RISKORA · LEGAL
Privacy Policy
Riskora Platform · Ref. RISKORA/CA/2026/PP-01
Effective: 3 June 20261. Data Controller
Riskora, operated by Rishu (Sole Proprietor), Bihar, India. Contact: support@riskora.in.
2. Data We Collect
- Account data: Name, email address, password (hashed), Google OAuth token (if used).
- Transactional data: Subscription tier, payment history, Razorpay transaction IDs.
- Behavioural data: Trade simulation logs, ORA-1 Engine rule breaches, account lock events, session activity.
- Technical data: IP address, device type, browser type, access logs.
3. Lawful Basis for Processing (DPDP Act 2023)
Under the Digital Personal Data Protection Act, 2023 ("DPDP Act"), we process your personal data on the following lawful bases:
- Contractual necessity: Processing required to deliver the subscription service you have paid for.
- Legitimate interests: Fraud prevention, platform security, and product improvement.
4. Data Storage & Third-Party Processors
- Supabase — Database (user accounts, trade logs). Data location: US (AWS). Safeguards: SOC 2 Type II; DPA available.
- Vercel — Frontend hosting & CDN. Data location: Global CDN. Safeguards: GDPR-compliant infrastructure.
- Razorpay — Payment processing. Data location: India (RBI compliant). Safeguards: PCI-DSS certified.
- Hostinger (SMTP) — Transactional email delivery. Safeguards: TLS-encrypted transport.
- Google OAuth — Authentication. Data location: US (Google Cloud). Safeguards: Google DPA; GDPR-compliant.
Data Localisation (DPDP Act 2023): The DPDP Act does not yet prescribe sector-specific data localisation rules for EdTech/SaaS companies. No mandatory India-only storage requirement applies to Riskora at its current scale. This position must be reviewed when government notifies specific sectors under Section 16 of the DPDP Act. Payment data processed by Razorpay is already stored in India per RBI mandate.
5. Data Retention
- Account data: Retained for the duration of the subscription + 3 years post-termination for legal/tax compliance.
- Payment records: 7 years as required under Income Tax Act and GST regulations.
- Trade simulation logs: 2 years from last activity, then deleted.
- Server/access logs: 90 days, then auto-deleted.
6. User Rights Under DPDP Act 2023
- Right to access your personal data held by us.
- Right to correction of inaccurate personal data.
- Right to erasure — you may request deletion of your data (subject to legal retention requirements).
- Right to nominate — you may nominate a person to exercise rights on your behalf.
- Submit requests to: support@riskora.in. We will respond within 30 days.
Riskora is an educational SaaS platform. We are not a broker, investment adviser, research analyst, portfolio manager, or exchange intermediary. Nothing on this platform constitutes financial advice or a recommendation to buy or sell securities.