wordpress blog stats
Connect with us

Hi, what are you looking for?

Why we included the right to delete personal information in Sqrrl: Aditya Sahay

Sqrrl, a mutual fund advisory app for India, was built for getting the first time investors to get started with investing in mutual funds. Like most early stage products, for most of our initial versions, we ended our relationship with the customer when she uninstalled the app. This was, however, inadequate. Several customers did not want to stop at that, and requested us to delete their personal information.

Since the past few months, we have added a switch for our customer success team to delete all account information whenever a customer requests it. We believe this is a significant step towards giving customers control over their personal data, as well as a proactive move before provisions of the upcoming data privacy bill become law.

What data we collect and Why

We’re a private limited company, registered as a Registered Investment Advisor (RIA) and regulated by SEBI. Since investing in the securities market is a much more of a “serious” activity than, say, purchasing groceries or listening to music on an app, we need to be very careful and strict about the data we collect and store. We collect the following data:

Investor Data

Any investor investing through us needs to share important personal information:

  • Name, address and contact
  • PAN details and KYC (Know Your Customer) documents like ID and address proofs
  • At least one savings bank account details
  • Additional disclosures (e.g., residency and tax status, nominee information)

Finally, once a customer makes an actual transaction in a mutual fund, all details of the transaction – from the initial payment gateway request to the final settlement in the mutual fund account, are also maintained by us for operational and compliance reasons.

App Data

Running any transactional service using an app means user data makes it to not just our own database, but several tools which are essential to running an online service:

  • Analytics
  • Communications (sms, email, push) – both promotional and transactional
  • Advertising and marketing platforms (however data is rarely personally identifiable)
  • Customer support systems
  • Email, chat and any communication tools, both internal and user-facing.
  • All sorts of low level logs generated by code, network requests and so on.
  • Any inputs provided to the app – like investment goals, user avatar and so on.

All these services are crucial to running a successful online service, yet they add complexity when trying to delete the app data across third-parties.

Our Approach to “Right to Delete”

As Uncle Ben told Peter (in Spiderman), with great power comes great responsibility.

There are broadly two kinds of accounts on Sqrrl – the “explorers” and the actual transacting customers. Before a customer actually completes a transaction, she is simply exploring the app’s features and making up her mind whether to proceed or not. If the customer hasn’t even shared KYC details with us, it is fairly straightforward to delete her account.

In case of customers who complete entire setup (including KYC) and decide not to purchase, while we are happy to delete app data, we keep an archive of KYC data for regulatory audits.

In case of customers who make a transaction, we are required by law to maintain data for seven years – a requirement for all financial services firms. Similar requirements exist all over the world. If a customer, say Nirav M., simply stops using an app, that doesn’t mean his transaction history would be deleted and therefore be unavailable for any future scrutiny by tax or other authorities.

It is in these cases we have the hardest time explaining to customers why we are unable to delete their data. These legal requirements supercede any data privacy expectations, and as a regulated company we would very much like not to go to jail or pay enormous fines.

Current Implementation

In our current implementation, there is a “switch” available to our customer success team that acts upon requests to delete data. The switch deletes live records, as well as disables communication on third-party platforms for the given accounts. In cases where deletion is not possible, our team explains this to the customer as best as possible.

The Road Ahead

The next phase would try to remove (as far as possible) customer from associated tools (e.g., analytics platform). It may be sufficient to simply overwrite any personally identifiable data with junk values so that the aggregate data remains (which is useful from analytics perspective) while nobody knows who exactly the user is. This needs most work and will need support from respective platforms, hence left for the future.

An alternative approach

Where deletion of transaction data is not possible, we are exploring a way to archive the data in a separate system where it is available to authorised personnel if needed, but otherwise stored away from live customer data. This is a good compromise and is something we are currently exploring.

Conclusion

The “Right to Delete” is one of the several measures that gives customers control over the use of their own data by a product or service that they use. An explicit deletion (or archival) of customer data is a great way to drastically reduce chance of misuse of data – something that unfortunately we have taken to be a way of life.

All businesses must clearly map out where all user data flows, and what relationships are in place for safety (and eventually, deletion or overwriting) of this data. For online businesses, especially transactional, this tends to be quite a challenge. Multiple technical approaches exist for removal and archival of data, one must decide based on how regulated the industry is. Sqrrl has only now gotten started. We hope with Data Privacy Bill several gaps in our understanding will get plugged.

*

About the Author: Aditya Sahay, Head of Engineering, Sqrrl Fintech. Aditya leads Product and Engineering for Sqrrl Fintech, a commission-free mutual fund advisory app driving young Indians to take control of their financial wellness by investing in personalised plans in-line with their life goals, in a language of their choice.

Written By

Free Reads

News

Telecom companies are against a regulatory sandbox, as they think information revealed by businesses during the sandboxing process might be confidential should be out...

News

According to a statement, the executive body of the European Union had also sought internal documents on the risk assessments and mitigation measures for...

News

The newly launched partially open-sourced LLM Grok-1 can be commercially used but not trademarked.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...

News

Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...

News

The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...

News

Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...

News

Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