Privacy Policy

CREDOFINA FINTECH PRIVATE LIMITED ("Credofina," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access our website, mobile application, or use our services.

By using our platform, you consent to the practices described in this Privacy Policy in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (DPDP Act), and applicable RBI guidelines on digital lending.

1. Information We Collect

2. How We Use Your Information

We use the information we collect for the following purposes:

• Loan Processing: To evaluate, process, and disburse loan applications submitted through our platform.
• KYC Verification: To verify your identity as mandated by RBI KYC norms and applicable laws.
• Credit Assessment: To assess your creditworthiness through credit bureau checks and financial analysis.
• Communication: To send loan-related updates, payment reminders, promotional offers (with consent), and customer support responses.
• Fraud Prevention: To detect, prevent, and address fraudulent activities, security breaches, and unauthorized access.
• Regulatory Compliance: To comply with legal obligations, RBI directives, and regulatory requirements.
• Service Improvement: To analyze usage patterns and improve our platform, products, and services.

3. Data Sharing & Disclosure

We do not sell your personal information. We may share your data with the following parties only as necessary:

• Lending Partners: Banks, NBFCs, and other regulated financial institutions partnered with us for loan origination, processing, and disbursal.
• Credit Bureaus: CIBIL, Equifax, Experian, and CRIF High Mark for credit assessment and reporting as mandated by RBI.
• Regulatory Authorities: Government bodies, law enforcement, and regulatory agencies when required by law or legal process.
• Service Providers: Third-party vendors who assist in KYC verification, payment processing, cloud hosting, and analytics, bound by strict confidentiality agreements.
• Legal Requirements: When disclosure is necessary to protect our rights, comply with a judicial proceeding, court order, or legal process.

4. Data Security

We implement robust security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and our servers.
• Encrypted storage of sensitive personal and financial data at rest.
• Access controls and role-based permissions limiting data access to authorized personnel only.
• Regular security audits, vulnerability assessments, and penetration testing.
• Secure cloud infrastructure hosted in India-based data centers compliant with applicable standards.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We encourage you to use strong passwords and keep your credentials confidential.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience, analyze site traffic, and personalize content. Cookies are small data files stored on your device. You can manage cookie preferences through your browser settings. Disabling cookies may affect certain features of our platform.

We use the following types of cookies:

• Essential Cookies: Required for basic platform functionality such as authentication and session management.
• Analytics Cookies: Help us understand how visitors interact with our platform to improve performance.
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (with consent).

6. Your Rights

Under the DPDP Act, 2023 and applicable data protection laws, you have the following rights:

• Right to Access: You can request a summary of the personal data we hold about you and how it is being processed.
• Right to Correction: You can request correction of inaccurate or incomplete personal data.
• Right to Erasure: You can request deletion of your personal data, subject to legal and regulatory retention requirements.
• Right to Withdraw Consent: You may withdraw your consent for data processing at any time by contacting us. Please note that withdrawal may impact our ability to provide services.
• Right to Grievance Redressal: You can file complaints regarding data processing by contacting our Grievance Officer.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Loan-related records are retained as per RBI guidelines and applicable statutory requirements. Upon expiry of the retention period, data is securely deleted or anonymized.

8. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services before providing your information.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our platform with a revised "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

11. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us: