LAST UPDATED ON
23rd August 2024
privacy policy
this privacy policy includes important information about your personal data and we encourage you to read it carefully.
privacy policy
LAST UPDATED ON
23rd August 2024
this privacy policy includes important information about your personal data and we encourage you to read it carefully.

The entities comprising Dreamplug Technologies Private Limited, its subsidiaries and affiliated companies (collectively referred to herein as "the Company," "Dreamplug," "We," "Us," or "CRED"), place paramount importance on safeguarding the privacy and security of your personal information ("Personal Data"). We prioritize the establishment and maintenance of your trust.

This Privacy Policy (“Privacy Policy” or "Policy") outlines the methods and principles governing our collection, use, processing, and disclosure of your Personal Data in connection with your use of our products, services, and our website. Please note that this Policy does not apply to our partners, each of whom may maintain their own privacy policy. In situations where you interact with such partners, we strongly encourage you to review the privacy policy applicable to that particular site, service or interaction.

By using our products, services, and website, you hereby acknowledge that you have read, understood, and agree to the processing of your Personal Data in accordance with the terms of this Privacy Policy and our Terms of Use.

collection of information

Pursuant to this Policy, CRED collects and processes the undermentioned types of information.

A. User Provided information

For utilization of the CRED application, it is a prerequisite for you to share specific data during the registration phase and for your activities on the application. 

For registration purposes, we may collect personal details such as your name, mobile number, email ID, date of birth, and Permanent Account Number (PAN).

For providing certain services, we may require supplementary information, including but not limited to your residential address, financial details, credit score, credit/debit card specifics, and any other officially valid documents (OVDs).

Not sharing the requisite data may lead to certain features being restricted, unavailable, or unusable. For instance, withholding your address would render e-commerce transactions involving delivery impossible to complete.

Where you opt to provide any device permissions such as contact list, photos, camera, location, microphone, SMS, storage, phone calls and NFC, CRED may retrieve, retain and use the data sourced through such device permissions.

You retain the right to revoke the aforementioned access by amending access permissions within your device's settings.

B. Information generated through the use of the CRED application

Through your utilization of our application or website, we gather information such as:

  1. Details pertaining to the services you avail via the CRED application, your interactions with the application, rewards claimed, and transactional details relating to your usage of our services or the services offered through our partners. This encompasses the types of services you request, your chosen method of payment, the amount, and other related transactional and financial data.You will also generate data during your general interaction with CRED, including during customer support instances.
  2. When you access our application or websites, we may log specific information including but not limited to your IP address, browser type, mobile operating system, the manufacturer and model of your mobile device, geolocation, preferred language, access time, and duration of use.

C. Information we collect from third parties

Upon receiving your explicit consent, we may request certain third parties to provide information about you to furnish specific services and authenticate your information.

  1. To verify your eligibility to use the CRED application, you will be asked to provide explicit consent for procuring your credit information from our bureau partners during the onboarding process. Our bureau partners are credit information companies registered under the Credit Information Companies (Regulation) Act 2005.
  2. To access CRED Mint, CRED Cash, or CRED Garage services, it may be necessary to undertake the Know Your Customer (KYC) process, which may entail CRED and its partners procuring your KYC data from one or more KYC registries.
  3. To effectuate a financial transaction, we may disseminate financial information provided by you (such as credit card details, tokens or other payment mode particulars) to authorized third parties, for instance, our business associates, financial institutions, or government authorities involved in the fulfillment of the said transactions.
  4. To access certain CRED Garage services, we may provide your name, phone number, and financial information to our authorised third parties, who may access information about you and your vehicles (such as challan details, insurance details, etc.) from government sources. For detailed terms, please see the terms of use and privacy policy available at www.daspl.co.in.
  5. To assist in login and user verification on third-party applications.

CRED Protect

You can activate ‘CRED Protect’ by linking your email account(s) with your CRED account. If you authorize the linkage and connection of your email account with CRED, we may access the email account to collect certain financial information such as:

  1. credit card bill specifics such as total amount due, minimum amount due and due date, and other financial and transactional information;
  2. details of insurance policies;
  3. details regarding other bills such as utility bills;
  4. other financial details.

Benefits of CRED Protect include but are not limited to:

  1. Consolidating all your credit card information in one place and sending reminders for payment due dates; 
  2. Curating offers and rewards customized for you;
  3. Curating your motor insurance details in one place and sending reminders for renewal dates;
  4. Providing insight into your spending pattern(s) to enhance your financial awareness and assist in making more informed decisions;
  5. Identifying utility billers and insurers/insurance service providers you transact with to retrieve your utility bill and/or insurance details;
  6. Curating specific financial/investment/other products based on your past financial behavior, transactions, and investments.

