Privacy Policy for
Majisa Gold

• Full name, email address, mobile number, and password (stored in hashed form)
• WhatsApp number and country code (optional — only if provided during registration)
• User role (trader / admin) and account approval status

• Firm name, address, city, state, and pincode
• PAN number (optional), GST number (optional), and Aadhaar number (optional) — collected only if provided during registration
• Bank account details including account name, number, IFSC code, and branch

• PAN card, Aadhaar card, bank proof, profile photo, GST certificate, firm registration, and trade license
• Document metadata: type, filename, storage key, upload timestamp, and verification status

• Trade records including metal type, quantity, rate, amount, status, invoice number, and timestamps
• Operational remarks, cancellation reasons, and admin actions on orders

• Push notification token (FCM token) and device registration details
• Device ID, name, platform, model, OS version, app version, and build number
• IP address, user agent, and last-seen timestamp

• Authentication token and current user profile stored locally on your device for session continuity

• Create and manage your account, and authenticate access to the app
• Process onboarding, KYC review, and account approval workflows
• Manage and process trading orders, confirmations, and history
• Deliver real-time market rates, price alerts, and admin announcements
• Send push notifications and maintain registered device tokens
• Protect platform security, detect abuse, and enforce rate limits
• Maintain, troubleshoot, and improve app performance and reliability

Depending on your jurisdiction, we process personal data under one or more of the following legal bases:

• Contract performance — processing required to provide the app and services you've signed up for
• Legal obligations — compliance with applicable Indian laws and regulations
• Legitimate interests — platform security, fraud prevention, and service operations
• Consent — optional permissions such as push notifications, which you can withdraw at any time

• Push Notifications — sends market updates, order status changes, and account alerts. You can disable this in your device settings at any time.
• Media Library / File Access — used to select and upload KYC and business documents during onboarding.
• Internet / Network Access — required to communicate with our backend APIs, pricing systems, and notification services.
• Vibration & Notification Support — used for notification behavior on supported Android devices.

We do not sell your personal information. We share data only with service providers necessary to operate the app:

• Cloud Infrastructure — secure database and API backend hosting (AWS)
• Document Storage — cloud object storage for KYC and business document uploads
• Push Notifications — Firebase Cloud Messaging (FCM) for delivery of alerts and updates

All third-party providers are bound by data processing agreements and may not use your data for their own purposes. We may also disclose information when required by law, legal process, or regulatory authority, or to protect the rights and security of our users and platform.

We retain your data for as long as necessary to provide services, meet operational and legal compliance requirements, resolve disputes, and enforce our terms. Retention periods vary by data type:

• Account data — retained for the lifetime of the account and for a reasonable period after deletion
• KYC documents — retained as required under applicable regulatory obligations
• Trade records — retained for audit, compliance, and dispute resolution purposes
• Device & log data — retained for a limited period for security monitoring

We implement technical and organisational measures to protect your data against unauthorised access, loss, or disclosure:

Majisa Gold is a business and trading platform intended exclusively for adult users engaged in commercial bullion operations. We do not knowingly collect, use, or store personal information from individuals under the age of 18. If we become aware that a minor has provided us personal data, we will delete it promptly.

Your data may be processed and stored in regions where our infrastructure and service providers (including AWS) operate. By using the app, you acknowledge that your data may be transferred outside your local jurisdiction. Such transfers are subject to appropriate safeguards consistent with applicable data protection laws.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Updated versions will be posted with a revised "Last Updated" date. Material changes may be communicated through the app or by email. Continued use of the app after updates constitutes your acceptance of the revised policy.