This Privacy Policy explains how we collect, use, process and disclose information about you. By using our website and affiliated services, you consent to the terms of our privacy policy (“Privacy Policy”) in addition to our Terms of Use. We encourage you to read this Privacy Policy regarding the collection, use, and disclosure of your information from time to time to keep yourself updated with the changes & updated that we make to this Policy.

Information we collect.

The following information is collected by or on behalf of Ambrain Capital.

  • Information You provide us.

When you start using the Web Services, we ask you to provide certain information as part of the registration process, and during your interface with the Web. We will collect this information through various means and in various places through the Web Services, including account registration forms, contact us forms, or when you otherwise interact with AMBRAIN CAPITAL including at customer support.

Pursuant to the services consumed by You from time to time, we may explicitly seek additional information including address, payment, or banking information, DEMAT information and any other governmental identification numbers or documents. You may choose to provide such information if you wish to use the services provided by the Website.

We will also maintain a record of the information you provide to us when using customer support services.

From time to time, during your use of the Website Services, Ambrain capital may require access to certain additional information such as SMS & contact details. Prior to accessing any such additional information, explicit consent shall be sought from you. Please note that even after consent has been provided by you, we only read transactional or promotional SMS and do not open, access, or read any personal SMS.

Certain features may be restricted, unavailable or unusable if you choose not to provide certain information.

  • Information created when You use our Website Services.

We collect information relating to your use of our website using various technologies. This includes transaction details related to your use of our services including the type of services you requested, the payment method, amount, and other related transactional and financial information. Further, when you visit our website, we may log certain information such as your IP address, browser type, mobile operating system, manufacturer and model of your mobile device, geolocation, preferred language, access time, and time spent. We will also collect information about the pages you view within our sites and other actions you take while visiting our website

We also maintain some records of users who contact us for support, for the purpose of responding to such queries and other related activities. However, we do not provide this information to any third party without your permission or utilize the same for any purposes not set out hereunder.

Best practices to follow

We have always placed your security first on UNLISTEDKART. To ensure maximum security, we have made a simple list of security to-do's you can follow:

  • Never divulge your personal bank details like card number, CVV, PIN, and OTP in any medium, including calls, texts, or emails.
  • We will never, ever ask you for any of the sensitive details mentioned above.
  • We will never call you and ask to do any payment transaction on the app or install any remote access software such as TeamViewer, any desk, etc.
  • Never respond to such emails, texts, or phone calls.
  • Our customer support can only be reached via the app. please do not engage with phone numbers that claim to be of our support team.

Privacy Practices

We do not sell your personal information to or share it with unaffiliated third parties for their own advertising or marketing purposes without your explicit consent.

Perimeter Security

We have deployed Defence in Depth Architecture using a network firewall, web application firewall, DDoS protection layer, and a content delivery network. Our infrastructure is launched in compliance with the AWS Well Architected Framework and from the security perspective incorporating practices from the AWS Cloud Adoption Framework. We have a 3-Tier Architecture which incorporates best practices from various standards and certifications.

Host Security

We use industry leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patching. All our servers are launched using the Centre for Internet Security Benchmarks for Amazon Linux.

Data Security

We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis. We use key management services to limit access to data except the data team. Stored data is protected by encryption at rest and sensitive data by application-level encryption. We use data replication for data resiliency, snapshotting for data durability and backup/restore testing for data reliability.

Incident and Change Management

We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you both reliably and securely enabling you to enjoy the UNLISTEDKART experience with maximum assurance.
We have an aggressive stance on Incident Management on both Systems downtime and Security and have a Network Operations Centre and an Information Security Management System in place which quickly reacts, remediates, or escalates any Incidents arising out of planned or unplanned changes.

Vulnerability Assessment and Penetration Testing

We have an inhouse network security team which uses industry leading products to conduct manual and automated VA/PT activities. We employ both static application security testing and dynamic application security testing which is incorporated into our continuous integration / continuous deployment pipeline. We also leverage CERT-IN certified auditors to do periodic external security testing and audits. All compliance/audit statuses will be updated in this section in this policy.