Privacy Statement ("Privacy Statement" or "Policy") for Hitston Fintech . The purpose of this Policy is to provide you with information regarding the practices followed by Hitston Fintech and Hitstone Technology Private Limited, which include storage, processing, and disclosure of your personal data when you access our online store and marketplace, value-added services, our technology tools, including our website and mobile application (collectively "Platform"), provide an educational platform and payment aggregation services (hereinafter "Services").

Your personal information is protected by Hitston Fintech . In accordance with this Policy, we will process any personal data we collect from or about you. Read this Policy carefully to understand our practices regarding your personal information and how we will handle it. Using our Services implies your consent to collecting, storing, using, and disclosing your personal information as described in this Policy. All terms of your agreement with us and this Policy apply to the Services.

OUR COLLECTION OF PERSONAL DATA

To provide you with or in connection with the Services, we may collect, use, store, and transfer different kinds of personal data about you, as permitted by law. "personal data" refers to any information that can be used to identify an individual. As far as I know, no data has been anonymized or made anonymous (for instance, personal information).

The following types of personal data are included:

• The information we collect about you includes your first and last name, username, business title, password, purchases or sales you make using our Services, feedback, survey results, etc.
• Information might also include email addresses, phone numbers, delivery addresses, billing addresses, business addresses, and social media sites.
• We collect data related to our underwriting processes when you access certain services.
• This includes, for example, documents issued by any governmental body or authority that can be used to verify identity and/or address, such as passports, Aadhaar cards, election commission ID cards, driving license numbers, permanent accounts, current bank statements and ration cards, to name a few.
• Your transaction data includes details about payments to and from you and the services you have purchased and sold.
• Financial information includes bank account information, payment methods, cardholder information, UPI information, and VPA information.

The following data may be stored on a device:

• Financial transaction SMS -containing financial transaction information,
• Data pertaining to your location recorded on your device,
• User profile information, IP addresses, browser types and versions, time zone settings, Wi-Fi and mobile network information; Device Information including the hardware model, operating system and version, IMEI number, and serial number,
• The camera access allows you to take photographs of (a) the products you wish to sell; (b) the documents you wish to submit to Instamojo; (c) any other photographs you may be required to submit on the Platform. For example, complaints and dispute redressal photographs.
• Your contacts are stored on your device as contact information and
• A list of accounts logged into from your device can be found under Login accounts.

The marketing and communication data we collect about you, including your preferences for receiving marketing messages from our third parties or us.

The Data and Consulting Group collects, uses, and shares aggregated data for various purposes, including statistical, financial, and credit information. In Applicable Laws, aggregated data could be derived from personal data, but it is not considered personal data. We may aggregate your usage data to calculate the percentage of users accessing a particular feature. However, if we combine aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data.

If we collect personal data by law, on authority, or under the terms of our arrangement, we may not be able to perform our obligations (for example, to provide you with the Services). We may only be able to perform our obligations under the arrangement we have with you or are trying to enter into with you if you provide the data we request as and when requested. Your access to the Services may be canceled or limited in this case.

HOW DO WE COLLECT DATA ABOUT YOU

Our collection and processing of data about you involve different methods.

We collect information about you (including your identity, contact information, marketing data, and communications data) when you use our Services or correspond with us (for example, by email). The information you provide includes information when you register to use our Services, use an in-Platform feature, or share data through other activities associated with the Services and when you report a problem with the Platform. We will record the information you share with us if you contact us.

The information we collect from your device: When you use our Platform or Services, we will automatically collect personal data, including device and usage information. You were using cookies and other technologies similar to those we identified.

Our personal data may be obtained from a variety of sources, including third parties and publicly available sources, as follows:

• Analytics services Providers,
• A network of advertising agencies,
• Providers of information search,
• Data from data brokers, aggregators, or social networks,
• Publicly available data and
• Registers and lists of DITs, blacklists, sanctions, etc.

AUTHENTICITY OF INFORMATION

Make sure your information and personal data are true, accurate, and complete. Any inaccurate or false information or personal data you provide is your sole responsibility. You may review the information and personal data you provided while using the Services and correct or modify it if necessary.

HOW DO WE USE AND DISCLOSE THE DATA WE COLLECT

Your personal data will not be used in any manner prohibited by law. We commonly use your personal data to provide you with Services or to comply with legal or contractual obligations. You understand that when you consent to our collection of your personal data, we can also share it with third parties. Our associate partners, affiliates, and we may contact you by email, phone, or other methods when you use our Services.

