Privacy Policy

Last updated: []

Grey Sky Capital Private Limited ("Grey Sky,", "We," "Us") is a private limited company registered under the Companies Act, 2013 (CIN: U64990KA2025PTC201958). We are registered with SEBI as a Portfolio Manager (Registration No. [SEBI Reg. No.]) and act in a fiduciary capacity for our clients. Protecting your data is fundamental to this trust.

This Privacy Policy (the "Policy") explains how we collect, store, use, disclose, and secure your personal information, including Sensitive Personal Data or Information (SPDI). This Policy is published on our website in compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules") under the Information Technology Act, 2000.

By using our Site (greysky.capital/greyskycapital.com/greyskycapital.in, the "Site"), or our secure Client Portal, you confirm that you have read and understood this Policy.

Privacy at a Glance

This table summarises our data practices. The full details follow below.

What We DoWhy We Do It (Our "Lawful Purpose")
When you browse our site, we collect technical data (like cookies, IP address).

To make the site work, improve your experience, and keep it secure.

When you register for our blog, we ask for your Name and Email.

To send you the blog posts, news, and marketing information you consented to receive.

When you become a client, we collect Personal & Sensitive Financial Data (PAN, KYC, Bank Details, etc.).

To fulfill our contract with you, comply with SEBI's mandatory KYC/AML regulations, and manage your portfolio.

We share your data with select third parties.

Only with essential partners (like our Custodian, KRAs, exchanges) and our technology vendors ("Data Processors") who are contractually bound to protect it.

We never sell or rent your personal data.Our business is managing your portfolio, not selling your data.
You have rights over your data.

The DPDP Act gives you the right to access, correct, or withdraw consent for your data.

This Policy is governed by the laws of the Republic of India. We are obligated to implement and maintain "Reasonable Security Practices and Procedures" as mandated by Section 43A of the IT Act, 2000, and the SPDI Rules, 2011, to prevent wrongful loss or unauthorized access to your data. 

2. The Information We Collect

We classify the information we collect into three categories:
A. Sensitive Personal Data or Information (SPDI)
This data is required for regulatory compliance (SEBI, PMLA) and constitutes SPDI under the IT Act.

Data Type

Examples

Financial Information

Bank account details (account number, IFSC), income and net worth declarations, Demat account details, investment experience, and transaction data.

Identification Data

PAN, Aadhaar number, signatures, and photographs/live images for mandatory KYC.

Passwords

Login credentials to the Client Portal (securely encrypted).

B. Personal Information (PI)

  • Contact Data: Full Name, Date of Birth, Gender, Residential address, Email address, and Phone number.
  • Regulatory Data: KYC Registration Agency (KRA) records, Politically Exposed Person (PEP) status, and other regulatory records.

C. Technical and Usage Data (Web Analytics)
When you visit our Site, we automatically collect technical data. This information is used for website optimization and security. We may use third-party tools, such as Google Analytics, to collect and analyze this data. This data is generally collected in an aggregated or anonymous form and is not linked to your Personal Information or SPDI.

3.Use Your Personal Data (Purpose Limitation)

We use your data strictly for the following lawful purposes:

  • To Provide Services: To verify your identity, set up and manage your portfolio account, execute investment instructions, and deliver portfolio statements and performance reports.
  • To Comply with Law: To perform mandatory KYC, AML, and risk management checks; to retain records and report to SEBI, tax authorities, and other government bodies as legally required.
  • Security & Risk Management: To conduct risk management, fraud detection, security audits, and comply with SEBI's Cyber Security Framework.
  • To Communicate: To send you service-related administrative alerts and marketing communications (based on your consent).

4.Disclose, Sharing and Transfer

We confirm: We do not sell, rent, or trade your Personal Information or SPDI.

A. Sharing for Service (Statutory & Contractual Necessity)
We only share your information with the following parties for the performance of our lawful contract and statutory compliance:

  • Regulators & Government Bodies: SEBI, Stock Exchanges, Depositories, KRAs, Tax Authorities, and law enforcement agencies, when legally mandated.
  • Mandated Service Partners: Our appointed Custodian (as mandated by SEBI) for the safekeeping of your assets, settlement of transactions, and record-keeping; Registrar & Transfer Agents (RTAs), and Banking partners.
  • Technology Vendors: Cloud hosting providers, security auditors, and other technology service providers ("Data Processors"). These processors are contractually bound to maintain the same level of data protection as us.

B. Consent for Disclosure (SPDI Rule 6)
Any disclosure of your SPDI to any third party, other than those listed above (who are essential for service or statutory compliance), shall be done only with your prior written or electronic permission.

C. Transfer of Information (SPDI Rule 7)
We may transfer your data to other entities in India or located in any other country, but only if necessary for the performance of the lawful contract or where you have consented to the transfer. Any such transfer shall be made only to a recipient that ensures the same level of data protection that is adhered to by Grey Sky Capital as provided for under the SPDI Rules

5. Data Security and Retention

A. Security Practices (Reasonable Security)
We take the security of your data extremely seriously. We are compliant with both the IT Act, 2000 (SPDI Rules) and SEBI's rigorous Cyber Security & Cyber Resilience Framework (CSCRF).  
We implement robust technical, operational, and physical security measures, including:

  • Data encryption, both in transit (using SSL) and at rest.
  • Strict access controls and firewalls.

B. Retention (Legal Obligation)
We retain your SPDI and PI only for as long as necessary. However, SEBI and PMLA regulations legally require us to retain client records, including KYC and transaction details, for a specified mandatory period after your relationship with us ends. After this mandatory retention period expires, your data will be securely and permanently destroyed.

6. Your Rights and control over Personal Information

In compliance with the SPDI Rules, 2011, you have the following rights regarding the information we hold:

  • Right to Review and Correction: You have the right to review, seek correction, and amend any Personal Information or SPDI we hold about you by contacting the Grievance Officer.
  • Right to Consent and Withdrawal: You have the right to provide consent for the collection of SPDI and the right to withdraw that consent (subject to the termination of the PMS agreement, as detailed in Section 1.B).
  • Right to Opt-Out: You have the right to opt-out of receiving any marketing or promotional communications from us.

7. Cookies and Tracking

Cookies are small data files stored on your browser. We use them to:  

  • Essential Cookies: Make our Site and Client Portal function (e.g., keeping you logged in).
  • Performance Cookies: Help us understand how you use the Site so we can improve it.
  • Marketing Cookies: Used to (with your consent) show you relevant information.

You can manage your cookie preferences through your browser settings or our website's cookie banner.

8.Grievance Redressal and Children's Privacy

We have designated a Grievance Officer to address all queries and complaints related to this Policy:
A. Grievance Redressal

  • Grievance Officer: Apurv Anand
  • Title: Compliance & Grievance Officer
  • Email: grievances@greysky.capital
  • Office Address: 6th floor, Sakti Statesman, Classic Converge, Outer Ring Rd, Green Glen Layout, Bellandur, Bengaluru, Karnataka 560103.

The officer will acknowledge and address your grievance within the time limits prescribed by the law.

B. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect Personal Information from children. If you are a parent or guardian and believe your child has provided us with Personal Information, please contact our Grievance Officer immediately.