GoldWalt

Privacy Policy

This Privacy Policy is published pursuant to the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and the Digital Personal Data Protection Act, 2023 (“DPDP Act”), as applicable and amended from time to time.

GOLD WALT INDIA (OPC) PRIVATE LIMITED (“GoldWalt,” “we,” “us,” “our”) explains how we collect, use, store, share, and protect personal information when you use the GoldWalt mobile application, website (goldwalt.com), APIs, notifications, and related services (collectively, the “Platform”).

By downloading or using the Platform, visiting our website, providing your information, or availing our services, you agree to this Privacy Policy and applicable Terms. We do not offer products or services outside India through the Platform.

If you do not agree with this Privacy Policy, please do not use or access the Platform.

Effective Date: 13 August 2025

Last Updated: 18 May 2026

1. Who We Are

GoldWalt operates a digital precious metals platform enabling buy, hold, sell, SIP, and physical delivery of gold and silver. We are not a bank, NBFC, or deposit-taking institution.

  • Legal entity: GOLD WALT INDIA (OPC) PRIVATE LIMITED
  • Registered office: THE SILVERTREASURE PLOTNO, 22 100 FT ROAD UDR (MCL), Udaipur City, Girwa, Udaipur-313001, Rajasthan, India
  • Contact: support@goldwalt.com | +91-9587230288

2. Scope

  • This Policy applies to end users of the mobile app, website visitors, data processed by authorized service providers on our instructions, and data accessed by authorized administrators for operations and compliance.
  • It does not apply to third-party websites or apps you access through the Platform (e.g., DigiLocker, payment gateway checkout). Review their privacy policies separately.
  • Personal Information means information that can identify you. Sensitive Personal Information (SPDI) includes heightened-protection data such as financial, KYC, and authentication information as defined under applicable Indian law.

3. Information We Collect

We collect Personal Information that is relevant and necessary to provide the services you request and to improve the Platform. Collection may occur when you visit, register, transact, contact support, respond to surveys, or interact with Partners.

A. Information you provide

  • Account & identity: Mobile number (+91), name, date of birth, gender, email (with OTP verification).
  • KYC / SPI: PAN, Aadhaar verification status, address, and related data from authorized verification flows (e.g., Truthscreen / DigiLocker).
  • Payments & payouts: Bank account details (name, IFSC, account number), UPI beneficiary information, transaction amounts, and OTPs used to authorize payments or payouts.
  • Holdings & orders: Buy/sell amounts, grams, SIP preferences, price-lock sessions, delivery orders.
  • Delivery: Receiver name, phone, address, pincode, optional coordinates, delivery instructions.
  • Support: Ticket title, description, chat messages, photos and documents you upload.
  • Profile: Optional profile photograph and in-app feedback.

B. Information collected automatically

  • Device & app: Device type (iOS/Android), app version, operating system, device identifiers as permitted.
  • Session: Authentication token, login and activity timestamps.
  • Usage: Transaction history, holdings, SIP status, price-lock sessions, screens visited.
  • Network: IP address, bandwidth, and request metadata in server logs.
  • Push: Firebase Cloud Messaging (FCM) device token.
  • Location: Approximate coordinates only when you choose “use current location” on address forms (with permission).
  • Android login assist (optional): SIM/phone state to suggest your mobile number—you may decline and type manually.

C. Information from third parties

  • KYC partners: Verification results, masked identifiers, address alignment, fraud or duplicate signals.
  • Cashfree: Payment and payout status, transaction references, subscription/mandate status for SIP.
  • Delivery partner (BVC or successors): Order and tracking status.
  • MSG91: SMS OTP delivery status.
  • Credit/fraud-prevention or compliance sources: Where lawful, to verify transactions and prevent abuse.
  • Metal price providers: Reference prices (not personal data).

D. Website visitors

  • Live price API requests (technical metadata; no account required).
  • Theme preference stored locally (goldwalt-theme).
  • Contact or newsletter data only when forms are connected to our backend (see on-page notices).

4. Sensitive Personal Information

We collect SPI such as PAN, Aadhaar-related information, bank/UPI details, and payment authentication data only where necessary for KYC, AML compliance, processing payments and payouts, and meeting legal obligations. We apply additional safeguards for such data.

5. How We Use Your Information

We process Personal Information for the following purposes:

  1. Create your account, verify identity, and manage access privileges.
  2. Provide digital gold/silver services, SIP, payouts, and physical delivery.
  3. Conduct KYC and AML compliance as required by regulators and Partners.
  4. Validate and share KYC information with Partners where necessary to complete transactions.
  5. Process payments, refunds, payouts, and authenticate transaction requests.
  6. Send transactional SMS, email, push, and in-app notifications.
  7. Provide customer support, resolve disputes, and fix technical issues.
  8. Monitor products/services, conduct audits, and improve user experience (including aggregated analytics).
  9. Detect, investigate, and prevent fraud, money laundering, security breaches, and abuse.
  10. Enforce our Terms, policies, and comply with court orders or legal process.
  11. Send marketing or promotional communications only with consent or as permitted by law.
  12. Other legitimate business purposes, minimized to the extent possible and not more intrusive than necessary.

7. Cookies & Similar Technologies

  • We use cookies or similar technologies on certain Platform pages to analyse flow, measure effectiveness, and promote trust and safety. Cookies do not contain your Personal Information by themselves.
  • Most website cookies are session-based and deleted when you close your browser. You may decline or delete cookies if your browser permits; some features may not work and you may need to sign in more often.
  • Third-party pages (e.g., payment checkout) may set their own cookies—we do not control those.
  • The mobile app uses encrypted device storage and FCM tokens instead of browser cookies. See our Cookie Policy.

8. Sharing & Disclosure

We do not sell your Personal Information. We share data only on a need-to-know basis, under applicable law, after due diligence on recipients’ privacy practices, and subject to contractual obligations no less stringent than this Policy.

  • KYC verification partners for PAN/Aadhaar validation and compliance.
  • Cashfree for payments, SIP subscriptions, refunds, and payouts.
  • Custody, vault, and logistics partners for metal backing and physical delivery.
  • Cloud and IT providers (e.g., AWS S3, AWS SES, MongoDB hosting, Firebase, Logtail, MSG91).
  • Regulators, courts, law enforcement, or fraud-prevention agencies when required by law or to protect rights and safety.
  • Professional advisers under confidentiality obligations.
  • Affiliates or acquirers in a merger or restructuring, subject to safeguards.

When you use a Partner’s service on the Platform, that Partner may collect information governed by its own privacy policy. We are not responsible for third-party practices once you leave our servers—check the URL or app you are redirected to.

9. Storage, Security & Location

  • Personal Information is primarily processed and stored in India.
  • We implement reasonable security practices including TLS/HTTPS in transit, AES encryption of API payloads in production, encryption for selected KYC fields at rest, firewalls, and password-protected restricted server access.
  • JWT sessions with server-side invalidation on logout or account deletion; webhook signature verification for payment partners.
  • Role-based admin access; admin actions may be logged. No security system is impenetrable—report incidents to support@goldwalt.com promptly.

10. Data Retention

  • We retain Personal Information only as long as necessary for the purposes collected, unless a longer period is required by law.
  • After account deletion, a 14-day grace period may apply before permanent deletion. KYC and transaction records may be retained for statutory periods (often up to 7 years).
  • When retention ends, data is deleted or anonymized per our Data Retention Policy, except where legal proceedings or regulatory directions require continued retention.

11. International Transfers

We primarily store and process data in India. If any subprocessors process data outside India, we implement appropriate safeguards as required by applicable law.

12. Your Rights

  • Access and correct personal data via the app or support@goldwalt.com.
  • Request account deletion (in-app Settings → Delete Account or by email).
  • Withdraw marketing consent where applicable.
  • Nominate a contact for grievance redressal under the DPDP Act where applicable.
  • Raise grievances with our Grievance Officer (see below). We may verify identity before fulfilling requests.

14. Biometric App Lock (Optional)

If you enable Face ID or fingerprint unlock, biometric data is processed on your device only and is not stored on our servers.

15. Third-Party Websites & Services

The Platform may link to or embed third-party websites, payment pages, or KYC flows. Their privacy policies govern data collected there. We are not responsible for third-party use of your information. Review their policies before providing data.

16. Admin Access

Authorized personnel use an admin portal to support users, manage transactions, review KYC, block accounts, export reports, and view API logs. Access is role-based and subject to internal policies.

17. Children

The Platform is available only to persons who can form a legally binding contract under the Indian Contract Act, 1872 (18 years and above). We do not knowingly collect Personal Information from children under 18.

18. Changes to This Policy

We may update this Policy at any time by posting a revised version on the Platform. We will endeavour to notify you of material changes via the Platform, email, or push. Your continued use after changes constitutes acceptance where permitted. We will not make changes that reduce protection of Personal Information already collected without your consent where required by law. Review this Policy periodically.

19. Grievance Officer

In compliance with applicable Indian law, for grievances relating to the Platform:

  • Name: Anshul Sharma
  • Email: support@goldwalt.com
  • Address: Registered office (see Section 1)
  • Response: Within 7 working days of receipt, extendable where permitted with notice

20. Contact Us

For questions about this Privacy Policy or our processing of your Personal Information, contact support@goldwalt.com or call +91-9587230288.