Legal · DPDP Act 2023
Privacy policy
Draft for legal review. This policy is a good-faith statement of our actual practices, prepared for review by counsel before general availability. Questions meanwhile: ayush@capeasy.in.
Who we are
Saral is operated by CapEasy (“we”). For data you submit on this website and in the Saral product, we are the data fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP). For personal data your company records about its stakeholders inside Saral (for example, employees on the ESOP register), your company is the data fiduciary and we process on its instructions.
What we collect, and why
- This website: email (and optionally name/company) when you join the waitlist, request a demo, or email yourself a calculator scenario — used only to respond and to send product updates you can opt out of. Calculator inputs you choose to email are stored with your lead. Anonymous usage analytics (page views) via Vercel Analytics, without advertising identifiers.
- The product: account email for sign-in (passwordless); the equity data your company records — stakeholder names, holdings, and PANs where statute requires them (for example, on allotment returns). Processed solely to run the equity and compliance workflows your company uses.
What we never do
- No sale or rental of personal data. No advertising use. No lookalike audiences.
- No secondary use of your company’s equity data beyond running the product for you.
Where data lives, and how it is protected
Databases and file storage are in AWS ap-south-1 (Mumbai). Company data is isolated with database row-level security; the equity ledger is append-only; backups are encrypted and restore-tested. Details on the Security & Trust page.
Processors we use
Supabase (database/auth/storage, Mumbai region), Vercel (application hosting and anonymous analytics), Resend (transactional email), GitHub (encrypted backup artifacts). Each processes data only to provide their service to us.
Retention and deletion
Website leads: kept until you ask us to delete them or 24 months of inactivity, whichever is earlier. Product data: kept while your company uses Saral; on verified request we export and then delete your company’s data, subject to record-keeping a statute imposes on us directly.
Your rights
You may request access to, correction of, or deletion of your personal data, and may withdraw consent for non-essential communications at any time: ayush@capeasy.in. If you are a stakeholder whose data a company records in Saral, we will route your request to that company and assist them in honouring it. Grievances are acknowledged within 72 hours.
Changes
We will post changes here with a dated note, and material changes will be emailed to account holders before they take effect.