Privacy & Security Policy

Last updated on: April 25, 2025

  1. PREAMBLE:

    We at ONEMI TECHNOLOGY SOLUTIONS PRIVATE LIMITED ( hereinafter referred as “the Company” or “we” or “our” or “us”), a company registered and validly existing under the provisions of Companies Act, 2013, having its registered office at 10th Floor, Tower 4, Equinox Park, LBS Marg, Kurla West, Mumbai City, Mumbai, Maharashtra, India, 400070, India, understand privacy and its value.

    This data Privacy Policy (“Policy”) sets forth the modes of collection, use, transfer, disclosure and sharing minimal amount of personal data or information ("personal Information") gathered through any website, digital lending application, mobile application, platform or otherwise used by us. This policy applies only to personal information collected on the platform/ website and also applies to information collected by the company in other ways. The policy also sets forth the reasonable security practices and procedures adopted by Si Creva Capital Services Private Limited (“Si Creva”) and its digital lending application. This privacy policy shall be read in conjunction with the terms of use agreed by you while registering with Si Creva for availing its services. This Privacy Policy applies to the visitors to our website, digital lending application, mobile application, platform and our existing and future customers/prospects/applicants.

    This document is prepared and published by virtue of the legal requirement that require regulated entities/ intermediaries to publish the rules and regulations, privacy policy and terms for access or usage of their website/mobile app and in compliance with the below:

    1. Information Technology Act, 2000 and Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
    2. Guidelines on Digital Lending issued by the Reserve Bank of India (RBI), dated Sep 02, 2022.
    3. Other applicable acts, regulations and rules which requires the publishing of a privacy policy for handling of or dealing in personal information including sensitive personal data or information and all applicable laws, regulations, guidelines provided by applicable regulatory authorities including but not limited to the RBI.

    PLEASE READ THIS POLICY CAREFULLY. BY CONTINUING TO USE THE SERVICES YOU AGREE TO THIS POLICY. IF YOU DO NOT AGREE TO THIS POLICY OR ANY PART THEREOF, PLEASE DO NOT USE/ ACCESS/ DOWNLOAD/ INSTALL THE APP OR ANY PART THEREOF.

  2. APPLICABILITY:

    The Policy is applicable for the collection of information for the following categories of services:

    Information for Digital Lending Services::

    1. information collected by/through the Platform by Si Creva capital Services Private Limited (a non-banking financial company), (subsidiary company of ONEMI TECHNOLOGY SOLUTIONS PRIVATE LIMITED) for disbursement of loans; and
    2. Information collected by the Platform provided to the lending partners and the business partners.

    ONEMI Technology Solutions Private Limited have digital lending applications known as “Kissht” and “PaywithRing”, through which you may apply for a loan and/ or other services to be granted on the loan documents executed between you and the emplaned lending partners, by visiting the website,https://paywithring.com https://kissht.com(“Website”)or the “PaywithRing”/ “Kissht” mobile and/or web application (the “App” or “PaywithRing”/”Kissht”) (collectively, the “Platform”) and availing the services provided by us (“Service(s)”) you agree to be bound by the terms and conditions (“Terms”) of this Privacy Policy.

    Si Creva Capital Services Private Limited, a regulated entity, is a wholly owned subsidiary of ONEMI Technology Solutions Private Limited which can collect/store/process your Personal information on behalf of the Company.

    You (customer) authorize us to collect, store, authenticate, verify and distribute the Personal Information (as defined below) as may be required to sanction the loan or providing you with any services on the applications or on the website. The personal information may be collected through application form. We recognizes the expectations of its customers and the visitors to its website/ applications with regards to privacy, confidentiality and security of their personal information which we receive while browsing/ using our website/ services. We are committed to maintaining the confidentiality, integrity and security of all the personal information of our users. Keeping Your personal information secure and using it solely for activities related to Company’s business is our top priority.

    We have taken adequate measures aimed at protecting the personal information entrusted and disclosed to us. This Policy is framed to inform you the privacy practice followed & the governing way in which the Company collects, uses, discloses, stores, secures and disposes your personal information and sensitive personal data or information.

