Download Zip Download Zip
Dots
  • Home 
  • Privacy Policy

Privacy Policy

1. Introduction

FinVerify (the “App”), is committed to protecting the privacy of everyone who uses our products and services. Throughout this document the term User includes both customers (borrowers) using our creditworthiness assessment tools and micro‑finance business owners (also referred to as Finance Owners) who use our micro‑finance management platform to administer their operations. This Privacy Policy describes how we collect, use, store, and share your personal and sensitive information when you use any of our services. By accessing or using the App, you consent to the collection and use of information in accordance with this policy.

2. Applicability and Scope

This Policy applies to all services offered by FinVerify via mobile applications, websites, and related platforms, including the micro‑finance management app for Finance Owners. It is intended to comply with applicable laws and regulations, including the Digital Personal Data Protection Act 2023 (DPDP Act) and the Information Technology Act 2000 along with the Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules 2011. The principles of lawful, fair and transparent processing, purpose limitation, data minimisation, accuracy, storage limitation, reasonable safeguards, and accountability govern how we handle your information.

3. Data Collected

We only collect information that is necessary for the provision of our services. Depending on whether you are a customer or a Finance Owner, the categories of data we collect may differ:

  • Personal Identifiers (Customers) – full name, date of birth, gender, residential address, email address, mobile number, photographs and other KYC information.
  • Government IDs (Customers) – Aadhaar number and/or other officially valid documents as required under law. Aadhaar numbers are tokenised and stored in an encrypted Aadhaar Data Vault.
  • Finance Owner / Office Data – for micro‑finance businesses we collect the name of the finance business, office address, licensing or registration numbers, contact information, authorised signatories, and configuration details necessary to set up the management app (such as loan product parameters, interest rates and repayment schedules). We also store customer ledger information and loan repayment records on behalf of the Finance Owner. All office and transactional data is encrypted, tokenised and masked so that FinVerify personnel cannot view the raw contents; only the respective Finance Owner can access their own business data.
  • Usage and Device Information – device identifiers, browser information, IP addresses, log files, and usage statistics are collected automatically when you interact with the App to help us improve performance and security.

4. Methods of Collection

  • Direct Submission by Customers – you may provide information to finance business owners or to us directly when registering, completing forms, or uploading documents.
  • Direct Submission by Finance Owners – Finance Owners provide their business profile and office data through our onboarding process, upload customer ledgers through the management dashboard, and configure loan products using forms within the app.

5. Use of Information

We use the data we collect for the following purposes:

  • To provide and improve our services – this includes verifying customer identity, assessing creditworthiness, generating repayment schedules, storing documents, facilitating interactions among Finance Owners and customers, and providing analytics dashboards to Finance Owners. For Finance Owners the management app allows them to record loan disbursements and repayments, maintain customer ledgers, create and download reports, and manage their office operations. FinVerify staff cannot view the underlying office data because it is encrypted and tokenised; we only process it on behalf of the Finance Owner.
  • Fraud Prevention and Security – to detect, prevent and mitigate fraud, including scenarios where the same registration certificate (RC) is used to obtain multiple loans across different micro‑finances. Finance Owners may share anonymised verification results with other owners to identify duplicate borrowers; raw office data is not shared.
  • Regulatory Compliance – to comply with KYC/AML laws, Reserve Bank of India (RBI) guidelines, UIDAI regulations and other legal obligations. We may use your data to respond to audits and regulatory queries.
  • Customer Support and Communication – to respond to your enquiries, provide technical support, send service‑related notifications, and manage marketing preferences (with your explicit consent).

6. Data Sharing and Disclosure

We limit disclosure of personal and office data to circumstances in which it is necessary and lawful:

  • Financial Institutions (Customer data) – with a customer’s consent we may share verification results and relevant personal information with banks, non‑banking financial companies (NBFCs), insurers, or other financial service providers to process applications. Finance Owners decide whether to share such data through the platform.
  • Service Providers and Partners – we engage cloud hosting providers, analytics vendors, payment processors, customer support tools and biometric device vendors. These service providers act under strict confidentiality and data‑protection obligations and may only process data in accordance with our instructions. They do not receive Finance Owner office data in a readable form.
  • Regulatory and Legal Authorities – we may disclose information when required by law, regulation or court order. Such disclosures are limited to what is strictly necessary for legal compliance.
  • Affiliates and Group Companies – we may share information with our affiliates for operational purposes provided they adhere to this Policy. Finance Owner office data remains encrypted and is not accessed by affiliates.
  • Business Transfers – in the event of a merger, acquisition or sale, user information may be transferred subject to continued protection under this Policy. Users will be notified before any material change in ownership or control.
  • Aggregated and Anonymised Data – we may share aggregated statistics and anonymised insights that cannot reasonably identify any customer or Finance Owner. We do not sell or share Finance Owners’ office data or individual customer ledgers with third parties for marketing purposes.

