Your data, your rules.
FinBox provides technology that enables you to connect your financial data to apps and services. That can help you do things like get a loan, track personal finances, invest in financial instrument and improve your credit score.
Millions of people connect their data using FinBox every month. We respect your privacy and are committed to handling data with the utmost care
Collection of User Personal Information
When you use our Platform, we collect and store your information which is provided by you from time to time by explicitly seeking permissions from YOU to get the required information. Our primary goal in doing so is to provide you a safe, efficient, smooth and customized experience and Services. This allows us to provide services and features that meets your needs, and to customize our Platform to make your experience safer and easier and to improve the Services provided by us. More importantly, we collect personal information from you that we consider necessary for achieving the aforementioned purpose. In general, you can browse the Website or App without telling us who you are or revealing any information about yourself. However, to create an account on the Platform, you must provide us with certain basic information required to provide customized services. The information we collect from you, inter alia, includes:
- your full name
- mailing address
- postal code
- family details
- university/college details
- phone number
- Permanent Account Number (PAN)
- Academic records and certificates.
Wherever possible, we indicate the mandatory and the optional fields. You always have the option to not provide any information by choosing not to use a particular service or feature on thePlatform. We also collect user account data which includes email address and user public profile information like name, photo, ASID depending on the social media or networking platform used by You like Google or Facebook to log-into an app. This information is required as a part of registration process to access our Service and it is also used to auto-populate relevant fields in the course of the interface of the App. We further collect other identifiable information such as your transactions history on the Platform when you set up a free account with us as further detailed below. While you can browse some sections of our Platform without being a registered member as mentioned above, certain activities (such as availing of loans from the third party lenders on the Platform) require registration and for you to provide the above details. The Platform will clearly display the personal information it is collecting from you, and you have the option to not provide such personal information. However, this will limit the services provided to you on the Platform. Our app also collects mobile number for verification to check the active SIM status on the device,uniquely identify you and prevent frauds and unauthorised access.
Collection of Financial SMS Information
We don’t collect, read or store your personal SMS from your inbox. We collect and monitor only financial SMS sent by 6-digit alphanumeric senders from your inbox which helps us in identifying the various bank accounts that you may be holding, cash flow patterns, description and amount of the transactions undertaken by you as a user to help us perform a credit risk assessment which enables us to determine your risk profile and to provide you with the appropriate credit analysis. This process will enable you to take financial facilities from the regulated financial entities available on the Platform. This Financial SMS data also includes your historical data. While using the app, it periodically sends the financial SMS information to our affiliate server and to us.
Collection of Device Location
We collect and monitor the information about the location of your device to provide serviceability of your loan application, to reduce risk associated with your loan application and to provide pre-approved customised loan offers. This also helps us to verify the address, make a better credit risk decision and expedite know your customer (KYC) process. Information the App collects, and its usage, depends on how you manage your privacy controls on your device.
Collection of Device Information
When you install the App, we store the information we collect with unique identifiers tied to the device you are using. We collect information from the device when you download and install the App and explicitly seek permissions from You to get the required information from the device. The information we collect from your device includes the hardware model, build model, RAM, storage; unique device identifiers like IMEI, serial number, SSAID; SIM information that includes phone number, network operator, roaming state, MNC and MCC codes, WIFI information that includes MAC address and mobile network information to uniquely identify the devices and ensure that no unauthorized device acts on your behalf to prevent frauds. We collect information about your device to provide automatic updates and additional security so that your account is not used in other people’s devices. In addition, the information provides us valuable feedback on your identity as a device holder as well as your device behaviour, thereby allowing us to improve our services and provide an enhanced customized user experience to you.
Collection of Contact Information
Where we access contact information from your mobile device, we shall do so with your explicit consent and no personally sensitive data shall be extracted. We shall only collect anonymised data from your mobile device for the purpose of undertaking credit analysis. As a part of credit analysis we require references from the Loan applicant. In this regard, during filing the form on our App, we collect and monitor aggregate information of the contacts present on the devices which includes number of contacts created, number of favorite contacts, number of pinned counts and other optional data like relationship and structural address to enable you to autofill the data during the loan application process. This information is required for the purposes of risk analysis, enable us to detect credible references assess your risk profile and to determine your loan eligibility.
Collection of Call Logs Information
We also seek explicit permission from you to collect aggregated call logs information from your device which includes the number of calls received, the number of missed calls received, the number of outgoing calls, and other aggregated data available from the CallLogs Permissions. This information is required for the purposes of risk analysis, to enable us to detect fraud behavior, assess your risk profile, and to determine your loan eligibility
Collection of Installed Application
We collect a list of the installed applications’ metadata information which includes the application name, package name, installed time, updated time, version name, and version code of each installed application on your device to assess your creditworthiness and enrich your profile with pre-approved customized loan offers.
We require storage permission so that your KYC and other relevant documents can be securely downloaded and saved on your phone. You can then easily upload the correct KYC related documents for faster loan application details filling and disbursal process. This ensures that you are provided with a seamless experience while using the application. We require storage of Masked Proof of Possession of Aadhaar allowed as per UIDAI.
We require the camera information permission to provide you an easy/smooth experience and to enable you to click photos of your KYC documents along with other requisite documents and upload the same on the App during your loan application journey.
Collection of Other Non-Personal Information
Use and Disclosure of Your Personal and Other Information
- resolve disputes;
- troubleshoot problems;
- help promote a safe service;
- analytical analysis;
- marketing purposes;
- measure consumer interest and satisfaction in our products and services;
- inform you about online and offline offers, products, services, and updates;
- customize your experience;
- detect and protect us against suspicious or illegal activity, fraud and other criminal activity;
- enforce our terms and conditions;
- improvement of our services and as otherwise described to you at the time of collection.
Purpose of Collection Information
The intended purpose of collecting information provided by you is to:
- to establish identity and verify the same;
- monitor, improve and administer our Platform ;
- provide our service i.e. perform credit profiling for the purpose of facilitating loans to You.
- design and offer customized products and services offered by our third party financial partners;
- analyse how the Platform is used, diagnose service or technical problems and maintain security;
- send communications notifications, information regarding the products or services requested by You or process queries and applications that You have made on the Platform;
- manage Our relationship with You and inform You about other products or services We think You might find of some use;
- conduct data analysis in order to improve the Services / Products provided to the User;
- use the User information in order to comply with country laws and regulations;
- conduct KYC for our third party lending partners based on the information shared by the User;
- use the User information in other ways permitted by law to enable You to take financial services from our lending partners.
We will use and retain the information for such periods as necessary to provide You the Services on the Platform, to comply with our legal obligations, to resolve disputes, and enforce our agreements.
Disclosure to Third Parties
We will share Your information with only our registered third parties including our regulated financial partners for provision of Services on the Website/ App. We will share Your information with third parties only in such manner as described below:
- We disclose and share Your information with the financial service providers, banks or NBFCs and our third party partners for facilitation of a loan or facility or line of credit or purchase of a product;
- We share Your information with our third party partners in order to conduct data analysis in order to serve You better and provide Services our Platform;
- We will disclose the data / information provided by a User with other technology partners to track how the User interact with the Platform on Our behalf.
- We and our affiliates may share Your information with another business entity should we (or our assets) merge with, or be acquired by that business entity, or re-organization, amalgamation, restructuring of business for continuity of business. Should such a transaction occur than any business entity (or the new combined entity) receiving any such information from Us shall be bound by this Policy with respect to your information.
- We will disclose the information to our third party technology and credit partners to perform credit checks and credit analysis like Credit Bureaus or third party data source providers;
- We will share Your information under a confidentiality agreement with the third parties and restrict use of the said Information by third parties only for the purposes detailed herein. We warrant that there will be no unauthorized disclosure of your information shared with third parties.
- By using the Platform, you hereby grant your consent to the Company to share/disclose your Personal Information (i) To the concerned third parties in connection with the Services; and (ii) With the governmental authorities, quasi-governmental authorities, judicial authorities and quasi-judicial authorities, in accordance with applicable laws of India.
- FinBox and its lending partners can communicate with the user through the following channels:
- Physical Visit
Link to Third-Party SDK
The App has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a credit risk assessment. We ensure that our third party service provider takes extensive security measures in order to protect your personal information against loss, misuse or alteration of the data. Our third-party service provider employs separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis. The stored data is protected and stored by application-level encryption. They enforce key management services to limit access to data. Furthermore, our registered third party service provider provides hosting security – they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.
Accessing Your Information/Contacting Us
At any point of time Users can choose to edit/modify or delete/withdraw any Personal Information shared for use of the Platform. Please note that deleting or withdrawing information may affect the Services we provide to you. In case of modification of Personal Information, Users will be required to furnish supporting documents relating to change in Personal Information for the purpose of verification by the Company.
Your Privacy Control
You have certain choices regarding the information we collect and how it is used:
- Device-level settings: Your device may have controls that determine what information we collect. For example, you can modify permissions on your Android device for access to Camera or Audio permissions.
- Delete your entire App account.
- You can also request to remove content from our servers based on applicable law or by writing to our Grievance Officer.
The Platform intends to protect your information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative and technical safeguards to help us protect your information from unauthorized access, use and disclosure. For example, we encrypt all information when we transmit over the internet. We also require that our registered third party service providers protect such information from unauthorized access, use and disclosure. Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavor to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in India as per applicable law. We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks. In addition, the Website and App have been certified for the following security certifications:
- ISO 27001:2013: is a specification for an information security management system (ISMS) and is the suggested level of certification required under the Information Technology Act, 2000. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.
We aim to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including:
- We use encryption to keep your data private while in transit;
- We offer security feature like an OTP verification to help you protect your account;
- We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems;
- We restrict access to personal information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations;
- Compliance and Cooperation with Regulations and applicable laws;
- Data transfers
We or our affiliates maintain your information on servers located in India. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000 and rules made thereunder When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.
Links to Other Sites
Our Platform links to other websites that may collect information about you. We are not responsible for the privacy practices or the content of those linked websites. With this Policy we’re only addressing the disclosure and use of data collected by Us. If You visit any websites through the links on the Website, please ensure You go through the privacy policies of each of those websites. Their data collection practices, and their policies might be different from this Policy and We do not have control over any of their policies neither do we have any liability in this regard.
Collection of Credit Information
BY EXECUTING THIS AGREEMENT / CONSENT FORM, YOU ARE EXPRESSLY AGREEING TO ACCESS THE EXPERIAN CREDIT INFORMATION REPORT AND CREDIT SCORE, AGGREGATE SCORES, INFERENCES, REFERENCES AND DETAILS (AS DEFINED BELOW)(TOGETHER REFERRED AS “CREDIT INFORMATION”). YOU HEREBY ALSO IRREVOCABLY AND UNCONDITIONALLY CONSENT TO SUCH CREDIT INFORMATION BEING PROVIDED BY EXPERIAN TO YOU AND FINBOX BY USING EXPERIAN TOOLS, ALGORITHMS AND DEVICES AND YOU HEREBY AGREE, ACKNOWLEDGE AND ACCEPT THE TERMS AND CONDITIONS SET FORTH HEREIN
Terms and Conditions:
Information Collection, Use, Confidentiality, No-Disclosure and Data Purging
FINBOX shall access your Credit Information as your authorized representative and FINBOX shall use the Credit Information for limited End Use Purpose consisting of and in relation to the services proposed to be availed by you from FINBOX. We shall not aggregate, retain, store, copy, reproduce, republish, upload, post, transmit, sell or rent the Credit Information to any other person and the same cannot be copied or reproduced other than as agreed herein and in furtherance to CICRA. The Parties agree to protect and keep confidential the Credit Information both online and offline. The Credit Information shared by you, or received on by us on your behalf shall be destroyed, purged, erased promptly within 1 (one) Business Day of upon the completion of the transaction/ End Use Purpose for which the Credit Information report was procured.
Governing Law and Jurisdiction
The relationship between you and FINBOX shall be governed by laws of India and all claims or disputes arising there from shall be subject to the exclusive jurisdiction of the courts of Mumbai.
Capitalized terms used herein but not defined above shall have the following meanings:
“Business Day” means a day (other than a public holiday) on which banks are open for general business in Mumbai.
“Credit Information Report” means the credit information / scores/ aggregates / variables / inferences or reports which shall be generated by Experian;
“Credit Score” means the score which shall be mentioned on the Credit Information Report which shall be computed by Experian.
“CICRA” shall mean the Credit Information Companies (Regulation) Act, 2005 read with the Credit Information Companies Rules, 2006 and the Credit Information Companies Regulations, 2006, and shall include any other rules and regulations prescribed thereunder
In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are provided below for your reference: Name: Mr. Nikhil Bhawsinka Address: FinBox, 3rd & 4th Floor, No, 11, 17th Cross Road, next to Brother Barley, 7th Sector, HSR Layout, Bengaluru, Karnataka 560095, India Email: email@example.com Time: Mon - Sat (10:00 - 19:00)