Privacy Policy

Your Personal data/information will be collected and stored on servers in India by MoneyKarma Informatics Private Limited and its subsidiaries (including its representatives, affiliates, and business partners) in compliance with the data localization requirements under the Information Technology Act and RBI guidelines. Our data centers are located in India to ensure compliance with Indian data sovereignty requirements.

The information we learn from customers helps us personalize and continually improve your experience of our services. Here are the types of information we gather. We collect two types of online information: non-personal and personal.

Non-Personal Information

This information helps us provide an online experience that matches your device and to manage our online advertising.

When you browse the MoneyKarma website, view our emails/SMS, use your mobile site/app, MoneyKarma, or the companies we work with, use cookies and/or pixel tags to collect information, and store your online preferences. Cookies are widely used and most browsers are set up to accept them automatically. If you would prefer, you can choose not to accept cookies. It's important to note that cookies and pixel tags do not capture any information that can personally identify you.

We may also supplement the information we collect with information we receive from other companies. For example, we may use marketing segments developed by us or other companies to customize certain services.

Personal Information

In addition to the information described in the previous section, we may also gather personal information that you explicitly provide and share with us - such as your name, address, phone number, and email address. Collecting this personal information enables us to offer you a digital experience that will help us deliver our services.

We receive and store any information or document you enter or upload on our Website or give us in any other way, in line with the product or service opted by you and as required by us or our business partners, including your personal information like first name, last name, email address, date of birth, residence city, etc. You can choose not to provide certain information but might not be able to take advantage of many of our services and features. We neither collect nor store your biometric information.

We may also have one-time access to your camera, microphone, location, and mobile device and store such information only for onboarding or KYC requirements of our Partner or us with your explicit consent, in accordance with the Digital Lending guidelines issued by RBI and as amended from time to time. This includes collecting information required for Aadhaar-based verification as per UIDAI guidelines, PAN verification as per Income Tax requirements, and other KYC processes mandated for financial institutions in India.

MoneyKarma collects your information when you register for an account, use its products or services, and visit its Website's pages. When registering with MoneyKarma, you are asked for your first name, last name, state and city of residence, email address, date of birth, etc. Also, you are asked for your contact number during registration and may be sent SMS notifications about our services to your wireless device. Hence, by registering, you authorize MoneyKarma (including its business partners and affiliates) to send texts and email alerts to you with your login details and any other service requirements, including promotional mail and SMS, even if you have registered yourself under DND or DNC or NCPR services. Your authorization shall be valid as long as your account is not deactivated. MoneyKarma Website may also use your consent to access your mobile device, including a camera for service facilitation and ease of access to our Website for the various services you opted for and in compliance with applicable Indian laws including the Telecom Regulatory Authority of India (TRAI) regulations regarding promotional communications.

• Assist us or our business partners in facilitating and delivering services, processing payments and your applications through RBI-approved payment channels, and communicating with you about products, services, and promotional offers in compliance with Indian financial regulations.
• Respond to queries or requests you submit, and resolve your grievances/issues/problems with any services supplied.
• Administer or otherwise carry out our obligations concerning any agreement with our business partners.
• Send you information about special promotions or offers. We might also tell you about new features or products/services or third-party offers or products/services with whom MoneyKarma has a tie-up.
• Use your information for internal analysis and to provide location-based services, such as advertising, search results, and other personalized content.
• Use this information to improve our platform, prevent or detect fraud or abuses of our Website, and enable third parties to carry out technical, logistical, or other functions on our behalf. We may combine information we get from you with information about you we get from third parties.
• We send you notices and communications and recommend services that might interest you. We update our records, maintain your accounts with us, display content, and provide customer reviews.
• When you provide your contact details, we will use them to send you general notices or important news about your account, request your feedback or opinions, and provide updates on special deals and offers that might interest you.
• File storage permissions on Android/iOS and the Website for uploading customer documents are obtained to process customer applications by our Partners in compliance with Indian KYC requirements including Aadhaar verification processes as regulated by UIDAI.
• MoneyKarma Website may, based on your consent, also access your mobile device, including a camera for service facilitation, ease of access, and logging in to our Website for the various services opted by you.
• As otherwise provided in this Privacy Policy and in compliance with the applicable laws.

