Privacy Policy
1. Scope
This Privacy Policy explains how Sankhara LLC ("Sankhara," "we," "our") collects, uses, and shares information when you visit our websites, investor portal, mobile apps, APIs, or any other online services (collectively, the "Services").
2. Information We Collect
| Category | Examples | Source |
|---|---|---|
| Account Data | Name, email, password hash, two‑factor auth details | You |
| Profile & Investment Data | Portfolio holdings, transactions, preferences | You / your advisor |
| Usage Data | IP address, device type, pages viewed, clicks, referrers | Automatic |
| Cookie & Tracking Data | Session tokens, analytics identifiers | Cookies / similar tech |
| Support & Communications | Emails, chat messages, feedback forms | You |
| Third‑Party Data | Identity or accreditation checks, payment data | Verification providers |
3. How We Use Information
- Authenticate users and secure accounts
- Provide, operate, and improve the Services
- Calculate and display investment performance
- Send transactional emails/SMS (e.g., OTP, activity alerts)
- Respond to inquiries and provide customer support
- Analyze aggregated, de‑identified usage for product insights
- Meet legal, regulatory, and compliance obligations
4. Cookies & Similar Technologies
We use essential cookies for log‑in sessions and optional cookies (analytics, preference) to understand how the Services are used. Most browsers let you delete or block cookies; doing so may limit functionality.
5. Sharing & Disclosure
We do not sell personal information. We disclose data only:
- Service Providers – hosting, analytics, cloud storage, email/SMS, KYC/AML.
- Legal & Compliance – to comply with subpoenas, court orders, or lawful requests.
- Business Transfers – in connection with a merger, acquisition, or asset sale.
- With Your Consent – if you authorize us to share specific data (e.g., with an advisor).
6. Legal Bases (EEA/UK Users)
We process data under one or more of the following: (a) contract necessity; (b) legitimate interests (security, analytics, fraud prevention); (c) legal obligation; (d) consent.
7. Data Retention
We retain personal data while you have an account and as required by law (e.g., investment‑record retention rules). Backups are purged on a rolling schedule.
8. Security
We follow industry best practices: HTTPS/TLS encryption; access‑controlled databases (PostgreSQL on Supabase); regular penetration testing; least‑privilege IAM roles for cloud resources.
9. Your Choices & Rights
- Access / Update account details in your profile settings.
- Delete your account by emailing privacy@sankhara.com (subject to record‑keeping laws).
- Opt Out of marketing emails via the unsubscribe link.
- California & GDPR users can request: data export, correction, restriction, or objection. We respond within 30 days.
10. International Transfers
We host data in the United States. If you access the Services from outside the U.S., you consent to transferring your data to the U.S. and other jurisdictions where we or our processors operate.
11. Children's Privacy
The Services are not directed to children under 18. We do not knowingly collect personal data from minors. If we learn we have, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be posted in‑app or emailed to the address on file. Continued use after the "Last updated" date constitutes acceptance.
13. Contact Us
Questions or requests?
Write to:
Sankhara LLC
Attn: Privacy
1325 Howard Avenue, Suite 832
Burlingame, CA 94010