Privacy Policy

1. User acknowledges that by accessing the Platform, User expressly consents and confirms to collection, maintenance, usage, handling, processing, storage and disclosure of User information, including personal data, by FatakPay in connection with the Services we offer to You through the Platform, in accordance with this Policy.
2. Users acknowledge that they have the option to not provide or agree to the collection of personal data. If a User chooses to not grant us access to such personal data when requested, we will not be in a position to provide the User with the Services. In such an event, we encourage You to stop using the Services and accessing the Platform. In addition to this, in the event You do not consent to our access to Your personal data, we may have to terminate, suspend or limit Your access to the Services or Platform or part thereof, as may be the case.

1. In general, you can browse the Website of FatakPay without disclosing Your identity or revealing any personal information about Yourself. However, to create an account on the Platform You will be required to provide us with certain personal information in connection with the Services. Our primary goal in accessing, collecting, processing and using Your information, is to provide You with a safe, efficient, smooth and customized experience of our Services. More importantly, in connection with the Credit Facility, we only collect and process basic minimal personal information of the User that we consider necessary for providing the Services and enabling Your use of our Platform.

1. FatakPay collects the following types of data sets from You for facilitating provision of various Services.
2. The table below sets out (i) the personal data We collect, (ii) the corresponding purpose of collection, (iii) the device permission (if any) through which We access the personal data, (iv) the frequency of such access, and (v) the Service use case for which the data set is collected/ to which the purpose is linked.

   Personal Data	Purpose of Collection	Permission / Mode of Access	Frequency of Access	Service Use Case
   Name	Verification of User identity, and registering / onboarding the account on the Platform.	Direct in-App entry by User	At onboarding	Credit Facility; access to credit reports; Insurance; BBPS; mutual funds; digital gold / silver; secured Credit Cards; reward programs; job portal access; credit builder program
   Date of birth	Age verification, (minors below 18 years are restricted from availing the Services); and identity verification	Direct in-App entry by User	At onboarding	Credit Facility; access to credit reports; Insurance
   Gender	Identity verification; risk-rating for insurance underwriting where required by the insurer	Direct in-App entry by User	At onboarding	Insurance
   Employment status / occupation	Verification of financial credibility prior to sanction of a Credit Facility by the Lending Partner	Direct in-App entry by User	At loan application; on material change notified by User	Credit Facility
   Contact information (email ID, mobile number)	Identity verification; verification of credit-worthiness; service communications including OTP-based authentication and communications relating to any Credit Facility availed or applied for	Direct in-App entry by User	At onboarding and on update by User	Credit Facility; access to credit reports; Insurance; BBPS; mutual funds; digital gold / silver; secured Credit Cards; reward programs; job portal access; Credit builder program
   Residential / correspondence address; Pincode	Determination of serviceability, and identity / address verification	Direct in-App entry by User	At onboarding	Credit Facility
   PAN details and other Government-issued identification documents (Officially Valid Documents)	Identity verification; and assessment of eligibility for the Credit Facility	Camera (one-time / on-demand) for Credit Facility use case and Storage / Files (read) where User uploads a soft copy	One-time or on-demand for each KYC session; not accessed in the background	Credit Facility; access to credit reports; Insurance; mutual funds; secured Credit Cards (and any other Service where the partner requires statutory KYC); credit builder program
   Selfie	Identity verification; and assessment of eligibility for the Credit Facility	Camera (one-time / on-demand) for Credit Facility use case	One-time or on-demand for each KYC session; not accessed in the background	Credit Facility; access to credit reports; Insurance; mutual funds; secured Credit Cards (and any other Service where the partner requires statutory KYC); credit builder program
   Income details	Verification of credit-worthiness, and eligibility for the Credit Facility offered through Lending Partners	Direct in-App entry by User; Storage / Files (read) where User uploads supporting documents	Loan application	Credit Facility
   Bank account details / UPI details	Verification of credit-worthiness & disbursement and availing value-added services	Direct in-App entry by User; Storage / Files (read) where User uploads bank statements	At loan application and on update by User	Credit Facility; BBPS; mutual funds; digital gold / silver; secured Credit Cards; Insurance; Rewards Program
   NACH / e-mandate details	Repayment of amounts due under the Credit Facility through the Lending Partner	Direct in-App entry by User	At loan sanction; on each scheduled repayment cycle	Credit Facility; Digital gold / silver
   Nominee details	Recording the nominee in respect of the insurance policy as required under the Insurance Act, 1938 and applicable IRDAI regulations	Direct in-App entry by User	At policy issuance; on update by User	Insurance
   Transactional SMS metadata (from 6-digit alphanumeric senders only)	Verification and analysis of financial position; determination of cash flow, credits, income and spending patterns to assess creditworthiness. Personal SMSs, OTPs (save where required solely to enable onboarding on the Platform) and account details are not read or stored.	SMS (read) — collected only with the User's explicit prior consent and with audit trail in accordance with the RBI Digital Lending Directions	Collected only during loan application and underwriting; not accessed in the background after underwriting is complete	Credit Facility
   Device GPS location	Reducing fraud risk associated with loan applications, and determining serviceability of a loan application based on location	Location	Accessed at the time of onboarding and loan application; not accessed continuously in the background	Credit Facility
   Device data (IP address, browser type and version, time-zone, operating system, device information)	Data analytics; fraud prevention; security monitoring and incident detection.	Captured server-side at session level	On each session; not accessed in the background	All Services
   Marketing and communications preferences	Recording the User's preferences regarding marketing communications and communications under DND / NCPR settings	Direct in-App entry by User	At onboarding and on update by User	All Services

3. Where a particular data set is required by a Lending Partner, insurer, card issuer, BBPS operating unit or other regulated partner over and above the data sets listed above, that partner shall separately notify You of such requirement and obtain Your specific consent in accordance with applicable law before any such additional data is collected.
4. Personal Data Collected from Third Parties
5. This type of data is personal data about You received from various third parties and public sources including our third-party service providers for advertising and User analytics purposes, and other publicly available sources in connection with our provision of Services to You, or in connection with Your use of the Platform or Services that You choose to avail. Please note that we do not have any control over personal data that You may choose to make publicly available. For example, if You post reviews, comments, or messages on public sections of the Platform or on an application store (such as the Play Store), You do so at Your own risk. We are not liable for any third-party misuse of such data.

By using our Platform and submitting Your personal data to FatakPay, You expressly acknowledge and consent to use of such information in a manner specified under this Policy. Such personal data may be used for the following purposes:

1. To register You as a user of the Platform and verifying User identity;
2. Facilitating User's usage of Platform and our Services. Please note that certain data sets may only be used/collected if the User intends to use the Service for a specific Product on the Platform as indicated above.
3. To manage our relationship with You, including notifying You of changes to any Services;
4. For extension of Credit Facility and other Services to the User from Lending Partners and other financial partners;
5. To ensure compliance with all legal obligations of Lending Partners, vis-à-vis Know-your Customer, Prevention of Money Laundering, CKYRC requirements, etc. for the purposes of facilitation of the Services and Products;
6. For fraud prevention and detection;
7. To send User surveys and marketing communications that FatakPay believes may be of User's interest;
8. To facilitate for repayment of the Credit Facility availed or recovery of outstanding payments on behalf of the Lending Partners;
9. To diagnose technical problems, provide support and help Users in addressing troubleshoot problems;
10. To send and receive communications, show advertisements, notifications and make promotional offers;
11. To prepare reports, review and filing as per applicable laws;
12. To contact Users regarding Lending Partners and the various Services being facilitated through FatakPay, third party services and offers;
13. To understand User preferences requirements;
14. To permit User to participate in interactive features offered through the Platform;
15. To improve the content, our business and delivery models and protect the integrity of the Platform;
16. To increase/improve the Services offered on the Platform;
17. To ensure compliance with all applicable laws;
18. To respond to court orders, establish or exercise our legal rights, or defend ourselves against legal claims;
19. To perform our obligations that arise out of the arrangement we are about to enter or have entered with You; and
20. To enforce our Terms and Conditions available at www.fatakpay.com.

