1. INTRODUCTION AND OVERVIEW
1.1 This Privacy Policy ("Policy") governs the access and use of services ("Services") as defined under the Terms of Use ("Terms") on the electronic platforms, including the mobile application and/or website, known as "Graviti" (hereinafter referred to as the "Platform").
1.2 The Services are provided through the Platform and are operated by AlphaQuest Technovations Private Limited (hereinafter referred to as "Graviti" or the "Company"), a company incorporated under the laws of the Republic of India under the Companies Act, 2013, having its registered office at .
1.3 The purpose of this Privacy Policy is to enable you to understand what personal information of yours is collected, how and when we might use or share your information, and how you can correct inaccuracies in the information.
1.4 This Privacy Policy is incorporated as part of the Terms. By registering or otherwise using our Platform, you hereby agree to the use, collection, and disclosure of the data/information we collect in accordance with this Privacy Policy.
1.5 For the purposes of this Policy, "we", "us", "our", or "Company" shall refer to Graviti Technologies Private Limited, and "user", "you", or "your" shall refer to you, the individual or entity accessing or using the Platform.
1.6 This Policy is formulated in compliance with the following laws and regulations applicable in India:
The Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Digital Personal Data Protection Rules, 2025 ("DPDP Rules");
The Information Technology Act, 2000 ("IT Act") and the rules made thereunder;
The Prevention of Money Laundering Act, 2002 ("PMLA") and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 ("PML Rules");
AML & CFT Guidelines for Reporting Entities providing services related to Virtual Digital Assets, as issued by the Financial Intelligence Unit – India (FIU-IND);
Any other applicable laws, rules, regulations, or guidelines as may be notified by the Government of India from time to time.
On 13 November 2025, India's Ministry of Electronics and Information Technology (MeitY) notified the Digital Personal Data Protection Rules 2025 (the Rules), which operationalize the Digital Personal Data Protection Act 2023 (DPDPA), India's first comprehensive data protection law. This Policy has been drafted to align with these requirements.
2. APPLICABILITY
2.1 This Privacy Policy applies to all who sign up for Services on the Platform including, but not limited to, the website, mobile-based application, or any other sources.
2.2 This Policy pertains to the processing of digital personal data, encompassing situations where the personal data is either (i) collected in a digital form or (ii) collected in a non-digitized form and subsequently converted into digital form.
2.3 You do not have an obligation to provide any information, including sensitive personal information or any other information, to us. Notwithstanding the foregoing, you will not be able to obtain our Services on the Platform if you do not provide the information stated in this Privacy Policy.
2.4 If you are using or accessing this Platform, it will be treated as explicit consent of your agreement and acknowledgement of this Privacy Policy.
3. DEFINITIONS
In this Policy, unless the context requires otherwise:
"Aadhaar" means the Aadhaar number as defined under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.
"Applicable Laws" means all applicable Indian statutes, enactments, regulations, rules, notifications, orders, guidelines, or directions, including the DPDP Act, IT Act, PMLA, the Companies Act, 2013, and all associated rules and regulations.
"Data Fiduciary" means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data; Graviti acts as a Data Fiduciary in relation to the personal data of its users.
"Data Principal" means the individual to whom the personal data relates and where such individual is a child, includes the parents or lawful guardian of such child.
"Data Processor" means any person who processes personal data on behalf of the Data Fiduciary.
"KYC" means Know Your Customer, referring to the identity verification and due diligence process mandated under PMLA and associated rules.
"Personal Data" means any data about an individual who is identifiable by or in relation to such data.
"Sensitive Personal Data or Information" ("SPDI") includes financial information such as bank account or credit/debit card details, PAN, Aadhaar, biometric data, passwords, and any other data as may be prescribed by Applicable Laws.
"Virtual Digital Assets" ("VDA") shall have the same meaning as defined under Section 2(47A) of the Income Tax Act, 1961, as amended.
"Your Information" means and includes your Personal Data, Sensitive Personal Data, KYC Information, financial information, transaction data, and any other information collected in connection with the Services.
4. IDENTITY VERIFICATION, KYC AND DUE DILIGENCE
4.1 Prohibition of Anonymous Accounts. We do not open Accounts, allow access to our Platform nor avail our Services to those users who register anonymously or with a fictitious and/or benami name. We do not open Accounts for users for whom we cannot complete the identity verification and due diligence process, either due to non-cooperation by the user or non-reliability of the documents/information furnished by the user.
