Privacy Policy

Last updated: February 30, 2025

Nepse Lightning Pvt. Ltd. ("Nepse Lightning", "We", "Our" or "Us") has prepared this Privacy Policy to describe our policies and procedures on the collection, use and disclosure of your information when you use the website and tell you about your privacy rights and how the law protects you at our Nepse Lightning website (https://nepselightning.com).

If you have any questions or concerns or complaints about our Privacy Policy, or if you want to report any suspected security violations, please contact us at info@nepselightning.com

Collecting and Using Your Personal Data

Types of Collected Data

Information You Provide to Us

While using our Service, we may ask you to provide us certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include:

  • Email address
  • Full name (first name and last name)
  • Contact number (phone number)
  • Date of birth
  • Identity type (Individual or Organization)
  • Company information (when submitting promoter share listings)
  • Proof of ownership documents (via URL links)

e-KYC (Know Your Customer) Information

When you complete the e-KYC verification process to access certain features, we collect additional sensitive information including:

  • BOID (Beneficiary Owner Identification) number
  • National Identity (NID) number
  • Citizenship number, issue date, and issue place
  • PAN (Permanent Account Number)
  • Temporary and permanent addresses
  • Family information (grandfather's name, father's name, mother's name, spouse's name)
  • Occupation and source of funds
  • Annual income range
  • Bank name and account number
  • Payment status for premium features

This information is collected to comply with Nepal's financial regulations and to verify the identity of users accessing investment-related services.

Usage Data

Usage data may include information such as:

  • Your device's Internet Protocol address (e.g. IP address), browser type, browser version
  • The pages of our website that you visit, the time and date of your visit, the time spent on those pages
  • When you access the website by or through your device, we may collect certain information automatically, including, but not limited to, the type of device you use, your device unique identifier, your device operating system and other diagnostic data

Cookies

We use Cookies and similar tracking technologies to track the activity on our website and store certain information. "Cookies" are small pieces of data that a website sends to your device while you are viewing the website. Tracking technologies are used to collect and track information and to improve and analyze our Service.

If you do not wish to have cookies placed on your device, you should set the browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some parts of our Service.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your device when you go offline, while Session Cookies are deleted as soon as you close your web browser.

Analytics

We use third-party analytics services including services provided by Google, Inc. and its affiliates ("Analytics Services"), to help analyze how you use our services. The information generated by the Cookies or other technologies about your use of our services (the "Analytics Information") is transmitted to the Analytics Services for necessary compilation and processing.

Authentication Data

We offer multiple authentication methods to access our platform:

  • Email/Password Authentication: When you create an account using email and password, we store your email address and an encrypted version of your password.
  • Google OAuth: When you sign in with Google, we receive your email address, name, and profile information from Google. We do not receive or store your Google password.

Authentication data is managed by Supabase, our trusted authentication service provider, and is used solely for account access and security purposes.

Third-Party Service Providers

We use the following third-party services to operate our platform:

  • Supabase: Database storage and authentication services. Your data is stored securely on Supabase servers.
  • Upstash Redis: Rate limiting and performance optimization to prevent abuse and ensure fair usage.
  • Vercel: Web hosting and analytics services to monitor site performance and user experience.
  • Google Analytics: Website analytics to understand user behavior and improve our services.

These service providers have access to your personal information only to perform specific tasks on our behalf and are obligated to protect your information and not use it for other purposes.

Use of the Collected Data

We may use collected data for the following purposes:

  • To improve our Service, including monitoring the usage of our service
  • To manage your account for registration as a user of the service. The Personal Data you provide can give you access to different features of the service that are available to you as a registered user
  • To verify your identity through the e-KYC process and comply with Know Your Customer (KYC) regulations in Nepal
  • To determine eligibility for premium features and confidential investment opportunities
  • To manage your requests and to understand your requirements
  • To process and manage promoter share listings and company submissions
  • To facilitate communication between buyers and sellers of unlisted shares
  • To comply with legal and regulatory requirements in Nepal, including regulations by SEBON and Nepal Rastra Bank
  • To prevent fraud, monitor for suspicious activity, and maintain the security of our platform
  • To send you important updates about your account, e-KYC status, and service announcements

Retention of Collected Data

We will retain collected data as long as it is necessary for the purposes set out in this Privacy Policy and/or to the extent necessary to comply with our legal obligations, resolve disputes and enforce agreements.

  • Account Data: Retained for as long as your account is active or as needed to provide you services.
  • e-KYC Data: Retained for regulatory compliance purposes as required by Nepal's financial regulations, typically for a minimum of 5 years after account closure.
  • Transaction Records: Retained for 7 years or as required by applicable law.
  • Analytics Data: Typically retained for 26 months or as configured in our analytics tools.

When data is no longer necessary for the purposes for which it was collected, we will securely delete or anonymize it, unless we are required to retain it for legal, regulatory, or business purposes.

