Privacy Policy

1. Personal Information Collection

CapitalBox collects essential personal data such as your name, phone number, email address, and government-issued documents including PAN, Aadhaar, and bank statements. This data is collected when you contact us for consultancy services or register via our website or mobile platforms. We may also request additional documents like income proofs, GST returns, and legal files depending on the service required. All data collected is done with your knowledge and consent. We never collect any biometric or highly sensitive personal data unless explicitly required. This information is stored securely and used only for defined purposes. By using our services, you agree to provide accurate and complete information.

2. Use of Collected Data

We use the collected personal information strictly to provide services like loan consultancy, government scheme advisory, legal assistance, and document processing. Your data helps us in verifying your eligibility and profiling your case with financial institutions or legal partners. We may use it to prepare documentation or file applications on your behalf. Additionally, we use your contact information to update you on status and queries related to your services. Your financial data may be analyzed internally for improving advisory quality. We do not use your data for any marketing without consent. Each use is aligned with the service you requested from CapitalBox.

3. Data Sharing & Disclosure

CapitalBox does not sell or commercially trade your personal data to third parties. We may, however, share your data with trusted partners like banks, NBFCs, advocates, or government departments when needed to serve your case. These disclosures happen strictly on a need-to-know basis and only after informing you. All our service partners are contractually bound to confidentiality and data protection norms. We may also share your data if legally required under court order, FIR, or scheme verification process. We ensure all data shared externally is minimal and relevant. No data is shared for unsolicited sales or telemarketing.

4. User Consent & Rights

You always have full control over your data. Before using any service, we request your consent in digital or written format. As a user, you have the right to request access to your stored information at any time. You may also ask for correction or deletion if any detail is inaccurate or outdated. Consent can be withdrawn by writing to us via email. If you feel your data was used without proper authorization, you can raise a formal complaint with us. We respect your right to privacy and follow Indian IT & Data Protection laws. Our team responds to user data requests within 10 business days.

5. Security of Information

We implement strict security controls to protect your data from misuse, loss, or unauthorized access. This includes encrypted storage, password protection, and firewall-secured systems. Our staff members are trained in data confidentiality and legal compliance. Any physical copies of documents are stored securely and disposed of properly after use. We regularly audit our systems to maintain high data safety standards. Your information is never exposed to public networks without protection. We also take additional security steps when sensitive documents are involved. By trusting CapitalBox, you place your data in a secure and responsible system.

6. Retention of Data

CapitalBox retains your data only as long as necessary to fulfill the service, or as required by law. Loan or legal-related documents may be retained for audit or compliance checks for up to 3–5 years. Once the purpose is fulfilled, all digital files are archived and encrypted, or permanently deleted. We do not retain unnecessary copies of your data beyond its relevance. If you wish to delete your account or stored data earlier, you can submit a written request. We will honor valid deletion requests as per legal norms. Data not in use is removed regularly from our systems.

7. Cookies and Website Tracking

Our website may use cookies and basic tracking tools to improve user experience, monitor traffic, and detect misuse. Cookies are small text files stored on your device and help remember your login or preferences. These do not collect any personal identity details directly. You can choose to disable cookies in your browser settings, though some features may not function fully. We may use basic analytics tools to understand page visits or click behavior. No third-party advertisements or ad networks are involved. All tracking is secure and used only for service enhancement, not marketing.

8. Third-Party Services

Sometimes our services may involve using third-party platforms like loan APIs, e-sign tools, cloud document uploaders, or legal software. While we ensure these platforms follow data security norms, we cannot be held liable for privacy breaches outside our system. We recommend you check the privacy policies of such third-party tools if used. However, we select only reputed and verified vendors with proper compliance certifications. We ensure minimum data transfer and encrypt all sensitive fields. Any integration is tested for security compliance before use. User trust and data protection remain our top priority even in external tools.

9. Policy Updates

We may update this Privacy Policy from time to time due to legal, technical, or operational changes. All changes will be published on our official website and communicated to clients via email, where applicable. The “Effective Date” at the top will reflect the latest revision. Continued use of our services after such updates will be considered as your acceptance of the revised terms. We encourage you to review the policy periodically to stay informed. No changes will reduce your rights without proper notice. Your data privacy is an ongoing responsibility that we take seriously.

10. Contact & Complaints

For any privacy-related queries, concerns, or complaints, you may contact our Data Privacy Officer at partnercare@capitalbox.in. We aim to respond to all genuine requests within 7–10 working days. If you feel your issue was unresolved, you may escalate to relevant data protection authorities in India. We believe in fair, respectful, and lawful handling of all user data. Your trust in us is our most valuable asset, and we remain committed to protecting it fully. Every client’s privacy matters deeply to us, and we treat each request with the utmost confidentiality.  

11. Digital Signature & E-Verification

CapitalBox allows and encourages the use of digital signatures on documents such as loan consultancy agreements, legal MOU, or service consent forms. These signatures are verified using platforms compliant with Indian IT Act, 2000 (e.g., Aadhaar eSign or Odoo Signature). We ensure such signed data is encrypted and stored securely. Clients are notified during every stage of document upload or signing. Digital copies hold equal legal validity as physical ones. Verification timestamps and device data may also be recorded for authenticity. Any misuse or fraud detected during e-signing will be legally pursued.

12. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect or store any personal data from minors. If a user below 18 has submitted data unknowingly, we request their parent/guardian to inform us at our email. Once informed, we will immediately delete such records. CapitalBox services like loans or legal drafting require adult consent and responsibility. Users are advised not to impersonate or use details of minors for any application. Protecting the privacy of children is extremely important to us and we take such matters seriously.

13. Grievance Redressal Mechanism

If you have any grievance regarding how your data has been handled, you may write a formal complaint to our Data Privacy Grievance Officer. Your complaint will be reviewed within 5 working days and addressed promptly. We follow guidelines under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Our aim is to resolve all issues fairly, confidentially, and respectfully. In case of serious breach or unsatisfactory resolution, users can escalate to the Data Protection Authority of India. We believe in transparency and user-first approach in all matters.

14. Jurisdiction & Legal Compliance

This Privacy Policy is governed by the laws of India, particularly the Information Technology Act, 2000, and applicable state-specific laws. Any dispute arising from misuse or mishandling of user data shall be subject to jurisdiction of courts located in Surat, Gujarat. We comply with RBI guidelines, Ministry of Finance advisories, and applicable regulations for financial intermediaries and legal consultancies. In case of audit or investigation by a government authority, we may share data strictly under lawful request. Clients are expected to cooperate fully in such events while their privacy is still respected.

15. User Responsibility

Users of CapitalBox services must ensure the accuracy of the information they provide. Submitting false documents, impersonating another person, or misrepresenting business/loan/legal details may lead to denial of services or legal action. CapitalBox holds the right to terminate service access in such cases. It is also the user’s responsibility to keep their login credentials, documents, and communication confidential. If you suspect that your account or data has been compromised, you must notify us immediately. You agree to use our services ethically and not for any illegal or fraudulent activity.

16. Service-Specific Disclosures

CapitalBox provides different services such as Loan Consultancy, Government Scheme Application Assistance, and Legal Drafting/Advisory. Each of these services may require unique sets of documents and involve separate third-party interactions. While using multiple services, your data may be used accordingly but never beyond the agreed purpose. For example, your legal documents will never be sent to a lender without consent, and vice versa. You may receive service-specific privacy disclaimers when opting into a new service. We follow a strict purpose-limitation approach to protect your interest.

17. Email & SMS Communication

By using CapitalBox services, you authorize us to contact you via SMS, email, or WhatsApp for transactional updates, document collection, payment reminders, or verification. These communications will be service-related only and not promotional unless you opt in separately. All our messages will contain identity headers and opt-out instructions where applicable. We do not spam or share your contact details with any advertising agency. You may also request not to be contacted via a particular mode by writing to us. Our aim is to stay connected only where necessary and helpful to you.

18. Payment Privacy

If you make any payment to CapitalBox via UPI, bank transfer, or payment gateways, your transaction data (like UTR, payment ID, or amount) is stored securely and never disclosed. We do not store your debit/credit card numbers or CVV at any time. Payments are processed via RBI-approved gateways with encrypted technology. You are advised not to share OTPs or banking passwords with anyone, including our team. If any suspicious transaction is found, you must report it immediately. Your payment details are treated as strictly confidential at all stages of our service.

19. Cloud & Server Storage

All user data submitted through CapitalBox services is stored on secure, encrypted cloud servers located within India or with providers compliant under Indian jurisdiction. We do not store data on unsecured third-party servers or foreign jurisdictions without safeguards. Regular back-ups and firewalls are maintained to prevent data loss or corruption. Our storage vendors are ISO 27001 certified and audited periodically. We also control internal access to cloud platforms with role-based permissions. Data access logs are monitored to prevent unauthorized staff access. Your information is safe and handled with professional-grade infrastructure.

20. Behavioral Analytics & AI Use

To enhance user experience and detect fraud patterns, CapitalBox may use behavioral analytics tools or AI-based scoring systems. These tools help us understand if applications are genuine or manipulated. No decision is made solely by AI; a human always reviews sensitive applications. Data used in AI models is anonymized and not personally identifiable unless necessary for verification. You will never be discriminated against based on AI results alone. This approach helps us provide faster services while maintaining risk control. All systems comply with fair use and data neutrality guidelines.

21. Third-Party Platform Login (If applicable)

If our services allow login or sign-up through third-party platforms like Google, Aadhaar, or DigiLocker, we collect only the minimum required details such as your name, email, or document file from those platforms. No passwords or extra permissions are accessed. You have full control to revoke such access at any time from the third-party provider. We never modify or misuse your external accounts. These integrations are provided for your convenience and faster onboarding only. You will be notified before any such data pull happens. Security is ensured at every integration layer.

22. Data Breach Protocol

In the unlikely event of a data breach, we follow strict internal protocols. Our technical team immediately investigates the issue, identifies affected records, and works to contain the breach. Affected users will be notified within 72 hours via email or phone. We will also inform regulatory authorities as required under Indian data laws. Steps will be taken to secure exposed data, reset credentials, and offer protective actions (e.g., document re-verification). We take full responsibility to investigate and mitigate the breach. Client trust and proactive handling of such situations is our commitment.

23. Client Acknowledgement

By using CapitalBox’s services, you acknowledge that you have read, understood, and agreed to this Privacy Policy. You further agree that the data you share with us is provided voluntarily and with consent for its intended use. If you disagree with any part of this policy, you should refrain from using our services or submit a written objection. Your continued use of the website, mobile platform, or in-person consultancy signifies your acceptance. This acknowledgement is considered legally valid under Indian IT regulations. Your rights are fully protected under this agreement.

24. Language Versions

This Privacy Policy may be provided in multiple languages including English, Hindi, or Gujarati depending on the region and user preference. In case of any conflict between versions, the English version will be considered legally binding. Translations are provided for clarity and user convenience only. All legal interpretations, notices, and dispute settlements will refer to the original English draft. If you need an alternative accessible version (audio, large font), please email us and we will provide one. Language should never be a barrier to understanding your privacy rights.

25. Data Access by Authorities

We may disclose your personal data to government authorities, courts, or regulators if required by law or for the purpose of legal compliance, investigation, or fraud control. This will be done only after verifying the validity of the request. We cooperate with Indian authorities under the provisions of the Income Tax Act, IPC/CrPC, or RBI guidelines as applicable. No data is shared casually or without process. If legally permitted, we will notify the user before such disclosure. Protecting user rights while obeying lawful duties is a top CapitalBox policy priority.

26. Backup & Recovery Policy

We perform regular data backups to avoid loss due to system failure, hardware corruption, or cyber incidents. All backup data is encrypted and stored at secure off-site or cloud locations. In case of accidental deletion, server crash, or attack, we can restore your data within a reasonable time. Backup access is tightly controlled and only available to authorized technical personnel. We also test our recovery systems periodically to ensure they function properly. Your data safety in all scenarios is part of our operational standard.

