Privacy Policy

Effective Date: Mar 21, 2023

Your privacy is important to us

CredAvenue Securities Private Limited is located at:

CredAvenue Securities Private Limited

12th Floor, Prestige Polygon No-471, Anna Salai, Nandanam,

Chennai – 600 035, Tamil Nadu, India

It is CredAvenue Securities Private Limited ‘s policy to respect your privacy regarding any information the company may collect while operating our website or application. This Privacy Policy applies to CredAvenue Securities Private Limited (hereinafter, “us”, “we”, “CSPL”, “company” or “”). We respect your privacy and are committed to protecting personally identifiable information you may provide us through the Website or Application. The company has adopted this privacy policy (“Privacy Policy”) to explain what information may be collected on our Website or application, how we use this information, and under what circumstances we may disclose the information to third parties. This Privacy Policy applies only to information we collect through the Website or application and does not apply to our collection of information from other sources.

This Privacy Policy, together with the terms of service posted on our website or application, set forth the general rules and policies governing your use of our website or application. Depending on your activities when visiting our Website or application, you may be required to agree to additional terms of service. This Privacy Policy has been prepared in compliance with:

  • The Information Technology Act, 2000
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
  • Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
  • Guidelines on Digital Lending issued by the Reserve Bank of India (RBI), 2022;
  • Other applicable acts, regulations, and rules requiring the publication of a privacy policy for handling or dealing in personal information, including sensitive personal data or information, as well as all applicable laws, regulations, and guidelines issued by applicable regulatory authorities, including but not limited to the RBI.

This Privacy Policy is incorporated into and at all times is subject to and is to be read in conjunction with the Terms of Use of the platform.


1. Purpose

The Company will follow a risk management approach to developing and implementing Information Security policies, standards, guidelines, and procedures.  The Information Security Program is designed to protect information assets by developing Information Security policies to identify, classify, and define the acceptable use of company information assets.

The Privacy Policy defines Company objectives and principles for securing and protecting personally identifiable information and other information.

The types of personal data may include names, addresses, phone numbers, birthdates, social security numbers, tax identification numbers, national insurance numbers and financial account numbers.

2. Scope

The Policy applies to all employees, contractors, consultants, vendors, clients and stakeholders who access, use or control company resources and provide personal information on the Platform.

3. Consent

You hereby expressly consent to provide the information that may be required in relation to the Services being rendered on the Platform by us. You acknowledge that we shall collect the information detailed under this Privacy Policy to facilitate lending & non-lending services by partnering with various financial lenders, third parties, service providers, etc based on your requirement to avail such services

CredAvenue Securities Private Limited will only be using the information for providing the services to you.

In order to avail any services being provided by the company by itself or in partnership with the lenders or other third parties it is important that YOU READ, UNDERSTAND, ACKNOWLEDGE AND UNCONDITIONALLY AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY.


For the users consenting to continue accessing the platform and avail the services, this Privacy Policy explains our policies and practices regarding the collection, use, deletion, security and disclosure of your provided information.

4. Policy

4.1 Objectives

The Company adheres to legal, regulatory and customer privacy requirements.

The Company collects personally identifiable information when voluntarily submitted by our online and onsite visitors.  The information provided is used to fulfill specific requests unless given permission to use it in another manner.

This privacy policy sets out the rules that the company will follow when processing your personal information to preserve the right to protect your personal data, your privacy, and to ensure that your personal data is not misused. The company will follow this policy for the entire period during which it will process any of your personal information. Your personal data will be processed to provide the services as per the said agreement with the user / client.

ln connection with the services we provide, the Company may collect the following types of information:

Personally Identifiable Information:  Names, addresses, email addresses, phone numbers, driving license, birthdates, GST, Aadhaar number, PAN, tax identification, financial account, passport number, voter ID, national insurance numbers, and company information.

User Communications: When a visitor sends an email or other communication to the Company, these communications may be retained in order to process inquiries, respond to requests, and improve overall services.

The Company reserves the right to collect and process personal information in the course of providing services to our clients without the knowledge of individuals involved. Where the Company collects personal information from individuals within the Indian region, upon request, the Company will inform them about the types of person information collected from them, the purposes for which it was collected, and uses of the information, and the types of non-agent third parties to which the Company discloses that information.

As a general rule, the Company will not disclose personally identifiable information except when the Company is required or permitted per customer agreement, law (including pursuant to national security of law enforcement requirements) or otherwise, such as when the Company believes in good faith that the law requires disclosure or other circumstances outlined in this Privacy Policy require or permit disclosure.

The Company may share information with governmental agencies or other companies assisting in fraud prevention or investigation.  The Company may do so when:

Permitted or required by law

Trying to protect against or prevent actual or potential fraud or unauthorized transactions

Investigating fraud which has already taken place

This information, however, is not provided to these companies for marketing purposes.

Permitted transfers of information, either to third parties or within the Company, include the transfer of information within the India region and shall not be moved out of one jurisdiction to another.

The Company takes reasonable steps to protect personally identifiable information.  To prevent unauthorized access or disclosure of personally identifiable information, maintain data accuracy, and support the appropriate use and confidentiality of personally identifiable information, either for its own purposes or on behalf of our clients, the Company has put in place appropriate physical, technical, and managerial procedures to safeguard and secure the personally identifiable information and data the Company possesses.

Whenever the Company is processing personal data, it will take reasonable steps to keep personal data accurate for the purposes for which they were collected.  It will provide data subjects with the ability to exercise the following rights under the conditions and within the limits set forth in the law.  If you wish to contact us regarding the use of your personal data or want to object in whole or in part to the processing of your personal data, please contact us at the below email address.

The Company complies with the Privacy regulations set forth by India’s Information Technology Act 2000 regarding the collection, use, and retention of personal information.  The Company utilizes a self-assessment approach to support compliance with this Privacy Policy.

The Company periodically verifies that related policies are accurate, comprehensive for the information intended to be covered, prominently displayed, implemented, and are in conformity with the principles of this Privacy Policy.

The Company encourages interested persons to raise any concerns with the Company.  The Company will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Privacy Policy.

If the Company, the Data Protection Authorities, or other qualified government agencies determine that the Company has not complied with this Privacy Policy, the Company shall take appropriate steps to address any adverse effects related to non-compliance and to promote future compliance.

If the Company determines an employee is in violation of this Privacy Policy, that employee will be subject to the Company’s disciplinary process.

In the event that the Company merges, is acquired by or sells its assets to a third-party, the Company may disclose personally identifiable information as is reasonably necessary in connection with any such merger, acquisition or sale.  Any such party with whom the Company merges or who acquires some of all of the assets of the Company may not have the same or similar privacy guidelines as set forth in this Privacy Policy and may use personally identifiable information in a manner other than as set forth herein.

This Privacy Policy shall be reviewed annually and updated as necessary to comply with applicable regulations and laws.

This policy is subject to change as per applicable laws from time to time.

The Company will post any revised Privacy Policy on its website or application, or a similar website that replaces that website.

Information obtained from or relating to clients or former clients is further subject to the terms of any privacy notice provided to the client, any contract or other agreement with the client, and application enforcement laws.

In certain cases, we will be a data controller / data fiduciary in respect of your relationship with us. A data controller / data fiduciary is responsible for deciding how to hold and use personal data about you. We may process your personal data ourselves and do not share with any third parties.

We may provide supplemental privacy notices on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. These supplemental notices should be read together with this Privacy Policy.

The Company will cooperate with the appropriate regulatory authorities, including local data protection regulatory authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved between the Company and an individual.

The Company does not process any child data either directly or indirectly.

Currently, the Company does not transfer any client data out of India’s jurisdictions.

5. Deletion of Your Personal Data

The Company will retain your personal data only for as long as is necessary for the purposes of processing your personal data to provide the services. We may also retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. The company will manually delete the personal data on receipt of request from you or once the requirement to process such data ends, whichever is earlier. However, if you request us to delete any personal data before the requirement to process such data ends, the Company shall not be liable for any monetary loss or any damages, losses etc. whether direct or indirect that you may face for requesting such destruction.

6. Disclosure of Your Personal Data

6.1 Business Transactions – If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

6.2 Law enforcement: Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

In certain cases, in order to provide you with services, we may receive your information from third parties, such as NSDL and payment gateway providers, regarding the verification of your documents and your repayment status.

We will only collect & share your information if it is strictly necessary for the provision of the services. We do not retain the data obtained from these third parties. As part of our outsourcing obligations to our partners, we collect this information, which is transferred directly to them upon collection.

6.3 Other legal requirements – The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation

Protect and defend the rights or property of the Company

Prevent or investigate possible wrongdoing in connection with the Service

Protect against legal liability

6.4 Third Party Vendors – It refers to third-party companies or individuals employed by the Company who processes the data on behalf of the Company to facilitate a service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

A non disclosure agreement (NDA) and/or a data processing agreement (DPA) will be signed with the third-party vendor & the company to make sure the personal data of the client is secured and processed as per the agreement.

7 Security of Your Personal Data

The security of your personal data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While the company strives to use commercially acceptable means to protect your personal data.

8. Policy Enforcement and Compliance

Compliance with the policy is mandatory and CredAvenue Securities Private Limited department managers shall ensure continuous compliance monitoring within their department.  Compliance with the statements of the policy is a matter of periodic review.

Any breach of the policy may constitute a security violation and gives the company the right to conduct disciplinary and / or legal action, up to and including termination of business relationship.

9. Standards of handling security breach

Security Incidents (SI) involve wrongful handling or disclosure of information and can give rise to Data Breaches where personal data is involved. Although this policy concentrates on privacy policy, the policy equally applies to SIs, including containment, investigation, improvements and lessons learned. Any individual who suspects that a theft, breach or exposure of protected data has occurred must immediately provide a description of what occurred via email to compliance(at) The company adhered to the IRP (Incident Response Plan) process while handling the security breach.

10. Document Management

Technological advances and changes in the business requirements will necessitate periodic revisions to documents.  Therefore, this document may be updated to reflect changes or define new or improved requirements as and when required and in compliance with the Information Security Program Charter.

11. Third Parties who can collect your information

We may share your personal information (including Personal Information and Sensitive Personal Information) collected for the following purposes:

Legal Purposes: We may share Your information with law enforcement and other government agencies, courts and other bodies on their legal requests to comply with the law and aid to the ongoing and impending legal proceedings. We may also use your information when it is necessary to investigate, prevent, or take action regarding possible illegal activities or comply with legal processes or comply with any law in force or address threats to the physical safety of any person or safeguard our rights and the rights of users, or the public at large.

Additionally, we may share your information collected on the Platform with:

  • Our employees, agents, and professional advisors working with us for the purposes described in this Privacy Policy; and
  • The associated service providers that provide us services pertaining to protecting and securing our systems, and provide Us other services requiring the processing of information and data collected so as to host your information or data for the proper functioning of the Platform.     

12. Contact Information

If you have any questions about our Privacy Policy, please contact us via email on –

Compliance Team

Board Number : 044-4091 2303

13. Grievance Redressal Mechanism

In case of any grievance, customers can intimate and record their complaints/ grievances for a resolution via:

Address : CredAvenue Securities Private Limited, No.471, 12th Floor, Prestige Polygon, Anna Salai, Nandanam, Chennai – 600035, Tamil Nadu, India