The Company's access to your email account(s) is facilitated through the email provider's access mechanism. If you authorize the CRED website/app to track your credit card accounts, the CRED website/app will securely store account particulars for each email account, including your sign-in user name and authorization tokens for tracked accounts.

We restrict our email reading to those related to financial services, such as credit card statements, loan statements, bank statements, insurance policies, biller details, etc., and we do not access any personal emails. For clarity, CRED employs automated processes for accessing and analyzing information provided by you, which may involve our algorithm to access a password-protected document utilizing your data.

For further details on how we process emails and the security protocol we follow, please click here.

Your explicit consent is required for us to access one or more of your email accounts. Please note that your consent to any of the above is purely voluntary. You may revoke the access to your email at any time.

We may receive information about you that assists us in identifying fraud and safety issues.

CRED on Whatsapp (CRED Protect)

CRED Protect is designed to build good financial habits by sending timely credit card bill reminders to improve your credit score. When you activate CRED Protect on Whatsapp, we may collect your information including but not limited to mobile number, name, email address, bank name, last 4 digits of your credit card for facilitating credit card bill reminders and fetching your credit score. We might share your data with our trusted third parties in order provide services to you.

utilization of information

The collected information may be utilized, stored, and processed by us to (1) deliver, personalize, measure, and enhance our products and services and (2) establish and sustain a secure and trusted environment on CRED, including compliance with our legal obligations and adherence to our policies.

A. Deliver, Personalize, Measure, and Enhance Services Offered through the CRED application

We may employ your personal data for the execution of the contract of services via the CRED application, in legitimate business interests, and for regulatory compliance purposes.

Your Personal Data will be instrumental in creating and updating your account, delivering services, processing your transactions, and for essential internal functions such as software bug troubleshooting, operational problem resolution, data analysis, testing, research, usage and activity trend monitoring, and analysis. Additionally, we may use your Personal Data to carry out data analytics to improve the user experience, enhance performance, and accomplish desired results. We will pseudonymize/ anonymize your data wherever possible to uphold your privacy.

With your explicit and prior consent, we may use the information generated by your usage of our application, excluding data collected from other sources such as emails, etc., for promotional purposes. This consent is entirely voluntary, and you can opt-out of receiving marketing materials from us at any time by following the unsubscribe instructions provided, indicating your preference when we call you, or directly contacting us. If you wish to remove your contact information from all our lists and newsletters, please click the unsubscribe link provided in the emails or send an email request to support@cred.club.

B. Establish and Maintain a Secure and Trusted Environment on CRED

  1. We may use your Personal Data, generated as a result of payment services availed by you, to ensure compliance of your access and use of payment services with our legal obligations (such as anti-money laundering regulations). We may share such information with our advisors, third-party service partners, and providers to facilitate a seamless user experience.
  2. We may employ this information to detect and prevent fraud, spam, abuse, security incidents, and other harmful activity.
  3. The information we collect (including recordings of customer support calls and chats) may be used to assist you when you contact our customer support services, to investigate and address your queries, and monitor and improve our customer support responses. This information may also be used for staff training, quality assurance, or to retain evidence of a specific transaction or interaction.

C. Disclosure and Sharing of Data with Third Parties

Several CRED products, including but not limited to CRED Cash, CRED Mint, CRED Garage, credit card cross sells, bill payments and reminders, and insurance policies or covers offered through the CRED application, are offered in association with other commercial partners of CRED. When you avail such products or services, any data you provide and the data collected from your use of the application shall be shared with the respective third parties with whom CRED has partnered. Their usage of this data will be governed by their terms and conditions and privacy policy, including sharing with their subcontractors, if any.

In compliance with the law, we may need to disclose your Personal Data to the relevant regulatory authorities.

Subject to your explicit consent, we may disclose certain information created by your use of our application to CRED’s group entities and partners that are not acting as our suppliers or business partners. For clarity, we do not sell or lease such information.

Some of our reward promotions /campaigns /programs/ related events may be co-branded or sponsored by third parties and us. If you opt-in for such reward promotions /campaigns /programs /associated events, please note that your information may be collected and shared with those third parties. We advise familiarizing yourself with their privacy policies to understand how they will handle your information.

We may display targeted or non-targeted third-party online advertisements on the CRED app. We may engage in collaborations with other website/app operators. We encourage you to familiarize yourself with their advertising practices, including the types of information they may collect. No Personal Data is shared with any third-party online advertiser. CRED does not provide any information about your usage of the CRED application to such third party online advertisers.

cookies

Cookies are small blocks of data created by a web server while a user is browsing a website and placed on the user's device.

We utilize cookies to accumulate small fragments of information on designated portions of the application to facilitate analysis of application Services, user engagement, and measurement of promotional effectiveness. Kindly note that specific features offered through the application are only available via a “cookie.”

