Legal Document

Compliance & Security

Last Updated: April 2, 2026 · Effective immediately

Security or compliance questions? compliance@paisashield.com

Overview

Paisashield is committed to maintaining compliance with applicable laws and implementing industry-standard security practices. This page outlines our compliance framework and the security measures in place to protect your data.

Regulatory Status

Important Regulatory Disclosure

Not a Registered Investment Advisor: Paisashield is not registered with SEBI or any securities regulator and does not provide investment advice.

Not a Broker-Dealer: We do not execute trades, hold securities, or act as a broker.

Not a Financial Institution: We do not hold, transfer, or custody funds or assets.

Software Provider Only: We provide financial data management software as a service.

Data Protection Compliance

3.1 GDPR (European Economic Area)

Legal basis for processing: Contract, Legitimate Interest, Consent
Data subject rights respected (access, rectification, erasure, portability)
Data processing records maintained
Data breach notification procedures in place

3.2 CCPA (California)

Right to know what personal information is collected
Right to deletion of personal information
Right to opt-out — we do NOT sell personal information
Right to non-discrimination

3.3 Other Jurisdictions

We make reasonable efforts to comply with applicable data protection laws in jurisdictions where we operate, but cannot guarantee compliance with every local regulation.

Security Measures

Data Encryption

All data in transit via HTTPS/TLS
Passwords hashed (pbkdf2:sha256)
Passwords never stored in plain text

Access Controls

Email verification for new accounts
Logical data isolation between workspaces
Granular role-based permissions per company

Application Security

CSRF protection on all state-changing requests
SQL injection prevention via SQLAlchemy ORM
Server-side input validation throughout

Infrastructure Security

Regular security updates and patches
Firewall protection for database access
Activity monitoring and logging

Data Breach Response

In the event of a data breach:

We will investigate and contain the breach promptly
Affected users will be notified as required by applicable law
Regulatory authorities will be notified where applicable
Remediation measures will be implemented

Please refer to our Terms of Service for liability limitations relating to security incidents.

Third-Party Service Providers

Third-party services used in the platform:

Service	Provider	Purpose
Email Delivery	Resend	Transactional emails (verification, password reset)
Equity Market Data	Yahoo Finance (yfinance)	Real-time stock and ETF pricing
Mutual Fund NAV Data	AMFI India via mfapi.in	Daily mutual fund NAV refresh
Payment Processing	Razorpay	Subscription payments (card data not stored by us)
CDN / Static Assets	Various	CSS frameworks, icon fonts

We are not responsible for the security practices or compliance of third-party providers. Each provider maintains their own security certifications.

SOC 2 / ISO Certifications

Paisashield is currently not SOC 2 or ISO 27001 certified. We implement security practices aligned with these frameworks and may pursue formal certifications as the organisation grows.

Financial Regulations

8.1 Not Subject to Financial Regulations

As a software-only provider, Paisashield is not subject to:

SEBI registration requirements for investment advisors or brokers
RBI regulations applicable to banks, NBFCs, or payment service providers
IRDAI (Insurance Regulatory and Development Authority of India) regulations
Money transmitter or payment aggregator licences

8.2 User Compliance Responsibility

You are responsible for:

Compliance with securities laws in your jurisdiction
Tax reporting and filing obligations (GST, TDS, income tax)
Regulatory filings related to your investments
Adherence to professional licensing requirements (if applicable)

Audit and Transparency

We maintain:

Activity logs for security monitoring
Access logs for troubleshooting
Immutable audit trail of all data modifications within the platform

Enterprise customers may request audit reports. Availability is not guaranteed and is subject to our capabilities at the time of request.

Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly:

Email security@paisashield.com with a detailed description and reproduction steps

We acknowledge receipt within 72 hours and provide a resolution timeline

Please do not publicly disclose until we've had reasonable time to address the issue

Do not exploit the vulnerability beyond proof-of-concept

Service Level Agreement (SLA)

Paisashield does not provide guaranteed uptime or service level agreements unless specified in a separate Enterprise Agreement. We make best efforts to maintain service availability but are not liable for downtime or service interruptions. Enterprise customers may contact us to discuss custom SLA terms.

Export Compliance

Users are responsible for compliance with export control laws and trade sanctions. You may not use Paisashield:

In countries subject to comprehensive trade embargoes
By persons or entities on restricted party lists
For purposes prohibited by export control regulations

Business Continuity

We maintain reasonable business continuity measures including:

Regular database backups
Disaster recovery procedures
Incident response plans

Your responsibility

You should maintain independent backups of critical financial data. We are not liable for data loss regardless of cause.

Changes to Compliance Practices

We may update our compliance practices and security measures at any time. Material changes will be reflected in updated policy documents with new "Last Updated" dates.

Compliance & security enquiries

For compliance questions or to report a security vulnerability:

compliance@paisashield.com security@paisashield.com

Back to Home