Last updated on February 21st, 2021
We at the CRED group i.e. Dreamplug Technologies Private Limited and its subsidiaries, (“the Company/Dreamplug/We/Us/CRED”) are committed to protecting the privacy and security of your personal information. Your privacy is important to us and maintaining your trust is paramount.
The following information is collected by or on behalf of CRED
When you start using the App Services, we ask you to provide certain information as part of the registration process, and in the course of your interface with the App. We will collect this information through various means and in various places through the App Services, including account registration forms, contact us forms, or when you otherwise interact with CRED including at customer support.
At the time of registration, we ask for the following personal information. Name (First Name, Last Name); Mobile Number; Email ID; Date of Birth; PAN Card
Pursuant to the services consumed by You from time to time, we may explicitly seek additional information including address, payment or banking information, credit score, credit/debit card details and any other governmental identification numbers or documents. You may choose to provide such information if you wish to use the services provided by the App.
We will also maintain a record of the information you provide to us when using customer support services.
From time to time, during your use of the App Services, CRED may require access to certain additional information such as SMS & contact details. Prior to accessing any such additional information, explicit consent shall be sought from you. Please note that even after consent has been provided by you, we only read transactional or promotional SMS and do not open, access or read any personal SMS.
Certain features may be restricted, unavailable or unusable if you choose not to provide certain information. For example: You would not be able to avail any rewards or e-commerce transactions involving delivery if you choose to not share a delivery address.
We collect information relating to your use of our website/app through the use of various technologies. This includes transaction details related to your use of our services including the type of services you requested, the payment method, amount and other related transactional and financial information. Further, depending on the rewards claimed by you or e-commerce orders placed by you, we may also collect the order details, delivery information etc. Further, when you visit our website/app, we may log certain information such as your IP address, browser type, mobile operating system, manufacturer and model of your mobile device, geolocation, preferred language, access time, and time spent. We will also collect information about the pages you view within our sites and other actions you take while visiting our website/app.
We also maintain some records of users who contact us for support, for the purpose of responding to such queries and other related activities. However, we do not provide this information to any third party without your permission, or utilize the same for any purposes not set out hereunder.
We may, on your consent, request certain third parties to provide information about you to further personalize your experience on our website/app, and provide certain services that cannot be accessed by all users of the website/app.
CRED is currently open only to credit card holders, who have a credit score greater than or equal to 750, independently determined by third party service providers that are expressly authorised by you to process such information and distribute the same. Forexample, Experian which is a credit information company registered under the Credit Information Companies (Regulation) Act, 2005 is among our partners. In order to check if you meet the above eligibility, you will be requested to provide us with explicit consent to procure the credit information, from our partners, at the time of registration.
If you choose to link and connect your email account with CRED, we may access the said account for purposes including collecting your credit card bill details such as total amount due, minimum amount due and due date, and such other financial and transactional information to be able to do the following:
CRED’s access to the email account(s) is authorized through the email provider’s access mechanism. If you permit the CRED website/app to track your credit card accounts, the CRED website/app will securely store account details for each of your credit card accounts, including your sign-in user name and authorisation tokens for tracked accounts.
You can choose to enable us to access one or more of your email accounts by explicitly consenting to each single account separately. Please note that your consent to any of the above is purely voluntary. You can de-link the access to your email any time you wish.
We only read emails from financial service providers including banks and credit card issuers and do not open, read or access any personal e-mails. We hereby confirm that we do not access any other personal information. For the sake of clarity, CRED employs automated processes for accessing and analysing information provided by you; where we may need to use our algorithm to access a password-protected document utilizing information provided by you. For further information on how we process email and the security protocol we follow click here.
We may receive additional information about you, such as information to help detect fraud and safety issues, from third party service providers and/or partners, and combine it with information we have about you. We may receive information about you and your activities through partnerships, or about your experiences and interactions from our partner ad networks
We may use, store and process the information provided by you to (1)improve the App Services, (2)create and maintain a trusted and safe environment on CRED (such as complying with our legal obligations and compliance with our policies) and (3) provide, personalise, measure and improve our products & services.
The information collected through different channels, allows us to collect statistics about our website/app usage and effectiveness, personalise your experience whilst you are on our website/app,as well as customize our interactions with you and to enhance the scope of the App Services. The following paragraphs describe in more detail how we use your personal information.
Any information provided by you will be used for creating and updating your Account and processing your transaction(s) or for any other purposes for which you have granted access to such information to us, based on your interaction with the CRED App.
To complete a financial transaction, we may share financial information (such as credit card details or other payment mode details) provided by you with authorised third-parties, for instance, our business partners, financial teams/institutions, or postal/government authorities involved in fulfilment of the said transactions, if any. This does not include any information collected from e-mails. In connection with a financial transaction, we may also contact you as part of our customer satisfaction surveys or for market research purposes.
We may use the information collected to perform internal operations necessary to provide our services, including to troubleshoot software bugs and operational problems, to conduct data analysis, testing and research and to monitor and analyse usage and activity trends. We process this personal information for these purposes given our legitimate interest in improving the App Services.
In addition to the transactional information made available to us, we may seek your consent and request access to your email account. If permitted, CRED will automatically access the contents of emails on an ongoing basis for the purpose of managing complete credit card lifecycle including credit card statements, due date reminders, spend patterns and related rewards, curating offers and rewards customised for you, providing insights into your financial decisions including both investment and spending, curating specific financial/investment/other products for you based on your financial transactions, investments, and past financial behaviour etc. In order to expand the scope of our App services, we may from time to time, seek additional information and financial documents such as information related to investments in equity, mutual funds and other documents. Any such collection of additional information & documents shall be subject to an explicit & purpose specific consent sought from all Users.
The CRED website/app will securely store account details for each of your credit card accounts, including your sign-in user name and authorisation tokens for tracked accounts. This information will be used to enable the CRED website/app to automatically access your applicable credit card statements to analyze, extract, and store information securely from such accounts for use in the CRED website/app.
We may use your personal information, created as part of payment services availed by you, to ensure that your access and use of payment services is in compliance with our legal obligations (such as anti-money laundering regulations). We may share such information, with our advisors, third party service partners and providers for a seamless experience for you.
We may use the information to create and maintain a safe environment and use the same to detect and prevent fraud, span, abuse, security incidents and other harmful activity.
We use the information we collect (including recordings of customer support calls) to assist you when you contact our customer support services to investigate & resolve your queries, monitor and improve our customer support responses. Certain online transactions may involve us calling you. They may also involve online chats. Please be aware that it is our general practice to monitor and in some cases record such interactions for staff training or quality assurance purposes or to retain evidence of a particular transaction or interaction.
We intend to protect your personal information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative, and technical safeguards to help us protect your personal information from unauthorised access, use, and disclosure. For example, we encrypt all sensitive personal information such as credit card information when we transmit such information over the internet. We also require that our commercial partners and vendors protect such information from unauthorised access, use, and disclosure.
We blend security at multiple steps within our products with state of the art technology to ensure our systems maintain strong security measures. The overall data and privacy security design allows us defend our systems ranging from low hanging issue up to sophisticated attacks. You can read more about it here.
We are committed to protecting your data as if it were our own. You can find more details here. If you are a security enthusiast or a researcher and you have found a possible security vulnerability on Dreamplug products, we encourage you to report the issue to us responsibly. You could submit a bug report to us at email@example.com with detailed steps required to reproduce the vulnerability. We shall put best of our efforts to investigate and fix the legitimate issues in a reasonable time frame, meanwhile, requesting you not to publicly disclose it.
As required by law, at times we might be required to disclose your personal information including personal, transactional and financial information to relevant regulatory, and governmental authorities and also to our advisors such as law firms and audit firms while responding to request from the regulatory authorities. In some cases, when we believe that such disclosure is necessary to protect our rights, or the rights of others, or to comply with a judicial proceeding, court order, or legal process served on our website/app we would share such information pursuant to a lawful request from law enforcement agencies.
Subject to explicit and prior consent from a you, we may use information created by your use of our App services, not including information collected from other sources such as e-mails etc. for marketing purposes. This consent is purely voluntary and you may at any time choose not to receive marketing materials from us by following the unsubscribe instructions included in each e-mail you may receive, by indicating so when we call you, or by contacting us directly. Further, if you want to remove your contact information from all our lists and newsletters, please click on the unsubscribe button on the emailers or send an email request to firstname.lastname@example.org.
Subject to explicit and prior consent from you, we may disclose certain information that is created by your use of our App services, not including information collected from other sources such as e-mails etc. to other affiliate entities and partners that are not acting as our suppliers or business partners. For the sake of clarity, we do not sell or lease such information.
Some of our campaigns/programmes/related events may be co-branded, that is sponsored by both the third parties and us. If you sign up for such campaigns/programmes/related events, please note that your information may also be collected by and shared with those third parties. We urge you to familiarise yourself with their privacy policies to gain an understanding of the manner in which they will handle information about you.
We may display targeted or non-targetted third party online advertisements on the CRED website/app. We may also advertise our activities and organizational goals on other websites/apps. We may collaborate with other website/app operators as well as network advertisers to do so. We request you to read and understand such concerned third party privacy policies to understand their practices relating to advertising, including what type of information they may collect about your internet usage. No personally identifiable information is shared with any third party online advertiser or website or app as part of any such activity. Dreamplug does not provide any information relating to your usage to such website operators or network advertisers.
During your use of the App services, you may come across links to third party websites/apps that are not affiliated with Dreamplug. Dreamplug is not responsible for the privacy practices or the content of those other websites, or for any acts/ omissions by such third parties in the course of your transaction with them.• During your use of the App services, you may come across links to third party websites/apps that are not affiliated with us. We are not responsible for the privacy practices or the content of those other websites, or for any acts/ omissions by such third parties in the course of your transaction with them.
We provide all our Users an option to request the deletion a specific account through the support section on the Cred App. Following such request, we delete all such information related to the specific account including but not limited to profile information, card data, transaction details, reward details, referrals details, statement details, google oauth sessions etc. that we are not required to retain.
In certain circumstances, we may be unable to delete your account, such as if there is any outstanding dispute or unresolved claims pending on your card/account. However, upon resolution of the issue preventing deletion, the information is immediately deleted and can’t be recovered thereafter. note that we may retain certain information if necessary for our own legitimate business interests such as fraud prevention and enhancing users’ safety and security or to fulfil our legal obligations and compliance.
You also have the option to request for an account or card deactivation/archival instead. This will temporarily block your access to CRED App until you send a re-activation request on email@example.com and successfully re-activate your account.
We use data collection devices such as “cookies”, etc. on certain parts of the App to help analyse the App Services, user interaction with the App, measure promotional effectiveness, and promote trust and safety. For the sake of clarity, “cookies” are small files placed on your device hard-drive/storage that assist us in providing the App Services. Please be informed that we offer certain features via the App that are only available through the use of a “cookie”.
Before we are able to provide you with any information or correct any inaccuracies, however, we may ask you to verify your identity and to provide other details to ascertain your identity and to help us to respond to your request. We will contact you within 30 days of your request.
We are an ISO 27001:2013 certified company and have implemented required Information Systems Management System policies and procedures in order to maintain industry standard best practices and applicable controls.
We have successfully completed “Data Localization” requirements as per Reserve Bank of India(RBI) guidelines. This means all our customer data securely resides inside on cloud based out of India.
CRED's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Grievance Redressal Officer: Mr. Nemash Simaria