Cookies are used to reduce the frequency of password entry during a session. Cookies further assist us in obtaining information beneficial for tailoring Services more precisely to your interests. You have the discretion to decline our cookies if your device allows, although this may limit your ability to utilize certain features on the application, and you may need to provide your password more frequently during a session.

security

We adopt reasonable safeguards to protect your personal data from unauthorized access, use and disclosure.

We are committed to preserving the integrity of your Personal Data and maintaining its accuracy. We adopt reasonable physical, administrative, and technical safeguards to protect your Personal Data from unauthorized access, use, and disclosure. For instance, sensitive personal data such as credit card information, is encrypted when transmitted over the internet. Furthermore, we ensure that our commercial partners and vendors safeguard such information. We anonymize or pseudonymize your data wherever feasible to uphold your privacy.

We integrate security measures at multiple levels within our products and employ state-of-the-art technology to ensure robust security measures in our systems. This comprehensive security and privacy design allows us to defend our systems from potential threats. More details regarding this can be found here.

When using the application, you may encounter links to third-party websites/apps not affiliated with CRED. Please note that CRED holds no responsibility for their privacy practices, content of those other websites, or any acts/omissions by such third parties during your transaction with them.

If you are a security enthusiast or researcher and detect a potential security vulnerability within CRED's products, we urge you to responsibly report the issue to us. Kindly submit a detailed bug report, including steps required to reproduce the vulnerability, to us at support@cred.club. We pledge our best efforts to investigate and rectify legitimate issues within a reasonable timeframe while requesting you not to disclose it publicly.

account termination

We provide an option to all our users to delete or terminate their account, as well as reactivating it when required.

We extend an option to all our Users to petition for the deletion of their account via the support section of the CRED application. Upon receiving such a request, all information corresponding to the specific account, including but not limited to profile details, card data, reward specifics, referral data, statement particulars, Google OAuth sessions, will be eradicated.

There might be scenarios where we may not be able to execute account deletion, such as if there exists an outstanding dispute, credit products availed through the CRED application, transactions suspected to be fraudulent, unresolved claims attached to your account. Notwithstanding, upon resolution of the obstruction preventing deletion, the relevant information is promptly deleted and cannot be retrieved thereafter. We may continue to retain certain information if deemed necessary for regulatory compliance, legitimate business interests like fraud prevention, enhancing user safety and security, or to fulfill our legal and contractual obligations.

In addition to this, you have the opportunity to request an account deactivation/archival. This will provisionally inhibit your access to CRED application until you forward a re-activation request to support@cred.club and successfully reactivate your account.

access and queries

We support and encourage all users to contact us for questions, concerns, or suggestions relating to our privacy policy.

Under certain circumstances, you might be able to view or modify your personal data online. If your information is not accessible online, and you desire to procure a copy of specific information you provided to us, or if you become aware of inaccuracies in the data, we encourage you to reach out to us forthwith for correction.

Before we can supply you with any information or rectify any inaccuracies, we may ask you to validate your identity and provide additional details to confirm your identity and facilitate our response to your request. We commit to reaching out to you within 30 days of your request.

For questions, concerns, or suggestions relating to our Privacy Policy, we can be contacted via the details on our "Contact Us" page or at support@cred.club.

retention

Retention of personal data is only for the duration necessary for us to fulfil the purposes mentioned in the privacy policy.

Personal Data will be retained only for the duration necessary to fulfill the purposes elucidated in this Privacy Policy, unless a longer retention period is necessitated by law or for directly related legitimate business purposes. Once the Personal Data is no longer required, it will be disposed of securely.

modifications to privacy policy

CRED reserves the right to alter, modify and amend this policy at any point of time, taking effect immediately after updating.

CRED reserves the right to modify this policy at its discretion from time to time. Any amendments shall take effect immediately upon posting the revised Privacy Policy. We advise you to periodically review this page for the most recent information on our privacy practices. Your usage of the CRED application shall be deemed to be consent to the Privacy Policy as modified from time to time.

compliance

We ensure adherence to industry-standard best practices and applicable controls in line with the required certifications.

Our company is in full compliance with ISO 27701: 2019[4] and 27001:2013 certifications, demonstrating our commitment to maintaining and implementing requisite Privacy and Information Security policies and procedures. We ensure adherence to industry-standard best practices and applicable controls in line with these certifications.

We have successfully satisfied the "Data Localization" stipulations as per the guidelines prescribed by the Reserve Bank of India (RBI), ensuring that all payment data is securely stored within the territorial limits of India.

