24/7 hours support
caratonetechnologies@gmail.com
Download Mobile App
Image Image Image Image Image

Privacy Policy

HOME Privacy Policy


PRIVACY POLICY

Caratone

Last Updated : 17 February 2026


Company Information

CARATONE TECHNOLOGIES PRIVATE LIMITED (“Company”, “we”, “our”, or “us”), having its registered office at 1/220, SECTOR-1, GOMTI NAGAR VISTAR, Gomti Nagar, Lucknow, Uttar Pradesh - 226010, operates the Caratone mobile application and website. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.


Company Information

CARATONE TECHNOLOGIES PRIVATE LIMITED

CIN: U62010UP2025PTC228496

Registered Office: 1/220, SECTOR-1, GOMTI NAGAR VISTAR, Gomti Nagar, Lucknow, Uttar Pradesh - 226010

Email: caratonetechnologies@gmail.com


Digital Gold Services

We respect your privacy and hence handle your personal data with the utmost care and confidentiality. Please read the Privacy Policy carefully prior to using or registering on the Platform or accessing/availing the services on the Platform inter alia in relation to purchase/sale/transfer of Digital Gold from a brand named “Safe Gold” operated and managed by “Digital Gold India Private Limited”(hereinafter referred as “Safe Gold”) a company incorporated under the laws of India (“Services”).

This Privacy Policy specifies the manner in which personal data and other information is collected, received, stored, processed, disclosed, transferred, dealt with or otherwise handled by the Company. This Privacy Policy does not apply to information that You provide to, or that is collected by, any third-party through the Platform, and any Third-Party Sites that You access or use in connection with the services offered on the Platform.

By visiting the Platform, You (“You” or “Your”), accept and agree to be bound by the terms and conditions of this privacy policy (“Privacy Policy”). This Privacy Policy is incorporated into and subject to the terms of use of the Platform(“Terms”) and shall be read harmoniously and in conjunction with the Terms.

It is important that you read this privacy notice together with any other privacy policy or fair processing notice we may provide on specific occasions or when we are collecting or processing Personal Information about You so that You are fully aware of how and why we are using Your Personal Information . Additionally, we also recommend you to read the terms and privacy policy of Safe Gold which can be accessed at https://www.safegold.com/privacy-policy

1. SCOPE AND LEGAL BASIS

1.1 Compliance Framework

This Privacy Policy ("Policy") is designed to comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act") for the processing of digital personal data in India. The DPDP Act applies to the processing of digital personal data within India and also has extra-territorial application when offering goods or services to Data Principals in India.

This Policy is also published in accordance with the Information Technology Act, 2000, and the rules made thereunder, to ensure transparency in our data processing practices.

1.2 Incorporation

This Policy is incorporated by reference into our Terms of Use and forms an integral part of your agreement with us.

2. DATA FIDUCIARIES AND ROLES

2.1 Caratone as Data Fiduciary

Caratone acts as a Data Fiduciary for the processing of personal data related to platform analytics, account management, customer support, and user experience.

2.2 SafeGold/DGIPL as Data Fiduciary

SafeGold/DGIPL acts as an independent Data Fiduciary for the processing of personal data related to KYC, vaulting, transaction fulfilment, and regulatory compliance. DGIPL receives personal data directly from you and also via Caratone.

2.3 Data Sharing with Intermediaries

DGIPL shares customer data with its Intermediaries, including the Security Trustee/Trustee Administrator and Custodian, for the purpose of fulfilling delivery, vaulting, and other service obligations. Such sharing is subject to confidentiality obligations.

3. PERSONAL DATA WE COLLECT

We collect the following categories of personal data:

3.1 Identity and KYC Data

We collect your name, date of birth, PAN (Permanent Account Number), Aadhaar Number, and KYC verification artefacts.

Depending on tiered KYC thresholds, additional documents may be required for higher transaction values or holdings.

3.2 App Permissions

The App may request access to:

Camera (for KYC verification and profile update)

Gallery/Storage (for uploading KYC or profile documents)

Device identifiers (for fraud prevention)

We do not access contacts, SMS, or call logs.

