Privacy Policy

This Privacy Policy explains how DownStox (“we”, “our”, or “us”), operated at downstox.com, collects, uses, stores, and protects information about you when you use our website and services. By using DownStox, you agree to the practices described in this policy.

1. Information We Collect

We collect information in two ways: data you provide through authentication, and data generated automatically when you use the service.

1.1 Account & Authentication Data (via Upstox OAuth)

When you log in using your Upstox account, we receive and store the following data from Upstox’s OAuth 2.0 authorization flow:

• Upstox User ID
• Full name (as registered with Upstox)
• Email address (as registered with Upstox)
• OAuth access token and refresh token

We never collect or store your Upstox password. Authentication is handled entirely by Upstox’s secure OAuth 2.0 system. DownStox only receives the access token that Upstox issues after you authorize the connection.

1.2 Order History

When you place MTF (Margin Trading Facility) or GTT (Good Till Triggered) orders through DownStox via the Upstox API, we store a record of those orders — including instrument details, order type, quantity, price, and status — associated with your account for your reference.

1.3 Automatically Collected Data

• Browser type, device type, and operating system (for compatibility)
• Pages visited and features used (for service improvement)
• IP address (for security and fraud prevention)

2. How We Use Your Information

We use the information we collect solely to provide and improve DownStox services:

• To authenticate your identity and maintain your session on the platform
• To facilitate MTF and GTT order placement through the Upstox API on your behalf
• To display your order history within the platform
• To maintain the security of your account and detect unauthorized access
• To improve the performance, reliability, and features of DownStox
• To comply with applicable legal obligations

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use your data to provide financial advice or investment recommendations.

3. Third-Party Services

DownStox integrates with the following third-party services to deliver its functionality:

4. Cookies and Local Storage

DownStox uses the following client-side storage mechanisms:

• localStorage — We store your session information (user ID, name, and Upstox ID) in your browser’s localStorage to keep you logged in across page visits. This data is stored only on your device and is cleared when you log out.
• Session cookies — Standard session cookies may be used for authentication state management. These expire when you close your browser or log out.

We do not use advertising cookies or third-party tracking cookies. You can clear your browser’s localStorage and cookies at any time through your browser settings.

5. Data Storage and Security

Your account data and order history are stored in a secured MySQL database hosted on a private server. We implement appropriate technical and organizational measures to protect your data, including:

• Encrypted data transmission over HTTPS/TLS
• Access controls limiting database access to authorized systems only
• No storage of sensitive financial credentials (passwords, PINs, or trading PINs)

While we take reasonable steps to protect your information, no internet-based system is completely secure. We cannot guarantee absolute security of data transmitted to or stored on our platform.

6. Data Retention

• Account data — Retained for as long as your account is active, or until you request deletion.
• OAuth access tokens — Stored for the duration of your authenticated session. Tokens are refreshed or invalidated per Upstox’s token lifecycle policy.
• Order history — Retained to allow you to review your past orders. Deleted upon account deletion request.

7. Your Rights

You have the following rights with respect to your personal data:

• Access — You can request a copy of the personal data we hold about you.
• Correction — If your data is inaccurate, you may request that it be corrected. (Note: name and email are sourced from Upstox; changes must be made with Upstox directly.)
• Deletion — You may request deletion of your account and all associated data at any time by contacting us. Upon a valid deletion request, we will remove your account data, access tokens, and order history from our systems within 30 days.
• Revoke Access — You can revoke DownStox’s access to your Upstox account at any time from your Upstox account settings. This will invalidate the OAuth tokens we hold.
• Logout — Logging out clears your session from localStorage and ends your active session on this device.

8. Children’s Privacy

DownStox is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. Use of DownStox requires a valid Upstox brokerage account, which itself requires the user to meet Upstox’s eligibility requirements.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will update the “Last updated” date at the top of this page when we make changes. Continued use of DownStox after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

10. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, please contact us at: