The entities comprising Dreamplug Technologies Private Limited, its subsidiaries and affiliated companies (collectively referred to herein as "the Company," "Dreamplug," "We," "Us," or "CRED"), place paramount importance on safeguarding the privacy and security of your personal information ("Personal Data"). We prioritize the establishment and maintenance of your trust.
This Privacy Policy (“Privacy Policy” or "Policy") outlines the methods and principles governing our collection, use, processing, and disclosure of your Personal Data in connection with your use of our products, services, and our website. Please note that this Policy does not apply to our partners, each of whom may maintain their own privacy policy. In situations where you interact with such partners, we strongly encourage you to review the privacy policy applicable to that particular site, service or interaction.
Pursuant to this Policy, CRED collects and processes the undermentioned types of information.
For utilization of the CRED application, it is a prerequisite for you to share specific data during the registration phase and for your activities on the application.
For registration purposes, we may collect personal details such as your name, mobile number, email ID, date of birth, and Permanent Account Number (PAN).
For providing certain services, we may require supplementary information, including but not limited to your residential address, financial details, credit score, credit/debit card specifics, and any other officially valid documents (OVDs).
Not sharing the requisite data may lead to certain features being restricted, unavailable, or unusable. For instance, withholding your address would render e-commerce transactions involving delivery impossible to complete.
Where you opt to provide any device permissions such as contact list, photos, camera, location, microphone, SMS, storage, phone calls and NFC, CRED may retrieve, retain and use the data sourced through such device permissions.
You retain the right to revoke the aforementioned access by amending access permissions within your device's settings.
Through your utilization of our application or website, we gather information such as:
Upon receiving your explicit consent, we may request certain third parties to provide information about you to furnish specific services and authenticate your information:
You can activate ‘CRED Protect’ by linking your email account(s) with your CRED account. If you authorize the linkage and connection of your email account with CRED, we may access the email account to collect certain financial information such as:
The Company's access to your email account(s) is facilitated through the email provider's access mechanism. If you authorize the CRED website/app to track your credit card accounts, the CRED website/app will securely store account particulars for each email account, including your sign-in user name and authorization tokens for tracked accounts.
We restrict our email reading to those related to financial services, such as credit card statements, loan statements, bank statements, insurance policies, biller details, etc., and we do not access any personal emails. For clarity, CRED employs automated processes for accessing and analyzing information provided by you, which may involve our algorithm to access a password-protected document utilizing your data.
For further details on how we process emails and the security protocol we follow, please click here.
Your explicit consent is required for us to access one or more of your email accounts. Please note that your consent to any of the above is purely voluntary. You may revoke the access to your email at any time.
We may receive information about you that assists us in identifying fraud and safety issues.
CRED Protect is designed to build good financial habits by sending timely credit card bill reminders to improve your credit score. When you activate CRED Protect on Whatsapp, we may collect your information including but not limited to mobile number, name, email address, bank name, last 4 digits of your credit card for facilitating credit card bill reminders and fetching your credit score. We might share your data with our trusted third parties in order provide services to you.
The collected information may be utilized, stored, and processed by us to (1) deliver, personalize, measure, and enhance our products and services and (2) establish and sustain a secure and trusted environment on CRED, including compliance with our legal obligations and adherence to our policies.
We may employ your personal data for the execution of the contract of services via the CRED application, in legitimate business interests, and for regulatory compliance purposes.
Your Personal Data will be instrumental in creating and updating your account, delivering services, processing your transactions, and for essential internal functions such as software bug troubleshooting, operational problem resolution, data analysis, testing, research, usage and activity trend monitoring, and analysis. Additionally, we may use your Personal Data to carry out data analytics to improve the user experience, enhance performance, and accomplish desired results. We will pseudonymize/ anonymize your data wherever possible to uphold your privacy.
With your explicit and prior consent, we may use the information generated by your usage of our application, excluding data collected from other sources such as emails, etc., for promotional purposes. This consent is entirely voluntary, and you can opt-out of receiving marketing materials from us at any time by following the unsubscribe instructions provided, indicating your preference when we call you, or directly contacting us. If you wish to remove your contact information from all our lists and newsletters, please click the unsubscribe link provided in the emails or send an email request to support@cred.club.
Several CRED products, including but not limited to CRED Wallet, CRED Cash, CRED Mint, CRED Garage, credit card cross sells, bill payments and reminders, and insurance policies or covers offered through the CRED application, are offered in association with other commercial partners of CRED. When you avail such products or services, any data you provide and the data collected from your use of the application shall be shared with the respective third parties with whom CRED has partnered. Their usage of this data will be governed by their terms and conditions and privacy policy, including sharing with their subcontractors, if any.
