Log In
Register Now

Privacy Policy

  • Home
  • Pages
  • Privacy Policy
image

Last Updated: January 28, 2026

At [Your Company Name], we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our financial services platform. This policy complies with the Digital Personal Data Protection Act (DPDP), 2023, Information Technology Act, 2000, and Reserve Bank of India (RBI) guidelines.

By accessing or using our Platform, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. Please read this document carefully to understand our privacy practices.

1. Definitions

"Personal Data" or "Personal Information" means any information relating to an identified or identifiable individual (data principal), including name, contact details, financial information, and KYC documents.

"Sensitive Personal Data" includes financial information (bank accounts, credit/debit card details, income, credit score), passwords, biometric information, physical/mental health records, and sexual orientation.

"Data Fiduciary" means [Your Company Name], which determines the purpose and means of processing personal data.

"Data Principal" means you, the individual whose personal data is being processed.

"Data Processor" means any entity that processes personal data on our behalf (e.g., cloud service providers, payment gateways, verification agencies).

2. Information We Collect

We collect various types of personal information to provide and improve our financial services:

2.1 Information You Provide Directly

  • Registration Information: Full name, date of birth, gender, email address, mobile number, residential address, permanent address.
  • KYC Documents: PAN card, Aadhaar card (masked), passport, voter ID, driving license, utility bills for address proof.
  • Financial Information: Bank account details, IFSC codes, income details, employment information, salary slips, ITR (Income Tax Returns), bank statements, existing loan/EMI details.
  • Property Information (for secured loans): Property documents, ownership proof, property valuation reports, municipal approvals.
  • Business Information (for business loans): Business registration certificates, GST returns, financial statements, partnership deeds.
  • Insurance Information: Health records, medical history, nominee details, existing policy information.
  • Credit Information: Credit scores, credit reports, loan repayment history from credit bureaus (CIBIL, Experian, Equifax, CRIF High Mark).
  • Communication Data: Your queries, feedback, complaints, support requests, and correspondence with us.

2.2 Information Collected Automatically

  • Device Information: IP address, device type, operating system, browser type, mobile device ID, screen resolution.
  • Usage Data: Pages visited, time spent on pages, clickstream data, search queries, application progress, loan calculators used.
  • Location Data: GPS location (if you enable location services), IP-based location for fraud prevention and service customization.
  • Cookies and Tracking Technologies: Session cookies, persistent cookies, web beacons, pixels, local storage for authentication, preferences, and analytics.
  • Log Data: Access times, error logs, system activity, security events.

2.3 Information from Third-Party Sources

  • Credit Bureaus: Credit reports, credit scores, repayment history, existing credit inquiries.
  • Partner Lenders/Insurers: Application status updates, approval/rejection information, disbursement details.
  • Verification Agencies: Identity verification, address verification, employment verification, income verification.
  • Government Databases: PAN verification, Aadhaar authentication (with consent), GST verification, corporate registry data.
  • Social Media (if you connect accounts): Profile information, email address, contact list (only with explicit permission).

Purpose Limitation Principle: We collect only such personal data that is necessary for the specified lawful purposes for which you have given consent. We do not collect excessive or irrelevant data.

3. How We Use Your Personal Information

We process your personal data for the following lawful purposes:

3.1 Service Delivery

  1. Processing loan and insurance applications submitted by you.
  2. Verifying your identity, address, income, employment, and creditworthiness.
  3. Matching you with suitable lenders and insurance providers based on your profile.
  4. Facilitating communication between you and partner financial institutions.
  5. Tracking application status and providing updates via SMS, email, WhatsApp, or phone.
  6. Generating loan agreements, insurance policies, and related documentation.
  7. Processing payments, refunds, and managing your account.

3.2 Compliance and Legal Obligations

  1. Complying with KYC (Know Your Customer) and AML (Anti-Money Laundering) regulations as mandated by RBI and PMLA.
  2. Reporting to credit information companies (CIBIL, Experian, Equifax, CRIF High Mark) as per Credit Information Companies (Regulation) Act, 2005.
  3. Responding to legal requests, court orders, regulatory inquiries, and law enforcement demands.
  4. Preventing fraud, identity theft, money laundering, and other illegal activities.
  5. Conducting risk assessments and due diligence on transactions.

3.3 Platform Improvement and Analytics

  1. Analyzing user behavior, preferences, and trends to improve our services.
  2. Conducting research and development for new products and features.
  3. Personalizing your experience with customized loan/insurance recommendations.
  4. Testing, troubleshooting, and maintaining platform security and functionality.
  5. Performing data analytics, machine learning, and AI-based credit scoring (with appropriate safeguards).

3.4 Marketing and Communication

  1. Sending promotional offers, new product information, and special deals (you can opt out anytime).
  2. Conducting surveys, feedback requests, and customer satisfaction studies.
  3. Sending transactional messages related to your applications, EMI reminders, renewal notices.
  4. Providing customer support and responding to your inquiries.

