Privacy and Data Protection Policy

PREAMBLE AND REGULATORY FRAMEWORK

WHEREAS Lotuslion Venture LLP ("Company," "we," "us," or "our") serves as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and is committed to maintaining the highest standards of data protection, privacy safeguards, and regulatory compliance in the provision of financial education services;

AND WHEREAS the Company operates sophisticated digital educational platforms, technological infrastructure, and data processing systems that necessitate comprehensive privacy and data protection frameworks for financial education delivery;

AND WHEREAS the Company is subject to multiple regulatory frameworks including the Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, Consumer Protection Act, 2019, and various sectoral regulations governing data processing activities in educational services;

NOW THEREFORE the Company hereby establishes this Privacy and Data Protection Policy ("Policy") to govern all aspects of personal data handling in connection with its financial education services, technological infrastructure, and business operations.

ARTICLE I: DEFINITIONS AND REGULATORY INTERPRETATION

1.1 Statutory and Regulatory Definitions

For the purposes of this Policy, and in accordance with applicable data protection legislation, the following expressions shall bear the meanings assigned to them under the Digital Personal Data Protection Act, 2023, and related regulations:

(a) "Personal Data" shall mean any data about an individual who is identifiable by or in relation to such data, including but not limited to name, contact information, demographic details, financial information, investment preferences, educational records, behavioral data, device identifiers, biometric information, and any other information that directly or indirectly identifies a natural person;

(b) "Data Principal" shall mean the individual to whom personal data relates, including prospective users, registered users, subscribers, course participants, investors, and any other natural persons whose data is processed by the Company;

(c) "Data Fiduciary" shall mean the Company in its capacity as the entity that determines the purpose and means of processing personal data;

ARTICLE II: SCOPE OF DATA COLLECTION AND PROCESSING ACTIVITIES

2.1 Categories of Personal Data Collected

2.1.1 Identity and Contact Information

The Company collects and processes the following identity-related data:

(a) Full legal name, preferred name, and any professional designations or qualifications;

(b) Email addresses (primary and secondary), mobile telephone numbers, and alternative contact methods;

(c) Postal address, billing address, and geographic location indicators;

(d) Professional affiliations, employment details, industry experience, and business contact information;

2.1.2 Financial and Investment-Related Data

(a) Investment experience level, risk tolerance assessments, and financial education background;

(b) Financial goals, investment objectives, and learning preferences for financial education;

(c) Portfolio simulation data, hypothetical investment scenarios, and educational trading exercises;

2.2 Advanced Data Collection Mechanisms

2.2.1 Analytics and Tracking Infrastructure

The Company employs sophisticated tracking and analytics technologies including:

(a) Google Analytics 4: Comprehensive platform analytics with enhanced measurement capabilities, audience insights, user journey mapping, and predictive analytics for educational content optimization;

(b) Google Tag Manager: Centralized tag management system enabling deployment of various tracking and marketing technologies for educational service optimization;

(c) Cashfree Analytics Integration: Payment behavior analysis, transaction optimization, subscription management analytics, and financial data insights;

ARTICLE III: LEGAL BASIS AND CONSENT FRAMEWORK

3.1 Multifaceted Legal Basis for Processing

3.1.1 Consent-Based Processing

Where processing is based on Data Principal consent, such consent shall be:

(a) Specific and Granular: Obtained for clearly defined processing purposes with separate consent mechanisms for educational analytics, marketing communications, third-party integrations, and advanced learning features;

(b) Informed and Transparent: Accompanied by comprehensive information about processing purposes, data recipients, retention periods, educational benefits, and Data Principal rights;

ARTICLE IV: THIRD-PARTY DATA SHARING AND PROCESSOR RELATIONSHIPS

4.1 Data Processor Relationships and Obligations

4.1.1 Educational Service Provider Relationships

The Company engages the following entities as Data Processors for essential educational operations:

(a) Kajabi Inc.: Educational content hosting, learning management system operations, student account management, course delivery infrastructure, and educational analytics, operating under comprehensive data processing agreements;

(b) Cashfree Payments India Private Limited: Payment processing, subscription management, transaction handling, financial data processing, and compliance reporting, subject to regulatory payment industry standards;

ARTICLE V: DATA SUBJECT RIGHTS AND EXERCISE PROCEDURES

5.1 Comprehensive Rights Framework Under DPDP Act

5.1.1 Fundamental Educational Data Rights Categories

Data Principals possess the following rights regarding their personal data in educational contexts:

(a) Right to Educational Information: Comprehensive disclosure regarding educational data processing purposes, categories of educational data, educational service recipients, retention periods for educational records, and Data Principal rights in educational contexts;

(b) Right of Educational Access: Detailed information about specific personal data being processed for educational purposes, educational processing purposes, and educational data sharing arrangements;

(c) Right to Educational Correction: Rectification of inaccurate, incomplete, or outdated personal data in educational records within reasonable timeframes;

ARTICLE VI: DATA SECURITY AND PROTECTION MEASURES

6.1 Educational Technical and Organizational Security Framework

The Company implements comprehensive technical security measures for educational data including advanced encryption for educational data in transit and at rest using industry-standard algorithms and key management procedures specifically designed for educational data protection.

ARTICLE VII: DATA RETENTION AND DELETION FRAMEWORK

7.1 Educational Systematic Data Retention Approach

The Company maintains personal data for specified periods based on educational data categories and legal requirements, including educational account data maintained for seven (7) years following account closure and educational records retained for ten (10) years to support credential verification.

ARTICLE VIII: GOVERNING LAW AND JURISDICTION

9.1 Educational Regulatory Framework and Legal Compliance

This Policy is governed by and construed in accordance with the Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, Consumer Protection Act, 2019, and all other relevant Indian laws affecting educational data protection and privacy.

CONTACT INFORMATION

Lotuslion Venture LLP
Attention: Educational Privacy and Data Protection Team
Email: investoreducation@lotuslion.in
Registered Office: K 204, Raheja Vistas, Raheja Vihar Complex, Chandivali, Mumbai 400072, India
Phone: +91-9082138060

Effective Date: August 1, 2025

ACCEPTANCE AND ACKNOWLEDGMENT

By accessing, using, or providing personal data to the Company for educational purposes, Data Principals acknowledge that they have read, understood, and agree to be bound by this Educational Privacy and Data Protection Policy. This Policy contains complex legal obligations and significantly affects Data Principal rights regarding personal data in educational contexts. Data Principals are advised to seek independent legal counsel if clarification of any provision is required.

Continued use of Company educational services constitutes ongoing acceptance of this Policy as it may be modified from time to time in accordance with the educational procedures set forth herein.

This Policy represents the Company's commitment to maintaining the highest standards of educational data protection and privacy in accordance with applicable Indian laws and international best practices for educational services.

← Back to Course