In compliance with the law, we may need to disclose your Personal Data to the relevant regulatory authorities.
Subject to your explicit consent, we may disclose certain information created by your use of our application to CRED’s group entities and partners that are not acting as our suppliers or business partners. For clarity, we do not sell or lease such information.
Some of our reward promotions /campaigns /programs/ related events may be co-branded or sponsored by third parties and us. If you opt-in for such reward promotions /campaigns /programs /associated events, please note that your information may be collected and shared with those third parties. We advise familiarizing yourself with their privacy policies to understand how they will handle your information.
We may display targeted or non-targeted third-party online advertisements on the CRED app. We may engage in collaborations with other website/app operators. We encourage you to familiarize yourself with their advertising practices, including the types of information they may collect. No Personal Data is shared with any third-party online advertiser. CRED does not provide any information about your usage of the CRED application to such third party online advertisers.
Cookies are small blocks of data created by a web server while a user is browsing a website and placed on the user's device.
We utilize cookies to accumulate small fragments of information on designated portions of the application to facilitate analysis of application Services, user engagement, and measurement of promotional effectiveness. Kindly note that specific features offered through the application are only available via a “cookie.”
Cookies are used to reduce the frequency of password entry during a session. Cookies further assist us in obtaining information beneficial for tailoring Services more precisely to your interests. You have the discretion to decline our cookies if your device allows, although this may limit your ability to utilize certain features on the application, and you may need to provide your password more frequently during a session.
We adopt reasonable safeguards to protect your personal data from unauthorized access, use and disclosure.
We are committed to preserving the integrity of your Personal Data and maintaining its accuracy. We adopt reasonable physical, administrative, and technical safeguards to protect your Personal Data from unauthorized access, use, and disclosure. For instance, sensitive personal data such as credit card information, is encrypted when transmitted over the internet. Furthermore, we ensure that our commercial partners and vendors safeguard such information. We anonymize or pseudonymize your data wherever feasible to uphold your privacy.
We integrate security measures at multiple levels within our products and employ state-of-the-art technology to ensure robust security measures in our systems. This comprehensive security and privacy design allows us to defend our systems from potential threats. More details regarding this can be found here.
When using the application, you may encounter links to third-party websites/apps not affiliated with CRED. Please note that CRED holds no responsibility for their privacy practices, content of those other websites, or any acts/omissions by such third parties during your transaction with them.
If you are a security enthusiast or researcher and detect a potential security vulnerability within CRED's products, we urge you to responsibly report the issue to us. Kindly submit a detailed bug report, including steps required to reproduce the vulnerability, to us at support@cred.club. We pledge our best efforts to investigate and rectify legitimate issues within a reasonable timeframe while requesting you not to disclose it publicly.
We provide an option to all our users to delete or terminate their account, as well as reactivating it when required.
We extend an option to all our Users to petition for the deletion of their account via the support section of the CRED application. Upon receiving such a request, all information corresponding to the specific account, including but not limited to profile details, card data, reward specifics, referral data, statement particulars, Google OAuth sessions, will be eradicated.
There might be scenarios where we may not be able to execute account deletion, such as if there exists an outstanding dispute, credit products availed through the CRED application, transactions suspected to be fraudulent, unresolved claims attached to your account, outstanding balance in your CRED Wallet, outstanding loan from CRED Cash, etc. Notwithstanding, upon resolution of the obstruction preventing deletion, the relevant information is promptly deleted and cannot be retrieved thereafter. We may continue to retain certain information if deemed necessary for regulatory compliance, legitimate business interests like fraud prevention, enhancing user safety and security, or to fulfill our legal and contractual obligations.
In addition to this, you have the opportunity to request an account deactivation/archival. This will provisionally inhibit your access to CRED application until you forward a re-activation request to support@cred.club and successfully reactivate your account.
We support and encourage all users to contact us for questions, concerns, or suggestions relating to our privacy policy.
Under certain circumstances, you might be able to view or modify your personal data online. If your information is not accessible online, and you desire to procure a copy of specific information you provided to us, or if you become aware of inaccuracies in the data, we encourage you to reach out to us forthwith for correction.
Before we can supply you with any information or rectify any inaccuracies, we may ask you to validate your identity and provide additional details to confirm your identity and facilitate our response to your request. We commit to reaching out to you within 30 days of your request.
For questions, concerns, or suggestions relating to our Privacy Policy, we can be contacted via the details on our "Contact Us" page or at support@cred.club.
Retention of personal data is only for the duration necessary for us to fulfil the purposes mentioned in the privacy policy.
