ATC100 Cr CountdownRemaining: Sold: ( achieved)
Buy / Add Balance

1. Introduction

AsvaTok (“we,” “our,” or “us”) is committed to safeguarding the privacy and personal data of all users (“you” or “user”) who access or use our website https://www.asvatok.com/(collectively, the “Platform”/“Website”).

This Privacy Policy explains how we collect, process, use, store, share, and protect your personal data in compliance with applicable Indian laws, including the Digital Personal Data Protection Act, 2023, Information Technology (Reasonable security practices and procedures and Sensitive Personal Data or information Rules), 2011, Reserve Bank of India (RBI) KYC Master Direction 2023, RBI Notification on Storage of Payment System Data 2018, and CERT-In guidelines 2022.

By accessing or using our Platform, you agree to this Privacy Policy and consent to the collection and processing of your personal data in accordance with it.

2. Information We Collect

We collect the following categories of data during your interaction with the Platform:

2.1. Users who have not signed in

We may collect certain information such as the user’s IP address and cookies for security and analytics purposes. If a user subscribes to email newsletters or updates, their email address will be collected. Additionally, if a user contacts us through any form or message, we may collect their name, email address, and any information they include in the message.

2.2. Registration and account data

When a new user signs up on AsvaTok, we collect their user name, email address, mobile number, password, and authentication credentials to create and manage their account. We also automatically collect IP address, device identifiers, and, where applicable, referral or promotional data to enhance security and improve user experience. As part of the RBI-mandated KYC process, we further collect the user’s full name, phone number, country, address, state, and city, along with Aadhaar number and Aadhaar-linked mobile number, PAN, and bank particulars such as account number, IFSC code, account holder’s name, photo, signature, and a copy of the bank passbook.

2.3. KYC verification data

For purposes of regulatory compliance, anti-fraud measures, and account security, AsvaTok collects specific identity and financial details from users. This includes the user’s Aadhaar number (used for OTP-based verification), PAN number, and bank account details for withdrawal and remittance verification. Additionally, we may collect the user’s date of birth and address as reflected in their KYC documents. To complete verification, we may also obtain supporting identification documents, such as a scanned copy of the PAN card, bank passbook, or Aadhaar-linked mobile OTP confirmation. We use Perfios, a trusted third-party service provider, to securely collect, verify, and authenticate all KYC and PMLA-related personal information and particulars.

2.4. Platform usage and transactional data

While using the AsvaTok Platform, we collect information to facilitate transactions, ensure security, and improve user experience. This includes transactional information such as token purchases, transfers, redemptions, or withdrawals. We also collect login details, device information, and browser data to prevent fraud and perform analytics. Additionally, we retain a record of communication history with our support team to address queries, complaints, and service requests effectively. We record details of your collections, such as bank notes, coins, stamps, artwork, watches, and such other real world assets, when these assets are tokenized or linked to the Platform. This information is necessary for asset management, transaction facilitation, and accurate reflection of ownership within the Platform ecosystem.

2.5. Cookies and analytics

AsvaTok uses cookies and tracking tools to enhance the functionality, security, and performance of the Platform. These tools are used for authentication and login session management, load balancing and performance optimization, remembering user preferences, and security and fraud detection. We also use cookies for usage analytics, such as understanding category demand and user behavior, and for third-party integrations, including services like Google Analytics and advertising partners. Users have the ability to manage or disable cookies through their browser settings or via consent banners displayed on the Platform.

3. Purpose and Legal Basis for Processing

AsvaTok collects and processes your personal and financial data for the following lawful and specific purposes:

  1. Account Creation and User Identification
  2. KYC Verification and PMLA/CFT Compliance
  3. Facilitating Transactions in Digital Assets
  4. Customer Support and Grievance Redressal
  5. Regulatory and Legal Compliance
  6. Platform Performance Optimization and Analytics
  7. Marketing and Service Improvement (where consented)

We process your personal data based on user consent, legitimate interest, and statutory or regulatory obligations, ensuring that all processing is transparent, proportionate, and lawful under applicable Indian laws, including the Digital Personal Data Protection Act, 2023 (DPDPA) and RBI guidelines.

4. Minor Users

AsvaTok is intended only for persons who have attained the age of 18 years. We do not knowingly collect personal data from minors. Users below 18 may not register unless verifiable parental consent is provided by parent.

5. Authentication and Verification

AsvaTok verifies users through OTP-based authentication sent to their registered mobile number and/or email address to ensure account security and authenticity.

For Aadhaar-linked verification, authentication is conducted through an authorized Aadhaar Authentication User Agency (AUA/KUA) partner in strict compliance with UIDAI regulations. We engage Perfios, a licensed third-party provider, to securely facilitate and verify all KYC and Aadhaar-based authentication processes, ensuring that personal data is handled in accordance with regulatory and privacy requirements.

6. Data Storage and Localization

All personal and financial data collected on AsvaTok, including KYC documents, bank account details, transaction history, and payment records, is stored in secure, access-controlled data centers located within India. Our primary storage infrastructure is hosted on AWS India (Mumbai Region), with additional redundancy and backup maintained on equivalent Indian-region servers provided by Hostinger to ensure data availability and resiliency.

In accordance with RBI’s 2018 Payment Data Localization Circular, no financial data, payment system information, or KYC records are stored, mirrored, or processed outside India. This ensures that all sensitive information remains within Indian jurisdiction and is subject to Indian data protection, privacy, and regulatory standards.

We implement encryption at rest and in transit, strict access controls, and continuous monitoring to safeguard the integrity, confidentiality, and security of user data, in compliance with RBI guidelines and industry best practices.

7. Data Sharing and Third-Party Disclosures

AsvaTok may share limited personal and transactional data strictly on a need-to-know basis with authorized third parties to enable the operation of the Platform and comply with legal requirements. These include:

  1. Custodian service providers for securely holding asset tokens and managing custody obligations;
  2. Asset authentication and verification providers to validate the authenticity and ownership of tokenized or physical assets;
  3. Insurance service providers for insuring assets or transactions facilitated through the Platform;
  4. Payment gateway providers and banks for processing settlements, withdrawals, and financial transactions; and
  5. Regulatory, judicial, or government authorities when disclosure is required under applicable laws or regulations.

All third-party partners are contractually bound to adhere to strict security, confidentiality, and data usage restrictions, and they are prohibited from using the data for any purpose other than what is expressly authorized. No personal data is sold, rented, or commercially shared with unrelated third parties.

8. Visibility of Ownership and Transactions

Where applicable, only aggregate ownership information is displayed to users. Participants holding ownership in an asset may be publicly identified (as an entity or verified individual) for transparency, subject to their consent and regulatory necessity. Ownership or transaction data is never displayed in a manner that reveals personal identifiers of other users, except for display name and value & number of ATCs.

9. Blockchain Transactions and Anonymity

Transactions executed on the blockchain ledger record only token identifiers, wallet addresses, and transaction timestamps. No personally identifiable information (name, Aadhaar, PAN, etc.) is written on the blockchain. Mappings between wallet addresses and verified KYC identities are stored off-chain under encrypted protection and are accessible only to authorized compliance officers for audit or dispute purposes.

10. Data Retention and Deletion

We retain data only for as long as required by law or operational necessity:

Sl. No.CategoryRetention PeriodBasis
1KYC & financial data5 years after account closure + 3 years (limitation) = total 8 yearsRBI KYC Master Directions, 2023
2Transaction records8 years (or as legally required)RBI/Income Tax norms
3Cookies, logs & analytics12 monthsSecurity & performance
4General user account dataDeleted within 90 days after termination of accountDPDPA 2023

11. Account Closure and Termination

To close an AsvaTok account, users must:

  1. Transfer or liquidate any RWA token asset and native token holdings;
  2. Clear any outstanding dues;
  3. Submit a closure request via registered email or the Platform;
  4. Complete OTP verification to confirm termination;
  5. Post-closure, data retention follows the above retention table.

12. Security Measures

  1. Encryption: AES-256 for data at rest; TLS 1.3 / HTTPS for data in transit.
  2. Access Control: Role-based restricted access and multi-factor authentication.
  3. Audit & Monitoring: Regular security audits, log reviews, and data integrity checks.
  4. Incident Response: Dedicated data security protocol and breach management plan.

13. Asset Ownership, Personality Rights, and Token Economics

  1. Certain artworks or Real-World Assets (RWA) listed on the Platform may be subject to personality rights, intellectual property rights, or other legal rights held by individuals or entities. As a user creating or tokenizing an RWA asset, you are responsible for identifying any personality rights associated with the asset and ensuring that all specific conditions, restrictions, or obligations pertaining to these rights are strictly followed when the asset is used, displayed, or transferred on the Platform. The subsequent RWA asset owners shall abide by such personality rights or personal information of such RWA.
  2. Payments for creating native tokens on AsvaTok are processed via the Razorpay third-party provider. Each AsvaTok Coin is pegged at 1 INR, while the value of RWA tokens is determined by market dynamics on the Platform.
  3. Ownership details of other asset holders may be visible to you to facilitate transactions; similarly, your own name and holdings may be visible to other users. All personal information of other users must be treated as strictly confidential, maintained securely, and not disclosed or misused in any manner. Users are expected to respect privacy and confidentiality obligations as part of Platform usage and token trading activities.

