1. Who We Are
Discipline-M is operated by NiyamKavach AI Labs Pvt Ltd, registered in India. This privacy policy explains how we collect, use, store, and protect your personal data in compliance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP Act).
2. Data We Collect
We collect the following data when you use Discipline-M:
- Account data: Email address, name, and password (hashed)
- Broker credentials: Dhan Client ID and Access Token (encrypted, used only for API calls)
- Trading data: Trade entries, exits, P&L, stop-loss levels, and position data
- Journal data: Trade reflections, emotions, setup descriptions, and optional chart screenshots
- Behaviour data: Discipline score, trading events, rule violations, and mode changes
- Usage data: Page views, feature usage, and session information
3. How We Use Your Data
- Execute trades on your behalf through your connected broker account
- Calculate and display your behaviour score and trading statistics
- Generate AI coaching reports by analysing your trading patterns and journal entries
- Send you notifications about capital management and risk alerts
- Improve the platform based on aggregated, anonymised usage patterns
4. Third-Party Services
We share specific data with the following third-party services:
- Dhan (Broker API): Your Client ID and Access Token are sent to Dhan's API to execute trades, fetch positions, and retrieve account balance. Dhan is a SEBI-registered broker.
- Anthropic (Claude AI): Your anonymised trading data and journal entries are sent to Claude AI to generate coaching reports. No personal identification data (name, email, broker credentials) is sent to Anthropic.
- Vercel: Our hosting platform. We have opted out of Vercel's AI training data sharing.
- Neon: Our database provider (PostgreSQL). Data is encrypted at rest and in transit.
5. Data Storage and Security
- All data is stored in encrypted PostgreSQL databases hosted by Neon (AWS ap-southeast-1)
- Broker access tokens are stored securely and used only for authorised API calls
- Passwords are hashed using bcrypt and never stored in plain text
- All communication is encrypted via HTTPS/TLS
- Dhan API calls are routed through a static IP proxy for SEBI compliance
6. Data Retention
We retain your data for as long as your account is active. Trading data and journal entries are retained to provide historical analysis and AI coaching. You may request deletion of your account and all associated data at any time by emailing hello@disciplinem.com. Upon deletion request, all personal data will be removed within 30 days.
7. Your Rights (DPDP Act 2023)
Under the Digital Personal Data Protection Act, 2023, you have the right to:
- Access your personal data held by us
- Request correction of inaccurate data
- Request deletion of your data (right to erasure)
- Withdraw consent for data processing
- File a complaint with the Data Protection Board of India
To exercise these rights, contact us at hello@disciplinem.com.
8. Cookies
Discipline-M uses localStorage (browser storage) to store your authentication token and user preferences. We do not use tracking cookies or third-party advertising cookies.
9. Children
Discipline-M is not intended for use by anyone under 18 years of age. We do not knowingly collect data from minors. Trading in securities requires you to be of legal age.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify users of significant changes via email to the address associated with their account.
11. Contact
Data Protection Officer
NiyamKavach AI Labs Pvt Ltd
Email: hello@disciplinem.com
Website: disciplinem.com