Personal Data will be retained only for the duration necessary to fulfill the purposes elucidated in this Privacy Policy, unless a longer retention period is necessitated by law or for directly related legitimate business purposes. Once the Personal Data is no longer required, it will be disposed of securely.
CRED reserves the right to alter, modify and amend this policy at any point of time, taking effect immediately after updating.
CRED reserves the right to modify this policy at its discretion from time to time. Any amendments shall take effect immediately upon posting the revised Privacy Policy. We advise you to periodically review this page for the most recent information on our privacy practices. Your usage of the CRED application shall be deemed to be consent to the Privacy Policy as modified from time to time.
We ensure adherence to industry-standard best practices and applicable controls in line with the required certifications.
Our company is in full compliance with ISO 27701: 2019[4] and 27001:2013 certifications, demonstrating our commitment to maintaining and implementing requisite Privacy and Information Security policies and procedures. We ensure adherence to industry-standard best practices and applicable controls in line with these certifications.
We have successfully satisfied the "Data Localization" stipulations as per the guidelines prescribed by the Reserve Bank of India (RBI), ensuring that all payment data is securely stored within the territorial limits of India.
Our usage of information received from Google APIs will comply with the Google API Services User Data Policy, encompassing the requirements for Limited Use.
In the event of any grievance pertaining to our privacy policy or practices involving the usage of data, the Grievance Redressal Officer may be contacted.
for any concerns regarding your experience with CRED, reach out to us via our support channels here. if your issue remains unresolved, you can escalate it to our grievance officer (Mr. Atul Patro) by clicking here.
This section pertains solely to users who avail of the services of CRED Cash and/or CRED Flash facilitated through the CRED application. The CRED application operates as a digital lending application (DLA) with CRED functioning as a lending service provider (LSP) to diverse banks and non-banking financial companies (Lenders). This facilitates users' access to personal loans or similar products from the Lenders (Credit Products). A comprehensive list of lenders is available at cred.club/terms. Be advised that, in addition to this privacy policy, you may be subject to the privacy policies of the Lenders as well as other obligations stipulated in the loan documents.
All data will be housed in servers located within India.
You may revoke access to various access permissions such as contacts permission and SMS permission via your mobile operating system's app settings or similar functions. You may also request deletion of your data in accordance with the account termination section as set out above. However, CRED as LSP and the Lenders may still retain data as required by applicable law, to the extent that any amounts are outstanding under any Credit Products or till the time the loan offer is available to You, or to the extent any fraud or fraudulent transactions are suspected in connection with the Credit Products.
i. Amazon Web Services (Indian servers)
ii. Khosla Labs Private Limited
iii. Dreamplug Paytech Solutions Private Limited
iv. Razorpay Software Private Limited
v. Cashfree Payment India Private Limited
vi. Hyperverge Technologies Private Limited
vii. Ozonetel Communication Private Limited
viii. Sumeru Enterprise Tiger Business Solutions Private Limited
2. As an LSP, CRED provides the Lender's collections/recovery services. To perform this function, if any amount is overdue with respect to any Credit Product, your data may be shared with the following sub-contractors, who may contact you for debt counseling and to encourage repayment of outstanding amounts:
i. Samavesh Marketing India Private Limited
ii. One Point One Solutions Limited
iii. ICollect India Private Limited
iv. Cimmons Integrated Services Private Limited
v. Procollect Services Private Limited
vi. SES Financials
vii. Treline Advisory Private Limited
viii. Captris Management Services LLP
ix. Swaraj Associates
x. Synergy Consultants
xi. Credit Solution
xii. Catch Sevices Inc
xiii. Shrey Associates
xiv. The One Associate
xv. Debt Care Enterprise Private Limited
xvi. Cedar Business Solution
xvii. Citi Enterprises
xviii. Om Sai Enterprises
xix. Rajpurohit Corporate Services
xx. Adwaith Associates
xxi. RMS Financial Services
xxii. Visesh Credit Services
xxiii. Kay Financial Services
xxiv. Srinithya Financial Services
xxv. White Stone
xxvi. Sristhi Capital Private Limited
xxvii. Horizon Enterprises
xxviii. SPCR Consulting and Management Services
xxix. IG Techserv Private Limited
xxx. DigiBhoomi
xxxi. Buzzworks Business Services Private Limited
3. When you utilize Credit Products to execute payments to merchants, relevant transaction data may be shared and stored by the pertinent payment aggregators and/or the merchants.
4. When you avail insurance, your Personal Data and financial data may be shared with insurers, and it may be necessary to undertake the Know Your Customer (KYC) process for availing insurance.