Legal

Privacy Policy.

This page explains what personal data we collect, why we collect it, who we share it with, and the rights you have over it under India's Digital Personal Data Protection Act, 2023. Plainly, and without the fog.

Draft · pending legal review Last updated 20 May 2026

The short version

We collect the personal data we need to open your account, complete KYC, and help you invest in mutual funds. We use it for that purpose, and we ask your consent before we do.

We share it only where the service genuinely requires it: with the regulated parties that process mutual fund transactions, and within the MoneyWorks4Me group. We do not sell your data.

You have clear rights over your data under the Digital Personal Data Protection Act, 2023. Section 11 explains how to use them.

About this policy

This Privacy Policy applies to the Third Rock Wealth website and mutual fund distribution service. It should be read together with our Terms and Conditions. It is written to reflect India's Digital Personal Data Protection Act, 2023 (the "DPDP Act") and the data-protection expectations of SEBI and AMFI for a Mutual Fund Distributor.

In this policy, "personal data" means information that relates to you and can identify you. "You" are the person the data is about, which the DPDP Act calls a Data Principal.

Who is responsible for your data

Third Rock Wealth, the mutual fund distribution service operated under the Third Rock Wealth brand by MoneyWorks4Me, decides why and how your personal data is used for this service. Under the DPDP Act this role is called a Data Fiduciary.

Third Rock Wealth and Omega Portfolio Advisors are sister services within the MoneyWorks4Me group. Third Rock Wealth distributes mutual funds; Omega Portfolio Advisors is a SEBI-registered Investment Adviser. They are separate, separately regulated services. If you choose to use both, each uses your data for its own purpose, and section 7 explains how data may be shared within the group.

The exact legal operating entity acting as Data Fiduciary, and the name and contact details of the person you can reach on data-protection questions, are confirmed in section 14. Items still being finalised are shown as marked placeholders, for example [name to be confirmed], for your counsel to verify before publication.

What data we collect

We collect only what the service needs.

Data you give us

When you register and use the service, you give us your name, mobile number, email address and an account password. To invest, you complete an investment-profile intake form, which includes information such as your financial goals, investment horizon, risk tolerance, income and existing holdings. To transact in mutual funds you also complete Know Your Customer (KYC) verification, which involves identity, address and bank information required by SEBI and AMFI rules.

Data we collect as you use the site

When you use the website we collect basic technical and usage information, such as device and browser type, and which pages and tools you used. Some of this is stored in your browser's local storage to keep the site working, for example to remember your watchlist, your investment-plan selections and whether you are signed in. Section 8 explains this.

Data we may receive from others

We may receive data about you from the regulated parties involved in mutual fund transactions, such as registrars and KYC Registration Agencies, so that we can service your account accurately.

How we collect it

We collect data directly from you when you register, fill the intake form, complete KYC, contact us, or use the website and its tools. We collect technical and usage data automatically as you browse. We receive data from the regulated transaction parties described above. We ask for your consent at the point of collection, as section 6 explains.

Why we use your data

We use your personal data to:

create and operate your account, and verify your identity;
complete KYC and process your mutual fund transactions as a distributor;
understand your stated goals and profile so the service is relevant to you;
communicate with you about your account, transactions and service updates;
provide support and respond to your questions and complaints;
keep the service secure and prevent fraud and misuse;
meet our legal, regulatory and record-keeping obligations under SEBI, AMFI and other applicable law.

We do not sell your personal data. We do not use it for purposes you have not been told about.

Cookies and local storage

This website uses your browser's local storage, and may use cookies, to make the service work. This includes keeping you signed in, remembering your watchlist and investment-plan selections, and saving basic preferences. We also use limited analytics to understand how the site is used so we can improve it.

You can clear or block this storage in your browser settings. If you do, parts of the site, such as the watchlist, the investment plan and staying signed in, may not work as intended.

How long we keep your data

We keep your personal data for as long as your account is active and for as long afterwards as we are required to by law and regulation. Records connected with mutual fund distribution and KYC must be kept for periods set by SEBI and AMFI rules. When data is no longer needed for the service or required by law, we delete it or anonymise it.

How we protect your data

We take reasonable technical and organisational measures to protect your personal data, including access controls, encryption in transit, and limiting who can see your data to those who need it for the service. No system can be promised to be perfectly secure, but if a personal data breach occurs that affects you, we will act on it and notify you and the Data Protection Board of India as the DPDP Act requires.

Your rights

Under the DPDP Act, as a Data Principal you have the right to:

Access a summary of the personal data we hold about you and how we have processed it;
Correct data that is inaccurate, and complete or update data that is incomplete or out of date;
Erase your personal data where it is no longer needed for the purpose it was collected and we are not required to keep it;
Withdraw consent at any time, as easily as you gave it;
Nominate another person to exercise your rights if you die or become unable to act;
Grievance redressal, meaning a readily available way to raise a concern about how your data is handled.

To use any of these rights, write to us at privacy@thirdrockwealth.com. We will verify your identity and respond in a timely manner, in accordance with applicable law and regulation. If you are not satisfied with our response, you may complain to the Data Protection Board of India.

Children's data

The Third Rock Wealth service is intended for adults aged 18 and over. We do not knowingly collect personal data of children except where an account is operated by a parent or lawful guardian on behalf of a minor, in which case the guardian's verifiable consent is required as the DPDP Act provides. If you believe a child's data has reached us without proper consent, contact us and we will address it.

Changes to this policy

We may update this policy from time to time, for example to reflect changes in law or in how the service works. When we make a material change we will update the date at the top of this page and, where appropriate, tell you directly. Please check this page from time to time.

How to reach us

For any question about this policy, or to use your rights:

Data protection email: privacy@thirdrockwealth.com
General email: hello@thirdrockwealth.com
Data Protection Officer: [name and designation to be confirmed]
Data Fiduciary: Third Rock Wealth, a mutual fund distribution service of MoneyWorks4Me [operating entity and CIN to be confirmed]
Registered office: Pune, Maharashtra, India [full address to be confirmed]
Hours: Monday to Friday, 10 am to 7 pm IST

If your concern is about service quality rather than data, our Grievance Redressal page sets out how to raise and escalate it.