7. Data Retention

We retain personal and office data only for as long as necessary to fulfil the purposes described above or as required by law. Aadhaar information is stored in tokenised form in our encrypted Aadhaar Data Vault and is retained only for the duration necessary for regulatory compliance and subsequent audits, after which it is deleted or anonymised. Finance Owner office data, including customer ledgers, is retained only while the Finance Owner maintains an active account with FinVerify and as required by applicable record retention laws. Upon termination of a Finance Owner’s account we will permanently delete or irreversibly anonymise office data after completing any pending audits.

8. Data Security

We implement appropriate technical and organisational measures to protect all data we handle, with particular attention to sensitive information:

  • Encryption – all sensitive data (personal identifiers, Aadhaar numbers, office data, loan ledgers) is encrypted both at rest and in transit using strong algorithms such as AES‑256 and RSA‑2048. Encryption keys are stored in hardware security modules (HSMs) and managed via secure lifecycle processes.
  • Tokenisation and Masking – we tokenise Aadhaar numbers and Finance Owner office data so that FinVerify staff cannot view the original values. Only authorised Finance Owners can access their own office data; other Finance Owners and third parties see only hashed or anonymised values when cross‑checking for duplicate borrowers.
  • Secure Connectivity – we use TLS/SSL encryption for all communications between our systems and partners.
  • Network Segmentation and Access Control – we isolate systems that process sensitive data, enforce role‑based access controls, and conduct regular vulnerability assessments and patch management.
  • Audit Logging and Monitoring – we maintain comprehensive logs of authentication requests, data access events, and system activities in tamper‑evident records and review them regularly.
  • Incident Management – we have documented procedures for breach detection, reporting, mitigation and disaster recovery, including regular drills and business continuity plans.
  • Training and Awareness – our personnel undergo periodic security and privacy training to handle data responsibly. Only a limited number of authorised personnel have access to manage the infrastructure; none can read Finance Owner office data.
  • Compliance Audits – we undertake annual independent audits by CERT‑IN‑empanelled auditors and maintain ongoing monitoring to ensure compliance with UIDAI, DPDP and other regulatory requirements.

9. User Rights and Choices

Both customers and Finance Owners are entitled to exercise their rights under data protection law:

  • Right to Access and Correction – you may request access to your personal or office data and ask us to correct inaccuracies.
  • Right to Withdraw Consent – you may revoke your consent to our processing of your information (e.g., Aadhaar verification). Withdrawal may limit our ability to provide certain services such as credit assessment or management dashboards.
  • Right to Erasure – subject to legal requirements, you may request deletion of your data once it is no longer needed. Deletion of Finance Owner office data is subject to applicable record‑keeping regulations.
  • Right to Data Portability – you may request a copy of your personal or office data in a machine‑readable format.
  • Right to Grievance Redressal – you may contact our Grievance Officer or Data Protection Officer to raise concerns or complaints. We will respond within prescribed timelines.
  • Managing Preferences – you can manage communications, marketing preferences, and cookie settings through the app or by contacting support.

10. International Data Transfers

FinVerify stores data primarily on servers located in India. If data is transferred outside India, we ensure appropriate safeguards (such as standard contractual clauses and encryption) and compliance with applicable data protection laws.

11. Children’s Privacy

The App is intended for adults (18+). We do not knowingly collect personal data from children. If we become aware that personal data of a child under 18 has been collected, we will take steps to delete such information.

12. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to improve user experience, analyse usage patterns, and deliver personalised content. You can modify your browser settings to refuse cookies; however, this may limit some functionalities.

13. Updates to this Privacy Policy

We may modify this Policy periodically to reflect changes in law, technology or our practices. Significant changes will be communicated through the App or by email. Your continued use of the App after changes constitutes acceptance.

14. Contact Information

If you have questions, concerns, or requests regarding this Policy, please contact our Data Protection Officer at support@myfinverify.com.

KEEP THE TERMS SIMPLE

A Collaboration PowerHous

Proin in mauris scelerisque risus nisl cras. Non dui nec vitaenunc. Nulla platea urna in.
Vitae augue pulvinar vitae, platea risus est. Gra vida odio est.

Start Free Trial Today Start Free Trial Today
Join