4.2 Mandatory KYC. All exchanges must collect proper KYC information (Aadhaar/PAN linking) and report transactions to the tax authorities. Regulation requires exchanges to collect KYC info and report your transactions to the tax authorities automatically. You are required to complete the KYC verification process before you can access any trading services on the Platform, including:
(a) Aadhaar verification (with e-KYC or document upload);
(b) PAN card verification;
(c) Proof of address (Aadhaar, Voter ID, Passport, Driving License, or Utility Bill);
(d) Live selfie / liveness detection;
(e) Bank account verification and linking;
(f) Income and occupation details;
(g) Politically Exposed Person (PEP) declaration.
4.3 Institutional Accounts. For institutional users (companies, partnerships, trusts, etc.), additional documentation may be required, including but not limited to Certificate of Incorporation, Board Resolution, MOA/AOA, Ultimate Beneficial Owner (UBO) declarations, and authorised signatory details.
4.4 Re-KYC. We conduct Re-KYC from time to time to ensure compliance with regulations and keep your account secure. To continue using our Platform without any interruptions, you may be required to complete your KYC renewal.
4.5 Enhanced Due Diligence (EDD). Enhanced due diligence applies when dealing with politically connected individuals, large transaction volumes, or customers with connections to higher-risk countries. Our compliance team will verify the source of funds and implement enhanced monitoring for these accounts.
4.6 Right to Deny Access. We reserve the right not to carry out identity verification and due diligence where we have reason to believe that the user is engaging in money laundering or terrorist financing and that carrying out identity verification will tip-off such users. Further, in these situations we reserve the right to inform the concerned law enforcement agencies under the Applicable Laws, including but not limited to the concerned departments under the Ministry of Home Affairs, Ministry of Finance, and Reserve Bank of India.
5. INFORMATION WE COLLECT
We collect and process the following categories of personal data:
5.1 Information You Provide Directly
Category
Examples
Identity Data
Full name (as per government ID), date of birth, gender, nationality, PAN number, Aadhaar number, photograph/selfie
Contact Data
Email address, mobile number, residential/correspondence address, PIN code
Financial Data
Bank account details (account number, IFSC code, bank name), UPI ID
KYC / Verification Data
Scanned copies of identity documents, address proof documents, selfie/liveness check images, video verification data
Professional Data
Occupation, employer name, nature of business (where applicable)
Transaction Data
Deposits, withdrawals, trade history (futures/options orders, positions, settlements), ledger balance, margin data, P&L records
Risk & Compliance Data
PEP status, source of funds declaration, sanctions screening results
Communication Data
Customer support correspondence, feedback, complaints, survey responses
5.2 Information Collected Automatically
As you interact with our website and services, we will automatically collect technical, profile, and usage data about your equipment, browsing actions, and patterns. This includes:
Technical Data: IP address, browser type and version, operating system, device identifiers (IMEI, advertising ID), time zone setting, screen resolution, and network information.
Usage Data: Pages visited, features used, time spent on pages, click-stream data, login/logout timestamps, trading session activity, API usage logs.
Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies. Please refer to our Cookie Policy (Section 14) for further details.
Location Data: Approximate geographic location inferred from IP address; precise location data may be collected with your consent if required for specific features.
5.3 Information from Third Parties
We may receive personal data about you from various third parties or publicly available sources, including work-related data from recruiting or professional networking websites, and identity and contact data from publicly available sources. Additionally:
Identity Verification Partners: KYC/e-KYC providers (e.g., DigiLocker, UIDAI-approved agencies), PAN verification agencies, bank account verification providers, liveness detection service providers.
Payment Partners: Banks, UPI providers, payment gateways who share transaction confirmations and account validation data.
Government / Regulatory Sources: Data received from FIU-IND, RBI, Income Tax Department, or other agencies in connection with compliance or investigation requests.
Analytics & Fraud Prevention Providers: Anti-fraud services, device fingerprinting providers, blockchain analytics firms.
Publicly Available Information: Company registrar records (MCA), court records, sanctions lists, and adverse media sources.
6. LEGAL BASIS AND PURPOSE OF PROCESSING
The law rests on seven core principles, including consent and transparency, purpose limitation, data minimisation, accuracy, storage limitation, security safeguards, and accountability. These principles guide every stage of data processing.
We process your Personal Data on one or more of the following legal bases:
6.1 Consent
Where you have provided your free, specific, informed, and unambiguous consent for one or more specific purposes, including:
Creating and managing your Account;
Processing your KYC documentation;
Sending you marketing communications and promotions (with opt-out);
Collecting and analysing data through cookies and similar technologies.
6.2 Performance of Contract
Processing necessary for performing the Terms of Use and providing the Services, including:
Executing trades (futures and options, copy trading);
Processing deposits, withdrawals, and settlements;
Margin management, liquidation, and risk management;
Providing customer support;
Sending transactional notifications (trade confirmations, margin alerts, etc.).
6.3 Legal Obligations
Processing necessary for compliance with our legal obligations under Applicable Laws, including:
Any entity that acts as a Virtual Asset Service Provider (VASP) in India is required to register with the Financial Intelligence Unit India (FIU-IND), pursuant to the 2023 notification by the Ministry of Finance bringing virtual digital assets (VDAs) under the scope of the Prevention of Money Laundering Act (PMLA) of 2002.
Suspicious Transaction Reports (STRs) must be filed with FIU for unusual activity. Exchanges must maintain detailed records of transactions for at least five years.
Tax Deducted at Source (TDS) at 1% on VDA transactions under Section 194S of the Income Tax Act;
Compliance with directions/orders from regulatory bodies, courts, or law enforcement;
Obligations of data fiduciaries under the DPDP Act include (i) making reasonable efforts to ensure the accuracy and completeness of data, (ii) building reasonable security safeguards to prevent a data breach, (iii) informing the Data Protection Board of India and affected persons in the event of a breach, and (iv) erasing personal data as soon as the purpose has been met and retention is not necessary for legal purposes.
6.4 Legitimate Interests
Processing necessary for our legitimate interests, provided such interests are not overridden by your rights and freedoms, including:
Fraud prevention, detection, and investigation;
Platform security and integrity;
Internal analytics and business intelligence;
Risk management and credit assessment;
Improving our Services and user experience;
Enforcement of our Terms and Policies.
7. HOW WE USE YOUR INFORMATION
We use Your Information for the following purposes:
(a) To create, verify, manage, and maintain your Account on the Platform;
(b) To conduct identity verification and KYC/CDD/EDD processes as required under the PMLA, PML Rules, and FIU-IND Guidelines;
(c) To provide our Services, including facilitating the trading of crypto futures and options, processing deposits and withdrawals, margin calculations, and settlements in INR;
(d) To comply with tax obligations, including the calculation and deduction of 1% TDS under Section 194S of the Income Tax Act, 1961, and generating tax withholding statements;
(e) To monitor transactions for suspicious activity, conduct sanctions screening, and file Suspicious Transaction Reports (STRs), Cash Transaction Reports (CTRs), and other reports with FIU-IND;
(f) To prevent, detect, and investigate fraud, market manipulation, money laundering, terrorist financing, and other prohibited activities;
(g) To communicate with you regarding your Account, trades, margin calls, platform updates, maintenance notices, and security alerts;
(h) To send you promotional communications, referral programs, and marketing materials (with your consent, and subject to your right to opt-out);
(i) To improve and personalize our Services, conduct analytics, research, and develop new products and features;
(j) To ensure the security and integrity of our Platform, including through device fingerprinting, IP tracking, and anomaly detection;
(k) To comply with legal obligations, enforce our Terms, and respond to lawful requests from regulatory bodies, law enforcement agencies, courts, and government authorities;
(l) To resolve disputes, troubleshoot problems, and provide customer support;
(m) To conduct internal audits, due diligence, and corporate governance activities;
(n) To manage our relationship with you, including seeking your feedback, conducting surveys, and facilitating referral programs.
8. DISCLOSURE AND SHARING OF INFORMATION
We may disclose or share Your Information in the following circumstances:
8.1 With Service Providers and Data Processors
We engage third-party service providers who act as Data Processors on our behalf, bound by contractual obligations to process Your Information only as instructed and to maintain confidentiality and security. These include:
KYC and identity verification providers;
Payment processors and banking partners;
Cloud hosting and infrastructure providers;
Customer support and communication tools;
Analytics and business intelligence providers;
Blockchain analytics and compliance tools;
Marketing and advertising platforms (with your consent).