14. Data Breach Notification

  1. User Notification: All affected users will be individually notified via their registered email address or mobile number within 72 hours of the discovery of the breach. Notifications will include details of the breach, the type of data potentially affected, and recommended steps for users to protect themselves.
  2. Regulatory Reporting: AsvaTok will promptly report the incident to relevant authorities, including CERT-In, in accordance with the CERT-In Directions, 2022, and any other applicable regulatory requirements.
  3. Corrective and Containment Measures: Immediate actions will be undertaken to contain the breach, mitigate risks, and prevent further unauthorized access. This includes isolating affected systems, strengthening security controls, and reviewing existing processes to prevent recurrence.
  4. Investigation and Remediation: A thorough investigation will be conducted to identify the cause and scope of the incident, and remedial actions will be implemented to restore data integrity and security.
  5. Continuous Monitoring: Post-incident, AsvaTok will enhance monitoring and auditing to detect potential vulnerabilities and ensure that similar incidents are prevented in the future.

15. User Rights

Under applicable data protection laws, you have the following rights:

  1. Right to Access – obtain confirmation on what personal data we hold;
  2. Right to Correction – request rectification of inaccurate data;
  3. Right to Erasure – request deletion of personal data (subject to legal retention);
  4. Right to Withdraw Consent – revoke consent for non-essential data processing;
  5. Right to Grievance Redressal – contact our Data Protection Officer (DPO) or grievance officer.

Requests can be made via support@asvatok.com. Verified requests will be processed within 15 working days, except where retention is mandated by law.

16. Appointment of Data Protection Officer (DPO)

AsvaTok has appointed a Data Protection Officer (DPO) responsible for:

  1. Ensuring compliance with IT RSPD Rules or the Digital Personal Data Protection Act, 2023;
  2. Monitoring internal data protection and security practices;
  3. Coordinating with regulatory bodies in case of incidents;
  4. Responding to user grievances and data access requests.

Contact: Data Protection Officer, AsvaTok — Email: dpo@asvatok.com

17. Cross-Border Data Transfer and Multi-Jurisdiction Compliance

AsvaTok primarily operates under Indian jurisdiction, and all personal and financial data of Indian users is stored within India. If a user accesses the Platform from outside India, any cross-border data transfer will occur only:

  1. To countries recognized by the Indian Government as having adequate data protection;
  2. Under contractual safeguards that ensure equivalent protection standards; and
  3. In compliance with Digital Personal Data Protection Act, 2023 (DPDPA) and RBI data localization mandates.

In the event of a jurisdictional conflict, Indian data protection and financial regulations will prevail for all Indian users.

18. Regulatory Compliance

AsvaTok voluntarily follows or adheres to applicable RBI and statutory regulations, including:

  1. RBI Master Directions on KYC (2023)
  2. RBI Guidelines on Digital Payment Security Controls (2021)
  3. RBI Circular on Payment Data Localization (2018)
  4. Information Technology (RSPD) Rules, 2011
  5. Digital Personal Data Protection Act, 2023
  6. CERT-In guidelines 2022

19. Updates to This Policy and Additional Data Collection/Use

We may revise this Privacy Policy from time to time to reflect legal, operational, or regulatory changes. In the event that new personal data needs to be collected, or if your data is to be shared with any new third party, or if there are any material changes to this Privacy Policy, AsvaTok will promptly notify you through your registered email, mobile number, or via notifications on the Platform. Such updates will clearly explain the nature of the new data, purpose of collection, parties involved, and your rights in relation to the new processing activity, ensuring transparency and continued compliance with applicable data protection regulations.

20. Grievance Redressal

Grievance Officer
AsvaTok
Email: support@asvatok.com

Response Timeline: within 15 business days of receipt.

21. Contact Information

For general privacy questions, please write to privacy@asvatok.com.

This Privacy Policy is intended to comply with applicable Indian laws and regulations. If there is any conflict between this Policy and mandatory laws, the latter shall prevail for Indian users.