Compare offers from regulated banks, NBFCs and insurers with secure assisted applications.
How Fintaraa collects, uses, shares, and safeguards your information while delivering loan, credit, and insurance journeys.
Effective status
Updated: 01 Mar 2025
Maintained for customers, applicants, borrowers, insured members, partners, and support teams working through Fintaraa.
We collect only what is needed to verify identity, assess eligibility, and present relevant offers; sensitive data is encrypted and minimised.
Sharing occurs strictly with regulated partners, processors, and support vendors bound by confidentiality and security controls.
You can access, correct, withdraw marketing consent, and request deletion subject to legal retention requirements and outstanding obligations.
We gather identifiers (name, address, contact), device signals, demographic information, employment details, declared income, liabilities, bureau data, repayment behaviour, geolocation (when permitted), and documents such as PAN, Aadhaar masked copies, bank statements, salary slips, GST filings, or utility bills. We also collect interaction data, screens viewed, buttons tapped, and session timestamps, to improve journey performance, detect anomalies, and design fair offers.
Data powers onboarding, KYC, bureau checks, risk scoring, eligibility models, offer personalisation, fraud monitoring, communication, and customer support. Aggregated or anonymised data informs product design and operational performance. We avoid intrusive profiling; automated decisions are combined with explainable factors and, where required, manual review by partners. Your information is never sold; monetisation occurs through partner facilitation fees and anonymised insights that do not identify you.
We rely on explicit consent for bureau pulls, KYC, and marketing; contractual necessity for servicing and repayments; and legitimate interest for security, fraud prevention, and product improvement. You can withdraw marketing consent anytime via in-app controls or by emailing support. Withdrawing consent for core services may limit or end access if it prevents verification, underwriting, or servicing obligations required by law.
Information is shared with banks, NBFCs, insurers, payment gateways, e-sign providers, credit bureaus, analytics vendors, and customer support partners strictly on a need-to-know basis. Every partner is bound by confidentiality, data protection clauses, and regulator-mandated security standards. We prohibit downstream reuse beyond agreed purposes and conduct periodic vendor assessments to validate controls.
We apply encryption in transit (TLS) and at rest, segregate production environments, enforce role-based access, rotate keys, and maintain audit trails. Background checks for staff, least-privilege access, device compliance, and secure coding standards reduce operational risk. Penetration tests, vulnerability assessments, and incident response runbooks are executed regularly with post-incident communication protocols.
Session cookies and mobile SDKs capture performance metrics, crash diagnostics, attribution data, and optional geolocation to detect fraud or pre-fill city and branch details. You can disable location access through device settings; essential telemetry for security and availability may still be captured to protect the service. We avoid invasive tracking and do not permit behavioural advertising inside regulated journeys.
Retention aligns with legal mandates, partner contracts, and dispute windows. KYC artefacts, repayment records, and consent logs may be stored for several years to satisfy regulatory or audit requirements. When retention expires, data is securely deleted or anonymised. You may request deletion of marketing profiles or unlinked telemetry where laws allow; we will confirm actions and limitations transparently.
You may access and correct personal information, update contact details, change consent preferences, object to marketing, and request clarification of automated decisions. Verification may be required before fulfilling requests. Responses are provided within reasonable timelines; if we need more time due to complexity, we will inform you with reasons and expected dates.
Data is stored in India unless a specialised processor with equivalent safeguards is engaged. If cross-border processing is required, for example, for analytics or secure back-ups, we use contractual clauses, encryption, and access restrictions to maintain protection standards consistent with Indian law and global best practices.
Our services are built for adults who can legally contract. We do not knowingly collect data from minors. If we learn a minor has submitted information, we will delete it except where retention is required for fraud prevention or legal defence. Caregivers seeking removal can contact our grievance officer.
We refine this policy as regulations evolve or new features launch. Material changes will be highlighted in-app and via email where available. Continued use after publication signifies acceptance of updates. You are encouraged to review the effective date and summary of changes presented at the top of the policy.
For privacy questions or data rights, write to support@fintaraa.com. Unresolved concerns may be escalated to the grievance officer listed below or to relevant authorities where applicable. We will collaborate with partners to address cross-entity requests and provide clear closure notes.
For questions about this document, consent, data rights, partner responsibilities, or grievance escalation, contact the Fintaraa support desk.