Privacy Policy

1) Who we are and scope

Fundrev Technologies Private Limited (“Fundrev,” “we,” “us,” “our”) provides software and services that help private equity, venture capital, and similar institutions screen deals, run diligence, and monitor portfolios. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our websites, use our products, or interact with us.

This Policy applies to personal data we process as a data controller. Where we process data on behalf of a customer, we act as a data processor and the Data Processing Addendum (DPA) applies.

2) What data we collect

• Identity and contact: name, email, phone, job title, company, country.
• Regulatory and KYC data: government identifiers, certificates, or documents as legally required.
• Financial and transaction: payment data (tokenized), investment or transaction records.
• Technical and usage: IP address, device, browser, activity logs, access times.
• Preferences and feedback: surveys, support requests, and communication history.
• Third-party data: from customers, integrations, analytics partners, or publicly available business data.

3) How we collect data

• Directly from you: through sign-ups, product use, or support communication.
• From your organization: when your employer or client firm grants you access.
• Automatically: via cookies or session technologies.
• From third parties: through integrations, analytics services, or compliance partners.

4) Where we store and process data

To honor data-residency requirements, Fundrev stores customer data in the geographical region selected by the customer at onboarding—typically the United States, European Union, or India.

• Regional Hosting:

  Data belonging to each customer is hosted within their chosen region’s data center (for example, US East, EU Central, or India South).

• Cross-Regional Processing:

  Limited personal data (for example, account authentication or system logs) may be processed in other regions to provide global support, security monitoring, and analytics, but only under strict contractual and technical safeguards.

• Safeguards for International Transfers:

  When transferring data between regions, we rely on approved mechanisms such as:

  • EU Standard Contractual Clauses (SCCs) for EEA/UK users.
  • Intra-group data transfer agreements ensuring equivalent protection.
  • Encryption in transit and at rest plus strict access controls.

For US-based customers and users, data is primarily stored and processed in the United States in compliance with applicable US privacy laws.

5) Why we use data and legal basis

For India, processing is under the Digital Personal Data Protection Act, 2023. For the US, processing aligns with state-specific privacy laws (for example, CCPA, CPRA) where applicable.

6) Your choices and consent

• You can opt-out of marketing anytime using the unsubscribe link or by emailing us.
• You can manage cookies through your browser, the cookie banner, or Cookie Settings.
• You can withdraw consent where processing is based on consent; previous lawful processing remains valid.

7) Data sharing and disclosures

We share data with:

• Infrastructure providers (cloud, storage, analytics, communication) under strict DPAs.
• Business partners (for integrated services or regulatory compliance).
• Legal or regulatory authorities when required.

Each vendor is vetted for SOC 2 or equivalent certifications. The full Sub-Processor List is available at [link].

8) Retention and deletion

Data is securely deleted or anonymized once no longer needed.

9) Your rights

Depending on jurisdiction, you have rights to access, rectify, delete, restrict, object, or port your personal data.

To exercise these, email admin@fundrev.ai. We verify requests and respond within statutory timelines (typically 30 days).

10) Security

We maintain multi-layered controls, including encryption (in transit and at rest), role-based access, vulnerability management, and continuous monitoring. Our infrastructure undergoes SOC 2 and related audits.

11) Cookies and similar technologies

We use essential session cookies for authentication and analytics cookies to improve our product. Details and management options are provided in our Cookie Policy.

12) Automated decision-making

We do not engage in automated decisions producing legal or significant effects. If that changes, we will provide notice and explain your rights.

13) Breach response and notification

In the event of a personal-data breach, Fundrev promptly:

• Assesses scope and impact.
• Contains and mitigates the breach.
• Notifies affected customers and, where required, regulators within 72 hours (EU/UK) or within 6 hours (CERT-In for India).
• Documents the response and implements corrective actions.

14) Children’s data

Our services target professional users and are not designed for individuals under 18. We delete such data upon discovery.

15) Complaints and escalation

If you have a privacy concern, contact admin@fundrev.ai.

If unresolved, you may approach your regional data-protection authority:

• EEA/UK: Data Protection Authority in your member state.
• US: State Attorney General’s Office (e.g., California Privacy Protection Agency).
• India: Data Protection Board of India.

16) Updates to this policy

We update this Privacy Policy periodically. The latest version is always available at https://fundrev.ai/privacypolicy with the revision date indicated above.

Regional Addenda

European Union & United Kingdom:

Data is hosted in the customer’s selected EU/UK region. Transfers outside the region follow SCCs and supplementary safeguards.

United States:

Data for US customers is hosted within US regions and processed under applicable federal and state privacy laws.

India and APAC:

Data is hosted in India by default, processed in accordance with DPDP Act, 2023.