Disclosure of Collected Data

Law Enforcement and Regulatory Compliance

If required by law or in response to requests by government authorities, including but not limited to Nepal Rastra Bank (NRB), Securities Board of Nepal (SEBON), and other regulatory bodies, we may disclose collected data. This may include:

  • Responding to legal process (court orders, subpoenas, or government requests)
  • Complying with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations
  • Cooperating with investigations of suspected fraud or illegal activities
  • Protecting the rights, property, or safety of Nepse Lightning, our users, or others

Business Operations

We may share your information with trusted service providers who assist us in operating our platform, conducting our business, or serving our users, so long as those parties agree to keep this information confidential and use it only for the purposes we specify. This includes:

  • Cloud hosting providers (Supabase, Vercel)
  • Analytics service providers (Google Analytics)
  • Infrastructure and security service providers (Upstash Redis)
  • Payment processors (for premium access verification)

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information.

Security of Collected Data

The security of Collected Data is important to us. We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit using SSL/TLS protocols
  • Encryption of data at rest in our databases
  • Regular security audits and vulnerability assessments
  • Access controls limiting who can view your personal information
  • Rate limiting to prevent brute force attacks
  • Secure authentication mechanisms including password hashing

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. We will provide information about the breach, the data affected, and steps you should take to protect yourself.

Links to Other Websites

Our Website may contain links to third party websites that are not operated by us, which may be subject to the privacy policies of respective sites. This privacy policy only applies to information disseminated within our website. We are not responsible for the privacy practices of other websites.

Data Storage and International Transfers

Your personal information is stored securely on servers provided by our third-party service providers, including Supabase. These servers may be located outside of Nepal. By using our service, you consent to the transfer of your information to these locations.

We ensure that all service providers maintain adequate security measures and comply with applicable data protection regulations. Your data is encrypted both in transit and at rest to protect against unauthorized access.

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and you become aware that your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from children under 18 without verification of parental consent, we will take steps to remove that information from our servers.

Your Rights

Under applicable data protection laws, you have the following rights regarding your personal information:

  • Right to Access: You have the right to access the personal information we hold about you and request a copy of your data.
  • Right to Correction: You have the right to request correction of inaccurate or incomplete information. You can update most of your information directly through your account settings.
  • Right to Deletion: You have the right to request deletion of your personal information, subject to legal and regulatory requirements. Note that we may need to retain certain e-KYC data for compliance purposes even after account closure.
  • Right to Object: You have the right to object to or restrict the processing of your personal information in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before the withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

To exercise these rights, please contact us at info@nepselightning.com. We will respond to your request within 30 days. Please note that we may need to verify your identity before processing your request.

Important Note: Deletion of e-KYC information may result in loss of access to certain features of the platform that require identity verification. We are required to retain certain information for regulatory compliance even after you request deletion.

Updates to this Privacy Policy

We may update our Privacy Policy as required. We encourage you to frequently check this page for any updates. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy, you may contact us at info@nepselightning.com

Nepse Lightning Pvt. Ltd.
Registered in Kathmandu, Nepal

Nepse Lightning
Get it on Google PlayDownload on the App Store

Nepse Lightning is a digital marketplace designed to give investors early access to Nepal’s most promising private companies—in some cases, well before they list on NEPSE. We bring structure, transparency, and accessibility to unlisted shares, and pre-IPO investments, enabling informed participation in high-growth opportunities traditionally reserved for insiders.

All trademarks and logos or registered trademarks and logos found on this Site or mentioned herein belong to their respective owners and are solely used for informational and educational purposes.

The material presented in this advertisement is for informational purposes only and should not be construed as investment advice or investment availability. It is not a recommendation of, or an offer to sell or solicitation of an offer to buy, any particular share, security, strategy, or investment product. Investing in the capital markets and securities involves risks, including the potential loss of money, and past performance does not guarantee future results. Market trends, data interpretations, and graph projections are provided for informational and illustrative purposes and may not reflect actual future performance. Nothing on this website should be construed as personalized investment advice or should not be treated as legal, financial, or any other form of advice. Nepse Lightning is not liable for financial or any other form of loss incurred by the user or any affiliated party based on information provided herein.

Nepse Lightning is neither a stock exchange nor does it intend to get recognized as a stock exchange under the Securities Act, 2063. Nepse Lightning is not authorized by the Securities Board of Nepal (SEBON) to solicit investments. The data and insights provided on these platforms are for analytical purposes and do not constitute trading on a regulated exchange through this entity.

The website will be updated regularly.

PAN: 623519677 · CRN: 382650/82/83 · Contact: +977 976-1155511 · info@nepselightning.com

© 2026 Nepse Lighting Pvt. Ltd. All rights reserved. Registered in Kathmandu, Nepal.