1. Information We Collect

We collect personal data that you voluntarily provide and data that is automatically gathered when you use our Platform:

a) Information You Provide

• Identity data: Full name, date of birth, gender, PAN number, Aadhaar number (as permitted by law).
• Contact data: Email address, mobile number, postal address.
• Financial data: Income details, bank account information, employment details, credit history (for loan applications).
• KYC documents: Government-issued ID proofs, address proofs, photographs.
• Application data: Insurance and loan application details, nominee information, health declarations.
• Communication data: Messages, feedback, and correspondence you send us.

b) Information Collected Automatically

• Device data: IP address, browser type, operating system, device identifiers.
• Usage data: Pages visited, time spent, click patterns, referral URLs.
• Location data: Approximate geolocation based on IP address.
• Cookies and tracking technologies: See our Cookie Policy section below.

2. How We Use Your Information

We process your personal data only for lawful purposes, including:

• Processing and managing your insurance and loan applications.
• Verifying your identity and conducting KYC checks as required by RBI and IRDAI regulations.
• Communicating with you about your applications, policies, and account.
• Providing customer support and resolving grievances.
• Personalizing your experience and recommending suitable financial products.
• Sending transactional and service-related notifications.
• Complying with legal and regulatory obligations.
• Detecting, preventing, and investigating fraud or unauthorized activities.
• Analyzing usage patterns to improve our Platform and services.
• Sending promotional communications (only with your consent; you may opt out at any time).

3. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with third parties only in the following circumstances:

• Insurance companies and lending institutions: To process your applications and service your policies or loans.
• KYC and verification agencies: For identity verification and fraud prevention as mandated by law.
• Payment processors: To facilitate premium payments, EMI collections, and refunds.
• Technology service providers: Cloud hosting, analytics, and communication platforms that assist in operating our Platform (under strict data processing agreements).
• Regulatory and government authorities: When required by law, court order, or regulatory directive (e.g., RBI, IRDAI, SEBI).
• Professional advisors: Legal, accounting, and audit professionals under confidentiality obligations.
• Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the successor entity.

All third-party processors are contractually bound to protect your data and use it only for the specified purposes.

4. Data Security

We implement industry-standard technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256).
• Role-based access controls and multi-factor authentication for internal systems.
• Regular security audits, vulnerability assessments, and penetration testing.
• Secure data centres with physical access controls.
• Employee training on data protection and confidentiality.
• Incident response procedures for prompt breach detection and notification.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you promptly of any data breach as required under the DPDP Act.

5. Your Rights (DPDP Act, 2023)

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

• Right to Access: You may request a summary of your personal data being processed and the processing activities undertaken.
• Right to Correction and Erasure: You may request correction of inaccurate data, completion of incomplete data, updating of outdated data, or erasure of data that is no longer necessary for the purpose it was collected.
• Right to Grievance Redressal: You have the right to have your grievances addressed by our Grievance Officer, and if unsatisfied, to approach the Data Protection Board of India.
• Right to Nominate: You may nominate any other individual to exercise your rights in the event of your death or incapacity.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact our Grievance Officer using the details provided below. We will respond to your request within the timelines prescribed by law.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

• Active accounts: For the duration of your relationship with us.
• Closed accounts: Personal data is retained for 30 days after account closure, after which it is securely deleted or anonymized.
• Completed applications: As required by IRDAI/RBI record-keeping regulations (typically 5-8 years after the end of the policy or loan term).
• Legal obligations: As required to comply with legal, regulatory, tax, accounting, or reporting requirements.
• Dispute resolution: Until any pending disputes or claims are resolved.

After the retention period, your personal data will be securely deleted or anonymized so that it can no longer identify you.

7. Cookies and Tracking Technologies

Our Platform uses cookies and similar technologies to enhance your experience:

• Strictly Necessary Cookies: Essential for the Platform to function (e.g., session management, authentication). These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our Platform (e.g., Google Analytics). These are used only with your consent.
• Functional Cookies: Remember your preferences such as language and display settings.
• Marketing Cookies: Used to deliver relevant advertisements (only with your explicit consent).

You can manage cookie preferences through the cookie consent banner displayed when you first visit the Platform, or through your browser settings. Disabling certain cookies may affect Platform functionality.

8. Children's Privacy

Our Platform is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verifiable parental consent, we will take steps to delete such data promptly. If processing data of a child is necessary (e.g., as a nominee), we will obtain verifiable consent from a parent or lawful guardian as required under the DPDP Act.

9. Grievance Officer

In accordance with the DPDP Act, 2023 and the Information Technology Act, 2000, the details of our Grievance Officer are:

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this page.
• Notify you via email or a prominent notice on our Platform.
• Where required by law, obtain your consent before implementing changes that affect how your data is processed.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: