Privacy Policy

What is CapTable?

Yourstory Media Private Limited, a company incorporated under the laws of India, having its registered office at [●] ("Company", “we”, “our”) is engaged in providing [●] (“Services”) through its website ("Website") to its users registered for the Services ("Users", “you”, “your”).

What is this Privacy Policy?

  1. This privacy policy (the “Privacy Policy”), together with the terms of use [insert hyperlink to the terms of use], describes how and why the Company collects, uses and discloses the information provided by Users and Visitors (as defined below). All Users and Visitors shall be bound by this Privacy Policy and the Company shall not use any information supplied by Users and Visitors except in accordance with this Privacy Policy. In order to use and access the Website and Services provided by the Company, it is necessary for Users and Visitors to accept this Privacy Policy along with the Terms of Use [insert hyperlink to the terms of use]. Users and Visitors who do not agree with the terms set out in this Privacy Policy and the Terms of Use are advised to refrain from accepting them and are advised to refrain from using any Services from/through the Company.

  2. The Users’ visit to and/or use of the Website and any dispute over privacy is subject to this Privacy Policy and the Terms of Use. The Company may update this Privacy Policy at any time, with or without advance notice. The Company shall not be required to notify the Users or Visitors of any changes made to this Privacy Policy. It is your responsibility, in such cases, to review the terms of this Privacy Policy from time to time.

Why does the Company have this Privacy Policy?

  1. This Privacy Policy is published pursuant to:

    1. Section 43A of the Information Technology Act, 2000;

    2. Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (“SPI Rules”); and

    3. Regulation 3(1)(a) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

  2. In this Privacy Policy, the Company will disclose what kind of information is collected from the Users. It will also specify why the Company collects this information, the modes and means by which it will be used, and the entities or persons who will have access to this information.

What is Sensitive Personal Data or Information?

  1. Under the SPI Rules, sensitive personal data or information of a person means and includes such personal information about that person relating to the following (“Personal Information”):

    1. Passwords;

    2. Financial information such as bank accounts, credit and debit card details or other payment instrument details (“Financial Information”);

    3. Physical, physiological and mental health condition; 

    4. Sexual orientation;

    5. Medical records and history;

    6. Biometric information; and

    7. Information received by body corporates under lawful contract or otherwise.

  2. There is also certain information which will be collected from Users (such as name, email addresses and telephone numbers) which may be used to personally identify Users (“Personally Identifiable Information”). 

  3. It is important to note that information that is freely available in the public domain, or accessible under the Right to Information Act, 2005, or any other law will not be considered Personal Information, or as Personally Identifiable Information.

Whose information is collected by the Company?

  1. Users are required to give Personal Information and Personally Identifiable Information only if the User creates a user account on the Website. Therefore, there is no compulsion on those who simply browse the Website to provide any such Personal Information. Users can also refrain from submitting any information at any time and refrain from accessing the Website and availing the Services provided the Company. At all points, it is advised that Users exercise strict caution while submitting any Personal Information. 

  2. Users can access, modify, correct and eliminate the data about him/her/it which has been collected pursuant to his/her/its decision to become a User. 

What kind of information does the Company collect and how is it used?

Without the need for further, repeated consents (aside from the acceptance of this Privacy Policy) by the User, information including Personal Information, Personally Identifiable Information and/or Financial Information shall be collected by the Company on an ongoing basis, for one or more of the following reasons:

  1. Personal Information / Personally Identifiable Information 

    1. For creating a user account, we request for your name and email address or phone number. You may also be asked to choose a username and a password, which will be used solely for the purpose of providing access to your user account. Your name, email address and phone number will be used to inform you regarding new services, releases, upcoming events and changes in this Privacy Policy.

    2. We will have access to third party personal information provided by you as part of using Services such as contacts in your phonebook. This information may include third party names, email addresses, phone numbers and physical addresses and will be used for servicing your requirements as expressed by you to us and solely as part and parcel of your use of Services. We do not share this third party personal information with anyone for promotional purposes, nor do we utilize it for any purposes not expressly consented to by you.

    3. We post User testimonials on our Website. These testimonials may include names and other Personal Information and we acquire permission from our Users prior to posting these on our Website. We are not responsible for the Personal Information Users elect to post within their testimonials.

    4. Your usage details such as time, frequency, duration and pattern of use, features used and the amount of storage used will be recorded by us in order to enhance your experience of the Services and to help us provide you the best possible service.

    5. We store and maintain User data stored in your user account at AWS, Singapore. In order to prevent loss of data due to errors or system failures, we also keep backup copies of data including the contents of your user account. Hence your files and data may remain on our servers even after deletion or termination of your user account. We may retain and use your Personal Information and data as necessary to comply with our legal obligations, resolve disputes, and enforce our rights.

  2. Financial Information

In case of services requiring payment, we request credit card or other payment account information, which will be used solely for processing payments. Your financial information will not be stored by us except for the name and address of the card holder, the expiry date and the last four digits of the credit card number. Subject to your prior consent and where necessary for processing future payments, your financial information will be stored in encrypted form on secure servers of our reputed payment gateway service provider who is beholden to treating your Personal Information in accordance with this Privacy Policy.

    3. Visitor data

We use the Internet Protocol address, browser type, browser language, referring URL, files accessed, errors generated, time zone, operating system and other visitor details collected in our log files to analyze the trends, administer the website, track visitor's movements and to improve our website. We link this automatically collected data to other information we collect about you.

    4. Analytics 

We use third party software for analytics. All metrics information collected from your usage of the Service shall be transmitted to analytics provider. This information is then used to evaluate how users use Service, and to compile statistical reports on activity for us. We further use the same statistical analytics tool to track or to collect your Personal Information. We will use this information in order to maintain, enhance, or add to the functionality of the Service and to personalize the experience for you. Anonymized and aggregated information and analysis may be made public where desired by the Company.

    5. Cookies and tracking technology

  1. We use Local Storage Objects (“LSOs”) such as HTML5 to store content information, preferences and to keep you signed-in. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your web browsing activity use LSOs such as HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs.

  2. We partner with third parties to manage our advertisements on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. 

  3. It is at the discretion of Users to set or amend their web browsers to delete or disable cookies. Disabling cookies on a computer or mobile telecommunication device may impair, degrade or restrict access to certain areas of the Website. Temporary cookies may be cleared by quitting the browser. However, Users are encouraged to use the “clear cookies” functionality of their browsers to ensure deletion, as the Company cannot guarantee, predict or provide for the behavior of the equipment of all the Users of the Website.

    6. External widgets 

We provide the users third party widgets such as Facebook and Twitter buttons on the Website that allow users to share articles and other information on different platforms. These widgets may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the widgets to function properly. These widgets do not collect or store any Personal Information from Users on the website and simply act as a bridge for your convenience in sharing information. Your interactions with these widgets are governed by the privacy policy of the company providing it.


While the Company shall make reasonable endeavors to ensure that the User’s Personal Information and the Financial Information is duly protected by undertaking security measures prescribed under applicable laws, the User is strongly advised to exercise discretion while providing Personal Information or Financial Information while using the Services given that the Internet is susceptible to security breaches.

Who has access to your information?

  1. Employees and authorised personnel

All information that is collected, stored and disclosed to the Company by Users is accessible only to authorised personnel and employees on a need-to-know basis. All Company employees and data processors, who have access to and are associated with the processing of Personal Information or Financial Information provided by Users are obliged to respect the confidentiality of every User’s Personal Information or Financial Information. The Company has implemented security policies, rules and technical measures, as required under applicable law including firewalls, transport layer security and other physical and electronic security measures to protect the Financial Information and Personal Information that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. While the Company is committed to maintaining confidentiality of all Personal Information, Personally Identifiable Information and Financial Information, the Company shall not be responsible for any breach of security or for any action of any third parties that receive Users’ personal data or events that are beyond the reasonable control of the Company including, acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, etc. All information collected from the Users by the Company is maintained in electronic form on servers and/or cloud systems and shall be accessible by certain employees of the Company. The User information may also be converted to physical form from time to time. Regardless of the manner of storage, the Company shall make commercially reasonable endeavors to ensure that the User information is rendered confidential, and will disclose User information only in accordance with the terms of this Privacy Policy.

    2. Government institutions or authorities 

The Company may be required to disclose Personal Information or Financial Information to governmental institutions or authorities under any law or judicial decree. The Company may also do so in its sole discretion, if it deems it necessary in order to protect its rights or the rights of others, to prevent harm to persons or property, to fight fraud and credit risk, or to enforce or apply the Terms of Use. The Company shall not be responsible for the manner or method in which such institutions and authorities use or disclose such information.

    3. Other parties

The Company may share / use Personal Information and Personally Identifiable Information provided by Users with the other parties such as affiliates, resellers, service providers and business partners for the purposes of:

  1. providing services, technical support and enhancing User experience; 

  2. data storage, database management, web analytics and payment processing;

  3. detecting and preventing identity theft, fraud or any other potentially illegal acts; or

  4. monitoring and enhancing User interest and engagement, including through promotional activity, personal messages to Users using Personally Identifiable Information provided by Users, etc; or

  5. processing the purchase of Products and Services on the Website.

In the event that such other parties have access to Personal Information or Personally Identifiable Information, the Company may, at its discretion, make commercially reasonably efforts to ensure that the other parties treat such Personal Information at least as protectively as they treat personally identifiable information obtained from their users or members.

We will obtain your prior specific consent before we share your or Personal Information to any person outside the Company for any purpose that is not directly connected with providing our Services to you We do not sell your Personal Information to third parties. We may share generic aggregated demographic information not linked to any Personal Information regarding visitors and users with our business partners and advertisers.

    4. Merging / acquiring parties

In the event that the Company is merged with or acquired by another business entity, the Company will be required to transfer all Personal Information to such merging or acquiring party. In such a case, the Company will take all reasonable efforts to make sure that Personal Information is protected by the merging or acquiring entity, in conformity with applicable laws. 

    5. Third party upon sale 

The Company may also disclose or transfer the personal and other information provided by Users, to any third party as a part of reorganization or a sale of the assets, division or transfer of a part or whole of the Company. Any third party to which the Company transfers or sells its assets will have the right to continue to use the personal and other information that Users provide to the Company.

    6. Advertisers

The Company may allow other companies or entities to serve advertisements to Users. These companies or entities include third party advertisement servers, advertisement agencies, advertisement technology vendors and research firms. The Company may target some advertisements to Users that fit a certain general profile but does not use Personally Identifiable Information to target advertisements to specific Users. While serving advertisements or optimising the Services to its Users, the Company may allow authorised third parties to place or recognise a unique cookie on the User’s browser.

    7. Third-party sites 

The Company does not exercise control over the websites displayed as search results or links from within the Services. These other sites may place their own cookies or other files on the Users’ computer, collect data or solicit Personal Information or Financial Information from the Users, for which the Company shall not be held responsible or liable. The Company does not make any representations concerning the privacy practices or policies of such third parties or terms of use of such websites, nor does the Company guarantee the accuracy, integrity, or quality of the information, data, text, software, sound, photographs, graphics, videos, messages or other materials available on such websites. The inclusion or exclusion does not imply any endorsement by the Company of such websites, the websites’ provider, or the information on the website.


The Company will never ask Users or Visitors to provide any sensitive or personal information through email or the telephone. Any requests to do so must not be entertained by Users or Visitors and they are requested to refrain from revealing any such information. Knowledge and details of such requests are to be forwarded to [insert email ID] so that the Company may take necessary action. 

Whom does Company not collect information from?

  1. The Company does not knowingly collect personal data from children (only persons above the age of 18 shall be permitted to use the Website, as provided in the Terms of Use). If someone below this age accesses and uses the Website, the Company will not be held liable for any damage or injury suffered due to the divulging of any information.

  2. Personal or Financial Information of those who are simply browsing the Website with no action towards using the services in any way (“Visitor”) will not be collected. However, provisions of the Privacy Policy pertaining but not limited to cookie usage, location, website records, etc. will be applicable to Visitors. Therefore, we urge Visitors to also peruse the Privacy Policy prior to accessing the Website. 

  3. In case a Visitor has willingly submitted any Personal Information or Financial Information (including phone numbers, email addresses, responses to surveys, etc.) to the Company through any means, including email, telephone calls, telephonic messaging or while availing or signing-up for the Services, he/she/it will be considered to be Users for the purpose of this Privacy Policy. 

  4. If you, as a Visitor, have inadvertently browsed any other pages of the Website prior to reading the privacy statements set out herein, and you do not agree with the manner in which such information is obtained, stored or used, merely quitting the Website should ordinarily clear all temporary cookies installed by the Company. All Visitors, however, are encouraged to use the “clear cookies” functionality on their browsers to ensure such clearing or deletion, as the Company cannot guarantee, predict or provide for the behavior of the equipment of all the Visitors of the Website.

  5. If you are accessing the Website from outside India you must ensure that you are not violating any local or national law of your location. The Company will not be liable for legal violations committed in this regard. 

Does the Website have an Opt-Out Policy?

  1. The third-party service providers with whom the Company may share Personal Information or Financial Information provided by Users are not permitted to market their own services or send promotional e-mails or engage in promotional communication with the Users. All Users may opt-out of receiving non-essential, promotional, or marketing-related communication from itself or its partners. These settings can be found on the Website. 

  2. If a User wishes to remove his/her/its contact information from all the Company’s lists and newsletters, the User can click on the "unsubscribe" link or follow the instructions in each e-mail message. Alternatively, the User can contact the Company at [insert email ID]. The Company reserves the right to limit membership based on availability of contact information. All Users will be notified by email prior to any actions taken.

What are the reasonable security practices and procedures adopted by the Company? 

  1. [Please set out the reasonable security practices and procedures adopted by the Company]

What are the details of the grievance officer appointed by the Company? 

Any grievances in relation to the information shared by the User with the Company may be brought to the attention of [Mr/Ms] [●], the grievance officer appointed by the Company (“Grievance Officer”). The phone number of the Grievance Officer is [●] and the email address of the Grievance Officer is [●].