Privacy Policy

3.1 Personal Information

• Full name
• Date of birth
• Gender
• Photograph
• Contact details (mobile number, email address, residential address)

3.2 Identity Documents

• PAN Card number and copy
• Aadhaar number and copy (as per UIDAI guidelines)
• Voter ID or Driving Licence (optional, for additional KYC)

3.3 Financial Information

• Bank account details (account number, IFSC code)
• Bank statements (up to 12 months)
• Income and cash flow details
• GST registration and returns (if applicable)
• Credit bureau scores and reports (CIBIL, Experian, CRIF, Equifax)

3.4 Business Information

• Business name and type (proprietorship, partnership, etc.)
• Business address and place of operations
• Shop & Establishment licence or equivalent registration
• Business vintage and operational history
• Daily / monthly turnover and revenue details

3.5 Device and Technical Information

• Device type, model, and unique device identifiers
• Operating system and browser type
• IP address and network information
• Approximate location data (collected only with your explicit consent)
• App usage patterns and interaction data

4.1 Primary Purposes

We use the information collected for the following primary purposes:

• Processing and evaluating your loan application
• Verifying your identity, address, and business details (KYC)
• Assessing your creditworthiness in collaboration with our lending partner
• Facilitating loan disbursal to your registered bank account
• Collecting repayments and managing your loan account
• Providing customer support and resolving grievances
• Communicating loan offers, account updates, payment reminders, and important notices

4.2 Secondary Purposes

We may also use your information for the following secondary purposes:

• Improving, enhancing, and personalising our Platform and services
• Developing new products and features suited to micro-merchant needs
• Detecting, preventing, and investigating fraud and unauthorised activity
• Complying with applicable legal, regulatory, and audit requirements
• Conducting internal analytics, research, and risk management

6.1 Sharing With Your Consent

With your explicit consent, we may share your data with:

• Blue Jay Finlease Private Limited (ZipLoan): Our partner NBFC, for credit assessment, loan sanctioning, disbursal, and account management
• Credit Bureaus: CIBIL, Experian, CRIF High Mark, and Equifax, for credit score enquiries and reporting
• Payment Gateways and Banks: For processing disbursals, repayments, and UPI Autopay mandates

6.2 Sharing Without Consent (Mandatory Disclosures)

We may be required to share your data without consent in the following circumstances:

• With the Reserve Bank of India (RBI), SEBI, income tax authorities, or other regulators in discharge of statutory obligations
• With law enforcement agencies upon receipt of a valid court order, summons, or legal process
• With courts, tribunals, or arbitral panels in connection with any legal proceedings

6.3 Third-Party Service Providers

We engage certain third-party service providers who process data on our behalf under strict contractual obligations of confidentiality. These include:

• Cloud hosting and data storage providers (India-based)
• KYC verification and e-sign service providers (licensed by UIDAI / MeitY)
• Communication service providers (SMS, email, push notifications)
• Analytics and fraud detection service providers

7.1 Storage Location

All personal data collected through the Platform is stored exclusively on India-based servers located in Mumbai and Chennai data centres, in compliance with applicable data localisation requirements.

7.2 Security Measures

We implement industry-standard technical and organisational security measures to protect your data, including:

• 256-bit SSL/TLS encryption for all data in transit
• AES-256 encryption for data at rest
• Multi-factor authentication (MFA) for system access
• Role-based access controls (RBAC) limiting data access to authorised personnel only
• Regular security audits and vulnerability assessments
• ISO 27001 certified infrastructure

Notwithstanding the above, no method of electronic transmission or storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

7.3 Data Retention

We retain your personal data for the following periods:

7.4 Data Destruction

Upon expiry of the applicable retention period, personal data is securely destroyed as follows:

• Digital files: Electronic shredding using certified data destruction methods
• Physical documents: Physical destruction by authorised personnel
• A certificate of destruction is maintained for audit purposes

8.1 Right to Access

You may request a copy of all personal data we hold about you. We will respond to such requests within 30 days.

8.2 Right to Correction

You may update or correct any inaccurate or incomplete personal information through the RinSetu app or by contacting our support team.

8.3 Right to Erasure

You may request deletion of your personal data. Please note that erasure requests may be limited where:

• You have an active loan obligation with Blue Jay Finlease Private Limited (ZipLoan)
• Applicable law or regulation requires us to retain the data
• The data is subject to a legal hold or court order

8.4 Right to Data Portability

You may request your personal data in a structured, commonly used, and machine-readable format for transfer to another service provider.

8.5 Right to Withdraw Consent

You may withdraw your consent for non-essential data processing (such as marketing communications or location tracking) at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal.