Privacy Policy

Last updated: 18 July 2026

1. Who We Are

AlphaGrid (the “Service”, “we”, “us”) is operated by MergeConflict Studio LLP, a limited liability partnership registered in India (LLPIN: [LLPIN — to be filled]), with its registered office at [registered office address], Bengaluru, Karnataka, India. For the purposes of the Digital Personal Data Protection Act, 2023 (“DPDP Act”), MergeConflict Studio LLP is the Data Fiduciary that determines how and why your personal data is processed.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, who we share it with, and the rights you have. It applies to your use of alpha-grid.in and all associated features.

2. Data We Collect

We collect only what we need to run the Service:

  • Account data — your name, email address, and a securely hashed password (or, if you use Google Sign-In, your Google account email and display name). We never see or store your Google password.
  • Subscription & payment data — plan, billing status, and payment records (payment ID, amount, date). Card, UPI and bank details are collected and processed directly by our payment partner Razorpay; we do not store your full card or bank numbers.
  • Referral payout data — if you request a referral cash payout, the UPI ID or bank account details you provide, used only to send that payout.
  • Broker connection — if you connect Zerodha Kite, a short-lived access token used to fetch market data. We do not store your broker password or place orders.
  • Product data you create — watchlists, saved scans, scan history, alerts, journal entries, portfolios, paper trades, and any community posts or comments.
  • Messaging identifiers — your Telegram chat ID (if you link Telegram) and browser push token (if you enable push notifications), used only to deliver the alerts and briefs you opt into.
  • Usage & device data — basic technical logs (IP address, browser type, pages/features used) generated automatically to operate, secure and improve the Service.
  • Support & feedback — the contents of support tickets and feedback you send us.
  • “How did you hear about us” — an optional one-time attribution answer.

3. Why We Use Your Data

We process your personal data to:

  • Create and secure your account and authenticate you.
  • Provide the features you use (screening, charts, watchlists, alerts, journal, funds, paper trading, etc.).
  • Process subscriptions, payments, refunds and referral payouts.
  • Send service messages, alerts and briefs you have opted into.
  • Respond to your support requests.
  • Maintain security, prevent fraud and abuse, and debug problems.
  • Comply with legal, tax and regulatory obligations.

We do not sell your personal data, and we do not use it for advertising.

4. Legal Basis & Consent

Under the DPDP Act, we process your personal data on the basis of the consent you give when you create an account and use specific features (for example, linking Telegram, connecting your broker, or requesting a payout), and for certain legitimate uses permitted by law (such as fulfilling a service you have requested, security, and meeting legal obligations). You may withdraw consent at any time (see Section 9); withdrawing consent may mean we can no longer provide part or all of the Service.

5. Who We Share Data With (Processors)

We share limited personal data with trusted service providers (“Data Processors”) strictly to run the Service, under contractual confidentiality obligations:

  • Google Firebase — authentication, database and hosting.
  • Supabase — database for market and analytics data.
  • Razorpay — payment processing (PCI-DSS compliant).
  • Zerodha Kite — market-data connectivity (only if you connect it).
  • Resend — transactional email delivery.
  • Google (Gemini API) — AI-generated summaries and analysis. We do not send AI providers more personal data than needed to produce the requested output.
  • Telegram — alert/brief delivery (only if you link it).

We may also disclose data where required by law, court order, or a lawful request from a government authority, or to protect our rights, users or the public.

6. Cookies & Local Storage

We use strictly necessary cookies and browser local storage to keep you signed in, remember your preferences (such as theme), and operate core features. We do not use third-party advertising or cross-site tracking cookies. You can clear or block cookies in your browser settings, but some features may stop working if you do.

7. Data Retention

We keep your personal data only for as long as your account is active or as needed to provide the Service. When you delete your account (see Section 9), we erase your account and associated personal data. Certain records — for example, tax invoices and payment records — may be retained for the period required by Indian law (such as the Income-tax Act and GST rules), after which they are deleted or de-identified. Backup copies are purged on our routine backup-rotation cycle.

8. How We Protect Your Data

We apply reasonable technical and organisational security measures, including encryption in transit (HTTPS), access controls, hashed passwords, and restricted administrative access. No method of transmission or storage is completely secure; while we work hard to protect your data, we cannot guarantee absolute security. If a personal-data breach occurs, we will notify the Data Protection Board of India and affected users as required by the DPDP Act.

9. Your Rights & Choices

As a Data Principal under the DPDP Act, you have the right to:

  • Access — request a summary of the personal data we hold about you and how it is processed.
  • Correction & updating — ask us to correct inaccurate or incomplete data; you can edit your profile in the app.
  • Erasure — delete your account and personal data. You can do this yourself, instantly, from Settings → Delete Account, or by contacting our Grievance Officer.
  • Withdraw consent — turn off optional features (e.g. Telegram, push, broker link) or delete your account at any time.
  • Grievance redressal — raise a complaint with our Grievance Officer (Section 12).
  • Nominate — nominate another individual to exercise your rights in the event of death or incapacity.

To exercise any right that isn’t self-serve, email us at the address in Section 12. We will respond within the timelines required by law.

10. Children

AlphaGrid is intended only for individuals aged 18 and above. We do not knowingly collect personal data from children. If we learn that we have collected data from a minor, we will delete it. We do not undertake tracking, behavioural monitoring, or targeted advertising directed at children.

11. Cross-Border Transfers

Some of our service providers (such as Google, Supabase and Resend) may process data on servers located outside India. Where this happens, we rely on providers that offer appropriate safeguards, and we transfer data only to jurisdictions not restricted by the Government of India under the DPDP Act.

12. Grievance Officer & Contact

If you have any question, request, or complaint about your personal data or this policy, contact our Grievance Officer:

Grievance Officer: [Grievance Officer name]

MergeConflict Studio LLP

Email: support@mergeconflict.in

Product support: support@alpha-grid.in

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified in-app or by email. The “Last updated” date at the top reflects the latest version; continued use of the Service after an update constitutes acceptance.