8.2 With Regulatory Authorities and Law Enforcement
We may share Your Information with:
The Financial Intelligence Unit – India (FIU-IND) for STR, CTR, and other mandated reports;
The Income Tax Department for TDS compliance and reporting;
The Reserve Bank of India (RBI), Enforcement Directorate (ED), or other regulatory bodies;
Law enforcement agencies, courts, tribunals, or any authority pursuant to a lawful order, direction, or request;
The Data Protection Board of India as required under the DPDP Act.
8.3 For Legal and Compliance Purposes
We may disclose Your Information where we reasonably believe such disclosure is necessary to:
Comply with Applicable Laws, regulations, legal processes, or enforceable governmental requests;
Protect the rights, property, or safety of Graviti, our users, or others;
Detect, prevent, or address fraud, security, or technical issues;
Enforce our Terms, this Policy, and other agreements.
8.5 In Connection with Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, Your Information may be transferred to the successor entity, subject to this Policy and Applicable Laws.
8.6 With Your Consent
We may share Your Information for any other purpose with your explicit consent.We do not sell your Personal Data to third parties for their marketing purposes.
9. DATA STORAGE AND TRANSFERS
9.1 Storage Location
Your personal information, including your KYC details and Aadhaar details, will be stored in our or our authorised third party's servers, both of which will be situated in the territorial jurisdiction of India.
9.2 Cross-Border Transfers
Some of our external third parties may be based outside the territorial jurisdiction of India. However, we do not send or transfer any of your Sensitive Personal Information or Data, KYC-related information, or Aadhaar details to such third parties that are based outside the territorial jurisdiction of India.
The DPDP Act allows transfer of personal data outside India, except to countries restricted by the Central Government through notification. Where we transfer non-sensitive personal data outside India, we ensure:
(a) The transfer is to a country or territory not restricted by the Central Government of India.
(b) Adequate contractual safeguards (including data processing agreements) are in place with the recipient;
(c) The recipient maintains security standards equivalent to those required under Applicable Laws in India.
9.3 Security During Transfer
All data in transit is encrypted using industry-standard protocols (TLS 1.2 or higher). Data at rest is encrypted using AES-256 or equivalent encryption standards.
10. DATA RETENTION
10.1 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
10.2 We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.
10.3 Specific Retention Periods:
Data Category
Retention Period
Legal Basis
KYC Records and Identity Documents
5 years from date of cessation of account/relationship
PMLA Section 12, PML Rules
Transaction Records
5 years from the date of transaction
PMLA Section 12, PML Rules
STRs and CTRs
5 years from the date of filing
FIU-IND AML/CFT Guidelines
Tax Records (TDS, Form 26QE)
8 years from the end of the relevant assessment year
Income Tax Act, 1961
Account and Login Data
Duration of account + 5 years post closure
PMLA, IT Act
Communication Records
3 years from the date of communication
Business records management
Cookie Data and Usage Analytics
Up to 24 months from collection (or as set in Cookie Policy)
DPDP Act / consent-based
10.4 We will use and retain Your Information for such periods as necessary to comply with any applicable laws, discharge our legal obligations, resolve disputes, maintain record keeping, and enforce our rights and remedies including enforcement of the Terms and this Privacy Policy.
10.5 Upon expiry of the retention period (and where no legal requirement mandates further retention), Your Information will be securely deleted, anonymized, or de-identified such that it can no longer be associated with you.
11. DATA SECURITY
11.1 We implement industry-standard technical and organizational security measures to protect Your Information against unauthorized access, alteration, disclosure, or destruction. Security protocols include encryption and masking for all personal data. Other required security measures include access control, access logging and monitoring, data backups, and mechanisms for detecting, investigating, and remediating unauthorized access incidents.
11.2 Technical Safeguards:
End-to-end encryption (TLS 1.2+) for data in transit;
AES-256 encryption for data at rest;
Multi-factor authentication (2FA) for account access;
Anti-phishing codes included in email communications to help users verify authenticity and prevent phishing attacks;
Multi-signature cold wallets for digital asset custody;
Firewalls, intrusion detection and prevention systems (IDS/IPS);
Regular vulnerability assessments and penetration testing;
DDoS protection and Web Application Firewall (WAF);
Secure API authentication using JSON Web Tokens (JWT), which provide a stateless authentication mechanism with built-in signature verification and expiration controls to ensure secure access and authorization.
