Privacy Policy & Security
We take your financial data seriously. Here's exactly what we collect, how we protect it, and what we'll never do with it.
Last updated: April 15, 2026
📋 Overview
Clarzo.ai ("Clarzo", "we", "us", "our") operates the website clarzo.ai and associated mobile applications. This Privacy Policy explains how we collect, use, store, and protect your personal and financial information when you use our platform.
By using Clarzo.ai, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.
🔑 The Short Version
We use read-only access to aggregate your financial data. We never move your money. We never sell your data. We use bank-grade encryption. Your data is stored in India. You can delete your account and all data at any time.
📊 Data We Collect
We collect information to provide you with a unified view of your financial life. Here's exactly what we collect and why:
| Data Type | What We Collect | Why |
|---|
| Account Information | Name, email, phone number, date of birth | Account creation, identity verification, communication |
| Financial Data | Holdings from CDSL, CAMS, brokers; bank transactions; FD/PPF/NPS details; real estate & gold values | Portfolio aggregation, insights, and goal tracking |
| Uploaded Documents | CSV files, demat statements, screenshots of holdings | Parsing and aggregating portfolio data you provide |
| Usage Data | Pages visited, features used, session duration | Improving our product and user experience |
| Device Information | Browser type, operating system, IP address | Security, fraud prevention, and troubleshooting |
| Communication Data | ClarzoGPT/ClarzoGPT conversations | Providing AI-powered responses, improving answer quality |
⚠️ What We Don't Collect
We never collect your bank passwords, trading PINs, transaction passwords, or any credentials that would allow us to make transactions on your behalf. All financial data access is read-only.
⚙️ How We Use Your Data
We use your information solely to provide and improve our services:
- Portfolio Aggregation: Combining your financial data from multiple sources into a single dashboard
- AI Insights: Generating personalized insights about your portfolio performance, risk, and allocation
- ClarzoGPT: Answering your questions about your portfolio using your actual financial data
- Goal Tracking: Mapping your investments against your financial goals
- Rebalancing Suggestions: Educational recommendations based on your risk profile and allocation
- Spending Analysis: Categorizing bank transactions to show spending patterns
- Notifications: Sending alerts about SIP expirations, portfolio drift, and important updates
- Product Improvement: Analyzing usage patterns to make Clarzo.ai better
We do not use your data to sell financial products, execute trades, or push third-party transactions. Clarzo.ai is an intelligence layer — not a transaction platform.
🤝 Data Sharing & Third Parties
We do not sell, rent, or trade your personal or financial data to anyone. Period.
We may share limited data with the following categories of service providers, solely to operate our platform:
- Data Aggregation Partners: To securely fetch your financial data from CDSL, CAMS, and broker platforms (read-only access)
- Cloud Infrastructure: To host and store your data securely on servers located in India
- AI Processing: To power ClarzoGPT and portfolio insights (your data is not used to train models for other users)
- Expert Advisors: Only when you explicitly choose to connect with a financial expert — and only the data you choose to share
All third-party providers are bound by strict data processing agreements and are required to maintain the same level of security we do.
🏛️ Legal Disclosures
We may disclose your data if required by law, court order, or government regulation. We will notify you of such requests unless legally prohibited from doing so.
🛡️ Security
Your financial data requires the highest level of protection. Here's how we safeguard it:
🔒
256-bit AES Encryption
All data is encrypted at rest and in transit using bank-grade AES-256 encryption
🛡️
SOC 2 Type II Compliant
Enterprise-grade security controls audited by independent assessors
👁️
Read-Only Access
We can only view your data. We cannot and will never initiate any transaction
Additional security measures we implement:
- TLS 1.3: All data transmitted between your device and our servers is encrypted with the latest transport layer security
- Two-Factor Authentication: Optional 2FA for all accounts to prevent unauthorized access
- Role-Based Access: Internal team access is strictly limited on a need-to-know basis
- Regular Penetration Testing: We conduct periodic security audits and vulnerability assessments
- Secure Data Centers: All servers are hosted in ISO 27001 certified data centers located in India
- Automatic Session Timeout: Sessions expire after periods of inactivity
- Anomaly Detection: Automated monitoring for suspicious account activity
🚨 Incident Response
In the unlikely event of a data breach, we will notify affected users within 72 hours, provide details of what data was impacted, and outline the steps we're taking to resolve the issue and prevent recurrence.
🍪 Cookies & Tracking
We use cookies and similar technologies to provide and improve our services:
| Cookie Type | Purpose | Duration |
|---|
| Essential | Authentication, session management, security | Session / 30 days |
| Functional | Remember preferences, dashboard layout | 1 year |
| Analytics | Understand usage patterns, improve features | 1 year |
We do not use advertising cookies or share cookie data with advertisers. You can control cookie preferences through your browser settings.
✊ Your Rights
You have full control over your data. Here are your rights:
- Access: Request a complete copy of all data we hold about you
- Correction: Update or correct any inaccurate personal information
- Deletion: Request permanent deletion of your account and all associated data
- Portability: Export your portfolio data in standard formats (CSV, PDF)
- Withdrawal of Consent: Disconnect any linked accounts at any time
- Objection: Opt out of non-essential data processing or communications
To exercise any of these rights, contact us at contact@clarzo.ai. We will respond within 30 days.
🗄️ Data Retention
We retain your data only as long as necessary to provide our services:
- Active accounts: Data is retained as long as your account is active
- Deleted accounts: All personal and financial data is permanently deleted within 30 days of account deletion
- Anonymized analytics: Aggregated, non-identifiable usage data may be retained for product improvement
- Legal obligations: Certain data may be retained as required by Indian law (e.g., tax records)
📬 Contact Us
If you have questions about this Privacy Policy, your data, or our security practices, we'd love to hear from you.