DATA HANDLING

Data Handling & Security

Our commitment to protecting your data with enterprise-grade security and full regulatory compliance.

Our Data Handling Principles

Security First

Bank-grade encryption (AES-256) for all sensitive data, both at rest and in transit.

Privacy by Design

Data minimization, purpose limitation, and built-in privacy controls.

Regulatory Compliance

Full compliance with GDPR, RBI guidelines, and Indian IT Act 2000.

Transparency

Clear documentation of data collection, processing, and retention policies.

1. Data Collection & Processing

Data Category Purpose Retention Period Security Measures
Personal Identifiable Information (PII) Account management, communication Active account + 3 years Encrypted, access controlled
Financial/Transaction Data Loan processing, payments 7 years (regulatory) AES-256, audit logs
Usage Analytics Product improvement 2 years Anonymized, aggregated
Support Communications Customer service 3 years Encrypted storage

2. Security Infrastructure

  • Encryption: AES-256 for data at rest, TLS 1.3 for data in transit
  • Access Control: Role-based access control (RBAC), MFA required
  • Audit Logs: Complete audit trail of all data access and modifications
  • Backup: Daily encrypted backups, 30-day retention
  • Penetration Testing: Quarterly security audits by third-party firms
  • ISO 27001: Compliant with international security standards

3. Your Data Subject Rights

Under GDPR and Indian data protection laws, you have the following rights:

Right to Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data

Right to Restriction

Limit how we process your data

Right to Portability

Receive your data in a structured format

Right to Object

Object to processing for specific purposes

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond within 30 days.