How its work

Testimonial

Blog

Get the app

Get the app

Get the app

Privacy Policy

This Privacy Policy (“Policy”) sets out the manner in which Frax Digital Private Limited, a company incorporated under the Companies Act, 2013 and having its corporate office at Floor No.1, Building No./Flat No. A-24, Kibithu Homes, Vikas Marg, Sector 47, Gurugram, Haryana- 122018 (“FraX”, “Company”, “we”, “us”, or “our”), collects, processes, uses, stores, shares and protects personal data in connection with the operation of the FraX website, mobile application, and associated digital interfaces (collectively, the “Platform”).

This Policy is issued in accordance with the Information Technology Act, 2000 and rules thereunder, the Digital Personal Data Protection Act, 2023 (“DPDP Act”), and other applicable Indian laws. It is intended to function as a comprehensive data-governance memorandum for users, partners, service providers, banks, trustees and regulators.

By accessing or using the Platform, you (“User” or “you”) acknowledge that you have read, understood and accepted this Policy. Where required under applicable law, you provide explicit consent to the processing of your personal data as described herein.


1. ROLE OF FraX AND DATA GOVERNANCE POSITIONING

FraX operates the Platform as a technology and operations provider enabling access to property-specific investment opportunities through special purpose vehicles, including SPV LLPs. In this context, FraX acts primarily as a data fiduciary with respect to Platform-level data and as a data processor or co-fiduciary with respect to certain categories of data processed on behalf of SPVs, escrow agents, trustees, banks and regulatory authorities.

FraX does not collect or process personal data for unrelated, speculative or secondary commercial purposes. All data processing undertaken by FraX is purpose-bound, proportional and traceable to clearly identified operational, contractual, statutory or compliance objectives.


2. CATEGORIES OF PERSONAL DATA COLLECTED

In the course of operating the Platform and facilitating lawful participation workflows, FraX may collect and process personal data including, without limitation, identity information (such as name, date of birth, photograph, PAN or other government-issued identifiers), contact information (such as address, email address and telephone number), financial and banking information (such as bank account details required for escrow routing), and onboarding and verification information required to satisfy know-your-customer, anti-money laundering and fraud-prevention obligations.

FraX may also process device, technical and usage information generated through interaction with the Platform, including IP address, device identifiers, access timestamps, browser/app metadata and log files. Such information is processed to maintain platform integrity, security, auditability and service quality.

Where Investor Documents are executed digitally, FraX processes execution metadata such as timestamps, acceptance method, OTP/e-sign confirmations and document hashes, strictly for evidentiary, audit and compliance purposes.

FraX does not knowingly collect personal data of minors. If you are not legally competent to contract, you must not use the Platform.


3. PURPOSE AND LEGAL BASIS OF PROCESSING

FraX processes personal data only for clearly defined and legitimate purposes. These include enabling user registration and onboarding, performing identity and compliance verification, facilitating execution and storage of contractual documentation, enabling transaction initiation workflows, maintaining operational and statutory audit trails, supporting escrow and payment routing, responding to user queries, complying with legal and regulatory obligations, preventing fraud and misuse, and ensuring platform security and continuity.

Processing is undertaken on one or more of the following legal bases, as applicable: consent provided by the user; performance of a contract to which the user is a party; compliance with legal obligations; and legitimate interests in maintaining a secure, compliant and reliable platform, balanced against user rights.

FraX does not process personal data in a manner that is incompatible with the purposes disclosed in this Policy.


4. DATA SHARING AND DISCLOSURE

FraX follows a controlled and need-to-know disclosure model. Personal data may be shared with the relevant SPV in connection with investor onboarding, participation and statutory compliance; with escrow agents, trustees and banks strictly for account opening, funds routing, reconciliation and compliance; with verification and KYC service providers engaged under contractual confidentiality and security obligations; and with professional advisors, auditors or regulators where disclosure is required by law or reasonably necessary to protect legal interests.

FraX does not sell personal data, does not engage in data brokerage, and does not permit third parties to use personal data for independent marketing or profiling purposes.

Where data is shared with service providers or partners, FraX ensures that such parties are bound by contractual obligations consistent with this Policy, including obligations relating to confidentiality, data protection, purpose limitation and security.


5. DATA STORAGE, RETENTION AND LOCATION

Personal data is stored in secure systems hosted on infrastructure that meets reasonable industry standards for security and availability. FraX retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, including statutory retention requirements, contractual obligations, audit needs and dispute resolution.

Certain records, including executed contractual documents and transaction evidence logs, may be retained for extended periods where required under applicable law or where necessary to protect legal rights and interests of FraX, SPVs or users.

FraX does not retain personal data indefinitely without purpose and periodically reviews retention practices to ensure compliance with law and necessity.


6. INFORMATION SECURITY AND SAFEGUARDS

FraX maintains appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration or destruction. These measures include access controls, role-based permissions, encryption in transit and at rest where appropriate, logging and monitoring, segregation of environments, and incident response procedures.

FraX continuously evaluates its security posture and updates safeguards in light of evolving risks, regulatory guidance and industry practices. While no system can guarantee absolute security, FraX affirms its commitment to maintaining a robust and proportionate security framework.


7. USER RIGHTS AND CHOICES

Users have the right, subject to applicable law, to seek access to their personal data, request correction of inaccuracies, withdraw consent where processing is based on consent, and request erasure of personal data where retention is no longer required by law or contractual obligation.

Requests relating to data rights may be made through the contact details specified below. FraX will respond to such requests within reasonable timelines and in accordance with the DPDP Act and other applicable laws.

Withdrawal of consent or deletion of data may affect the ability to continue using the Platform or to participate in ongoing contractual arrangements, and FraX will communicate such consequences transparently.


8. COOKIES AND TECHNICAL DATA

The Platform may use cookies and similar technologies to enable essential functionality, maintain session integrity, enhance security, and analyse usage patterns for operational improvement. Such technologies are not used to profile users for unrelated advertising purposes.

Users may manage cookie preferences through browser or device settings, subject to the understanding that disabling certain cookies may affect Platform functionality.


9. DATA BREACH AND INCIDENT RESPONSE

In the event of a personal data breach that is likely to cause harm to users, FraX will take prompt steps to contain and remediate the incident, assess impact, and comply with notification obligations under applicable law, including informing affected users and authorities where required.

FraX maintains internal escalation and incident-handling protocols to ensure timely and responsible response.


10. POLICY AMENDMENTS

FraX may update this Policy from time to time to reflect changes in law, regulatory guidance, platform operations or data practices. Updated versions will be published on the Platform with the revised “Last Updated” date. Continued use of the Platform constitutes acknowledgement of the updated Policy.


11. GRIEVANCE REDRESSAL AND CONTACT DETAILS

FraX is committed to addressing grievances in a fair, transparent and timely manner in accordance with applicable law. Users may raise questions, concerns or grievances relating to this Policy or the handling of personal data by contacting at :

Grievance / Data Protection Contact:

Name: Compliance Officer

Email: hello@getfrax.com


12. GOVERNING LAW

This Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising in connection with this Policy shall be subject to the dispute resolution mechanism specified in the Platform Terms and Conditions.