4. Legal Basis for Processing (DPDP Act Compliance)

We process your personal data based on:

  • Consent: You provide explicit, informed, specific, and freely given consent for processing your data for stated purposes.
  • Contractual Necessity: Processing is necessary to fulfill our contractual obligations in providing financial services to you.
  • Legal Obligation: Processing is required to comply with applicable laws including RBI regulations, PMLA, IT Act, and other statutory requirements.
  • Legitimate Interests: Processing is necessary for fraud prevention, security, risk management, and improvement of services (without overriding your rights).

5. How We Share Your Information

We may share your personal information with the following categories of recipients:

5.1 Partner Financial Institutions

  • Banks and NBFCs: To process your loan applications and credit evaluations.
  • Insurance Companies: To process insurance applications and policy issuance.
  • Payment Partners: To facilitate payment processing, EMI collections, and fund transfers.

5.2 Service Providers and Vendors

  • Cloud Hosting Providers: For secure data storage and infrastructure (data stored in India or approved locations).
  • Verification Agencies: For identity verification, address verification, employment verification.
  • Credit Bureaus: For credit report inquiries and reporting (CIBIL, Experian, Equifax, CRIF High Mark).
  • SMS/Email Service Providers: For transactional and promotional communications.
  • Analytics Providers: For platform analytics and user behavior insights (anonymized where possible).
  • Legal and Technical Consultants: For compliance, audits, and technical support.

5.3 Legal and Regulatory Authorities

  • Government agencies, regulators (RBI, IRDAI, SEBI), law enforcement, courts, and tribunals when legally required.
  • To comply with legal process, court orders, or government requests.
  • To protect our rights, property, safety, or the rights of our users and the public.

5.4 Business Transfers

  • In case of merger, acquisition, reorganization, asset sale, or bankruptcy, your data may be transferred to successor entities (you will be notified).

Data Processing Agreements: All third-party service providers are bound by contractual obligations to maintain confidentiality, security, and comply with applicable data protection laws.

6. Data Security Measures

We implement industry-standard security practices to protect your personal data:

  • Encryption: All sensitive data (passwords, financial information) is encrypted using SSL/TLS during transmission and AES-256 encryption at rest.
  • Access Controls: Role-based access controls (RBAC) ensure only authorized personnel can access personal data.
  • Two-Factor Authentication (2FA): OTP-based authentication for account access and sensitive transactions.
  • Firewalls and Intrusion Detection: Network security measures to prevent unauthorized access and cyberattacks.
  • Regular Security Audits: Periodic vulnerability assessments, penetration testing, and compliance audits.
  • Data Masking: Aadhaar numbers, credit card numbers, and other sensitive identifiers are masked in storage and display.
  • Secure Disposal: Secure deletion of data when no longer required, using industry-standard methods.
  • Employee Training: Regular training for employees on data security, privacy, and confidentiality.
  • Incident Response Plan: Defined procedures for detecting, responding to, and reporting data breaches.

Data Breach Notification: In the event of a data breach that may cause harm to you, we will notify you and the Data Protection Board of India (DPBI) within 72 hours as required by the DPDP Act, along with details of the breach, potential impact, and remedial measures.

7. Data Retention and Deletion

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Active Accounts: Data retained during the period your account is active and for services being provided.
  • Legal/Regulatory Requirements: Financial records, KYC documents, and transaction data retained for 5-10 years as per RBI guidelines and applicable laws.
  • Inactive Accounts: If no activity for 3 years, we will notify you 48 hours before deleting your data (unless legal retention applies).
  • Credit Bureau Reporting: Credit information retained as per Credit Information Companies Act and reporting requirements.
  • Backup Systems: Data in backup systems deleted within 90 days of deletion from primary systems.

Upon expiry of the retention period or when no longer required, data will be securely deleted, anonymized, or aggregated in a manner that prevents re-identification.

8. Your Rights as a Data Principal

Under the DPDP Act, 2023, you have the following rights:

8.1 Right to Access

You can request a summary of your personal data being processed by us, including the purposes of processing and recipients of data.

8.2 Right to Correction

You can request correction of inaccurate, incomplete, or outdated personal data. You can update your profile information directly through your account.

8.3 Right to Erasure

You can request deletion of your personal data when:

  • The purpose for which it was collected has been fulfilled.
  • You withdraw consent (where consent was the basis for processing).
  • There is no legal obligation to retain the data.

Note: We may not be able to delete data required for legal/regulatory compliance, ongoing transactions, or fraud prevention.

8.4 Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format and transmit it to another data fiduciary.

8.5 Right to Withdraw Consent

You can withdraw your consent for processing personal data at any time. However, withdrawal does not affect the lawfulness of processing based on consent before withdrawal. Withdrawal may affect our ability to provide certain services.

8.6 Right to Nominate

You can nominate another individual to exercise your rights in the event of your death or incapacity.

8.7 Right to Grievance Redressal

You can file a complaint with our Grievance Officer or the Data Protection Board of India if you believe your rights have been violated.

How to Exercise Your Rights: Email us at privacy@yourcompany.com or contact our Grievance Officer (details below). We will respond within 30 days.

9. Consent Management

Your consent is:

  • Informed: We provide clear notice about what data we collect and how we use it.
  • Specific: Consent is obtained for each specific purpose.
  • Freely Given: You are not coerced or misled into providing consent.
  • Verifiable: We maintain records of consent obtained from you.
  • Granular: You can provide separate consent for different purposes (e.g., service delivery vs. marketing).
  • Withdrawable: You can withdraw consent easily through your account settings or by contacting us.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Types of Cookies We Use:

  • Essential Cookies: Required for platform functionality, security, and authentication (cannot be disabled).
  • Performance Cookies: Analytics cookies to understand user behavior and improve services (Google Analytics, etc.).
  • Functional Cookies: Remember your preferences, language settings, and customization.
  • Advertising Cookies: Track your activity for personalized marketing (you can opt out).

Cookie Control: You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

Do Not Track (DNT): Our platform currently does not respond to DNT signals, but you can control tracking through browser settings and opt-out tools.

11. Marketing Communications and Opt-Out

We may send you promotional communications about new products, offers, and updates. You can opt out by:

  • Clicking the "Unsubscribe" link in promotional emails.
  • Replying "STOP" to promotional SMS messages.
  • Updating email preferences in your account settings.
  • Contacting our support team at support@yourcompany.com.

Important: Even if you opt out of marketing communications, we will continue to send transactional messages (application updates, EMI reminders, policy changes) necessary for service delivery.

12. Children's Privacy

Our services are not intended for individuals under 18 years of age (minors). We do not knowingly collect personal data from children without verifiable parental/guardian consent.

If you are a parent/guardian and believe your child has provided personal data to us without proper consent, please contact us immediately at privacy@yourcompany.com, and we will delete such data promptly.

For certain services requiring parental consent (e.g., education loans, insurance for minors), we obtain verifiable consent from parents/legal guardians through identity verification and digital consent mechanisms.

13. Cross-Border Data Transfers

We primarily store and process your data within India in compliance with RBI and DPDP Act requirements. However, we may transfer data outside India to:

  • Cloud service providers with data centers in approved jurisdictions.
  • Analytics and support service providers in other countries.
  • Partner institutions for international education loans or overseas insurance.

Any cross-border transfer will comply with:

  • DPDP Act requirements for international data transfers.
  • RBI guidelines on data localization for payment system data.
  • Appropriate safeguards (standard contractual clauses, adequacy decisions, explicit consent).

Critical payment system data and sensitive financial information will be stored exclusively in India as per RBI mandates.

14. Third-Party Links and Services

Our Platform may contain links to third-party websites, applications, or services (partner lenders, insurers, payment gateways). This Privacy Policy does not apply to those third-party platforms.

We are not responsible for the privacy practices of third parties. We recommend reviewing their privacy policies before providing any personal information.

When you are redirected to a partner's website, you are subject to their terms and privacy policies.

15. Automated Decision-Making and Profiling

We may use automated decision-making, algorithms, and AI-based systems for:

  • Credit scoring and risk assessment.
  • Loan eligibility evaluation and product recommendations.
  • Fraud detection and prevention.
  • Personalized offers and interest rate calculations.

Safeguards in place:

  • Algorithms are regularly audited for fairness and bias.
  • Human oversight for critical decisions affecting your rights.
  • You can request explanation of automated decisions and contest them.
  • We do not make solely automated decisions that significantly affect you without human review.

16. Grievance Redressal

If you have any concerns, complaints, or queries regarding this Privacy Policy or our data practices, please contact our Grievance Officer:

Grievance Officer Details:
Name: [Grievance Officer Name]
Designation: Data Protection Officer / Grievance Officer
Email: privacy@yourcompany.com / grievance@yourcompany.com
Phone: +91-XXXXXXXXXX
Address: [Complete Office Address]
Working Hours: Monday to Friday, 10:00 AM - 6:00 PM IST

We will acknowledge your complaint within 48 hours and provide a resolution within 15-30 days.

If you are not satisfied with our response, you can escalate your complaint to the Data Protection Board of India (DPBI) as per the DPDP Act, 2023.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy.
  • Notify you via email, SMS, or prominent notice on our Platform.
  • Obtain fresh consent if required for new processing purposes.

We encourage you to review this Privacy Policy periodically. Your continued use of our Platform after changes constitutes acceptance of the updated policy.

18. Regulatory Compliance

This Privacy Policy complies with:

  • Digital Personal Data Protection Act (DPDP), 2023 and DPDP Rules, 2025
  • Information Technology Act, 2000 and IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • Reserve Bank of India (RBI) Master Directions on Digital Payment Security Controls
  • RBI guidelines on Storage of Payment System Data
  • Prevention of Money Laundering Act (PMLA), 2002
  • Credit Information Companies (Regulation) Act, 2005
  • Insurance Regulatory and Development Authority of India (IRDAI) regulations

19. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@realtyfinserv.com | support@realtyfinserv.com
Phone: +91 88104 06446 (10:00 AM - 7:00 PM IST, Mon-Sat)
Address: 4th, Cloud-9, 422, Sector-1, Vaishali, Ghaziabad, Uttar Pradesh
Website: www.realtyfinserv.com

Acknowledgment: By using our Platform, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy.