Privacy & Data Protection Policy

1. Scope

This Policy applies to:

• Visitors to our website/platform
• Borrowers, Investors, Guarantors, and their representatives
• Business partners, agents, and service providers

2. Collection of Information

We may collect the following categories of data:

• Personal Identifiers: Name, date of birth, gender, addresses, contact details.
• KYC Documents: Aadhaar, PAN, Voter ID, Passport, Driving License.
• Financial Information: Bank account details, income, credit history.
• Device/Usage Data: IP address, browser type, cookies, app interaction.
• Sensitive Personal Data: Where required, medical or criminal background information (processed only with explicit consent).

Source of Data: Directly from you, your authorized representatives, regulated entities (e.g., banks, NBFCs), credit information companies (CIBIL, Experian, Equifax, CRIF Highmark), and public records.

3. Purpose of Processing

We process your personal data for:

• Customer onboarding, account creation, and KYC/AML checks
• Credit risk assessment and loan servicing
• Fraud prevention and regulatory compliance
• Customer support and grievance redressal
• Service improvements, analytics, and reporting
• Marketing communications (only with your explicit opt-in consent)

We will never process your personal data beyond these lawful purposes.

4. Legal Basis

We rely on the following legal grounds:

• Consent freely given, specific, informed, and revocable
• Legal/Regulatory Obligation - as per RBI, IT Act, DPDP Act, and other laws
• Contractual Necessity - when you enter into agreements with us or our partners
• Legitimate Interest - fraud detection, IT security, business continuity

5. Sharing of Information

We may share your data with:

• Our regulated lending partners (NBFCs, Banks, CICs)
• Fraud prevention agencies and statutory bodies (RBI, FIU, EOW, etc.)
• Technology and service providers (KYC verification, payment gateways, data storage)
• Legal, regulatory, or enforcement authorities, when required by law

We do not sell or rent your personal data.

6. Data Retention

• Personal data will be retained only as long as necessary for the purpose for which it was collected, or as mandated by law/regulation.
• Credit-related data may be retained up to 7 years as per RBI/CIC requirements.
• On withdrawal of consent or account closure, data will be securely deleted/anonymized unless required for legal obligations.

7. Data Security

We employ industry-standard security practices including:

• Encryption of data in transit and at rest
• Access controls, firewalls, and intrusion detection
• Regular audits and vulnerability testing
• Secure storage within India, in compliance with DPDP Act

8. User Rights under DPDP Act

You have the right to:

• Access and obtain a copy of your personal data
• Request corrections of inaccuracies
• Withdraw consent at any time
• Request deletion of your data (subject to regulatory/legal requirements)
• Opt-out of marketing communications
• File complaints with our Grievance Redressal Officer

9. Grievance Redressal

As mandated by RBI and DPDP Act:

If you are unsatisfied with the resolution, you may escalate to the RBI Ombudsman or the Data Protection Board of India (DPB).

10. Policy Updates

We may update this Policy to reflect legal, regulatory, or business changes. Updates will be posted on our website with the "last updated" date. Continued use of our services implies your agreement to the revised Policy.