This page explains what personal data FinSet collects from you, why it's collected, who else it's shared with and what rights you have over it. The policy is written to comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act") of India.

If anything here is unclear, write to the grievance officer at the address in section 9 and you'll get a response.

1. Who runs FinSet

FinSet is operated by Sanket Nilkantha Dube, an AMFI-registered Mutual Fund Distributor (ARN-180462, EUIN E363818), based in Pune, Maharashtra, India.

FinSet is the "Data Fiduciary" under the DPDP Act for the personal data described below. Sanket is the named individual responsible for the data and acts as Grievance Officer.

Contact: [email protected]

2. What personal data we collect

We collect only what's needed to deliver the newsletter and respond to direct inquiries.

• Email address. Collected when you subscribe to the FinSet newsletter through the signup form on finset.in or the embedded form in a published post.
• Email engagement data. Whether the newsletter was opened and which links were clicked. This is recorded by the email-sending platform and visible to FinSet as aggregated metrics for that issue.
• Basic browser/device data. Standard server logs (IP address, user-agent string, referrer) when you visit finset.in. Retained for security and abuse-prevention purposes only.
• Anything you choose to send us. If you reply to a newsletter or write to the contact email, that message and your reply-from address are stored in the email inbox.

We do not collect financial information, KYC data, investment portfolio details, demographic data or location beyond what an IP address infers. The newsletter is content-only. FinSet does not transact mutual funds through the website.

3. Why we collect it

• Email address. To deliver the newsletter you subscribed to and to send transactional confirmations like signup, password reset and unsubscribe receipts.
• Engagement data. To understand which categories resonate so future issues can be written better. Reviewed at an aggregate level, not per individual.
• Server logs. To detect and prevent abuse like bot signups, scraping and intrusion attempts.
• Direct correspondence. To answer your question.

The DPDP Act's lawful basis is consent (Section 6). You give it when you submit your email through the signup form, after seeing a notice that links to this policy. You can withdraw consent at any time using the rights described in section 7.

4. Who else sees your data

To deliver the newsletter we share data with a small set of service providers. Each has its own privacy commitments and we use only the data they need.

Anthropic is used to draft the editorial content of each issue. No subscriber data is ever sent to Anthropic. Only the AMFI-published NFO data (which is itself public) is shared with Anthropic for drafting.

We do not sell your data. We do not share your data with advertisers or data brokers. We do not run third-party advertising on the site.

5. Cross-border data transfer

Some of the providers in section 4 process data outside India. As of the effective date of this policy, the Government of India has not notified a restricted list of countries under Section 16 of the DPDP Act and so this transfer is currently permitted. If a restricted list is notified that affects any of the providers above, we'll either move to an India-resident alternative or update this notice.

6. How long we keep it

• Email address and engagement data. Until you unsubscribe, request deletion or the FinSet newsletter stops operating, whichever is earliest. On unsubscribe we keep a suppression-list entry (the hashed or plain email) to make sure we don't accidentally re-add you. The suppression entry is the minimum needed and is itself deletable on request.
• Server logs. Rolling 30 days, then purged.
• Direct correspondence. Kept in the inbox until manually cleaned up. You can request deletion of a specific thread at any time.

7. Your rights under the DPDP Act

The DPDP Act gives you these rights and FinSet honors them.

• Right to access (Section 11). Ask what personal data we hold about you. We'll respond within 30 days.
• Right to correction. Tell us if any data is wrong and we'll fix it.
• Right to erasure. Ask us to delete your data. We'll do it within 30 days, except where we're required to retain something by law (we don't expect to be).
• Right to withdraw consent. Click the unsubscribe link in any newsletter or write to us. Withdrawal is processed immediately and we'll stop sending future emails. Past sends already in flight may still arrive.
• Right to nominate. Under Section 14 of the DPDP Act, you can nominate another individual to exercise your rights in the event of your death or incapacity. Write to us if you want to register a nomination.

To exercise any of these rights, write to the grievance officer at [email protected]. Please write from the email address that's on your subscription so we can confirm it's you.

8. Children

The newsletter is intended for adult readers, in particular individuals making personal investment decisions. We don't knowingly collect data from anyone under 18. If you believe a minor has subscribed, write to us and we'll remove the record.

9. Grievance officer

Under Section 8(9) of the DPDP Act, the named grievance officer for FinSet is:

Sanket Nilkantha Dube
ARN-180462, EUIN E363818
Pune, Maharashtra – 411019
[email protected]

If your grievance isn't resolved within 30 days or you're not satisfied with the resolution, you have the right to escalate to the Data Protection Board of India once it's operational and notified.

10. Security

Your data sits in encrypted databases on a private server. Access is restricted to Sanket alone using SSH key authentication with no password fallback. Backups are encrypted and stored on a separate machine in the same data center. We don't claim that any system is unbreachable, but the practical surface is small. If a breach affecting subscriber data is detected, we'll notify affected subscribers within 72 hours along with what happened and what to do.

11. Changes to this policy

If the policy changes in a way that materially affects you, you'll be notified by email at the address on your subscription, with at least 14 days' notice before the change takes effect. Non-material changes (clarifications, typo fixes, restructuring) will be published here without a separate notice. The "Last updated" date at the top of this page is authoritative.

12. Disclaimer

FinSet's newsletter is general financial commentary. It is not investment advice, a recommendation or a solicitation. Mutual fund investments are subject to market risks. Read all scheme-related documents carefully before investing.

Statutory references in this policy are to the Digital Personal Data Protection Act, 2023 (India). Where the Act conflicts with this policy, the Act prevails.