    This Privacy Policy explains how we protect the personal data provided through our Platform and how we use that information in connection with our Service offered through the Platform.

    To register with us, you must be at least 18 (eighteen) years of age, of sound mind, not disqualified by law, and a resident of India. Use of the Service is strictly prohibited for individuals under the age of 18 (eighteen) years or minors.

  3. DEFINITION:

    "Personal Information" for purposes of this Policy means information including Sensitive Personal Information that identifies you, directly or indirectly such as your name, address, phone number, mobile number, e-mail address, postal address, a unique login name, password, password validation, income tax details, marital status, family details, business information, bank statements, KYC documents and other details shared via application form or via email or via any other electronic medium or via printed form. All Personally Identifiable Information and Service Information shall be collectively known as “Information”.

    By providing your number at the platform, you are authorizing us & our representatives to contact and offer you our Services for the product you have opted for, imparting product knowledge, offering promotional offers running on the website, and to contact you again about other services and products that we and /or authorized third party service partners/affiliate(s) offer. By submitting your Information to the platform, you expressly acknowledge and consent to use such Information and to process the same in a manner deemed fit and provided in this Privacy Policy, in compliance with applicable laws. This may involve conducting data analysis, research based on reviews about deals, transfer of your Information to third party experts for the purpose of services offered to you by Si Creva and/ or other lending partners, transfer your Information to third parties/ service partners for providing you services offered by such third parties and service partners etc.

    Retention of information is done as per this policy and in compliance with applicable law/regulatory requirements in India and as mandated in our arrangements with our business partners to provide services to you, unless such consent is withdrawn by you.

    “Processing” in relation to personal data or information means an automated operation or set of operations performed on personal data, and may include operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction;

    “Publicly available information” shall mean any information or data of the user which the Company reasonably believes is lawfully publicly available. All other information or data which is not publicly available shall be Non publicly available information for the purpose of this Policy.

    “User” shall mean such Persons who are using the Company’s services or the Company’s website or the Company’s mobile app and to whom this Policy is applicable, and it shall include the words “you”, “customer” which are used interchangeably in this Policy.

  4. THE POLICY

    1. Collecting Information of users

      If you intend to avail a loan by using our platform from any of our lending partners, you would be required to provide details like your name, E-mail address, Residential address, Mobile number, PAN number, Aadhaar Card, and other such information which may be needed to assess your creditworthiness. Wherever possible, we indicate the mandatory and the optional fields. You always have the option to not provide any information by choosing not to use a particular Service or feature on the Platform. You shall be provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the App delete/ forget the data..

      The link of all the third parties / service partners/affiliate(s) used by Si Creva, who will collect, store, transfer, and process your Information required for business operation. The list of third parties / service partners/affiliate(s) shall be updated by Si Creva from time to time, for your reference. Link:https://sicrevacapital.com/details-of-third-party- service-providers.

      The data collected, as stated in this Policy, is solely restricted to the above-mentioned activities and will not be in further used for any other purpose. In case we use the data for any other purpose, explicit consent shall be taken.

      We collect and monitor your bank related financial transaction SMS only, to perform a credit risk assessment. No personal SMS data is read or stored. All information requested is relevant to create a credit score which helps us in credit decisioning. You may choose not to provide the information requested, however, your credit score may be inaccurate or unavailable for your application as a result. We may use also this information collected from you/your mobile device, to carry out data analytics to improve the user experience, enhance performance, and accomplish desired results. When we use your data to carry out data analytics etc., we generally pseudonymize/ anonymize your data, to uphold your privacy.

      No biometric data is stored/ collected in the systems, unless allowed under extant statutory guidelines. Our system comply with various technology standards/ requirements on cybersecurity stipulated by the Reserve Bank of India (“RBI”) and other agencies, or as may be specified from time to time, for undertaking digital lending and the Platform accesses SMS (to assess the income, financial expenses etc), one time location, device and phone number information such as your device hardware model, operating system, and version, unique device identifiers, user profiles, WiFi information, and mobile network information solely for the purpose of onboarding journey.

      Access to your registration information, account information, and any other Personal Information you provide is strictly restricted and used only under specific internal procedures and safeguards governing access, to operate, develop or improve the Service. We may also use third-party service providers to help us provide the Service to you, such as sending e-mail messages or SMS on our behalf or hosting and operating a particular feature or functionality of the Service. We require such third parties to maintain the confidentiality of the information we provide to them. If you telephone us, we may also record and monitor calls for quality checks and staff training. Such recordings may also be used to help us combat fraud.

    2. Lawful grounds for processing Personal Information

      We will process your personal data in compliance with applicable data privacy laws such as Digital Lending Guidelines, 2022 (as regulated by RBI and amended from time to time ), Information Technology Act, 2000, in India by relying on one or more of the following lawful grounds:

      1. Consent - You have explicitly agreed to our processing for a specific reason
      2. Performance of a Contract - The processing is necessary to perform the agreement that the lender will have with you
      3. Legal Obligation - The processing is necessary for compliance with legal obligations under certain laws
      4. Legitimate Interest - The processing is necessary for the purposes of a legitimate interest pursued by the company
    3. Mode of Collecting Information

      In order to provide seamless approval and determine instant creditworthiness of customers, werequest for certain permissions with explicit consent of the users to complete the signup process which shall be passed on with the lender for relevant onboarding process of the loan

      • SMS DATA & INFORMATION

        The platform collects, accesses, stores financial/ transaction SMS to assess the income, track and analyse financial expenses and determine the creditworthiness once during the loan on- boarding journey. This data is used for the purpose of performing credit risk assessment. The assessment is automated, and the SMS are encrypted. The platform does not read or store any of your personal SMS data. Also, it does not share your SMS with any third party

        How we use this data:

        For enabling the access to the services provided on platform ; For Credit worthiness Decisioning; For Legal Compliance and Requirements., For Prevention of Fraud

      • LOCATION

        The platform accesses the current location only once during the loan onboarding journey to verify the location of the borrower and check the availability of our services and approve the application.

        How we use this data:

        For enabling the access to Services provided on platform; For KYC compliance Requirements.

      • PHONE

        The platform collects the device location of the borrower and phone number information, such as your device hardware model, operating system, and version, unique device identifiers, user profiles, WiFi information, and mobile network information only once during loan onboarding journey. The platform assesses these to uniquely identify your devices and protect you from fraud by preventing unauthorised devices from misrepresenting you or misusing your information.

        How we use this data:

        • For uniquely identify your devices and protect you from fraud; For preventing unauthorised devices from misrepresenting, you or misusing your information; For Enabling Communications Between You and Us; For Legal Compliance and Requirements. In addition to the Information made available to us, we may seek your explicit consent and request onetime access to your SMS/E- mail/Location/Call Logs/Contact. We only read SMS/Emails from financial service providers and do not open, read, or access any personal SMS/E-mails. We hereby confirm that we do not access any other personal Information on your SMS/ E-mail. Please note this consent is purely voluntary. Upon granting the consent for access to your SMS/E-mail/Location/Call Logs/Contact, if at any time, you wish to deny access to the above-mentioned consent in future you may do so from the settings of your mobile device. In case you withdraw given consents, we assure you that we shall not have any access to your Information
        • We also do not access your mobile phone resources such as contact list, call logs, telephony functions, and files & media (except as disclosed above in order to enable you to upload documents and selfie image). We do not collect your biometric data.

      • CAMERA

        We require one time camera access to take selfie, scan and capture the required KYC documents thereby allowing us to auto-fill relevant fields. A one-time access can be taken for camera, microphone, location or any other facility necessary for the purpose of on-boarding/KYC requirements only, with the explicit consent of the borrower.

        How we use the data

        For enabling camera access to take selfie, scan and capture the required KYC documents thereby allowing us to auto-fill relevant fields, For KYC compliance Requirements.

      • MOBILE APP

        We may collect and use technical data and related information, including but not limited to, technical information about your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to you (if any) related to such Mobile Applications. When you use our Mobile Application, the Mobile Application may automatically collect and store some or all of the following information from your mobile device (“Mobile Device Information”), in addition to the Device Information, including without limitation

        • Browser information
        • Internet Protocol (IP)
        • address
        • Operating system
        • Platform type
        • Information collected through cookies.
        • Information collected via pixel tags and other
        • technologies.
        • Demographic information
        • Time
        • zone setting
        • 9. Log files/cookies data (implicitly includes browsing data, such as pages visited, date and time of visit, etc.)

      • Non-Personal Information

        We also collect certain other information from you on your visit to our Website such as information about your operating system, browser type, the URL of the previous website you visited, list of third- party applications being used by you, your internet service provider and your IP Address (Non- personal Information). This information cannot be easily used to personally identify you. We use Non-personal Information for the purposes including but not limited to troubleshoot connection problems, administer the Website, analyze trends in the market, gather demographic information, to ascertain how our visitors use our Website, including information relating to the frequency of visits to our Website, average length of visits, pages viewed during a visit, ensuring compliance with the applicable law, co-operating with law enforcement activities, etc. This information is used to improve the Website content and performance. You also agree that we may gather usage statistics and usage data from your use of our Website to evaluate your use of our products/services, to improve our products/services, Website content and to ensure that you are complying with the terms of the applicable agreements between you and Si Creva and other lending partners. The statistics and data collected may or may not be aggregated. These statistics contain no information that can distinctly identify you.

        We may use third-party advertising companies and/or ad agencies to serve ads when you visit our platform

        We may in future also share this information with third party service providers or third party advertisers to measure the overall effectiveness of our online advertising, content, programming and for other bonafide purpose, as we may desire. By usage of our Website you expressly permit Si Creva to access such information for one or more purposes deemed fit by Si Creva.

      • SESSION DATA

        automatically log generic information about your device’s connection to the Internet, which we call “session data”, that is anonymous and not linked to any personal information. Session data consists of information such as the IP address, operating system, type of browser software being used by you and the activities conducted by you on our Website. An IP address is a number that lets device attached to the Internet, such as our web servers, know where to send data back to the user, such as the pages of the site the user wishes to view. We collect session data because it helps us analyze things such as the items visitors are likely to click on most, the manner in which visitors click preferences on our Website, number of visitors surfing to various pages on the Website, time spent by the visitors on our Website and frequency of their visit. It also helps us diagnose problems with our servers and lets us better administer our systems. Although such information does not identify any visitor personally, it is possible to determine from an IP address a visitor’s Internet Service Provider (ISP), and the approximate geographic location of his or her point of connectivity

      • COOKIES

        If enabled, we may place cookies on your machine that store small amounts of data on your computer about your visit to any of the pages of this website. Cookies can identify the pages that are being viewed, and this can assist us in tracking which of our features appeal the most to you and what content you may have viewed on past visits.

        These technologies are used in analyzing trends, administering the Site, tracking users' movements around the Site, and to gather demographic information about our user base as a whole. Third-party vendors, including www.google.com ("Google"), may use cookies to serve ads based on your visits to this Website. You may visit the website of the third party and choose to opt-out of the use of cookies for interest- based advertising if the third party offers such an option.

        We use cookies on our website to personalize our Service to you. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Site, but your ability to use some features or areas of our Site may be limited. You may refuse to accept cookies by activating the setting on your browser, which allows you to reject the setting of cookies. Unless you have adjusted your browser setting to reject cookies, our system will issue cookies when you log on to the website

      • INFORMATION SHARING WITH THIRD PARTIES

        We may use third-party advertising companies and/or ad agencies to serve ads when you visit our website. These companies may use information (excluding your name, address, e-mail address, or telephone number) about your visits to websites to provide advertisements on this Site and other sites about goods and services that may be of interest to you. Explicit consent will be taken from you before sharing Personal Information with any third party, except for cases where such sharing is required as per statutory or regulatory requirement. If you choose to apply for these separate products or services, disclose information to the providers, or grant them permission to collect information about you, then their use of your information is governed by their privacy policies. You should evaluate the practices of these external service providers before deciding to use their services. We are not responsible for their privacy practices. However, in case you wish to restrict sharing of information partially or completely with third party (other than statutory or regulatory authorities) you may reach out to us on privacy@paywithring.com/ privacy@kissht.com.

