Privacy Policy

1. Collection of Information

1. Information you provide to us

We collect Personal Information from you when you access or use the Platform, apply for or avail any products or services offered by AFPL, or otherwise interact with us in connection with such products or services. Such Personal Information may include, without limitation, your name, mobile number, email address, Permanent Account Number (PAN), date of birth, gender, photograph, signature, address and address proof, income and employment details, nominee details, bank account details, and other information provided by you while using the Platform or availing our products or services.

Where required or permitted under applicable law, and subject to your consent, we may also collect Aadhaar and related identity information, details relating to your residency or tax status, declarations regarding politically exposed person status, and undertake video-based or photo-based verification, for the purposes of identity verification, regulatory compliance, credit assessment, fraud prevention, and providing our products and services.

2. Information collected from official sources and third parties

To the extent permitted under applicable law, we may collect or retrieve certain Personal Information from official sources and third parties, including:

    • records available with the Central KYC Records Registry (CKYCR) and KYC Registration Agencies (KRAs);

    • credit information companies and other authorised data sources;

    • banks, payment systems, and financial institutions; and

    • service providers engaged by AFPL for onboarding, verification, compliance, or operational support.

Such information may include KYC details, KYC status, identification and address information, credit information, and other related records required for regulatory, risk management, or operational purposes.

3. Device, usage, and technical information

When you access or use the Platform, we may automatically collect certain information relating to your device and usage, including internet protocol (IP) address, device identifiers, operating system, browser type, language settings, access timestamps, pages viewed, and similar technical or usage information. This information is used to operate the Platform, enhance security, improve user experience, and diagnose technical issues.

Where you permit access, we may also collect limited location-related information derived from your device or IP address. You may withdraw such permissions through your device settings; however, this may affect the availability or functionality of certain features of the Platform.

4. Cookies and similar technologies

We may use cookies and similar technologies to collect information about your interactions with the Platform, such as session information, preferences, and usage patterns. Cookies help us understand how the Platform is used, improve its functionality, and enhance security.

You may control or disable cookies through your browser or device settings. Please note that disabling cookies may limit your ability to access or use certain features of the Platform.

5. Communications and support information

If you contact us, provide feedback, raise queries or grievances, or otherwise communicate with us through email, telephone, chat, or other channels, we may collect and retain such communications and related information to respond to you, provide customer support, resolve disputes, and comply with legal or regulatory requirements.

6. Accuracy and voluntary disclosure

You acknowledge that the Personal Information provided by you is shared voluntarily and that you are responsible for ensuring that such information is accurate, complete, and kept up to date. We may rely on the Personal Information provided by you or obtained from authorised sources for the purposes described in this Privacy Policy.

7. Lien marking

We may obtain information from you pertaining to your mutual fund and/or securities holdings to enable you to access the Loan Products. We may also obtain any other incidental information in this regard, that may help us provide you with the Loan Products.

2. Use of Information

AFPL uses the Personal Information collected from you for the following purposes:

1. Provision of products and services

To process applications, assess eligibility and creditworthiness, onboard customers, provide and service products and services, manage customer accounts, and carry out related operational activities.

2. Identity verification and regulatory compliance

To verify your identity, conduct know-your-customer (KYC) checks, comply with applicable laws and regulatory requirements, respond to lawful requests from regulators or authorities, and meet audit, reporting, and compliance obligations.

3. Risk management and fraud prevention

To prevent, detect, investigate, and mitigate fraud, unauthorised activities, security incidents, and other suspicious or prohibited activities, and to protect the interests of AFPL and its customers.

4. Payments and transaction processing

To facilitate payments, disbursements, repayments, mandates, and other financial transactions in connection with our products and services.

5. Customer support and communications

To communicate with you regarding applications, accounts, transactions, queries, grievances, service-related updates, and important notices relating to our products, services, or this Privacy Policy.

6. Improvement and analytics

To analyse usage patterns, conduct internal research and analytics, improve the Platform, enhance user experience, develop new features or offerings, and optimise products and services, in a manner consistent with applicable law.

7.Marketing and promotional communications

To send information about products, services, offers, or updates, where permitted under applicable law and subject to your consent or opt-out preferences, as applicable.

8. Enforcement and protection of rights

To enforce applicable terms and conditions, protect legal rights, resolve disputes, and take appropriate action in connection with misuse of the Platform or violation of applicable Terms.

9. Other lawful purposes

For any other purpose for which you have provided consent, or which is otherwise permitted or required under applicable law.