11.3 Organizational Safeguards:
Role-based access controls (RBAC) with principle of least privilege;
Background checks on employees with access to personal data;
Mandatory data protection and security training for all employees;
Incident response plan and dedicated security team;
Regular internal and external security audits;
Data Protection Impact Assessments (DPIAs) where required.
11.4 Breach Notification.
You must report all personal data breaches irrespective of their gravity or damage caused to the Data Protection Board. In the event of a personal data breach, Graviti will:
(a) Notify the Data Protection Board of India in the form and manner prescribed under the DPDP Act and DPDP Rules;
(b) Notify affected Data Principals (users) without undue delay;
(c) Take immediate remedial measures to mitigate the impact of the breach;
(d) Report to FIU-IND and other relevant authorities, if applicable.
11.5 User Responsibility. While we implement comprehensive security measures, you are responsible for maintaining the confidentiality of your account credentials, 2FA codes, API keys, and device security. You must notify us immediately at support@graviti.exchange if you suspect any unauthorized access to your Account.
12. YOUR RIGHTS AS A DATA PRINCIPAL
Under the DPDP Act and Applicable Laws, you have the following rights:
12.1 Right to Access. Individuals can ask to access their personal data or seek corrections and updates. You may request a summary of your Personal Data being processed by us and the processing activities.
12.2 Right to Correction and Erasure. You may request correction of inaccurate or incomplete Personal Data. You may also request the removal of data in certain situations. This is subject to our legal retention obligations under PMLA and other Applicable Laws.
12.3 Right to Withdraw Consent. You may withdraw your consent for processing at any time. However, withdrawal of consent will not affect the lawfulness of processing based on consent prior to its withdrawal. Withdrawal of consent for essential processing (e.g., KYC, transaction monitoring) may result in termination or restriction of your Account and Services.
12.4 Right to Nominate. You have the right to nominate a consent manager to manage your data-related requests on your behalf. In the event of your death or incapacity, your nominated individual may exercise your rights under this Policy.
12.5 Right to Grievance Redressal. You may raise complaints or grievances regarding the processing of your Personal Data. Our Grievance Officer (details in Section 17) will acknowledge and address your grievance within the timelines prescribed under Applicable Laws.
12.6 Right to Complain to the Data Protection Board. If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India as established under the DPDP Act.
12.7 Limitations on Rights. Your rights under this Section may be limited where:
Compliance would compromise fraud prevention or detection activities;
Data is required for the establishment, exercise, or defense of legal claims;
Retention is mandated by PMLA, FIU-IND Guidelines, tax laws, or other Applicable Laws;
Data has been anonymized or de-identified and cannot be linked back to you.
To exercise any of the above rights, please contact us at support@graviti.exchange or through the in-app privacy settings. We will respond to your request within the period prescribed under the DPDP Rules (currently within a reasonable time, as notified).
13. CHILDREN'S DATA
13.1 Our Services are not intended for persons below the age of 18 years. We do not knowingly collect or process Personal Data of children.
13.2 Under the DPDP Act, a data fiduciary must obtain verifiable parental consent from a lawful guardian before processing any data of children. Data fiduciaries processing children's data must also take reasonable measures to ensure their actions do not cause detrimental effects on the well-being of the child or direct targeted advertising towards the child.
13.3 If we discover that we have inadvertently collected Personal Data from a person below 18 years of age without appropriate parental consent, we will promptly delete such data and terminate the associated Account.
14. COOKIES AND TRACKING TECHNOLOGIES
14.1 What are Cookies? Cookies are small text files stored on your device when you access our Platform. We use cookies and similar technologies (web beacons, pixels, local storage) to enhance your experience.
14.2 Types of Cookies We Use:
Cookie Type
Purpose
Duration
Strictly Necessary
Essential for Platform operation, security, authentication, load balancing
Session / Persistent
Functional
Remember your preferences, language settings, login state
Persistent (up to 12 months)
Analytics/Performance
Understand how users interact with the Platform; improve performance
Persistent (up to 24 months)
Marketing/Advertising
Deliver relevant ads, measure campaign effectiveness (with consent)
Persistent (up to 24 months)
14.3 Third-Party Cookies. We may allow certain third-party analytics and advertising partners to place cookies on the Platform, including but not limited to Google Analytics, Mixpanel, and similar tools.