      • 3rd PARTY SERVICE PROVIDERS:

        We work with third-party service providers to execute various functionalities of the App and we may share your information with such service providers to help us provide the App. Some of these functionalities may include

        • To facilitate the validation and authentication of the KYC details such as PAN, officially valid documents (OVDS, PAN), occupation, income, etc. provided by you.
        • To facilitate the validation of your preferred bank account, as well as transferring the loan amounts to you. E- signing of the User Loan Agreement, populating the User Loan Agreement. The information shared with these service providers is retained for auditing of the agreements. e-NACH set-up to enable autopay.
        • Gathering of additional information regarding your bank account and statement details in case adequate information has not been provided by you or through the other service providers we work with.
        • For manually collecting any sums owed by you to our lending partner However, usage of such third-party services is subject to their privacy policies and not within our control. We recommend that you have a look at their privacy policies before agreeing to use their services. Explicit consent will be taken from you before sharing personal information with any third party, except for cases where such sharing is required as per statutory or regulatory requirement.

      • LINK TO THIRD-PARTY SOFTWARE DEVELOPMENT KIT (SDK)

        The App has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a variety of services such as analyzing your in-app actions, serving retargeting ads, do location based targeting on social media accounts, deliver personalized push notifications, perform credit assessment based on your information. We share limited information such as Device IDs, Android IDs, Page status, Location, Workflow events with analytics and marketing service providers who may use it to serve targeted, contextual ads to you. We ensure that our third party service provider takes extensive security measures in order to protect your Personal Information against loss, misuse or alteration of the data.

        We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it using secure cryptographic techniques over HTTPS APIs. We use a combination of firewalls, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect https://paywithring.com/ https://kissht.com accounts and systems from unauthorized access. However, no Internet website can fully eliminate security risks. Weimplement cyber security policy for handling all security breaches in compliance with applicable laws and regulations.

        Furthermore, our registered third party service provider provides hosting security – they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.

        We do not sell or misuse your data. We do not share your personal identifiable information and Government IDs such as PAN, Aadhaar Card, VID number with these 3rd parties. We also don't allow unauthorized access to your non-public personal contacts or financial transaction SMS data with any 3rd party.

      • OTHER:

        We may from time to time add or enhance products/services available on our Website. To the extent these products/services are provided to and used by you, we will use the information you provide in this regard to facilitate the products/service requested. For example, if you email us with a question, we will use your email address, name, nature of the question, etc. to respond to your question. We may also store and publish such information to assist us in making the Website better and easier to use.

        The use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

      • GOVERNMENT AGENCIES:

        To verify your creditworthiness and complete the KYC formalities, we request you to enter few government-issued ID numbers such as PAN Number, Aadhaar Card, or Virtual ID (VID) number. This data remains completely safe and secure with us and is never shared with any 3rd party. However, your information is passed to the authorized 3rd party APIs and government websites for you to fill up the information and help us validate your KYC credentials.

    4. Purpose of Collection and use of personal information:

      We collect and use the minimal financial information and other minimal personal information. This information is collected and used:

      • To fulfil your requests for products and services offered and subscribed and accepted by you.
      • To deliver to you any administrative notices, alerts, advice and communications relevant to your use of the Service.
      • To share your information with their group companies and other third parties in so far as required for joint marketing purposes and/or to provide you with similar value-added services.
      • For market research, project planning, troubleshooting problems, detecting and protecting against error, fraud or other criminal activity.
      • To third-party contractors that provide services to Si Creva and are bound by these same privacy restrictions.
      • To enforce our Terms of Use.

      The intended purpose of collecting information provided by you is to

      • Establish identity and verify the same with or without help of third party(ies).
      • To facilitate and complete onboarding and KYC requirements for third party lending partners.
      • Monitor, improve and administer our Platform.
      • To facilitate and provide our service i.e. perform credit profiling for the purpose of facilitating loans to You.
      • Design and offer customized products and services offered by our third party financial partners.
      • Analyse how the Platform is used, diagnose service or technical problems and maintain security.
      • Send communication notifications, information regarding the products or services requested by You or process queries and applications that You have made on the Platform.
      • Manage Our relationship with You and inform You about other products or services We think You might find of some use.
      • Conduct data analysis in order to improve the Services / Products provided to the User.
      • Use the User information in order to comply with country laws and regulations.
      • Collect KYC for our third party lending partners based on the information shared by the User.
      • Use the User information in other ways permitted by law to enable You to take financial services from our lending partners.

    5. Retention of Information:

      OnEMI stores your personal information only at servers located in India. We shall only retain basic personal information such as your name, your address, your contact information which are required to be stored for carrying out our non-lending services. For other personal information collected as part of our outsourcing services being provided to our Partners, we shall collect such information upon the instructions of the Partners and thereafter transfer the same to the Partners upon the completion of the preliminary onboarding.

      Retention of information is done as per this policy and in compliance with applicable law/regulatory requirements in India and as mandated in our arrangements with our business partners to provide services to you, unless such consent is withdrawn by you.

    6. Data Destruction Protocol:

      The personal information collected by the Company shall not be disclosed to any other organization except-

      • Where the disclosure has been agreed in a written contract or otherwise.
      • Disclosure is required to the third party on a need-to-know basis, provided that in such case, the company shall also inform the third parties of the confidential nature of the personal information and shall ensure that the same standards of information/data security are maintained.
      • Disclosure to any governmental authority or law enforcement officers if they request or require any information and the company thinks disclosure is required or appropriate in order to comply with laws, regulations, or a legal process.

      The user authorizes the Company to exchange, share, part with all information related to the details and transaction history of the User to its affiliates/ banks/ financial institutions/ credit bureaus/ agencies/ participation in any telecommunication or electronic clearing networks as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management or any of the aforesaid purposes and shall hold the Company liable for use or disclosure of this information.

    7. Revocation of consent and deletion of data :

      Consent are required before we may collect, use or disclose your personal information, except in situations permitted by the law, such as during a fraud investigation, or where we are required to disclose information by court order. You may also provide us with your implied consent for the collection, use, and disclosure of personal information necessary for the Identified Purposes. While we may rely on implied consent in certain circumstances, we will not collect, use or disclose your medical and health information, your employment and income information, or your banking, credit or financial information, without your express written or verbal consent.

      You may withdraw your consent, subject to legal or contractual obligations and on reasonable notice, but this may limit our ability to provide you with the requested product or service. In the event that you wish to withdraw your consent, you should contact on privacy@paywithring.com/ privacy@kissht.com for information regarding the implications of such withdrawal, and then if you choose to proceed, give the requisite notice.

      Where permitted by law, you may be given the option to give your express consent to us to access your credit information from a credit reporting agency, and other agencies such as NSDL, CKYC records, Digilocker, etc. We will use this credit information for the purpose of assessing risk, providing you with a quote, and determining your eligibility for a premium discount. We may continue to retrieve your current credit score from time to time, while you remain a customer of ours, unless you withdraw your consent for us to do this.

    8. Reasonable Security Practices and Procedures:

      1. We keep your data secure:

        We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. However, no Internet website can fully eliminate security risks. We implement cyber security policy for handling all security breaches in compliance with applicable laws and regulations

        We use a combination of firewalls, strong encryption techniques, and authentication procedures that adhere to current industry standards to maintain the safety and security of your data. We employ industry standard security measures to protect your personal information during online sessions, including during transmission and storage and to protect https://paywithring.com/ https://kissht.com accounts and systems from unauthorized access.

      2. We maintain your information on servers located in India. Our databases are protected from general employee access, both physically and logically. We encrypt your Service password so that your password cannot be recovered, even by us. All backup drives and tapes also are encrypted. No employee may put any sensitive content on any unsecured machine (i.e., nothing can be taken from the database and put on an insecure laptop).

        In the event of an information security breach, the Company is committed to complying with the guidelines set forth by the Indian Computer Emergency Response Team (CERT-In) & Reserve Bank of India (RBI). This adherence is in accordance with the Company's Incident Management Policy, which outlines the structured approach to be followed when handling such incidents. This approach includes:

        • Immediate action to contain and limit the exposure of the breach.
        • Assessment of the scope and impact of the breach to understand the data and systems affected.
        • Notification procedures, where relevant authorities and affected parties will be informed as per the legal requirements, CERT-In & RBI guidelines.
        • Investigation of the breach to determine the cause and to gather evidence for potential legal action and to improve future security measures.
        • Recovery steps to restore any services that were disrupted and to secure systems from future breaches.
        • Post-incident analysis to identify lessons learned and to implement improvements to policies, procedures, and technologies.
        • Reporting to RBI & CERT-In within a reasonable time frame as specified in their guidelines, with a complete rundown of the incident's details, impact, and the remedial actions taken.