Our usage of information received from Google APIs will comply with the Google API Services User Data Policy, encompassing the requirements for Limited Use.

grievance redressal officer

In the event of any grievance pertaining to our privacy policy or practices involving the usage of data, the Grievance Redressal Officer may be contacted.

for any concerns regarding your experience with CRED, reach out to us via our support channels here. if your issue remains unresolved, you can escalate it to our grievance officer (Mr. Atul Patro) by clicking here.

Section A. CREDIT PRODUCTS

This section pertains solely to users who avail of the services of CRED Cash and/or CRED Flash facilitated through the CRED application. The CRED application operates as a digital lending application (DLA) with CRED functioning as a lending service provider (LSP) to diverse banks and non-banking financial companies (Lenders). This facilitates users' access to personal loans or similar products from the Lenders (Credit Products). A comprehensive list of lenders is available at cred.club/terms. Be advised that, in addition to this privacy policy, you may be subject to the privacy policies of the Lenders as well as other obligations stipulated in the loan documents.

A. Data Collection and Usage

  1. As a constituent of the Credit Product application process, CRED may share data you have previously provided with the Lender(s) and / or certain insurers (if you avail of insurance with your Credit Product). Additional information may be required during the application process. Information specifically provided to access Credit Products or generated upon successful receipt of credit from the Lenders will be retained to the extent required by CRED to fulfill its obligations.
  2. Pertaining to the information specifically provided during the Credit Product application process, CRED and the lender shall collectively decide and adhere to a clear policy guideline regarding the storage of customer data, including data type, storage duration, data usage restrictions, data destruction protocol, security breach handling standards, and more.
  3. CRED will not collect or store biometric data within the CRED application.
  4. CRED application will not access mobile phone resources such as files and media, contact lists, call logs, telephony functions, etc., in relation to the Credit Products or as part of its role as a DLA/LSP. However, with your explicit prior consent, CRED may seek one-time access to facilities like the camera, microphone, location, or any other necessity for onboarding/KYC requirements in connection with Credit Products.

B. Data Storage

All data will be housed in servers located within India.

C. Access Revocation and Data Deletion

You may revoke access to various access permissions such as contacts permission and SMS permission via your mobile operating system's app settings or similar functions. You may also request deletion of your data in accordance with the account termination section as set out above. However, CRED as LSP and the Lenders may still retain data as required by applicable law, to the extent that any amounts are outstanding under any Credit Products or till the time approved in-principle credit limit is available to You, or to the extent any fraud or fraudulent transactions are suspected in connection with the Credit Products.

D. Data Sharing

  1. CRED uses the following sub-contractors/technology service providers to offer Credit Products. Some of your data/data concerning Credit Products may be shared with these entities and/or stored in their systems:

i. Amazon Web Services (Indian servers)

ii. Khosla Labs Private Limited

iii. Dreamplug Paytech Solutions Private Limited

iv. Razorpay Software Private Limited

v. Cashfree Payment India Private Limited

vi. Hyperverge Technologies Private Limited

vii. Ozonetel Communication Private Limited

viii. Sumeru Enterprise Tiger Business Solutions Private Limited

2. As an LSP, CRED provides the Lender's collections/recovery services. To perform this function, if any amount is overdue with respect to any Credit Product, your data may be shared with the following sub-contractors, who may contact you for debt counseling and to encourage repayment of outstanding amounts:

i. Samavesh Marketing India Private Limited

ii. One Point One Solutions Limited

iii. ICollect India Private Limited

iv. Cimmons Integrated Services Private Limited

v. Procollect Services Private Limited

vi. SES Financials

vii. Treline Advisory Private Limited

viii. Captris Management Services LLP

ix. Swaraj Associates

x. Synergy Consultants

xi. Credit Solution

xii. Catch Sevices Inc

xiii. Shrey Associates

xiv. The One Associate

xv. Debt Care Enterprise Private Limited

xvi. Cedar Business Solution

xvii. Citi Enterprises

xviii. Om Sai Enterprises

xix. Rajpurohit Corporate Services

xx. Adwaith Associates

xxi. RMS Financial Services

xxii. Visesh Credit Services

xxiii. Kay Financial Services

xxiv. Srinithya Financial Services

xxv. White Stone

xxvi. Sristhi Capital Private Limited

xxvii. Horizon Enterprises

xxviii. SPCR Consulting and Management Services

xxix. IG Techserv Private Limited

xxx. DigiBhoomi

xxxi. Buzzworks Business Services Private Limited

3. When you utilize Credit Products to execute payments to merchants, relevant transaction data may be shared and stored by the pertinent payment aggregators and/or the merchants.

4. When you avail insurance, your Personal Data and financial data may be shared with insurers, and it may be necessary to undertake the Know Your Customer (KYC) process for availing insurance.

ISSUED IN MEMBER INTEREST BY CRED
2024
ISSUED IN MEMBER INTEREST BY CRED • 2024