Privacy Policy
Last updated: 1 July 2026
- Who we are. CapitalCall ("the App") is an internal customer-relationship and portfolio-management application operated by Bullsline Holding Private Limited ("Bullsline", "we"), an Indian company, for use by its financial advisors. Contact: ravi@bullsline.in.
- Google user data (Gmail). When an advisor connects a mailbox, the App requests these Google OAuth scopes:
gmail.readonly,gmail.send,gmail.modify. We use this access solely to: (a) display email relevant to the advisor inside the App's inbox; (b) ingest mutual-fund report emails from Registrar & Transfer Agents (CAMS/KFintech) for portfolio processing; (c) send email on the advisor's behalf when they compose it in the App; (d) mark messages as read. - Limited Use. CapitalCall's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements. We do not use Google user data for advertising, do not sell it, and do not transfer it to others except to provide the App's features, comply with law, or in a merger/acquisition where the successor honours this policy.
- What we store — and don't. We store only the OAuth tokens needed to keep the connection alive, in our database. We do not store the contents of your email. The inbox is rendered by fetching from Gmail in real time; it is not persisted, and any caching is short-lived and in-memory only. No human at Bullsline reads your email through the App except as needed for support you request, security, or legal compliance.
- Other data the App processes. As an advisor CRM, the App also stores records the advisor enters or imports — client contacts, identifiers (e.g. PAN), portfolio/folio and transaction data, notes, and documents — processed to provide the App to the advisor's practice.
- Infrastructure & sub-processors. Data is held with Supabase (database), Vercel (hosting), and Firebase Storage (client documents), under their security controls, plus Google (Gmail API). We do not sell data.
- Retention & deletion. OAuth tokens are retained until you disconnect the mailbox or revoke access, then deleted. You may request deletion of your personal data by contacting us.
- Revoking access. Disconnect a mailbox any time in the App (Emails → Accounts), and/or revoke CapitalCall's access at https://myaccount.google.com/permissions. Revoking stops all future access immediately.
- Your rights & changes. Consistent with India's DPDP Act you may request access, correction, or deletion of your personal data. We may update this policy; the "last updated" date reflects the current version.
- Contact. ravi@bullsline.in · Bullsline Holding Private Limited, India. See also our Terms of Service (/terms).