PocketFund
Log inGet started
Legal

GDPR & DPDP rights

Effective May 7, 2026 · Last updated May 7, 2026

This page describes your rights as a data subject under two regimes that apply to PocketFund users:

  • EU GDPR — General Data Protection Regulation, for users resident in the EU/EEA + the UK
  • DPDP Act 2023 — Digital Personal Data Protection Act, for users resident in India

We follow best practices under both regimes regardless of where you live. The mechanisms below apply universally.

Your rights at a glance

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — "right to be forgotten" (subject to legal retention obligations)
  • Restriction — pause processing while a dispute is resolved
  • Portability — receive your data in a machine-readable format and transmit it to another service
  • Objection — object to specific processing (e.g. analytics)
  • Withdrawal of consent — withdraw any consent you previously gave (where consent is the lawful basis)
  • Right to lodge a complaint — with your local supervisory authority

How to exercise your rights

Email legal@pocketfund.in from the address on your account, or use the Account → Privacy controls inside the platform when those ship. We respond within 30 days (often faster).

Lawful bases for processing

  • Contract — to provide the matching, messaging, and data-room features you signed up for
  • Legitimate interest — to detect fraud, secure accounts, and improve the product (we minimise + de-identify wherever possible)
  • Consent — for any optional features you explicitly opt into (e.g. marketing emails, third-party analytics)
  • Legal obligation — for tax / financial / regulatory record-keeping

International data transfers

Where personal data leaves your jurisdiction, we rely on Standard Contractual Clauses (or equivalent legal mechanism) with our infrastructure providers. We name our subprocessors in the Privacy Policy.

Children

The platform is not directed at children under 18. We do not knowingly collect data from minors. If you believe a child has registered, email legal@pocketfund.in and we'll delete the account.

Breach notification

In the event of a personal-data breach, we notify the relevant supervisory authority within 72 hours and affected users without undue delay, per GDPR Article 33 / DPDP Section 8(6).

EU representative

We'll appoint an EU representative once we have a meaningful base of EU/EEA users. Until then, EU/EEA inquiries can reach us at legal@pocketfund.in.

India: Data Protection Officer

Under the DPDP Act, our Data Protection Officer can be reached at legal@pocketfund.in. Complaints unresolved within 30 days may be escalated to the Data Protection Board of India once it is operational.