1. Except as required under applicable laws or pursuant to a court/government order or for purposes set forth in clause 5.2 below, any information or data shared by us with third parties shall be undertaken, solely to render the Services to You.
2. We will share Your information with third parties to facilitate provisioning of Services by us to You only in such manner as described below:
   1. We may disclose Your information to our Lending Partners on the Platform to facilitate provision of Credit Facility for You;
   2. We may disclose Your information to our third-party service providers for providing the Services, such as mutual funds and insurance products, as detailed under the Terms & Conditions or for recovery of outstanding Credit Facility sanctioned to You by the Lending Partners;
   3. We may share Your information with our third-party partners in order to conduct data analysis in order to serve You better and provide services on our Platform;
   4. We may disclose Your information, without prior notice, if required under any law or if we are under a duty to do so in order to comply with any legal obligation or an order from the government and/or a statutory authority, or in order to enforce or apply our Terms and Conditions or assign such information in the course of corporate divestitures, mergers, or to protect the rights, property, or safety of us, our Users, or others.
   5. We may share Your data with our affiliates and/or group companies for data processing and analysis;
   6. We and our affiliates may share Your information with another business entity should we (or our assets) merge with, or be acquired by that business entity, or re-organization, amalgamation, restructuring of business for continuity of business.
3. If You fail to provide consent for sharing of such data when requested by us, we may not be able to provide the Services to You.
4. Third parties with whom we may share Your data for providing services are as below:

A list of the Company's Lending Partners is accessible at https://www.fatakpay.com/financing-partner.

1. FatakPay may use "cookies" as required on the Website. "Cookies" is a term generally used for small text files a web site uses to recognize repeat users, facilitate the User's ongoing access to and use of the site, allow a site to track usage behaviour and compile aggregate data that will allow content improvements and targeted advertising, preferences etc. Cookies themselves do not personally identify the User, but it identifies User devices. For the purpose of this Policy, Users are informed that cookies also exist within mobile applications when a browser is needed to view certain content or display an advertisement within the application. Generally, cookies work by assigning a unique number to the computer that has no meaning outside the assigning site.
2. Users are being made aware that FatakPay cannot control the use of cookies or the resulting information by advertisers or third parties hosting data on FatakPay's Platform. If Users do not want information collected through the use of cookies, they may change the settings in the browsers that allows them to deny or accept the cookie feature as per User discretion and in the manner agreed by them.

1. We shall protect personal data by taking reasonable security safeguards to prevent personal data breach, which shall include, at the minimum
   1. appropriate data security measures, including securing of such personal data through its encryption, obfuscation or masking or the use of virtual tokens mapped to that personal data;
   2. appropriate measures to control access to the computer resources
   3. visibility on the accessing of such personal data, through appropriate logs, monitoring and review, for enabling detection of unauthorised access, its investigation and remediation to prevent recurrence;
   4. reasonable measures for continued processing in the event of confidentiality, integrity or availability of such personal data being compromised as a result of destruction or loss of access to personal data or otherwise, including by way of data backups;
   5. for enabling the detection of unauthorised access, its investigation, remediation to prevent recurrence and continued processing in the event of such a compromise, retain such logs and personal data for a period of one year, unless compliance with any law for the time being in force requires otherwise;
   6. appropriate technical and organisational measures to ensure effective observance of security safeguards.
2. Some of the safeguards we use are firewalls and bit data encryption using (Secure Sockets Layer) SSL, and information access authorization controls. We use reasonable safeguards to preserve the integrity and security of Your information against loss, theft, unauthorized access, disclosure, reproduction, use or amendment. To achieve the same, we use reasonable security practices and procedures as mandated under applicable laws for the protection of Your information.

1. Data Storage and Revocation of Consent:
   1. We will store Your information and/or data for such period as may be required by FatakPay/Lending Partners to (i) enforce or enable Lending Partner to enforce its legal rights and obligations against You; (ii) to ensure compliance with its obligations and responsibilities or the Lending Partner's obligations and responsibilities under applicable laws, as specified by the RBI (iii) provide Services to you.
   2. You may, however, withdraw Your consent at any time. Such a request shall be complied with by Us subject to the applicable laws and the terms of the Credit Facility availed through the Platform. You further understand and agree that neither the repayment of a Credit Facility, nor the deletion of Your account with the Platform, automatically rescinds the consents You have provided to us under the Policy.
   3. You may request Your data deletion by writing to us at [email protected].
2. Data Retention

   You agree and acknowledge that Your personal data will continue to be stored and retained by us as required or permitted by applicable laws or as required for defending future legal claims against us or our financial partners, including Lending Partners. All the other details will be deleted upon Your request for the deletion of the data, provided there is no active Credit Facility or Service being availed by You.

   As a Lending Service Provider, We facilitate loan origination on behalf of Lending Partners. Following transmission of verified data to the relevant Lending Partner, primary data controllership in respect of loan account data passes to that Lending Partner. Customers should also refer to the privacy policy of the relevant Lending Partner for retention periods applicable to data held by the Lending Partner.

   Your data shall not be retained beyond the applicable retention period, except where: (a) retention is required for the resolution of an ongoing dispute or legal proceeding; (b) a competent regulatory authority has directed retention of the data; or (c) the Customer has not yet repaid the Credit Facility in full.

   Data Sets	Purpose of Retention	Retention Period
   KYC records and supporting documents (PAN, Officially Valid Documents, photograph, Video KYC recording)	Statutory KYC record-keeping; defence of legal claims; supervisory inspection	5 (five) years from the date of cessation of the business relationship with the User or the date of the relevant transaction, whichever is later (and any longer period prescribed by the Lending Partner / partner regulated entity)
   Basic minimal data for Credit Facility viz. name, address and contact details	Statutory record-keeping; defence of legal claims; reporting to Credit Information Companies ("CIC(s)"); supervisory inspection by the RBI	FDPL, as a Lending Service Provider, retains only the minimal data permitted under the RBI Digital Lending Directions.
   Credit information report data	Provision of access to the User's credit information report under the Credit Information Companies (Regulation) Act, 2005	Retained only for the duration necessary to provide the User with access to the credit information report or six (6) months from date of consent, whichever is earlier, and thereafter purged in accordance with our contractual arrangement with the relevant CIC.
   Mutual fund and digital gold / silver transaction records	Statutory record-keeping under the SEBI (Mutual Funds) Regulations, 1996, the SEBI (Intermediaries) Regulations, 2008 and the PMLA, 2002	Retained by the AMC / Registrar and Transfer Agent / partner intermediary for the longer of (a) 8 (eight) years from the date of the transaction (SEBI record-retention norms) and (b) 5 (five) years from the cessation of the business relationship (PMLA)
   BBPS transaction records	Statutory record-keeping under the RBI framework for the Bharat Bill Payment System; settlement and dispute resolution under the NPCI Bharat BillPay procedural guidelines	Retained for the period prescribed by NPCI Bharat BillPay Limited and the RBI, typically 10 (ten) years from the date of the transaction
   Device data, access logs and processing logs	Fraud prevention; detection, investigation and remediation of unauthorised access and security incidents	Minimum 1 (one) year, in line; for longer where compliance with any other applicable law (including RBI cyber-security directions) requires
   Account / profile data (name, contact, profile information)	Maintenance of the User's account on the Platform and continued provision of the Services	For the duration of the User's account; thereafter as required by applicable law or for defence of legal claims.
   Marketing and communications preferences	Honouring the User's communication preferences (including DND / NDNC opt-outs)	For the duration of the User's account, or until withdrawn by the User, whichever is earlier
   Consent records and audit trails	Demonstration of valid consent under Section 6 of the DPDPA, the DPDP Rules, 2025 and the RBI Digital Lending Directions; defence of legal claims	Retained for the duration of the underlying processing activity and for a minimum of 1 (one) year thereafter, or longer where required by applicable law
   Grievance / complaint records	Grievance redressal under the DPDP Rules, 2025 and the RBI Digital Lending Directions; supervisory inspection	Minimum 3 (three) years from resolution of the complaint, or such longer period as may be required by applicable law

   Personal data that has been irreversibly anonymized, such that it can no longer be used to identify any individual, ceases to constitute personal data for regulatory purposes. We may retain anonymized or aggregated datasets for internal analytics and statistical purposes following the expiry of the applicable retention period.

3. Data destruction protocol

   You can request the erasure of Your personal data. This enables you to ask us to forget personal data. We shall comply with any request, subject to applicable laws, retention of any data required to defend us in a future legal action, and the terms of the Credit Facility that are sanctioned through the Platform.

1. You are required to:
   1. Not impersonate another person while providing your personal data for any specified purpose;
   2. Not suppress any material information while providing your personal data for any purpose;
   3. Provide only such information as is true, necessary, and verifiable for the purpose for which it is provided.