3.3 Contact Information

We collect your mobile number, email address, and postal address for delivery, communication, and account management purposes.

3.4 Transaction Data

We collect data relating to your purchases, sale-backs.

3.5 Payment and Settlement Metadata

We collect masked payment instrument identifiers, UPI Virtual Payment Addresses (VPAs), and transaction metadata from payment partners. We do not store full card numbers, CVVs, or UPI PINs.

3.6 Device and Usage Data

We collect device information, IP addresses and error logs for security, fraud prevention, and customer support purposes.

4. PURPOSE OF PROCESSING AND LEGAL BASES

We process your personal data for the following purposes and on the following legal bases:

4.1 Consent

We process personal data based on your consent for account sign-up, marketing communications, promotional offers, and cookies/tracking technologies.

4.2 Legitimate Uses and Legal Obligations

We process personal data to comply with legal obligations and for legitimate uses, including KYC and AML screening, fraud prevention and detection, responding to law enforcement requests, tax invoicing and reporting, grievance handling, compliance with Trustee arrangements, and security monitoring.

4.3 Contractual Necessity

We process personal data as necessary to perform our contract with you, including purchase and sale-back fulfilment, wallet and settlement operations, storage administration, delivery logistics, and customer support.

5. DATA SHARING AND RECIPIENTS

We share your personal data with the following categories of recipients:

5.1 SafeGold/DGIPL and Intermediaries

We share your personal data with SafeGold/DGIPL and its Intermediaries, including the Security Trustee/Trustee Administrator and Vault Keeper, for the purposes of vaulting, delivery, storage administration, and enforcement of charges where applicable.

5.2 Payment Partners

We share necessary data with payment gateways, UPI service providers, and other payment partners for payment processing, refunds, and settlement.

5.3 Wallet Clarification

Caratone does not store or hold customer funds. All payments are processed through ICICI Bank–authorized payment gateway partners. Stored value or gold balances are managed by DGIPL (SafeGold).

5.4 Logistics Providers

We share delivery addresses and contact information with logistics providers for delivery, re-delivery, and tamper investigations.

5.5 Regulators and Law Enforcement

We may share personal data with regulators, law enforcement agencies, courts, and other government authorities as required under applicable law, including for fraud reports, suspicious activity reports, and compliance with legal orders.

6. USER RIGHTS UNDER THE DPDP ACT

You have the following rights under the DPDP Act:

6.1 Right of Access

You have the right to obtain a summary of the personal data we process about you and the identities of Data Processors with whom your data has been shared.

6.2 Right to Correction and Erasure

You have the right to request correction, completion, updating, and erasure of your personal data. Erasure is available when processing is based on consent or when otherwise permitted by law.

6.3 Right to Withdraw Consent

You have the right to withdraw your consent at any time for consent-based processing. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal.

6.4 Right to Grievance Redressal

You have the right to raise complaints to our Grievance Officer. If your complaint is not resolved to your satisfaction, you may escalate it to the Data Protection Board of India.

6.5 Right to Nominate

You have the right to designate a nominee who may exercise your rights under the DPDP Act in the event of your death or incapacity.

7. CHILDREN'S DATA

The Platform is intended only for individuals aged 18 years and above. We do not knowingly allow minors to create accounts or use the services. If we discover that a minor has registered, the account will be suspended and the data will be deleted in accordance with applicable law.

We do not knowingly permit minors (persons under 18 years of age) to use the Platform or Services. If we become aware that we are processing children's personal data, we will obtain verifiable parental or guardian consent. We will not use children's data for tracking, targeted advertising, or behavioural monitoring.

8. DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required under applicable laws. We delete or irreversibly anonymise personal data once the purpose is fulfilled or consent is withdrawn, subject to statutory retention requirements.

Operational retention periods apply for storage timelines, unclaimed proceeds (Grace Period and Final Claim Period), legal holds, and regulatory compliance.

9. CROSS-BORDER TRANSFERS

Personal data may be transferred to countries outside India, except to countries that have been restricted or prohibited by the Government of India. Cross-border transfers will be protected by appropriate contractual safeguards, security measures, and compliance with applicable law.

10. SECURITY MEASURES

We implement technical and organisational security measures appropriate to the risk, including access controls, encryption in transit and at rest, secure software development practices, regular security audits, and vendor due diligence.

Confidential information is protected with at least the same degree of care as we apply to our own confidential information.

11. BREACH NOTIFICATION

In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals in accordance with the timelines prescribed by law and applicable rules. We will coordinate remediation efforts to mitigate harm.

12. COOKIES AND TRACKING TECHNOLOGIES

We may use cookies, software development kits (SDKs), and similar tracking technologies to enable core platform functions, measure usage and performance, detect fraud, and deliver product improvements. Where required by law, we will obtain your consent and provide opt-out mechanisms.

Some data inaccuracies may result from system errors. We reserve the right to correct such errors.

13. FRAUD, DISPUTES AND ENFORCEMENT

In cases of suspected fraud or unlawful activity, we may freeze accounts, conduct investigations, and share data with law enforcement and regulatory authorities. We may reverse fraudulent transactions to the extent possible.

Records maintained by us may be deemed conclusive evidence in disputes with customers.

We may disable access to abusive content, reviews, or communications that violate our policies.

Financial Disclosure

Caratone does not accept deposits or operate as a bank or NBFC. Digital Gold is not a bank deposit and is not insured by the Government of India or RBI. Caratone does not hold customer funds. Payments are processed through authorised payment gateway partners.

a. Caratone does NOT hold user funds

b. Payments processed via authorized payment gateway (ICICI)

c. Gold held by custodian (Brinks)

d. Not a bank deposit

e. Not RBI regulated product (if applicable)

Investment Risk Disclosure

Digital Gold prices fluctuate based on bullion markets. The value of your holdings may increase or decrease. Sale-back is subject to market liquidity and operational availability.

Refund & Cancellation

All purchases and sale transactions of Digital Gold on the Platform are final and cannot be cancelled once successfully processed, as gold is instantly allocated or sold at prevailing market prices.

However, refunds may be applicable in the following situations:

1. Failed Transactions

If a payment is deducted from your bank account or wallet but the gold purchase is not completed due to technical or network issues, the amount will be automatically refunded to your original payment method.

2. Chargebacks and Disputes

Any payment disputes or chargebacks must be raised with your payment provider. The Company reserves the right to suspend or restrict your account during investigation of fraudulent or disputed transactions.

3. Incorrect or Duplicate Payments

If an excess or duplicate payment is made, the refundable amount will be processed after verification, in accordance with applicable laws and platform policies.

4. Refund Policy Link

For detailed information, please refer to our Refund Policy.

14. GRIEVANCE OFFICER AND COMPLAINTS

We have appointed a Grievance Officer in accordance with the Information Technology Act, 2000, and the rules made thereunder. The Grievance Officer's contact details and response timelines are published on the Platform.

Complaints and grievances will be redressed in accordance with applicable law.

Grievance Officer:
Ashutosh Singh,
caratonetechnologies@gmail.com
+91-8299040563
1/220, SECTOR-1, GOMTI NAGAR VISTAR, Gomti Nagar, Lucknow, Uttar Pradesh - 226010
Response timeline: 4-5 working days.

15. CHANGES TO THIS POLICY

We may amend this Policy from time to time. We will notify you of material changes through the Platform, email, SMS, or other reasonable means. Your continued use of the Platform after such notification indicates your consent to the revised Policy.

Where consent is the legal basis for processing, we will refresh consent notices to reflect current processing practices.

16. DATA PROCESSOR OBLIGATIONS

We bind Data Processors by contract to process personal data only on our documented instructions, apply appropriate security measures, maintain confidentiality, and delete or return personal data upon expiry of the purpose or termination of the contract.

17. CONTACT AND DATA RIGHTS REQUESTS

For questions about this Policy or to exercise your data rights, please contact our Grievance Officer at the contact details published on the Platform.

You may also use the in-app data rights portal (where available) to submit requests for access, correction, erasure, or withdrawal of consent. We will respond to your requests within the timelines prescribed by law.