Privacy Notice
Last updated: 21 May 2026 · Version 1.0 · Compliant with the Digital Personal Data Protection Act, 2023 (India)
Who we are
The IRG-GDP platform is operated by Intech Research Group (IRG). The IPR is registered in the name of Mr. Rohit Tidke and exclusively assigned to IRG. The contact person for data-protection enquiries is Mr. Jayant Tidke (tidkejp@gmail.com, +91-9324287750).
What we collect
We collect only what is necessary to operate the IRG-GDP platform:
- Identity: full name, email, mobile number, role(s).
- KYC documents: PAN, Aadhaar reference, GSTIN, business address, photo IDs for jewellers and CAs.
- Transaction data: mint records, GDP holdings, trade history, payouts, bank settlement references.
- Device & log data: IP address, browser/device type, timestamps of significant actions.
- Communications: messages exchanged through the in-app inbox.
How we use it
- To operate the platform — account creation, authentication, transactions.
- To comply with applicable laws (KYC/AML, GST, income-tax reporting, court orders).
- To protect against fraud, abuse, and unauthorised access.
- To send notifications you have subscribed to (email/SMS/WhatsApp/inbox).
- To improve the platform — analytics are aggregated and anonymised.
We do not sell your personal data.
Your rights under DPDP
- Access: request a copy of the data we hold about you.
- Correction: ask us to correct inaccurate or incomplete data.
- Erasure: ask us to delete your data (subject to legal retention obligations).
- Withdraw consent: opt out of optional processing (e.g. promotional messages).
- Grievance redress: file a complaint with our grievance officer (contact above).
To exercise any right, email the contact person above with the subject line "DPDP request — <your request>".
Retention
We retain transaction and KYC records for the period required by Indian law (typically 7 years for financial records under the Income-tax Act). Other personal data is retained for the duration of your active account plus 1 year for dispute window, then deleted unless legal hold applies.
Security
We use industry-standard measures: HTTPS, encrypted database connections, hashed passwords, audit logs for every admin action, role-based access control. No system is invulnerable; we publish security incidents promptly.
Changes
Material changes are announced via in-app notification and email at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.