Capital YONO uses cookies

Essential cookies keep you logged in and remember your business profile. Analytics cookies (optional) help us improve the platform. You can change your choice anytime in Privacy Policy.

Back to Capital YONO

Capital YONO · Compliance

Privacy Policy

Last updated: 27 May 2026

1. Introduction

This Privacy Policy explains how Capital YONO Advisory Services (“Capital YONO”, “we”, “our”) collects, uses, stores and protects your personal data when you use our website at capitalyono.com and our advisory platform.

This policy is governed by the Information Technology Act 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, and the Digital Personal Data Protection Act 2023 (DPDP Act).

2. Personal Data we collect

  • Identifying data — name, email, mobile, PAN, business name, GSTIN, CIN, Udyam number.
  • Business + financial documents you upload — GST returns, ITR, bank statements, audit reports, valuations, etc.
  • Behavioural data — pages visited, reports run, queries asked.
  • Technical data — IP, device, browser, log timestamps.

3. Purpose of processing

  • To deliver the advisory + AI services you subscribe to.
  • To run AI extraction over uploaded documents and produce reports.
  • To process payments via Razorpay / authorised payment gateways.
  • To meet statutory record-keeping under Companies Act, Income Tax Act, GST Act.
  • To respond to legal, regulatory, or law-enforcement requests.

4. Lawful basis

We process your data based on (a) your explicit consent obtained at login through the Capital YONO Legal Declaration Gate, (b) performance of contract once you make a purchase, and (c) compliance with law.

5. Sharing and disclosure

We do not sell your personal data. We share it only with:

  • Sub-processors (Razorpay for payments, MSG91 for OTP/email, SendGrid for transactional email, Emergent AI infrastructure for AI processing, AWS / Emergent object storage).
  • Advisors and experts on the Capital YONO panel when you engage them.
  • Statutory authorities when legally required.

6. Data retention

We retain your documents and reports for the duration of your engagement plus 7 years thereafter (Income Tax Act + Companies Act statutory minimum). Audit logs are retained for 8 years.

7. Your DPDP rights

Under the DPDP Act 2023, you have the right to (i) access your data, (ii) correct it, (iii) request erasure, (iv) port your data to another provider, and (v) nominate a representative for your data on death/incapacity. Visit your data rights page to exercise any right.

8. Security

Documents are encrypted in transit (TLS 1.2+) and at rest. Role-based access control restricts internal staff access. We run periodic vulnerability scans and have a written incident response plan.

9. Grievance Officer

For any privacy concern, contact our Grievance Officer (details on the Grievance Officer page).

Capital YONO is a unit of Capital YONO Advisory Services, registered in India. For any clarifications, write to grievance@capitalyono.com.