Legal

Privacy Policy

Effective 27 May 2026

This Privacy Policy explains how Verdikt (“we”, “us”, “our”), operated by an individual proprietor based in Delhi, India, collects, uses, discloses, retains, and protects personal data when you use verdiktresearch.com and related services (the “Service”). It is published in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

By using the Service you confirm that you have read and understood this Policy. If you do not agree, you must stop using the Service.

1. Data we collect

Information you provide

  • Account data: email address, display name, and (if you sign in with Google) the basic profile information Google returns.
  • Payment data: when you subscribe, Razorpay collects card, UPI, netbanking, or wallet details directly. We do not see or store full card numbers or CVVs. We retain payment metadata such as transaction ID, plan, amount, status, and timestamps.
  • Communications: messages you send to us, including support emails.
  • User content: watchlist entries, search queries, stock tickers analysed, chat prompts, notes, ratings, and feedback.

Information collected automatically

  • Usage data: pages and features viewed, clicks, sessions, referrers, errors, and similar product analytics.
  • Device & network data: IP address, browser type and version, operating system, device identifiers, language, time zone, and approximate location derived from IP.
  • Cookies & local storage: for authentication, session persistence, preferences (e.g. theme), and analytics.

We do not intentionally collect financial account numbers, demat IDs, PAN, Aadhaar, biometric, health, sexual orientation, religious belief, or other sensitive personal data. Do not submit such information through the Service.

2. How we use data

  • To provide, operate, and maintain the Service.
  • To create and manage your account and authenticate you on each session.
  • To process subscriptions, payments, refunds, and renewals.
  • To generate AI-driven research output by passing your queries and relevant ticker data to model providers (see Section 4).
  • To respond to your communications, support requests, and grievances.
  • To measure usage, debug, monitor performance, detect abuse, and improve the Service.
  • To send transactional communications (security alerts, billing notices, service notices). We send marketing communications only with your consent, and you may opt out at any time.
  • To comply with legal obligations, enforce our Terms, and protect our rights, property, and users.

3. Legal basis & consent

Under the DPDP Act, we process your personal data on the lawful basis of (a) the consent you provide when you create an account or submit data, and (b) “legitimate uses” including performance of the contract you enter with us, compliance with law, and security. You may withdraw consent at any time as described in Section 7, but withdrawal does not affect processing already carried out, and may make the Service unusable.

4. Sharing & data processors

We do not sell your personal data. We share it only with the following categories of recipients, under appropriate contractual safeguards:

  • Infrastructure & storage: Supabase (authentication & managed Postgres), Vercel (hosting).
  • Payments: Razorpay (payment processing, subscription billing).
  • AI model providers: Anthropic (inference of research output). Queries and supporting context may be transmitted to such providers in the ordinary course of providing the Service.
  • Analytics & product telemetry: PostHog.
  • Communications: Email service providers used to send transactional and (with consent) marketing emails.
  • Professional advisers: auditors, lawyers, and accountants, on a need-to-know basis.
  • Authorities: courts, regulators, and government authorities where required by law, legal process, or to protect our or others’ rights.
  • Business transfers: in the event of a merger, acquisition, restructuring, or sale of assets, your data may be transferred to the successor, subject to this Policy.

5. International transfers

Some of our processors are located outside India (including in the United States and the European Union). By using the Service, you consent to the transfer, storage, and processing of your personal data in such jurisdictions, which may have data-protection laws different from those of India. We require our processors to implement appropriate technical and organisational measures regardless of location.

6. Retention

We retain personal data for as long as your account is active and for a reasonable period thereafter to comply with legal, tax, accounting, and audit obligations (typically up to seven (7) years for financial records, and three (3) years for general account data), to resolve disputes, and to enforce our agreements. Once retention is no longer required, we delete or anonymise the data.

7. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you and obtain a summary of it;
  • Correct or update inaccurate, incomplete, or outdated data;
  • Erase personal data, subject to our retention obligations;
  • Withdraw consent previously given (without affecting prior processing);
  • Nominate another individual to exercise your rights in the event of your death or incapacity;
  • File a grievance with us (see Section 11) and, if unresolved, with the Data Protection Board of India.

To exercise any of these rights, write to founder@verdiktresearch.com. We may need to verify your identity before acting on a request and will respond within the timelines required by law.

8. Cookies & similar technologies

We use cookies and similar storage (such as localStorage) for authentication sessions, theme and language preferences, and analytics. You can control cookies through your browser settings; blocking essential cookies may prevent the Service from working correctly.

9. Security

We implement reasonable security practices and procedures consistent with the IS/ISO/IEC 27001 standard, including TLS in transit, access controls, secure credential storage, and routine review of our processors’ security postures. No system, however, is completely secure. You are responsible for keeping your account credentials confidential, and you accept the residual risks of internet-based services.

In the event of a personal data breach affecting your data, we will notify you and the Data Protection Board of India to the extent and in the manner required by law.

10. Children

The Service is not directed to individuals under eighteen (18) years of age. We do not knowingly collect personal data from minors. If we learn that we have collected such data, we will delete it. A parent or guardian who believes their child has provided personal data may contact us at founder@verdiktresearch.com.

11. Grievance officer

In accordance with the Information Technology Act, 2000, the rules framed thereunder, and the DPDP Act, complaints relating to personal data or this Policy may be addressed to the founder directly:

  • Email: founder@verdiktresearch.com
  • Role: Founder & Grievance Officer
  • Location: Delhi, India
  • Response timeline: within thirty (30) days of receipt.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified by posting the updated Policy with a new effective date and, where appropriate, by email or in-Service notice. Continued use of the Service after the effective date constitutes acceptance.

13. Contact

Questions about this Policy? Write to founder@verdiktresearch.com.