Privacy Policy

PRIVACY POLICY 

Effective Date: December 19, 2025 

Your privacy is important to us 

CredAvenue Securities Private Limited is located at: 

CredAvenue Securities Private Limited 

12th Floor, Prestige Polygon No-471, Anna Salai, Nandanam, Chennai – 600 035, Tamil Nadu, India 

This Privacy Policy (“Policy“) elucidates how Aspero Markets Private Limited, a private limited company incorporated under the provisions of the Companies Act, 2013, having its registered office at 12th Floor, Prestige Polygon, No. 471, Annasalai, Nandanam, Chennai, Tamil Nadu, India, 600035 (“Aspero”, “Company“, “we“, “us“, or “our“) collects, uses, processes and discloses the Personal Data (as defined below) of visitors and users (“you“, “your“) through its website available at https://www.aspero.in/, web based application available at https://aspero.in/invest/sign_in, mobile based application under the brand name ‘Aspero’, and/or any other online interfaces that are owned and controlled by Aspero (collectively referred to as the “Platform“) to provide the services to you. 

This Policy, inter alia, outlines: 

  1. The data we collect; 
  2. How we collect data; 
  3. How we process the data; 
  4. Disclosure of your data; 
  5. Data retention ; 
  6. f. Data security mechanism; 
  7. g. Your rights and duties; 

1.1 We are committed to protecting your privacy and handling the digitized data about an individual who is identifiable by or in relation to such data (“Personal Data”) in compliance with:

(i) Digital Personal Data Protection Act, 2023 (“DPDPA”) and the rules framed thereunder, as may be notified from time to time ; 

(ii) The Information Technology Act, 2000 and the rules framed thereunder, to the extent applicable; 

(iii) SEBI Cybersecurity and Cyber Resilience Framework (CSCRF) 

(iv) Other applicable acts, regulations, and rules requiring the publication of a privacy policy for handling or dealing in Personal Data, as well as all applicable laws, regulations, and guidelines issued by applicable regulatory authorities. 

(collectively referred to as “Applicable Laws”) 

  1. 2. USE AND ACCEPTANCE 

2.1 This Policy should be read in conjunction with the Terms of Use, available at https://www.aspero.in/terms-and-conditions/ (“Terms of Use“). 

2.2 We encourage you to read both documents carefully before accessing the website/Platform and/or availing the Services through the Platform. 

2.3 By either clicking on “I Agree,” or by accepting any other clear, affirmative action that may be prompted by Aspero for your consent, your consent is recorded to the terms of this Policy and to processing of your Personal Data for the purpose of your continued access to the Platform or usage of services. You have the full right not to provide your consent and may choose not to disclose your Personal Data. However, in such cases, certain services or features that require the use of your Personal Data may not be available to you. 

2.4 If you disclose to us any Personal Data relating to other people, you represent that you have the authority to do so and permit us to use such data in accordance with this Policy 

  1. 3. APPLICABILITY OF THIS POLICY 

This Policy shall apply to all clients, users and any other stakeholders who access or use the Platform and provide Personal Data on Platform for the services. Please note this Policy does not apply to any Personal Data dealt by any third-party sites. 

  1. 4. THE DATA WE COLLECT 

4.1 We strive to collect only the Personal Data that is necessary for the purposes for which it is processed, subject to your explicit consent. The collection and processing of your Personal Data are carried out based on:

  1. Your affirmative and explicit consent, provided through an explicit action displayed to you at the time of registration or account creation on the Platform; and 
  2. Legitimate purposes, where processing is permitted under applicable law. 4.2 We collect the following types of information from you for the services: 
  3. Personal Information: Including your full name, mobile number, email address, residential address, gender, date of birth, permanent account number (PAN), Aadhaar number, live photo. 
  4. Financial Information: Bank account details, demat account information, tax details, and other financial information necessary for investment purposes. 
  5. Beneficiary Information: All personal information of nominated beneficiaries selected by you. 
  6. Authentication Information: User credentials (excluding actual passwords which are securely encrypted), security questions/answers, and other authentication data. 
  7. Any other relevant details necessary for the provision of services which are provided by you through explicit consent. 

4.3 As a user, you agree and acknowledge that you shall be responsible for providing complete and accurate information to Us for the purpose of availing the services. 

4.4 Collection of Aadhaar Information 

During the online account opening and registration process, you shall not be required to input your complete 12-digit Aadhaar number directly on the Platform. Instead, you will be redirected to third party service provider like DigiLocker or other, where, upon your explicit consent, such third parties will share limited details with the Platform for verification purposes. These details shall be restricted to: (i) the last four digits of your Aadhaar number or virtual ID (VID); (ii) full name; (iii) date of birth; (iv) gender; (v) address; and (vi) photograph and stored in encrypted & masked form. Further, you acknowledge that your Aadhaar details will be shared with the Platform’s authorized e-signature service provider solely for the limited purpose of enabling digital signature of your registration form. The use of such information is subject to applicable laws, including the Aadhaar Act, 2016 and rules framed thereunder. 

  1. HOW WE COLLECT YOUR DATA 

5.1 We collect your Personal Data with your explicit consent. This includes but is not limited to various authorized and official databases, such as Know Your Customer (KYC) Registration Agency (KRA), CKYC, government records like DigiLocker, bank verification services, e-sign

service providers, payment gateways, financial institutions, and depositories (CDSL/NSDL). Such verification may require additional documentation or verification steps as mandated by regulatory requirements. 

5.2 We may also obtain your data from various third-party sources such as: 

  1. responses to surveys or marketing communications initiated by us or by our authorized vendor partners. 
  2. voice recordings or record of interaction of customer service conversations to address queries or grievances. 
  3. any other mode, subject to your explicit consent. 
  4. Cookies and tracking technologies: 

Note: Cookies are small files that your web browser places on your computer’s hard drive. We may use cookies for remembering usernames and passwords and preferences, tracking click streams, and for load balancing. Because of our use of cookies, we can deliver faster service, consistent, updated results, and more personalized experience. You have the option to ‘accept or ‘reject’ cookies. If rejected, your experience under the Platform may be impacted We do not collect any Personal Data via cookies and other tracking technology, however, if you previously provided Personal Data, cookies may be tied to such data. We use cookies, tracking pixels, and similar technologies to enhance user experience, improve security, and gather analytics. These may include tools and tracking software that record user behavior, journey mapping, and engagement with specific features. 

  1. HOW WE PROCESS YOUR DATA 

6.1 We ensure that your Personal Data is processed to provide you our services, to improve, modify or enhance our services, to comply with our legal and regulatory obligations, and for other ancillary legitimate business purposes in connection with the services, including but not limited to customer support, operational efficiency, internal analysis, reporting obligations, and any other 

purposes permitted under applicable law. 

6.2 In particular, we process your Personal Data for: 

  1. creation of your user account on the Platform, verification of your identity and access privileges on the Platform, update your dashboard, and fulfill all your service requests. 
  2. providing you access to the products and services available on the Platform through us or, authorized sellers, or business partners.
  3. fulfill all your service requests beginning from the creation of an account to the actual use of the Platform. 
  4. to conduct Know Your Customer (KYC) checks and comply with all legal and regulatory requests as per the Applicable law; and to process and validate your financial information from various regulated entities, financial institutions, and other service providers as may be required. 
  5. to process payments on your behalf and on your instructions; communicate with you regarding your queries, transactions, and any regulatory requirements, etc. 
  6. f. to simplify and improve your user journey, enhance our offerings, and personalize your experience where applicable, by using data we may have about you. 
  7. g. to carry out risk analysis and due diligence as lawfully required, to detect and protect us against error, fraud, and other fraudulent activity. 
  8. to market new products, services, and offers, subject to your explicit consent for such marketing activities, including for marketing campaigns and newsletters via e-mail. 
  9. to consider applications for career opportunities with us. 
  10. for risk assessment, such as to analyze data to assess investment suitability. k. for any other purpose for which you provide us with express consent. 
  11. to meet regulatory and legal obligations such as conducting KYC verification, complying with anti-money laundering (AML) requirements and SEBI guidelines etc. 
  12. to detect, investigate, and prevent security breaches, fraud, and other illegal activities, as well as to conduct internal or external audits as required by the company or government agencies 
  13. DISCLOSURE OF YOUR PERSONAL DATA 

7.1 General: As a general rule, Aspero will not disclose Personal Data except when Aspero is required or permitted per user agreement/terms of use, law (including pursuant to national security of law enforcement requirements) or otherwise, such as when the Aspero believes in good faith that the law requires disclosure or other circumstances outlined in this Policy require or permit disclosure. Aspero may do so when: 

  1. Permitted or required by law; 
  2. Trying to protect against or prevent actual or potential fraud or unauthorized transactions;
  3. Investigating fraud which has already taken place; and 
  4. Permitted transfers of information, either to employees, consultants, directors, officer, agents, representatives or third parties (on a need to know basis), as per the terms of use or any such agreement between us and you. 

7.2 Third Party Service Providers: 

  1. We work with third-party service providers who assist in delivering our services to you through the Platform. Your Personal Data may be shared (subject to your explicit consent) to these service providers assist with website hosting, payment processing, KYC verification, identity authentication, financial data analysis, settlement of transactions, payment processing, verification of bank/demat account details and other administrative services such as reporting, customer relationship management, cloud storage, advertising, and marketing etc. to enhance your overall user experience. Provided that, any Personal Data disclosed or shared with such third parties shall be limited to that which is strictly necessary for the performance of the services. 
  2. We may share your Personal Data with banks, bond issuers, Fixed Deposit (“FD”) Issuers, depositories, and other financial institutions to provide certain services. These financial institutions and service providers are permitted to use this shared data only for specific, clear, and lawful purposes that are necessary for service delivery. 
  3. Business Transfers and Fund Raising: We may disclose your Personal Data, in a secure manner, to professional advisors in connection with any form of fund-raising, investment, financing, merger, acquisition, or similar strategic transaction or due diligence process. Such disclosures shall be subject to appropriate confidentiality obligations. 
  4. A non-disclosure agreement (NDA) and / or a data processing agreement (DPA) / or any similar agreement will be signed with the third-party service providers/entities to make sure the Personal Data is secured and processed as per the agreement between us and you. 

7.3 Disclosure upon your Consent: If the applicable law requires us to obtain your prior express consent before disclosing or sharing your information with any third parties, we shall do so only upon receipt of your prior express consent. 

7.4 Disclosure under applicable laws and regulations: We may disclose your Personal Data if we are required to do so by law or that such disclosure is reasonably necessary to respond to any court orders, directions of the government, law enforcement or regulatory authorities, and any other legal processes. 

  1. DATA RETENTION 

8.1 Legal or Regulatory Obligations:

We retain your Personal Data only for as long as it is necessary to fulfill the purposes for which it was collected, or as required by Applicable Law. We may retain your Personal Data even after you request deletion for the following specific purposes: 

  1. Compliance with statutory obligations; 
  2. Regulatory audits, reporting & enforcement; 
  3. Fraud prevention & dispute resolution; and/or 

8.2 Cessation of Relationship & Data Deletion 

  1. If a user requests to terminate their relationship with us without completing KYC and/or executing transactions, we delete their Personal Data on a commercially reasonable effort basis within 60 (sixty) days. However, the Personal Data as required under applicable laws is retained and will be purged once the regulatory timelines expire. If any regulations require data to be disclosed, we disclose the Personal Data to the extent required under any applicable laws. 
  2. If a user requests to terminate their relationship with us after completing KYC and/or executing transactions, we retain the Personal Data till the time the user is invested on our Platform. Once the Investment is concluded and the user withdraws their money and chooses to delete their account from our Platform. We delete their Personal Data on a commercially reasonable effort within 60 (sixty) days. However, the Personal Data as required under applicable laws is retained and will be purged once the regulatory timelines expire. If any regulations require data to be disclosed, we disclose the Personal Data to the extent required under any applicable laws. 
  3. may retain Personal Data related if required by law, such as during a pending legal or regulatory proceeding, or if we receive a legal direction to that effect, including any legitimate purpose. 
  4. Once the Personal Data has reached its retention period, it shall be deleted in compliance with applicable laws. 
  5. 9. DATA SECURITY 

We are committed to protecting your Personal Data and employ reasonable security safeguards in compliance with Applicable Laws. 

9.1 Data Storage Location: 

Your information is stored on secure servers located in India, ensuring that your Personal Data remains within the Indian jurisdiction.

9.2 Security Safeguards and Inherent Risks: 

We prioritize the confidentiality and security of the Personal Data that you share with us. Accordingly, we adopt industry standard security safeguards to protect your Personal Data, from unauthorized access, use and disclosure. We maintain high standards through regular testing, ensuring our systems are resilient against evolving threats. Furthermore, we adhere to the following industry certification – ISO 27001:2022. We regularly test and update our security measures to protect your data against evolving threats. 

As a user of our Platform, you have a crucial role in maintaining your data’s security. You must not disclose to any person the authentication parameters assigned to you, including your username or password, for your use of the Platform. 

While we maintain robust security measures, you, as a Data Principal, also have a duty to secure your account. You are responsible for maintaining the confidentiality of your credentials and are accountable for all acts committed using your authentication parameters. 

We take all necessary precautions to protect your Personal Data from unauthorized access, use, or disclosure. While we are committed to implementing and maintaining reasonable security safeguards as required by the Digital Personal Data Protection Act, 2023, you agree that there will always be some inherent security risks associated with the transmission of information over the internet. Accordingly, we offer no representation or a warranty that our measures are absolutely impenetrable, nor do we guarantee absolute protection of your data. We do not have any liability in the instances where a Personal Data breach is caused by factors entirely beyond our reasonable control, such as hacking, viruses, dissemination, force majeure events, breach of firewall etc. despite our diligent observance of security standards. 

In the unlikely event of a security breach that poses a risk to your Personal Data, we will take all reasonable measures to mitigate its impact and will notify you as required by the DPDPA. 

The security of your Personal Data is a primary obligation for us. In accordance with Section 8(5) of the Digital Personal Data Protection Act, 2023, we have implemented and maintained reasonable security safeguards (including technical, administrative, and physical controls) to prevent unauthorized access, accidental loss, or any other form of personal data breach. 

While we strive to use commercially acceptable and industry-standard means to protect your information, you acknowledge that no method of transmission over the internet or method of electronic storage is entirely infallible. 

Our Commitment to Accountability: 

  • Incident Response: In the event of a Personal Data breach, we will fulfill our mandatory obligations under Section 8(6) of the DPDPA by notifying the Data Protection Board of India (DPBI) and each affected Data Principal without undue delay. 
  • Mitigation: We are committed to taking immediate remedial action to contain any breach and mitigate potential harm to you.
  • Continuous Review: As an ISO 27001 Certified company, we regularly audit and update our security protocols to defend against evolving threats like malware, hacking, and unauthorized intrusions. 
  1. Mandatory Notification to the Regulator 

Upon detection and confirmation of a Personal Data Breach, the Company will promptly assess the risk to Data Subjects. 

We are obligated to notify the Competent Authority (Data Protection Board) of the breach without undue delay (not later than 72 hours) once we become aware of an incident that compromises the confidentiality, integrity, or availability of Personal Data. 

10.1 Notification to the Data Subject (You) 

We will notify you, the Data Subject, of the Personal Data Breach if the breach is likely to result in significant harm or risk to your privacy, rights, or freedoms. 

  • Timing: Notification to the Data Subject will be made as soon as practically feasible (not later than 72 hours) after the risk assessment is complete, and the Competent Authority has been informed (where required).
  • Method: Notification will typically be sent via <compliance@yubisecurities.com> 10.2 Content of the Notification

Any breach notification provided to you will, to the extent permitted by regulatory investigation, clearly include: 

  • A clear description of the nature of the Personal Data Breach.
  • The categories of data and the approximate number of Data Subjects concerned.The likely consequences resulting from the breach.
  • The measures taken or proposed to be taken by the Company to address the breach and mitigate its possible adverse effects.
  • Contact information where you can obtain further information from our Privacy Officer.

9.3 Data Access Logs & Monitoring 

We may maintain detailed access logs and monitoring systems to track all access to Personal Data and detect any unauthorized access attempts. We may keep records of communications, including phone calls received and made for making enquiries, orders, feedback or other purposes for rendering services effectively and efficiently. However, upon cancellation or withdrawal of registration, all records are regarded as confidential. These logs are retained for at least 180 days as required by law. We may engage third-party storage providers, all of whom are contractually obligated to uphold comparable security standards.

  1. YOUR RIGHTS AND DUTIES 

Your Rights 

10.1 As a provider of Personal Data, you have the following rights under the Digital Personal Data Protection Act, 2023 “DPDPA”, subject to the Aspero’s obligations as a SEBI-registered Online Bond Platform Provider and other applicable legal and regulatory requirements: 

  1. Right to access and correction: You may request to access and review your Personal Data, and rectify any inaccurate or incomplete Personal Data. 
  2. Right to withdraw consent: You may withdraw your previously given consent for the processing of your Personal Data at any time. The withdrawal of consent will not affect the lawfulness of any processing that was based on consent given before its withdrawal. Please be aware that if consent is withdrawn, we may be unable to provide you with certain services, features, or benefits where the processing of that specific Personal Data is necessary for their operation. 
  3. Right to erasure: You may request the erasure of your Personal Data. 
  4. Right to nominate: You also have the right to nominate another individual to exercise these rights on your behalf in accordance with applicable laws. 
  5. Right to register grievance: If you have any grievances regarding the processing of your Personal Data, you may register your grievance contacting our Grievance Officer. We will respond to all legitimate requests within 30 days of receiving them. 

Youcan exercise any of the aforesaid rights by writing to : [compliance(at)yubisecurities.com]. Your Duties 

10.2 As a user of our Platform and provider of Personal Data, you are expected to fulfill the following duties, in accordance with applicable legal, regulatory, and contractual obligations: 

  1. Information accuracy: You must ensure that all Personal Data submitted is accurate, complete, and up to date. You are expected to promptly notify us of any change in your information, including changes to residential status, marital status, contact details, or other relevant Personal Data. 
  2. Proper conduct: You must not engage in impersonation, false grievances, or misuse of data rights. Requests should be legitimate and compliant with applicable laws. 
  3. Compliance with applicable law: Any access requests, grievances, or exercise of data rights must comply with the applicable laws and Policy published on our Platform.
  4. UPDATES TO OUR POLICY 

We may modify this Policy to reflect changes in law (including the DPDPA) or our data practices, and we will provide prior notice for material changes (e.g., new processing purposes or third-party sharing) via a prominent website notice while administrative updates take effect immediately upon posting. Continued use of our Services after an update’s effective date constitutes acknowledgment of the revised terms; however, if you disagree with any changes, you may withdraw your consent or close your account at any time, subject to our mandatory legal retention obligations. 

  1. GRIEVANCE REDRESSAL 

Should you have any complaints or grievances about the manner in which we collect or process your Personal Data, you may contact our Grievance Officer, whose details are as below. We will do everything that we reasonably can to resolving such grievances in an expeditious and effective manner: 

For grievances related to Personal Data processing, you may contact our Grievance Officer: Email: [grievance.redressal(at)yubisecurities.com]. 

or 

send a formal request by postal on the following address: [Aspero Markets Private Limited, No.471, 12th Floor, Prestige Polygon, Anna Salai, Nandanam, Chennai – 600035, Tamil Nadu, India]. 

12.1 Contact Information 

If you have any questions about our Privacy Policy, please contact us via email on – 

Compliance Team 

compliance(at)yubisecurities.com 

Board Number : 044-4091 2303 

  1. GOVERNING LAW

This Privacy Policy and any actions related thereto shall be governed by and construed in accordance with the laws of the Republic of India, including but not limited to the Digital Personal Data Protection Act (DPDPA), 2023, and the rules framed thereunder. 

13.1. Dispute Resolution 

In the event of any grievance or dispute relating to the processing of your Personal Data or a breach of this Policy, the following resolution hierarchy shall apply in accordance with the DPDPA: 

  • Internal Grievance Redressal: As a first step, you are encouraged to exhaust the Company’s internal grievance redressal mechanism by contacting our Grievance Officer (as detailed in the “Grievance Redressal” section of this Policy). We are committed to resolving your concerns expeditiously. 
  • Regulatory Intervention: If you are not satisfied with the resolution provided by our Grievance Officer, or if your grievance remains unresolved, you have the right to lodge a complaint with the Data Protection Board of India (DPBI), which is the specialized regulatory authority established under the DPDPA. 

13.2 Civil Jurisdiction 

Subject to the specialized jurisdiction of the Data Protection Board of India and the Appellate Tribunal regarding data privacy matters as mandated by the DPDPA, all other legal proceedings arising out of or in connection with this Policy (such as general contractual disputes) shall be subject to the exclusive jurisdiction of the courts located in Chennai, India.

We use cookies to ensure the best experience on Aspero.

Cookie Settings

Necessary
aspero_csrf, aspero_auth, aspero_lb, aspero_sess, aspero_fw, aspero_key, aspero_gw, aspero_verify
Functional
aspero_lang, aspero_reg, aspero_theme, aspero_pref, aspero_notif, aspero_view, aspero_font, aspero_last
Performance
aspero_uuid, aspero_log, aspero_err, aspero_load, aspero_speed, aspero_aid, aspero_dur, aspero_click
Marketing
aspero_mkt, aspero_ad, aspero_px, aspero_re, aspero_src, aspero_seg, aspero_hash, aspero_lead