Hi All,
Recently, we came across posts on social media, talking about permissions taken by financial apps, particularly about apps from Investing / Stock Trading platforms.
While we have always taken the Customer First approach on everything that we do, we felt the posts generalise the thought process that apps that take less permissions are good. We felt we should transparently write about our own perspectives on this topic and give our users a full picture of this.
Even when Dhan was a small business with hardly any users or traction, we wrote publicly about our User-First Policy and have lived with it every day. We understand Data & Privacy is an extremely important aspect of every user, and we introduced our User Data Management Policy where we delete all personal data that users have shared with us while they created their accounts and eventually forgot about it. We believe that we possibly may be the only Financial Services company in India to have both these publicly stated policies.
While building Dhan, we have focused on product experience for all traders and investors, with technology that empowers it all. While building this experience, we have made sure not to let Data, Privacy, Cybersecurity, and such important aspects of your journey take a back seat.
At Dhan, trust and transparency aren’t just words - they’re fundamental to our operations. This stands true for all aspects, wherein we share our approaches, roadmaps and philosophy open in public, or with this very community. As a financial services company, we adhere strictly to regulatory requirements and data protection standards, ensuring we collect only what’s necessary for security, functionality, and regulatory compliance.
Our process for requesting app permissions involves a rigorous internal evaluation. We analyze every permission for necessity, functionality, and compliance with financial and legal regulations. Certain permissions, such as location tracking, that are mandatory to meet SEBI guidelines ensuring the user is an Indian citizen, doing KYC within India. Others, like permissions associated with Google services, are often automatically included when we leverage some of Google’s technology stack—Firebase, for instance.
Here’s an explicit breakdown of the permissions the Dhan app requests, and exactly why we need each of them:
| Permission Category | Specific Permission | Detailed Explanation |
|---|---|---|
| Camera | Take pictures and videos | Used for Know Your Customer (KYC) verification processes, allowing users to capture and securely upload necessary identification documents directly within the App. Post KYC, this permission is not used and can be disabled without hampering app performance. This helps us broadly adhere to regulations in aspects of Onboarding, KYC, Dormancy, and also a few cases where we seek Video IPV for critical KYC updates like Mobile, Email, Address, Nominations, etc. |
| Contacts | Reading Contacts | Referrals is the biggest source of discovery for Dhan, the only reason we have grown is because of word-of-mouth when friends share their Dhan experience with their friends. Simplifies the process of inviting friends to Dhan, enabling smoother referrals and enhancing it by sharing referral incentives or credits. We understand some users may not be comfortable with this, and hence this remains an optional permission. |
| Location | Access precise location only in foreground Access approximate location only in foreground |
Capturing your Lat-Long is a mandatory requirement for your KYC process. Additionally, it also helps enhance account security by detecting suspicious logins if there is no history of the user accessing the trading account from that location earlier. |
| Microphone | Record audio | Required during account opening process, to check liveliness of users, as part of onboarding and KYC regulations. Post KYC, this permission is not used and can be disabled without hampering app performance. |
| Storage | Modify or delete contents of shared storageRead contents of shared storage | Essential for secure management of downloaded transaction reports, portfolio statements, and other important trading documents. Trading apps also generate a lot of data, and we use local caching techniques to ensure that apps are optimised for faster performance. |
| Other | Advertising ID permission | Automatically included due to integration with Google services, aiding in targeting users for marketing activities. |
| Run foreground service | Ensures critical app functions like live price updates and trading executions run smoothly and uninterrupted. | |
| Run at startup | Allows timely delivery of market alerts, updates, and essential notifications immediately upon device startup. | |
| Read badge notifications | Helps track notifications accurately, ensuring you never miss out on essential market movements or critical updates regarding orders and your trading account. | |
| View network connections | Enables the app to optimize its performance by understanding current connectivity status, crucial for real-time trading. | |
| Prevent phone from sleeping | Keeps your app active during critical trading sessions, ensuring uninterrupted trading experiences, especially when you have an open position and/or trade. | |
| Access to AdId API | Automatically included due to integration with Google services, not accessed by our system. | |
| View Wi-Fi connections | Evaluates the best network connections to deliver uninterrupted access to trading services and data. | |
| Use fingerprint hardware & biometric hardware | Crucial for offering a secure, fast, and convenient way to authenticate user access and approve financial transactions through biometric verification. | |
| Receive data from Internet | Ensures timely reception of real-time market data, trading notifications, and essential updates. | |
| Read Google service configuration | Necessary for seamless integration and optimal functioning of Google’s backend services used by our app, like Firebase. | |
| Control vibration | Enhances the user experience with tactile feedback, providing immediate alerts and notifications about important events or trade executions. | |
| Have full network access | Required for the comprehensive functioning of real-time market updates, trade executions, and data synchronization. | |
| Play Install Referrer API & access AdServices Attribution APIs | Automatically included due to integration with Google services such as Firebase, aiding in the measurement of our app’s performance, marketing efficacy, and user engagement. |
Every permission we request has undergone a meticulous evaluation to ensure it aligns strictly with our strict guidelines, compliance standards, and your security requirements.
A lot of these permissions are used one time, primarily for KYC and Onboarding, where in regulations make these necessary to do your onboarding journey in-app and entirely digital. These permissions include camera, microphone and location, which are not used after KYC is completed successfully. There are platforms which do the same KYC steps in a web-view inside the app, where you end up giving the same permissions to the platform. But in this scenario, you end up giving permission to the browser, which can be used by other apps and the browser itself as well.
The second category of permissions are like storage, network, wifi, running at foreground, startup and similar, which are important for the app itself to run and ensure that your trading experience is smooth. And the last ones include Google services related APIs, which are not directly used by Dhan itself.
We hope this helps you understand the permissions that we take as part of delivering experience. Your trust drives every decision we make.
We’re committed to maintaining transparency and encourage you to reach out with any further questions or feedback!