top of page

Privacy Policy

Last updated: 19 February 2026

ekTola is a registered brand of TPS Leads Private Limited (“ekTola”, “we”, “us”, or “our”) and is committed to protecting your privacy and handling your personal data in a responsible and transparent manner. This Privacy Policy explains how we collect, use, store, share, and protect your information when you visit our website, use our mobile or web applications, or interact with any products, services, or features offered by ekTola (collectively, the “Services”).

By accessing or using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

1. Who we are and contact details

​

Entity name: TPS Leads Private Limited

Registered office: 45 1, 7th Cross, Atamanada Colony, R.T. Nagar, Bengaluru – 560032, Karnataka, India

Email for privacy queries: privacy@ektola.com

Support email: support@ektola.com

 

You may contact us at the above details for any questions, complaints, or requests related to this Privacy Policy or your personal data.

2. Scope and legal basis

​

This Privacy Policy applies to all users of our website, apps, and Services, including visitors, registered users, investors, and partners.

​

We process your digital personal data in accordance with applicable Indian laws, including the Information Technology Act, 2000 and the rules made thereunder, and the Digital Personal Data Protection Act, 2023 and its rules, as notified and amended from time to time (“DPDP”).

​

Our primary legal bases for processing are:

  • Your consent.

  • Performance of a contract with you (for example, to provide investment functionality).

  • Compliance with legal obligations (for example, KYC/AML requirements).

  • Legitimate interests (for example, fraud prevention and Service improvement), where permitted by law.

3. Information we collect​


We collect the following categories of information, depending on how you use our Services.

​

3.1 Information you provide directly

  • Account and profile data: Name, email address, mobile number, password or authentication credentials, and communication preferences.

  • KYC and regulatory data: PAN, Aadhaar details (if provided), identity documents, photographs, signature, date of birth, address, and any other information required under applicable KYC/AML and securities regulations.​

  • Financial and transactional data: Bank account details (such as account number and IFSC), UPI ID, transaction references, investment instructions, orders, redemptions, linked demat account and broker identifiers, and related records.

  • Investment and risk profile data: Income range, occupation, risk appetite, investment goals, and other suitability or appropriateness information required by regulation or for product recommendations.

  • Communications: Information you share when you contact us via email, chat, call, forms, social media, or other channels (including support requests, feedback, and recordings of calls, where allowed by law and notified to you).

  • Marketing and preference data: Your preferences for receiving marketing communications, survey responses, and campaign interactions.

​

3.2 Information collected automatically

​

When you access or use our website or apps, we automatically collect certain information, such as:

​

  • Device and technical data: IP address, device identifiers, operating system, browser type and version, device model, language, time zone, and network information.​

  • Usage data: Pages viewed, features used, clickstream data, access dates and times, session duration, referring URLs, app interactions, error logs, and performance metrics.

  • Location data: Approximate location derived from your IP address or device settings, where permitted.

​

3.3 Cookies and similar technologies

​

We use cookies, pixels, SDKs, and similar technologies to:​

​

  • Keep you logged in and maintain sessions.

  • Remember your preferences and settings.

  • Understand how you use our Services and improve them.

  • Measure campaign performance and analytics.

  • Enhance security and prevent fraud.

​

You can control cookies through your browser or device settings. However, blocking certain cookies may impact your experience or some features.​

​

3.4 Information from third parties

​

We may receive information about you from:

​

  • Regulated entities and partners: Brokers, depository participants, RTAs, payment gateways, KYC service providers, banks, and other regulated intermediaries who enable execution, settlement, or compliance.​

  • Service providers: Analytics, communication, fraud detection, and cloud providers who process data on our behalf.​

  • Public sources: Public databases, regulators, and government records where allowed by law.

  • Referral and marketing partners: Information about your interactions with campaigns or referrals.

​

We may combine this information with data we collect directly to operate, secure, and improve the Services.

4. How we use your information

​

We use your personal data for the following purposes, in line with DPDP principles of purpose limitation, data minimisation, and storage limitation.

​

4.1 To provide and operate the Services

​

  • Create and manage your ekTola account.

  • Facilitate onboarding, including KYC, due diligence, and verification.

  • Enable investment in electronic gold receipts (EGRs) and related products, execute orders, process payments, and manage redemptions.

  • Synchronise and reconcile data with brokers, exchanges, depositories, and payment partners.

  • Provide dashboards, statements, transaction history, and tax or regulatory reports.

​

4.2 To comply with law and regulation

​

  • Comply with obligations under securities, KYC/AML, tax, and other applicable laws and regulations.​

  • Respond to audits, regulatory queries, lawful requests, and orders from authorities.

  • Maintain logs and records as required for statutory retention periods.​

​

4.3 To communicate with you

​

  • Send transactional communications (for example, OTPs, order confirmations, alerts, and policy updates).

  • Respond to your queries, support requests, and feedback.

  • Send important security or service‑related notices.

​

4.4 To improve and personalise the Services

​

  • Analyse usage, performance, and behavioural patterns to improve features, usability, and security.

  • Develop new products and features, including insights related to digital gold and investment tools.

  • Personalise content, recommendations, and user experience within our apps and website.

​

4.5 For security, fraud prevention, and risk management

​

  • Detect, prevent, and investigate fraud, misuse, unauthorised access, and other harmful activities.​

  • Enforce our Terms of Use and other policies.

  • Conduct risk assessments and enhance security controls.

​

4.6 For marketing (with your consent where required)

​

  • Send newsletters, offers, and updates about ekTola products and features.

  • Invite you to participate in surveys, research, beta programs, or events.

  • Run referral programs and reward campaigns, where permitted.

​

You can opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us. Transactional and service‑critical communications may still be sent.

5. Sharing and disclosure of your information

​

We do not sell your personal data. We may share your information in the following limited circumstances:

​

5.1 Regulated intermediaries and partners

​

With regulated entities and partners necessary to provide our Services, such as:​

​

  • Brokers, depositories, exchanges, custodians, and clearing corporations involved in execution and settlement.

  • KYC/AML providers and credit information companies, to the extent permitted by law.

  • Banks, payment aggregators, and payment gateways for fund transfers and payment processing.

​

These parties process your data in accordance with their legal and contractual obligations.​

​

5.2 Service providers (data processors)

​

With carefully selected third‑party service providers who support our operations, including:

​

  • Cloud infrastructure and hosting.

  • Analytics and performance monitoring.

  • Customer support tools and communication platforms.

  • Email, SMS, and notification service providers.

  • Security, fraud detection, and log management services.

​

We require these providers to use your data only for the services they perform for us and to implement appropriate security measures.​

​

5.3 Group entities and business transfers

​

  • With our affiliates, subsidiaries, or group companies (if any) for operational, compliance, and support purposes under a consistent privacy framework.

  • In connection with any merger, acquisition, restructuring, or sale of assets, where your data may be transferred as part of the transaction, subject to confidentiality obligations and applicable law.​

​

5.4 Legal and regulatory requirements

​

We may disclose information when we believe it is necessary to:

​

  • Comply with applicable law, regulation, legal process, or enforceable governmental request.

  • Respond to orders from courts, regulators, enforcement agencies, or self‑regulatory organisations.

  • Protect the rights, property, or safety of ekTola, our users, partners, or the public.

  • Investigate and prevent fraud, security issues, or policy violations.

6. International transfers

​

Where we engage service providers or infrastructure located outside India, your personal data may be transferred to and processed in other jurisdictions, subject to applicable DPDP provisions and rules. In such cases, we ensure appropriate safeguards are in place, as required by law.

7. Data retention

​

We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.​

​

In particular:

  • Regulatory and transactional records may be retained for the periods mandated by securities, KYC/AML, tax, and other applicable laws.​

  • Usage logs and security logs may be retained for legally prescribed or operationally justified periods (for example, for incident investigation and audit).

  • When data is no longer required, we either delete it or anonymise it in accordance with our data retention and deletion procedures.​

8. Your rights and choices

​

Subject to applicable law, you may have the following rights in relation to your personal data:

​

  • Right to access: Request confirmation of whether we process your personal data and access to such data.

  • Right to correction: Request correction or updating of inaccurate or incomplete personal information.

  • Right to deletion: Request deletion of your personal data, subject to legal and regulatory retention requirements.​

  • Right to withdraw consent: Withdraw your consent for processing (for example, for marketing), where processing is based on consent.

  • Right to grievance redressal: Raise grievances regarding our data practices with our designated grievance officer and, where applicable, with the Data Protection Board or other regulators.

​

To exercise these rights, please contact us at privacy@ektola.com. We may need to verify your identity before fulfilling your request, and certain requests may be restricted or declined where allowed or required by law.

9. Children’s privacy

​

Our Services are not intended for children below the age prescribed by applicable law (typically 18 years), and we do not knowingly collect personal data from children without appropriate consent. If we become aware that we have collected personal data from a child without such consent, we will take steps to delete it as required by law.

10. Data security

​

We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

​

These measures may include:

​

  • Encryption of data in transit and at rest, where appropriate.

  • Access controls and authentication mechanisms on systems and data.

  • Network and application security controls, including logging and monitoring.

  • Regular security assessments and vulnerability management.

  • Employee training and internal policies on data protection and confidentiality.​

​

However, no method of transmission or storage over the internet is completely secure, and we cannot guarantee absolute security.

11. Third‑party websites and platforms

​

Our Services may contain links to third‑party websites, apps, APIs, or services (for example, broker platforms, payment gateways, communication tools, or social media). If you access these third parties, their own privacy policies and terms will govern your use of those services, and we are not responsible for their privacy practices.

12. Grievance officer and DPDP contact

​

In accordance with applicable laws, we have designated the following grievance officer / Data Protection Officer (DPO):​

​

Grievance Officer / DPO: Amit Kaushal
Email: 19amitkaushal@gmail.com
Address: Punjab, India
Working hours: Monday to Friday, 10:00 a.m. to 4:00 p.m. IST

​

You may write to the Grievance Officer for any concerns, complaints, or disputes related to your personal data or this Privacy Policy.

13. Updates to this Privacy Policy

​

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our data practices. When we do so, we will revise the “Last updated” date at the top and, where required by law, notify you through appropriate channels or seek your consent to material changes.

​

Your continued use of the Services after any changes indicates your acceptance of the updated Privacy Policy.

14. How to contact us

​

If you have any questions, concerns, or requests about this Privacy Policy or our data practices, you can contact us at:

 

Email: info@ektola.com
Postal address: 45 1, 7th Cross, Atamanada Colony, R.T. Nagar, Bengaluru – 560032, Karnataka, India

bottom of page