SunstoX is committed to protecting your privacy. We collect only what we need, use it only for the purpose stated, and never sell your data to third parties.
1. Who We Are
SunstoX Technologies Pvt. Ltd. ("SunstoX", "Data Fiduciary") is the controller of your personal data. Registered office: New Delhi, India. CIN: U74999DL2024PTC000000. Contact: kovid@sunstox.com.
2. What Data We Collect
Account & Identity Data
- Name, email address, mobile number
- PAN card number (mandatory for TDS compliance)
- Aadhaar number (for KYC — stored encrypted, not shared)
- Date of birth, nationality
Financial Data
- Bank account number, IFSC code, account holder name
- Investment amounts and transaction history
- Rental income received and TDS deducted
Usage Data
- IP address, browser type, device type
- Pages visited, time on platform, features used
- Error logs for platform improvement
Communication Data
- Emails and messages sent to our support team
- Feedback and survey responses
3. How We Use Your Data
- Account management: To create and manage your investor account
- KYC compliance: To verify your identity as required by PMLA regulations
- Investment processing: To allocate cell ownership and process transactions
- Rental distribution: To credit monthly returns to your bank account
- Tax compliance: To deduct and remit TDS under Section 194I; issue Form 16A
- Platform improvement: To analyse usage patterns and fix issues
- Communication: To send investment updates, platform notifications, and regulatory notices
- Legal obligations: To comply with court orders, RBI, MCA, or tax authority requirements
4. Legal Basis for Processing
We process your data on the following grounds under the DPDP Act 2023:
- Contract performance: Processing necessary to fulfil your lease agreement
- Legal obligation: KYC, TDS deduction, financial reporting
- Legitimate interests: Platform security, fraud prevention, product improvement
- Consent: Marketing communications (you may withdraw at any time)
5. Data Sharing
We share your data only with:
- RazorPay: Payment processing and payout routing (RBI authorised)
- EPC Partners: Project commissioning documentation (name and cell allocation only)
- Tax Authorities: PAN and TDS data as mandated by Income Tax Act
- Auditors: For statutory audit purposes (under confidentiality)
- Regulators: MCA, RBI, SEBI, or courts as legally required
We never sell, rent, or trade your personal data to any third party for marketing purposes.
6. Data Security
- All data transmitted via HTTPS with TLS 1.3 encryption
- Aadhaar numbers stored using AES-256 encryption
- Bank details stored via RazorPay's PCI-DSS Level 1 certified infrastructure
- Regular security audits and penetration testing
- Strict role-based access control — only authorised staff access investor data
7. Data Retention
- KYC documents: 8 years from account closure (PMLA requirement)
- Transaction records: 8 years (Income Tax Act requirement)
- Account data: Duration of account plus 3 years
- Marketing data: Until consent withdrawn
- Platform logs: 90 days rolling
8. Your Rights (DPDP Act 2023)
- Right of access: Request a copy of all personal data we hold about you
- Right of correction: Request correction of inaccurate data
- Right of erasure: Request deletion of data not required for legal/contractual purposes
- Right of grievance: File a complaint with our Grievance Officer within 48-hour response SLA
- Right to nominate: Nominate a person to exercise your rights in case of incapacity
To exercise any right, email: kovid@sunstox.com with subject "Data Rights Request". We will respond within 30 days.
9. Cookies
The SunstoX platform uses browser localStorage (not cookies) for session management. No third-party tracking cookies or advertising pixels are deployed on our platform. We use Google Fonts (loaded from Google's CDN) — Google's own privacy policy applies to font loading requests.
10. Children's Privacy
The SunstoX platform is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact kovid@sunstox.com immediately.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in law or our practices. Material changes will be notified by email with 30 days advance notice. The "Last updated" date at the top of this page indicates the current version.
12. Grievance Redressal
Grievance Officer: Kovid Sharma (Founder & CEO)
Email: kovid@sunstox.com | Phone: +91 9818400138
Response time: 48 hours for acknowledgement, 30 days for resolution
If unsatisfied, you may approach the Data Protection Board of India (once constituted under the DPDP Act 2023).