN: U72900TG2020OPC140210
PAN: AALCP1304N
GSTIN: 36AALCP1304N1Z9
Registered office: Camarilla, 66 Camelot Place, Kondapur, Hyderabad 500084, Telangana, India
Contact: hello@fincentive.one · +91 90009 00118

For the purposes of the DPDP Act, Prowessca is the Data Fiduciary for all personal data collected through the Platform. You are the Data Principal.

2. Data we collect

We collect the following categories of personal data, only where necessary:

Identity data: full name, date of birth, PAN, Aadhaar (masked), ARN/EUIN, photograph, signature.
Contact data: email address, mobile number, postal address, office address.
Professional data: entity type (individual / corporate / fintech), GST registration, bank account details for commission payouts, AMC empanelment status.
Transaction data: subscription plan, invoices, payment references, refund records. Card / UPI details are handled exclusively by our PCI-DSS compliant payment partners (Razorpay, Setu) and are never stored by us.
Platform usage data: features used, pages visited, device type, browser, coarse geolocation (city level), session timestamps, error logs.
Content you create: client records, notes, documents, templates and any other data you upload or generate inside the Platform.
Communications: support tickets, emails, chat transcripts, call recordings (where disclosed).

We do not collect sensitive personal data relating to caste, religion, political beliefs, or biometric information beyond what is strictly required for KYC verification under applicable law.

3. How we collect it

Directly from you when you sign up, complete the Smart Onboarding wizard, or fill any form.
From authorised third-party sources such as AMFI (for ARN validation), NSDL / UIDAI (for PAN and Aadhaar verification), penny-drop providers (for bank verification), and credit information bureaus where legally permitted.
Automatically via cookies, local storage and analytics events, subject to your consent through our DPDP-compliant consent banner.

4. Purpose and lawful basis

We process your data only for the following specific, clearly defined purposes:

To create and maintain your Fincentive.One account.
To complete KYC, onboarding, and empanelment workflows.
To operate, secure, improve and personalise the Platform.
To process subscription payments and issue invoices.
To comply with applicable legal, regulatory and tax obligations.
To respond to your requests, complaints and service tickets.
To send you transactional communications and, where you have opted in, marketing communications. You may unsubscribe from marketing emails at any time.

The lawful basis for each processing activity is your consent, the performance of a contract with you, compliance with a legal obligation, or a legitimate use as permitted under Section 7 of the DPDP Act.

5. Sharing and disclosure

We share personal data only with:

Asset Management Companies, pension funds, insurers — only the data necessary to empanel you and transact on behalf of your clients, and only with your express direction.
KYC / verification partners — NSDL, UIDAI, Setu, Digio, Signzy and similar regulated providers.
Payment processors — Razorpay, Setu Payments; solely to process subscription fees.
Cloud infrastructure providers located within India (DigitalOcean BLR1, Hostinger VPS India).
Professional advisors such as auditors, lawyers and consultants under confidentiality obligations.
Regulators, courts and law-enforcement agencies when required by valid legal process.

We do not sell personal data. We do not share personal data for third-party advertising. We do not transfer personal data outside India except where the recipient country has been notified by the Central Government as permitted under Section 16 of the DPDP Act.

6. Data retention

We retain personal data only as long as necessary for the purposes listed above. Account data, KYC records, transaction records and communications are retained for a period of seven (7) years from the date of closure of your account, to comply with obligations under SEBI, PFRDA, the Income Tax Act, 1961, the Prevention of Money Laundering Act, 2002, and the Companies Act, 2013. After this period, data is securely deleted or irreversibly anonymised.

7. Security

We implement reasonable security practices and procedures in line with ISO 27001 controls, including TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access control, row-level security on PII schemas, secrets vaulting, audit logging, regular vulnerability scans, and incident response procedures. Despite these measures, no electronic transmission or storage is 100% secure; in the unlikely event of a data breach affecting you, we will notify you and the Data Protection Board of India without undue delay, in accordance with the DPDP Act.

8. Your rights as a Data Principal

Under the DPDP Act you have the right to:

Access a summary of the personal data we hold about you.
Request correction, completion or updating of inaccurate data.
Request erasure of data no longer required for the stated purposes.
Nominate another person to exercise your rights in the event of your death or incapacity.
Withdraw your consent at any time (without affecting prior lawful processing).
Grievance redressal as described below.

To exercise any of these rights, write to dpo@fincentive.one. We will respond within 30 days.

9. Cookies and analytics

We use a small number of essential cookies to keep you logged in and protect the site from abuse. We use Plausible Analytics, a privacy-friendly, self-hosted analytics tool that does not set tracking cookies and does not collect any personal data. Analytics are loaded only after you accept cookies through our consent banner.

10. Children's data

The Platform is intended for use by financial professionals aged 18 and above. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified to you by email and/or by a prominent notice on the Platform at least 15 days before they take effect. The “Last updated” date at the top reflects the most recent revision.

12. Grievance Officer

In accordance with the Information Technology Act, 2000, the DPDP Act, 2023, and the rules made thereunder, the name and contact details of our Grievance Officer are:

SuRa Mukkavilli

Grievance Officer

Prowessca Technology Solutions (OPC) Private Limited

Camarilla, 66 Camelot Place, Kondapur, Hyderabad 500084

Email: grievance@fincentive.one

Phone: +91 90009 00118 (Mon–Fri, 10:00–18:00 IST)

The Grievance Officer will acknowledge your complaint within 48 hours and resolve it within 30 days from receipt.

13. Governing law and jurisdiction

This Privacy Policy is governed by the laws of India. Any dispute arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the courts at Hyderabad, Telangana.