27. Non-Discrimination Statement

CapitalBox does not discriminate against any individual based on caste, religion, gender, age, disability, or income background in data collection, service approval, or support. We believe in equal access to all our legal and financial consultancy services. Personal data collected is evaluated only for eligibility and documentation — never for social profiling. Any employee or partner found breaching this principle may face disciplinary action. Inclusion and fairness are at the heart of our client relationships. You are welcome at CapitalBox regardless of your background.

28. Right to Data Portability

You have the right to request a copy of your personal data in a commonly used, machine-readable format. CapitalBox will provide your data if legally permitted and only after verifying your identity. This can help if you wish to switch service providers. Such requests can be made via email, and we process them within 10 working days. However, proprietary business data or confidential advisory notes may not be shareable. We support open access where possible without compromising security. This ensures transparency and trust between us and our users.

29. Data Anonymization Policy

Where full personal identification is not required (such as analytics, AI training, or research), CapitalBox uses anonymized datasets. We remove names, IDs, and direct identifiers so that users cannot be re-identified. This allows us to study user behavior trends and improve service quality without risking your privacy. All anonymization is done using standard industry techniques. We never sell even anonymized data to marketing agencies. Your identity always remains safe, even when used in analysis or reports.

30. Third-Party Payment Gateways

All payments made through our website or invoice system are processed via RBI-compliant third-party gateways like Razorpay, PhonePe, or UPI apps. We do not save your card numbers, CVV, or net banking passwords. The entire transaction process is encrypted using SSL standards. In case of a failed or delayed payment, you may follow up directly with the payment gateway, while we assist you in tracking and refunding. CapitalBox does not charge any hidden processing fee. Secure payment experience is a key part of our digital trust policy.

31. Remote Access or Screen Sharing (if used)

If you request technical help or documentation upload via remote access tools like AnyDesk or TeamViewer, our team may request permission to access your screen. Such access is voluntary and can be declined anytime. All sessions are closed immediately after use. We never access personal folders or files unless you explicitly open them for verification. You are advised to be present during the entire session. For extra safety, we recommend closing banking apps or private folders before screen-sharing. We never record or store remote sessions.

32. Advertising & Promotions Policy

CapitalBox does not engage in any third-party advertising or sponsored content. Any information we send is strictly related to your services or updates. If we ever send promotional material (like a new loan scheme, subsidy update, or legal awareness drive), it will come only from our official email and only if you’ve opted in. We do not rent or sell your contact information to marketing companies. We respect your inbox and avoid spam. You can opt out of marketing emails at any time by clicking "Unsubscribe".

33. Employee Confidentiality Agreement

Every employee, consultant, or freelancer working with CapitalBox signs a strict confidentiality agreement before gaining access to user data. They are trained in data protection rules and can access data only relevant to their duties. Violating this policy can lead to termination or legal action. Your data is never viewed casually by any staff. We audit employee access logs regularly. This internal discipline is part of why you can trust us with your sensitive financial or legal documents.

34. Whatsapp, Telegram & Social Media Communication

If you connect with us via platforms like WhatsApp, Telegram, or Facebook Messenger, you consent to sharing your contact info and conversation with our verified business profiles. We never add you to groups or forward your messages without your knowledge. We advise you not to share passwords, bank PINs, or Aadhaar on such platforms. While we use encrypted business accounts, final responsibility for data safety lies with the platform provider. Always confirm you are chatting with our verified handle before sharing documents.

35. Policy Acceptance Through Use

CapitalBox acts purely as a loan consultancy platform and does not guarantee sanction, amount, or interest rate for any loan application. We are not a direct lender or NBFC and do not provide funds ourselves. Our role is limited to collecting your documents, understanding your requirement, and connecting you with potential financial institutions. Final loan approval, terms, and disbursal depend entirely on the policies and discretion of banks, NBFCs, or credit partners. We do not take responsibility for delays, rejections, or credit-based denials by lenders. All suggestions made are based on experience and do not constitute financial advice.