3. Sharing of Information

AFPL may share your Personal Information with third parties only in the manner and for the purposes described below, and in accordance with applicable law:

1. Service providers and vendors

We may share Personal Information with third-party service providers, vendors, consultants, and professional advisors engaged by AFPL to support onboarding, identity verification, KYC and AML compliance, credit assessment, payment processing, customer support, data analytics, information technology, audit, or other operational activities. Such entities are contractually obligated to process Personal Information only on AFPL’s instructions and to maintain appropriate confidentiality and security safeguards.

2. Financial institutions and payment systems

We may share Personal Information with banks, payment system operators, and other financial institutions to facilitate disbursements, repayments, mandates, settlements, and other transactions relating to our products and services.

3. Credit information companies and official registries

We may share or retrieve Personal Information with credit information companies, the Central KYC Records Registry (CKYCR), KYC Registration Agencies (KRAs), and other authorised repositories or registries, as required or permitted under applicable law.

4. Regulators, authorities, and legal disclosures

We may disclose Personal Information where required to do so by applicable law, regulation, court order, or lawful request from a regulatory, governmental, judicial, or statutory authority, or where disclosure is necessary to exercise or protect the rights, property, or safety of AFPL, our customers, or others.

5. Fraud prevention and risk management

We may share Personal Information with third parties for the purposes of fraud detection, prevention, investigation, security monitoring, and risk management, including to prevent unauthorised or unlawful activities.

6. Marketing and communications partners

Where permitted under applicable law and subject to your consent or opt-out preferences, we may share limited Personal Information with service providers engaged to assist with communications, outreach, or marketing initiatives relating to AFPL’s products or services.

7. Corporate transactions

We may share or transfer Personal Information in connection with any merger, amalgamation, reorganisation, acquisition, sale of assets, or transfer of business, provided that such recipient agrees to process the Personal Information in a manner consistent with applicable law and this Privacy Policy.

Where Personal Information is processed by service providers or counterparties located outside India, AFPL will ensure that such processing is undertaken in accordance with applicable law, including applicable data localisation requirements, and subject to appropriate contractual, technical, and organisational safeguards.

AFPL does not sell your Personal Information to third parties. We do not permit third parties to use Personal Information shared with them for their own independent marketing purposes without your explicit consent.

8. Group companies

We may share your information with our group companies to comply with applicable laws on money laundering and terror financing.

4. Security Precautions and Measures

AFPL implements reasonable technical, administrative, and organisational safeguards to protect the Personal Information under its control from unauthorised access, disclosure, alteration, loss, or destruction, in accordance with applicable law, regulatory requirements, and industry-recognised security practices.

Such safeguards include, as appropriate:

    • access controls, authentication mechanisms, and role-based access restrictions designed to limit access to Personal Information on a need-to-know basis;

    • encryption and other protective measures for Personal Information during transmission and storage, where appropriate;

    • monitoring, logging, and audit mechanisms to detect and respond to unauthorised access, security incidents, or anomalous activity;

    • processes for vulnerability management, system updates, and security testing, commensurate with the nature and sensitivity of the Personal Information processed; and

    • periodic review and enhancement of security practices to address evolving risks, threats, and regulatory expectations.

Access to Personal Information is restricted to employees, agents, and service providers who have a legitimate business need to access such information for the purposes described in this Privacy Policy and who are subject to appropriate confidentiality, information security, and data protection obligations.

AFPL also requires its third-party service providers that process Personal Information on its behalf to implement reasonable security safeguards and to process such information only in accordance with AFPL’s instructions and applicable law.

AFPL’s information security practices are designed having regard to regulatory guidance applicable to non-banking financial companies and the nature, scale, and complexity of its operations.

While AFPL takes reasonable measures to protect Personal Information, no method of transmission over the internet or method of electronic storage is completely secure. Accordingly, AFPL does not guarantee absolute security of Personal Information and cannot ensure or warrant that such information will not be accessed, disclosed, altered, or destroyed due to factors beyond its reasonable control.

You are responsible for maintaining the confidentiality of any credentials, passwords, or authentication details associated with your use of the Platform and should notify AFPL promptly if you become aware of any unauthorised access to or use of your account or Personal Information.

5. Your Rights

Subject to applicable law, you have the following rights in relation to the Personal Information processed by AFPL:

1. Right to access

You may request access to the Personal Information processed by AFPL about you. This may include a summary of the categories of Personal Information being processed, the purposes of such processing, and the categories of third parties with whom such Personal Information has been shared.

2. Right to correction and updating

You have the right to request correction of inaccurate or incomplete Personal Information and to request that your Personal Information be updated where it is no longer accurate or up to date.

3. Right to erasure

You may request the deletion or erasure of your Personal Information where such information is no longer required for the purposes for which it was collected, or where processing is otherwise not required under applicable law. Please note that AFPL may be required to retain certain Personal Information to comply with legal or regulatory obligations, resolve disputes, or enforce its rights.

4. Right to withdraw consent

Where processing of your Personal Information is based on your consent, you may withdraw such consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to such withdrawal. Please note that withdrawal of consent may affect your ability to access or use certain products, services, or features of the Platform.

5. Right to nominate

You have the right to nominate another individual who shall, in the event of your death or incapacity, exercise your rights under this Privacy Policy, in accordance with applicable law.

6. Exercise of rights

You may exercise your rights under this section by contacting AFPL using the contact details provided in the Grievance Officer / Contact Us section of this Privacy Policy. AFPL will respond to such requests in accordance with applicable law.

6. Data Retention and Data Destruction

AFPL retains Personal Information only for as long as is reasonably necessary to fulfil the purposes for which it was collected and processed, including to provide and service its products and services, comply with applicable laws and regulatory requirements, maintain records for audit and compliance purposes, respond to audits or investigations, resolve disputes or proceedings, enforce its rights, and prevent fraud or misuse of the Platform.

The retention period for different categories of Personal Information may vary depending on the nature of the information, the purpose for which it is processed, and applicable legal or regulatory obligations. Where retention is required under applicable law or regulatory guidance, AFPL will retain such Personal Information for the period mandated under such requirements.

Once Personal Information is no longer required for the purposes described above and is not required to be retained under applicable law, AFPL will take reasonable steps to delete, anonymise, or securely destroy such Personal Information in accordance with its internal policies and applicable legal requirements.

7. Links to Third-Party Websites and Services

The Platform may contain links to third-party websites, applications, or services that are not owned or controlled by AFPL (“Third-Party Services”). These Third-Party Services are governed by their own terms and privacy policies, and AFPL does not control or assume responsibility for the content, privacy practices, or data handling practices of such Third-Party Services.

Any Personal Information you provide to or through Third-Party Services will be governed by the privacy policies of such third parties. We encourage you to review the applicable privacy policies of Third-Party Services before providing any information to them. AFPL is not responsible for any loss, damage, or unauthorised use of Personal Information arising from your interaction with Third-Party Services.

8. Minors

The Platform and AFPL’s products and services are not intended for use by individuals below 18 years of age. AFPL does not knowingly collect Personal Information from individuals below 18 years of age. If you believe that Personal Information relating to a minor has been inadvertently collected, please contact AFPL using the details provided in this Privacy Policy.

9. Withdrawal of Consent

Where the processing of your Personal Information is based on your consent, you may withdraw such consent at any time by contacting AFPL using the details provided in the Grievance Officer / Contact Information section below or through such other mechanisms as may be made available on the Platform.

Please note that withdrawal of consent will not affect the lawfulness of any processing carried out prior to such withdrawal. Further, withdrawal of consent may result in AFPL being unable to provide certain products, services, or features of the Platform, and may require discontinuation of your access to such products or services, to the extent permitted under applicable law.

10. Changes to this Privacy Policy

AFPL may update or modify this Privacy Policy from time to time to reflect changes in its practices, legal or regulatory requirements, or for other operational reasons. Any updates to this Privacy Policy will be made available on the Platform and will be effective from the date indicated as the “Last Updated” date.

Your continued access to or use of the Platform or AFPL’s products or services after such updates shall be deemed to constitute your acknowledgement of the updated Privacy Policy, to the extent permitted under applicable law.

11. Grievance Officer and Contact Information

In accordance with applicable law, AFPL has appointed a grievance officer to address any questions, concerns, or grievances relating to this Privacy Policy or the processing of Personal Information.

Grievance Officer: Vedika Mundhra

Email: grievance@angelonecredit.in

Address: 601, 6th Floor, Ackruti Star, Central Road, MIDC, Andheri East, Mumbai – 400093

AFPL will endeavour to respond to grievances or requests within such timelines as may be prescribed under applicable law.

12. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the manner in which your Personal Information is processed by AFPL, you may contact us using the details set out above.