If you provide any information about yourself directly to us (through the Services or otherwise), we may collect, compile, and share it with others to provide you with the Services, including but not limited to personal correspondence, email messages, instructions from you, etc. We may collect, compile, and share this information with others. We have your express authorization to do so. It may include, for example, storage providers, marketing partners, data analytics providers, consultants, lawyers, and auditors. Our parent company, subsidiaries, and affiliates may also receive this information.

The parties acknowledge and agree that we may share data without your consent when required by law, a court, a government agency, or an authority (such as the police or regulatory bodies such as RBI or SEBI, banks, payment gateways, or schemes such as Visa, Mastercard, NPCI, etc.). In order to enforce this Policy, comply with applicable laws and regulations and comply with applicable laws and regulations, these disclosures are made in good faith.

Our general purpose for using your personal data is as follows:

• You will be registered as a user,
• Delivering services and preparing statements,
• Notifying you of changes to any Services,
• Including troubleshooting, data analytics, and system testing,
• In order to evaluate risks, detect frauds, fight money laundering, and prevent the financing of terrorism.

It is necessary for our legitimate interests (or those of a third party) and does not override your interests or fundamental rights; and obligations imposed by law or regulation. You authorize us to send you electronic alerts regarding registration on our Platform, requirements related to providing Services, and advertising. We will send you promotional emails and other forms of communication from time to time. You will receive information about new developments in the Services through such communication. We offer an unsubscribe option so you can remove yourself from our mailing list at any time.

TRANSFER OF PERSONAL DATA

In terms of storing and transferring data, we comply with applicable laws. The RBI's guidelines and regulations restrict us from transferring or storing your personal information or information in countries other than India, where the law permits. We may experience this if one of our servers or a service provider is elsewhere in India. We may also share information with entities outside of India, subject to the other provisions of this Policy. The data laws of these entities may vary from country to country.

As a result of providing you with the Services while you're outside India, your information may be transferred to a country other than India in accordance with Applicable Laws. The transfer, storage, and processing of your information and personal data outside India in the manner described above is consented to by submitting your information and personal data to us.

THIRD-PARTY SERVICES

We may offer services from or link to the websites of our partner networks, advertisers, and affiliates (collectively, "Third Party Services"). Our Services may provide access to Third Party Services, which have their own privacy policies. Before submitting personal information to such websites or using their services, please read their policies. We are not responsible or liable for the policies or personal data collected through Third Party Services.

COOKIES

A cookie is a small file that a site or its service provider transfers to your mobile phone or computer's hard drive to recognize your browser and remember certain information.

This study aims to better understand our site visitors by contacting third-party service providers. We are not allowed to use the information collected on our behalf by these service providers except to conduct and improve our business. We use cookies to enable sessions, track your preferences for future visits, track advertising, and compile aggregate data about site traffic and interaction to improve future tools and experiences.

We may receive correspondence from you about your activities related to the Services, such as emails or letters, or from other users or third parties. Cookies or similar devices can also be found on certain Services pages placed by third parties. Third parties may use cookies without our knowledge.

DATA SECURITY

To protect your personal information from unauthorized access, we employ specific security measures, such as encryption and firewalls, that comply with the provisions of the Information Technology Act, 2000 and the applicable rules (Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011). We follow RBI requirements for data security, including PCI-DSS, encryption standards, and transport channel security. You agree, however, that the above measures do not guarantee the complete protection of your personal information. All risks associated with disclosing personal information due to firewalls and breaches of secure server software are assumed by accessing the Services.

Our Policy is to adhere to all requirements in the RBI's guidelines, the Information Technology Act, 2000, and the accompanying rules.

DATA RETENTION

As soon as the purpose for which your data was collected has been achieved, we will only continue to store and retain your data for as long as it is permitted by law.

BUSINESS TRANSITIONS

A business transition, such as a merger, acquisition by another organization, or sale of all or some of our assets, may result in transferring of your personal information.

CHANGE OF PRIVACY POLICY

The Company may make any changes to this Policy from time to time without prior notice, and you acknowledge and agree that it is your sole responsibility to keep up to date with any such changes. If you use any of the Company's products and/or services, you acknowledge that you have been informed of any revisions to this Policy and accept them.

GRIEVANCE OFFICER

Please feel free to contact us at info@hitstonfintech.ai. Don't hesitate to contact us if you have questions about this Policy or need updated personal information.