        The Company's Incident Management Policy is designed to be in full compliance with national laws and regulations regarding cybersecurity and data protection. This ensures not only a rapid and effective response to incidents but also maintains the Company's reputation and the trust of its customers and partners.

      3. Encryption and secure communication:

        All communications between your computer, tablet, mobile devices and the platform that contain any Personal Information are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery

      4. Login id and password confidentiality:

        You are responsible for maintaining the security of your Login ID and Password, and may not provide these credentials to any third party. If you believe they have been stolen or been made known to others, you must contact us immediately at care@paywithring.com/ care@kissht.com. We are not responsible if someone else accesses your account through Registration Information they have obtained from you or through a violation by you of this Privacy Policy or the Terms of this policy

      5. Others

        You can review and edit your Personal Information at any time by logging in to your account on the Website or by contacting the PaywithRing/ Kissht support team on care@paywithring.com/ care@kissht.com . If you choose to close your account, your personally identifiable information will not be used by us for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law or under this Privacy Policy.

        All other information shall be treated as non-confidential and non-proprietary and PaywithRing/ Kissht shall be under no obligation of any kind concerning such information and shall be free to reproduce, use, disclose, and distribute the information to others without limitation. Additionally, PaywithRing/Kissht shall be free to use any ideas, concepts, know-how, or techniques contained in such information for any purpose whatsoever, including, but not limited to, developing or marketing services incorporating such information.

        We may share your collected information with only our registered third parties including our regulated financial partners for provision of Services on the Website/ App wherever feasible. We may share your information with third parties only in such manner as described below:

        • We may disclose and share your information with the financial service providers, banks or NBFCs and our third-party partners for facilitation of a loan or facility.
        • We may share your information with our third-party partners in order to conduct data analysis in order to serve you better and provide Services on our Platform.
        • We may disclose your information, without prior notice, if we are under a duty to do so in order to comply with any legal obligation or an order from the government and/or a statutory authority, or in order to enforce or apply our terms of use, or assign such information in the course of corporate divestitures, mergers, or to protect the rights, property, or safety of us, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
        • We will disclose the data/information provided by a User with other technology partners to track how the User interacts with the Platform on our behalf.
        • We and our affiliates may share your information with another business entity should we (or our assets) merge with, or be acquired by that business entity, or undergo re-organization, amalgamation, or restructuring of business for continuity of business. Should such a transaction occur, any business entity (or the new combined entity) receiving any such information from us shall be bound by this Policy with respect to your information.
        • We will disclose the information to our third-party technology and credit partners to perform credit checks and credit analysis, such as Credit Bureaus or third-party data source providers.
        • We will share your information under a confidentiality agreement with the third parties and restrict use of the said Information by third parties only for the purposes as per the said privacy policy. We warrant that there will be no unauthorized disclosure of your information shared with third parties.
        • By using the Platform, you hereby grant your consent to the Company to share/disclose your Personal Information (i) to the concerned third parties in connection with the Services; and (ii) with the governmental authorities, quasi-governmental authorities, judicial authorities, and quasi-judicial authorities, in accordance with applicable laws of India.
        • We shall disclose your KYC journey or any data with respect to the same to the relevant regulatory authorities as a part of our statutory audit process. Please note that your Aadhaar number shall never be disclosed.

        Further, the data stored on our server shall be utilised only for the purpose and to the extent stated in the policy. In case we use or disclose your information for any purpose not specified above, we will take your explicit consent

      6. Security Precautions:

        The Platform intends to protect your information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative and technical safeguards to help us protect your information from unauthorized access, use and disclosure. For example, we encrypt all information when we transmit over the internet. We also require that our registered third party service providers protect such information from unauthorized access, use and disclosure.

        Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavour to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in India as per applicable law.

        We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks

        We aim to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including

        • We use encryption to keep your data private while in transit;
        • We offer security feature like an OTP verification to help you protect your account;
        • We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems;
        • We restrict access to Personal Information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations;
        • Compliance & Cooperation with Regulations and applicable laws;
        • We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it.
        • Data transfers;
        • We ensure that Aadhaar number is not disclosed in any manner.

        We or our affiliates maintain your information on servers located in India. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000, Digital Lending Guidelines, 2022 (as regulated by RBI), and rules made thereunder.

        When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly

      7. Your Rights regarding the Data

        • Right to Access

          You may request to access your data provided by you (or) processed by us. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

        • Right to rectification

          In the event that any personal data provided by you is inaccurate, incomplete or outdated then you shall have the right to provide us with the accurate, complete and up to date data and have us rectify such data at our end immediately. We urge you to ensure that you always provide us with accurate and correct information/data to ensure your use of our Services is uninterrupted.

        • Right to withdraw consent

          To prevent further sharing of your data, you can also uninstall the App. Your device may have controls that determine what information we collect. For example, you can modify permissions on your Android device for access to Camera or Audio permissions.

        • Marketing Opt-Out

          We may email or send push notifications to you from time to time about our latest offerings and updates. You may opt out of receiving such promotional emails from us by writing to us. You may also opt out of receiving emails and other messages from us by following the unsubscribe instructions in those messages. However, even if you have opted out of receiving information from us, we will still send non- promotional communications, such as repayment reminders and loan approvals message etc.

          You can opt out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the App.

        • Others

          You are provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the App delete/forget the data (as defined under the RBI circular dated September 02, 2022 on “Guidelines on Digital Lending”). In case of withdrawal or modification of your consent or your amendment of any of your choices in this regard, we reserve the option not to provide the services or modify the services provided to you for which such information was sought.

          Our platform is not intended for use by children and minors. Parents are requested to ensure that personal information is not provided by minors.

  5. CONTACT INFORMATION:

    In accordance with the relevant provisions of the Information Technology Act, 2000 and Rules and RBI Guidelines on Digital Lending dated Sep 02, 2022, made thereunder, the name and contact details of the Grievance Officer who can be contacted with respect to any complaints or concerns including those pertaining to breach of Si Creva’s Privacy Policy, Terms & Conditions/Terms of Use and other polices or questions are published as under

    Grievance Redressal OfficerAbhishek Yadav
    Address10th Floor, Tower 4, Equinox Park, LBS Marg, Kurla West,
    Mumbai, Maharashtra 400070
    Contact Number08044745952
    Emailcare@kissht.com

    The Grievance Officer can be contacted between 10:30 a.m. to 6:00 p.m. from Monday to Friday except on public holidays.

    For any privacy related concerns, kindly write to us at privacy@paywithring.com/ privacy@kissht.com

    For withdrawalof consent/ deletion of data or account, kindly write to us at privacy@paywithring.com/ privacy@kissht.com

  6. CHANGES TO PRIVACY STATEMENT AND YOUR DUTY TO INFORM US OF CHANGES:
    1. This Privacy Statement may change or be amended over time. The recent version of this Privacy Statement is published on the Platform, as the case may be.

      Please revisit this page periodically to stay aware of any changes to this Privacy Statement. We will notify you of any material changes to this Privacy Statement by publishing the same on our Platform, as applicable. Your continued use of our Services confirms your acceptance of this Privacy Statement, as amended. If you do not agree to the terms and conditions as contained in our Privacy Statement, as amended, you must stop using our Services and notify us.

      It is very important that any Personal Information we hold/pass on to our lending partners about you is up to date and correct. Please inform us of any changes to your Personal Information.

    2. REVIEW OF POLICY:

      The policy will be reviewed at yearly intervals or as and when considered necessary by the Senior Management / Board of the Company.

    3. OMNIBUS CLAUSE:

      All extant & future master circular/directions/guidance/guidance notes issued by Regulatory Authorities and other applicable regulations from time to time would be the directing force for the Privacy Policy and will super cede the contents of this policy.