1. Introduction
Welcome to CreditMentor, a product of AQUAVEDIC PRIVATE LIMITED ("Company", "we", "us", or "our"). We are registered at C/O SUMAN DUBEY 536A/125 MAKKAGANJ, STP ROAD, LUCKNOW, Uttar Pradesh, India, 226020.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CreditMentor mobile application and related services (collectively, the "Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.
2. Information We Collect
2.1 Information You Provide Directly
- Identity Information: Full name, date of birth, PAN card number, Aadhaar number (masked), and government-issued ID details required for credit report retrieval.
- Contact Information: Mobile number, email address, and residential address.
- Financial Information: Income details, existing loan information, and EMI preferences that you voluntarily provide for Financial Capacity Analysis and EMI Calculator features.
- Account Credentials: Username and password (stored in encrypted form).
2.2 Information Collected Automatically
- Device Information: Device model, operating system version, unique device identifiers (IMEI/Android ID), and mobile network information.
- Usage Data: App interactions, feature usage frequency, session duration, and crash reports.
- Log Data: IP address, access timestamps, pages viewed, and referring URLs.
- Location Data: Approximate location (city/state level) derived from IP address. We do not collect precise GPS location unless you explicitly grant permission.
2.3 Information from Third Parties
- Credit Bureaus: With your explicit consent, we retrieve your credit report and score from licensed credit information companies (such as CIBIL, Experian, Equifax, or CRIF High Mark) operating under the Credit Information Companies (Regulation) Act, 2005.
- Analytics Providers: Aggregated, anonymized usage statistics from third-party analytics platforms.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To retrieve and display your credit report, calculate your financial capacity, and provide EMI calculations.
- Identity Verification: To verify your identity before fetching credit bureau data, as required by law and bureau guidelines.
- Account Management: To create and manage your CreditMentor account, authenticate logins, and provide customer support.
- Service Improvement: To analyze usage patterns, fix bugs, and develop new features that better serve our users.
- Security & Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
- Legal Compliance: To comply with applicable Indian laws and regulations, including the Information Technology Act, 2000, and its rules.
- Communications: To send you service-related notifications, updates, and (with your consent) promotional offers. You may opt out of marketing communications at any time.
- Personalization: To tailor content and recommendations based on your financial profile and usage behavior.
4. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties for their marketing purposes. We may share your information only in the following limited circumstances:
- Credit Bureaus: We share your identity information with licensed credit bureaus solely to retrieve your credit report, strictly with your prior written/digital consent.
- Service Providers: We engage trusted third-party vendors (cloud hosting, analytics, payment processing) who process data on our behalf under strict confidentiality agreements and are prohibited from using your data for their own purposes.
- Legal Requirements: We may disclose information when required by law, court order, or government authority, including the Reserve Bank of India, SEBI, or other competent regulatory bodies.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the app before your data becomes subject to a different privacy policy.
- Protection of Rights: To protect the rights, property, or safety of CreditMentor, our users, or the public, as permitted by law.
๐ We never sell your personal data. Your credit report data is used exclusively to provide the Service to you.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
- Encryption at Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption.
- Access Controls: Access to personal data is restricted to authorized personnel on a strict need-to-know basis, with role-based access controls and multi-factor authentication for internal systems.
- PAN/Aadhaar Masking: We mask sensitive identifier numbers (PAN, Aadhaar) in storage and display, retaining only the minimum necessary for service delivery.
- Regular Audits: We conduct periodic security assessments and vulnerability scans to identify and address potential weaknesses.
- Incident Response: In the event of a data breach affecting your rights and freedoms, we will notify you and relevant authorities within 72 hours as required by applicable regulations.
While we take every reasonable precaution, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to continuous improvement.
6. Data Retention
We retain your personal information for as long as your account remains active or as needed to provide the Service. Specifically:
- Account Data: Retained for the duration of your account plus 3 years after account deletion, for legal and dispute resolution purposes.
- Credit Report Data: Cached credit report data is retained for a maximum of 30 days from retrieval date, after which it is purged. You may request immediate deletion at any time.
- Transaction Logs: Retained for 5 years as required under applicable financial regulations.
- Marketing Data: Deleted promptly upon withdrawal of consent.
Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.
7. Your Rights
As a user, you have the following rights regarding your personal data:
- Right to Access: You may request a copy of all personal data we hold about you.
- Right to Correction: You may request correction of inaccurate or incomplete personal data.
- Right to Deletion: You may request deletion of your account and associated personal data, subject to legal retention requirements.
- Right to Withdraw Consent: You may withdraw consent for credit bureau queries or marketing communications at any time without affecting the lawfulness of prior processing.
- Right to Data Portability: You may request your data in a structured, machine-readable format.
- Right to Object: You may object to processing of your data for direct marketing purposes at any time.
- Right to Grievance Redressal: You have the right to lodge a complaint with our Grievance Officer or with the relevant data protection authority.
To exercise any of these rights, please contact us at help@aquavedic.com. We will respond within 30 days.
8. Children's Privacy
CreditMentor is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a child under 18 has provided us with personal information without parental consent, we will take steps to delete such information immediately. If you believe your child has provided us with personal data, please contact us at help@aquavedic.com.
9. Third-Party Links and Services
Our Service may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to those third parties. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy.
- Provide prominent in-app notification at least 7 days before the changes take effect.
- For significant changes affecting your rights, seek fresh consent where required by law.
Continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.