Scope of This Policy

This Privacy Policy applies to:

• Visitors to our corporate website
• Customers using our mobile applications or portals to:

  • View loan details and transaction history
  • Make repayments or other payments
  • Manage their accounts
• Employees, field officers, and authorized representatives using internal or branch applications for:

  • Customer onboarding
  • KYC verification
  • Loan servicing and operational activities

Information We Collect

Depending on your interaction with the Services, we may collect the following categories of information:

• Personal and Financial Information

  • Name, address, mobile number, email address, date of birth
  • Government-issued identity information and KYC documents
  • Bank account or payment-related details (as required for transactions)
  • Loan information such as loan amount, account number, repayment schedule, transaction history, and outstanding balances
• Device and Technical Information

  • Device type, model, operating system version
  • Application version, browser type, and IP address
  • Diagnostic and performance data, including crash logs collected via tools such as Firebase Crashlytics
  • Diagnostic and crash data is collected solely for application stability and performance improvement and does not identify users personally.
• Location Information

  • Approximate or precise location data, collected only when necessary for:

    • Customer verification and field operations
    • Mapping nearby branches
    • Fraud detection and risk mitigation
      Location access is requested only with user consent and in accordance with applicable laws.
• Media and File Information

  • Photographs captured using the device camera for identity verification and onboarding
  • Documents uploaded from device storage, such as KYC or address proof
• App Permissions and User Consent

  • Our mobile applications may request access to certain device features such as the camera, storage, and location strictly to enable core functionalities, including customer verification, document upload, and fraud prevention.
  • Permissions are requested only at the time they are required for a specific feature. Users may choose to deny or revoke permissions through their device settings; however, certain app functionalities may be limited as a result.
• Authentication and Account Information

  • Login credentials for customers, employees, and authorized users
  • Session identifiers, tokens, or other security credentials used for authentication
• Cookies and Similar Technologies

  • For website visitors, we use cookies and analytics tools to:

    • Understand user behaviour
    • Improve website performance and user experience

Purpose of Data Collection

Each category of information collected by Keertana Finserv Limited is used strictly for defined, lawful, and legitimate business purposes, including:

• Personal and financial information is used for customer onboarding, identity verification (KYC), loan processing, loan servicing, payment processing, and regulatory compliance.
• Device and technical information is used to ensure application security, prevent fraud, troubleshoot issues, analyse performance, and improve app stability.
• Location information is used only where required for customer verification, field operations, branch mapping, and fraud risk assessment.
• Media files and documents are used exclusively for identity verification, regulatory compliance, and internal operational validation.
• Authentication and account information is used to enable secure login, session management, and protection against unauthorized access.

Keertana follows data minimization principles and collects only such data as is necessary to achieve the stated purposes.

How We Use Your Information

We collect and process personal information only for legitimate business, operational, and regulatory purposes, including:

• Customer onboarding, KYC verification, and identity validation
• Providing customers access to loan details, repayment schedules, and transaction history
• Processing loan repayments and other authorized financial transactions
• User authentication and secure access to our digital platforms
• Compliance with applicable laws, regulations, and reporting obligations
• Monitoring, preventing, and investigating fraud or unauthorized activity
• Improving application performance, reliability, and security
• Responding to customer queries, service requests, and grievance redressal

We do not use personal information for advertising, marketing profiling, or behavioural tracking purposes.

We do not use personal data for targeted advertising, cross-app tracking, or analytics unrelated to core app functionality.

We do not sell, rent, or trade your personal information to any third party.

Sharing and Disclosure of Information

We may share information strictly on a need-to-know basis and only as permitted by law:

• Within Keertana:
  With authorized employees, officers, and affiliates for operational and service-related purposes
• With Financial Institutions and Partners:
  Including banks, payment gateways, and service providers required to process loans and transactions
• With Regulators and Government Authorities:
  When required under applicable laws, regulations, or lawful requests

All third parties are contractually bound to maintain confidentiality and implement appropriate data-protection safeguards.

Third-Party and Vendor Management

All third-party service providers, including technology vendors, payment partners, and service providers, are subject to due diligence prior to engagement. Contractual agreements require such parties to maintain confidentiality, implement appropriate security safeguards, and restrict data usage strictly to defined business purposes.

Data Retention

We retain personal information only for as long as necessary to:

• Fulfil the purposes outlined in this Privacy Policy
• Meet legal, regulatory, or audit requirements

Once the data is no longer required, it is securely deleted or anonymized in accordance with our internal data-retention policies.

Data Breach and Incident Management

Keertana maintains internal procedures for identifying, reporting, and responding to data security incidents. Any incident involving personal data is logged, investigated, and remediated in accordance with internal policies. Regulatory authorities are notified where required under applicable laws.

Data Security

We implement industry-standard administrative, technical, and physical security measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. Sensitive personal and financial data is encrypted during transmission and storage using industry-accepted encryption standards.

Access to sensitive information is strictly limited to authorized personnel and governed by robust internal access controls and monitoring mechanisms.

Access rights are reviewed periodically and revoked immediately upon role change or separation.

Your Rights and Choices

Subject to applicable laws, you may have the right to:

• Access and review your personal information
• Request correction of inaccurate or incomplete data
• Request deletion of data where legally permissible
• Withdraw consent for specific data-processing activities
• Request a copy of your data in a portable format

Account Deletion: Users may also request account closure or deletion of personal data by contacting us at contact@keertana.co

Certain information may be retained as required to comply with legal, regulatory, or audit obligations.

Regulatory Compliance

Keertana Finserv Limited complies with all applicable Indian laws and regulatory requirements, including but not limited to:

• The Information Technology Act, 2000 and applicable rules
• Reserve Bank of India (RBI) guidelines applicable to NBFCs
• KYC and Anti-Money Laundering (AML) regulations

Personal data is collected, processed, and retained strictly in accordance with these legal and regulatory obligations.

Children's Privacy

Our Services are intended for individuals 18 years of age or older.
We do not knowingly collect personal information from children. If we become aware that information relating to a minor has been collected inadvertently, we will take appropriate steps to delete such data promptly.

International Data Transfers

Our data is primarily stored and processed within India.
However, certain service providers may process data outside India, subject to appropriate contractual and security safeguards in compliance with applicable laws.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or business practices.

Any updates will be posted on this page. Continued use of our Services after such changes constitutes acceptance of the updated policy.