Security & Data Handling

Capital Yono handles sensitive information including personal information, ID & address proof, photos, financial records, bank statements, credit reports, legal documents, business secrets, insider information, strategic plans, social media information, financial transactions, daily routine & productivity details, qualitative business information, commercial documents, collateral documents and litigation / contingent liability records.

We aim to use reasonable technical, organizational and administrative measures to protect such information.

Uploaded documents may be stored in a structured document vault with categories such as identity, registration, financial, banking, credit, tax, legal, compliance, project, social media & digital presence, business policy, collateral, valuation, rating, investor, confidential business documents, insider or strategic information, qualitative notes, and routine & productivity information.

Access may be controlled by roles such as client, client team member, expert, advisor, admin, super admin, technical support, service provider and institutional user (where applicable).

Access rights may include

• View
• Upload
• Edit
• Comment
• Verify
• Approve
• Download
• Release
• Archive
• Delete, where permitted

AI may extract data from uploaded documents and user inputs (name, PAN, GSTIN, CIN, address, turnover, profit, loans, ratios, net worth, collateral value, litigation flags, compliance gaps, social media indicators, routine / productivity indicators, qualitative business risks, business secrets and strategic data if submitted). AI-extracted data should be verified by the user, expert or admin before final reliance.

Experts and admins may review uploaded documents, AI-extracted data, user notes, voice inputs, meeting summaries, social media information, financial transactions, legal documents, confidential information, business secrets, qualitative data, daily routine information, draft reports and final reports. Admin may control report release, corrections, approvals and version history.

Capital Yono implements reasonable safeguards such as

• HTTPS / TLS
• Secure login
• OTP verification
• Password protection
• Role-based access control
• Client-wise data separation
• Audit logs (upload, download, report release, access tracking)
• Secure cloud storage
• Backup practices
• Malware precautions where feasible
• Admin approval workflow
• Version history
• Incident response process

Consistent with the DPDP Rules, 2025 (phased operationalisation), Capital Yono maintains reasonable security, access control, audit and grievance workflows appropriate for the nature of data handled.

Capital Yono may maintain audit trails for

• Registration
• Login
• Document upload & download
• AI extraction
• Profile edit
• Payment & invoice generation
• Expert review & admin comments
• Report draft / approval / release
• Deletion or archive request
• Legal acceptance & policy version

Capital Yono logs legal acceptance at every consent point. Each acceptance captures user ID, name, mobile, email, IP address, date & time, policy version, checkbox accepted, page where acceptance happened and device / browser details where feasible.

Acceptance points

• Registration
• Document upload
• AI processing consent
• Payment
• Consultation booking
• Report download
• Subscription activation

Final reports follow a controlled workflow: AI draft → Expert review → Admin review (where configured) → Final approval → Client release. Version history is preserved. Internal drafts, comments and AI-generated preliminary content should not be automatically visible to the client unless approved.

Capital Yono will attempt to restrict access to confidential information only to those who require it for service delivery, review, administration, security, legal or compliance purposes. However, users must avoid uploading unnecessary secrets, highly sensitive third-party data or insider information unless required and authorized.

If Capital Yono becomes aware of a security incident affecting user information, it may take steps such as internal investigation, access restriction, technical correction, log review, user notification where required, regulatory notification where legally required, password reset or account protection, and security improvement.

Users must

• Keep passwords confidential
• Use secure devices
• Avoid sharing OTP or login access
• Upload only authorized documents
• Verify documents before upload
• Avoid uploading malicious files
• Avoid sharing confidential reports with unauthorized persons
• Notify Capital Yono about unauthorized access
• Confirm AI-extracted data carefully

Capital Yono may retain data for service delivery, legal compliance, tax records, audit trails, dispute resolution, fraud prevention, security, report history, client dashboard continuity and professional record keeping. Deletion requests may be subject to legal, tax, regulatory, payment, dispute, audit and backup requirements.

Capital Yono will use reasonable safeguards, but no digital platform can guarantee absolute security. Capital Yono shall not be liable for cyber incidents, unauthorized access, third-party breaches, cloud failures, payment gateway failures or technology disruptions beyond reasonable control, subject to applicable law.