DATA SECURITY & COMPLIANCE

Protecting Your Data. Securing Your Practice.

Last Updated: 16-12-2025

At ARN Booster, the security of your data – and the trust of your clients – is our highest priority.
We are committed to providing a secure, compliant, and privacy-first platform designed specifically for Mutual Fund Distributors (MFDs), RIAs, and financial professionals across India.

This page explains exactly how we protect your information and how our systems align with applicable Indian regulations.

🔐 1. Our Security Philosophy

Your data is your property – we only safeguard it.

• We do not sell, rent, or trade user or client data.
• We do not access any data unless required for support and explicitly permitted.
• You remain the sole owner of all client and business information stored on ARN Booster.

🔑 2. Data Encryption Standards

• Encryption in Transit
  All data transmitted between your device and our servers is protected using TLS 1.2+ encryption, preventing interception or tampering.
• Encryption at Rest
  All sensitive personal and financial data is stored using AES-256 encryption, the global standard used by banks and fintech platforms.
• Secure API Communication
  Every API call is authenticated, rate-limited, and protected against:
  • Man-in-the-middle attacks
  • Injection attempts
  • Replay attacks
  • Unauthorised data exposure

🛡 3. Infrastructure & Server Security

• India-based Servers
  All data is stored on secure AWS servers located in India, ensuring compliance with:
  • Indian IT Act
  • RBI, SEBI, and AMFI data-handling expectations
• Firewall & Network Protection
  We use enterprise-grade firewalls, VPC isolation, and traffic monitoring to block malicious traffic.
• Regular Security Audits
  • Vulnerability assessments
  • Penetration testing
  • Periodic third-party audits

  These audits ensure our systems remain hardened and updated.

👁‍🗨 4. Zero Unauthorised Access Guarantee

• Role-based Access Control (RBAC)
  Only authorised personnel with defined roles can access internal systems.
• Principle of Least Privilege
  Team members only access the minimum data required to perform their tasks.
• Audit logs
  Every critical action is logged and monitored for security and compliance.

ARN Booster never accesses your client data unless:

• You explicitly request support.

Access is revoked immediately after resolution.

🧩 5. Compliance With Indian Regulations

• SEBI / AMFI Compliance (advisor expectations)
  While ARN Booster is not a regulated entity, our platform follows compliance practices that advisors must adhere to:
  • Secure record-keeping
  • Reliable audit trails
  • Data confidentiality
  • No unauthorised sharing of investor information
  • Proper access control and logging
• IT Act, 2000 & SPDI Rules Compliance
  We adhere to requirements for handling:
  • Personal data
  • Sensitive personal data (SPDI)
  • Financial information
  • Identity documents
• Email Data Handling (Gmail Integrations)
  If you connect Gmail:
  • Only transaction-related RTAs emails (CAMS, KFin, FT) are scanned
  • No personal emails are read or stored
  • Data is not sold or shared for advertising
  • Access is granted only with your explicit consent

🧮 6. Data Retention & Backup Policies

• Retention
  Transaction history for active users is retained for 5 years.
  Older records may be archived securely and retrieved on request.
• Backup
  We maintain encrypted daily backups with:
  • Multi-region redundancy
  • Disaster recovery protocols
  • Automatic restoration capability
• Business Continuity
  In the event of unforeseen outages:
  • Critical systems auto-failover
  • No loss of user or client data
  • Minimum downtime

📝 7. User Data Ownership & Control

You are the exclusive owner of:

• Client data
• Portfolio records
• Contact information
• Uploaded files
• Notes & communication logs

ARN Booster is only a technology custodian.

You can:

• Export your data
• Request corrections
• Request deletion (where legally allowed)
• Withdraw access to integrations

⚠️ 8. Data Sharing Policy

We never share personal or client data with:

• Advertisers
• Unrelated third parties
• External entities without your consent

We may share limited data only when:

• Required by law (court orders, regulatory authorities)
• Necessary for service delivery (e.g., payment gateway, cloud hosting)
• Explicitly authorised by you

No data is shared for marketing purposes without consent.

🧑‍💻 9. Internal Security Practices

• Background-verified personnel
  All employees undergo verification and confidentiality agreements.
• Mandatory security training
  Team members are trained on:
  • Data handling
  • Cybersecurity best practices
  • Incident response
  • Privacy norms
• Access Rotation
  Login credentials and access rules are rotated and monitored regularly.

🚫 10. Incident Detection & Response

We employ:

• Real-time monitoring
• Automated anomaly detection
• Alerts for suspicious logins or API calls

If an incident occurs:

• Affected systems are isolated immediately
• Users are notified as required
• Root cause analysis is conducted
• Preventive measures are implemented

📲 11. Your Responsibilities as a User

To maintain security, Users should:

• Keep login credentials confidential
• Use strong passwords
• Enable 2FA (if available)
• Inform us of suspicious activity immediately

🤝 12. Transparency & Trust

We believe MFDs deserve:

• Clear answers
• Transparent data policies
• No hidden practices

If you have questions about how your data is handled, we’re here to help.

📩 13. Contact & Compliance Officer

Data Protection & Compliance Officer
Rise 2 XL Private Limited
📧 contact@arnbooster.com
📞 +91-9315790599
🌐 www.arnbooster.com