14.4 Managing Cookies. You can control and/or delete cookies through your browser settings. Disabling certain cookies may affect the functionality of the Platform. You may also withdraw consent for non-essential cookies through our cookie consent banner.
15. THIRD-PARTY LINKS AND SERVICES
15.1 Our Platform may contain links to third-party websites, applications, or services that are not operated or controlled by Graviti. This Policy does not apply to such third-party services.
15.2 We are not responsible for the privacy practices of any third-party services. We encourage you to review the privacy policies of any third-party services before providing your Personal Data.
15.3 Integration with third-party services (e.g., payment gateways, UPI providers, analytics services) is governed by separate agreements between you and those third parties.
16. CHANGES TO THIS PRIVACY POLICY
16.1 We reserve the right to update, modify, or amend this Privacy Policy at any time at our sole discretion. Any changes will be effective upon posting of the updated Policy on the Platform, with the "Last Updated" date revised accordingly.
16.2 Where material changes are made, we will endeavor to notify you through:
A prominent notice on the Platform; OR
Email notification to your registered email address; OR
In-app notification or pop-up.
16.3 Your continued use of the Platform and Services after the posting of any modified Policy shall constitute your acceptance of such changes. If you do not agree with any changes, you must discontinue use of the Platform and Services.
17. GRIEVANCE OFFICER AND CONTACT INFORMATION
In accordance with the DPDP Act, the IT Act, and the PMLA, we have appointed the following officers:
17.1 Grievance Officer / Data Protection Officer Details
Designation
Grievance Officer & Data Protection Officer
compliance@graviti.exchange
Working Hours
Monday to Friday, 10:00 AM – 6:00 PM IST
The Grievance Officer shall acknowledge your complaint within 48 hours and resolve it within 30 days from the date of receipt, in accordance with applicable timelines under the DPDP Rules.
17.2 Compliance Officer (PMLA)
Designation
Principal Officer (PMLA)
po@graviti.exchange
17.3 General Enquiries
For any general queries related to this Privacy Policy, you may write to us at: support@graviti.exchange
18. REGULATORY REGISTRATIONS
Registration
Details
Companies Act, 2013
U62099MH2024PTC435645
GST Registration
27ABBCA7316G1ZU
19. GOVERNING LAW AND DISPUTE RESOLUTION
19.1 This Privacy Policy shall be governed by and construed in accordance with the laws of India.
19.2 Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Mumbai, India, unless otherwise required by Applicable Laws.
19.3 For complaints regarding data protection, you may also approach the Data Protection Board of India as constituted under the DPDP Act, 2023.
20. MISCELLANEOUS
20.1 Severability. If any provision of this Policy is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.
20.2 Entire Agreement. This Privacy Policy, together with the Terms of Use and any supplementary policies published on the Platform, constitutes the entire understanding between you and Graviti regarding the processing of your Personal Data.
20.3 No Waiver. Our failure to enforce any right or provision of this Policy shall not constitute a waiver of such right or provision.
20.4 Language. This Policy is drafted in English. The terms and conditions and information related to collection of data should be made available in all the 22 languages in the 8th Schedule of the Indian Constitution as required. In the event of any conflict between the English version and any translated version, the English version shall prevail.
20.5 Assignment. We may assign our rights and obligations under this Policy to any affiliate or in connection with a merger, acquisition, or sale of assets, without your prior consent but with notice to you.
CONSENT ACKNOWLEDGEMENT
By creating an Account, completing the KYC verification process, and/or using the Graviti Platform and Services, you confirm that:
You have read, understood, and agree to be bound by this Privacy Policy;
You consent to the collection, use, processing, storage, disclosure, and transfer of your Personal Data as described herein;
You give your explicit consent to collect, store, process, disclose, and safeguard your Personal Information, including your KYC details, including but not limited to (a) Aadhaar information details, (b) identity information contained in public reports (e.g., your name, address, past addresses, or date of birth), and (c) account information associated with your linked bank account;
You understand that refusal to provide required information may result in the inability to access certain or all Services;
You consent to the processing of your data for compliance with PMLA, FIU-IND reporting obligations, and tax laws.
