Privacy Policy

Last Updated: March 14, 2026

1. Introduction & Data Fiduciary

IntraBull ("IntraBull", "Company", "we", "us") is the Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP Act"). This Privacy Policy explains what personal data we collect, the lawful basis and purpose of processing, how we store and protect it, who we share it with, how long we retain it, and your rights as a Data Principal.

This Policy covers the IntraBull web application, PWA, Chrome extension, and all associated backend services.

2. Personal Data We Collect

2.1 Account & Identity Data

2.2 Financial & Transaction Data

2.3 Analysis & Trading Data

2.4 Behavioural & Gamification Data

2.5 Technical & Security Data

2.6 Analytics Data

3. Lawful Basis for Processing

We process your data under Consent (first-use flow), Contractual necessity (service delivery, payments), Legitimate use (fraud prevention, regulatory compliance, analytics), and Legal obligation (SEBI RA Regulations, PMLA, Income Tax Act).

4. How We Use Your Data

5. Data Storage & Security

6. Data Sharing & Third-Party Processors

We do NOT sell, rent, or trade your personal data.

We share data with the following third-party processors solely for the purposes described: Google Firebase (Authentication, FCM push), Microsoft Azure (Infrastructure, AI processing, Blob storage), Azure AI Foundry (Chart analysis), PostHog (Product analytics — anonymised), Sentry (Error tracking), SendGrid (Transactional email), MaxMind (IP geolocation).

We may also disclose data to law enforcement and regulatory authorities (including SEBI) when required by Indian law, court order, or valid legal process.

7. Data Retention Schedule

Upon account deletion request, personal identifiers are anonymised within 30 days. Records required by SEBI, PMLA, or Income Tax Act are retained in anonymised/pseudonymised form for the mandated retention period.

8. Cookies, Local Storage & Service Worker

We use Firebase Auth token (localStorage) for session authentication, Service worker cache for PWA offline functionality, PostHog session cookie for anonymised session tracking. We do NOT use third-party advertising cookies, retargeting pixels, or cross-site tracking.

9. Your Rights as a Data Principal (DPDP Act, 2023)

10. Cross-Border Data Transfers

Certain third-party processors (Google Firebase, Sentry, SendGrid) process data outside India. These transfers are governed by Standard Contractual Clauses (SCCs) and the processor's Data Processing Agreements. Your core data remains in Azure India regions.

11. Children's Data

IntraBull is not intended for persons under 18 years of age. We do not knowingly collect personal data from minors. If we discover a minor has created an account, we will terminate it immediately and delete associated data.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or SEBI regulations. Material changes will be communicated via in-app notification and email.

13. Contact & Grievance Officer

Data Fiduciary: IntraBull

Grievance Officer (as required by DPDP Act, Sec. 13(3)):

Email: grievance@intrabull.ai

Response time: within 72 hours of receipt

General Privacy Inquiries:

Email: privacy@intrabull.ai