Some features of this Website or our Services will require you to furnish your personally identifiable information as provided under your account section on our Website.

MoneyKarma India will not sell, rent, or otherwise disclose your information for commercial purposes to anyone in a way that is contrary to the commitments made and/or other than as outlined in this Privacy Policy. Notwithstanding the foregoing, we may share your information with third parties, including our Business partners (RBI-regulated Banks/NBFCs), Credit Information Companies (CICs) registered with RBI such as CIBIL, Equifax, Experian, and CRIF Highmark, and Service Providers we have a tie-up with and any of our affiliates, for the purposes set out in this Privacy Policy and in compliance with Indian regulations.

These third parties are required to handle your information using the same level of care and confidentiality as is followed by MoneyKarma, and any accessing or processing of your information by these third parties is by contractual terms, applicable laws, and our instructions and subject to your consent. For this paragraph, "Affiliate" shall mean, as to any Person, any other Person that, directly or indirectly, controls, or is controlled by, or is under common control with, such Person. (The term "control" (including, with its correlative meanings, "controlled by" and "under common control with") shall mean the possession, directly or indirectly, of the power to direct or cause the direction of management or policies of a Person, whether through the ownership of securities or partnership or other ownership interests, by Contract or otherwise. The term "Person" includes any natural person, corporation, partnership, limited liability company, trust, unincorporated association, or any other entity).

MoneyKarma may also share and/or transfer your personally identifiable information to any successor-in-interest as a result of a sale of any part of MoneyKarma business or upon the merger, reorganization, or consolidation of it with another entity on the basis that it is not the surviving entity.

We limit the collection and use of your personal information in accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011. We may make anonymous or aggregate personal information and disclose such data in a non-personally identifiable manner. Such information does not identify you individually. Access to your Account and any other personally identifiable information is strictly restricted and used only following specific internal procedures and for the purposes set out in this Privacy Policy to operate, develop, or improve our services. We may use third-party service providers to enable you to provide our services, and we require such third parties to maintain the confidentiality of the information we provide to them under our contracts with them, with appropriate data protection agreements in place as required by Indian regulations.

We may also share your information, without obtaining your prior written consent, with government agencies mandated under Indian law to obtain information for verification of identity or for prevention, detection, and investigation, including cyber incidents, prosecution, and punishment of offenses, or where disclosure is necessary for compliance of a legal obligation. This includes but is not limited to the Reserve Bank of India (RBI), Financial Intelligence Unit-India (FIU-IND), Securities and Exchange Board of India (SEBI), Insurance Regulatory and Development Authority of India (IRDAI), and law enforcement agencies. You agree and consent for the Website to disclose your information, if so required, under applicable Indian law.

Several products/services, such as loans, credit cards, and mutual funds, are offered by third parties on the Website, such as lenders, banks, and credit card issuers. If you choose to apply for these separate products or services and disclose information to these providers, then their use of your information is governed by their privacy policies in addition to the Privacy Policy of the Website. MoneyKarma is not responsible for their privacy policies. We encourage you to visit and read about the privacy notices and procedures adopted by these third parties/providers when you apply for their products or services. MoneyKarma holds no responsibility for the content of the privacy policies or terms of use, etc., of these third-party websites.

MoneyKarma India is an ISO/IEC 27001:2022 certified organization ensuring applicable compliance standards on information security as recognized by Indian regulatory authorities and understands that the confidentiality, integrity, and availability of your information are vital to our business operations and success. We employ appropriate technical and organizational security measures at all times to protect the information we collect from you in accordance with the "reasonable security practices and procedures" as defined in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011. We use multiple electronic, procedural, and physical security measures to protect against unauthorized or unlawful use or alteration of information, as well as against any accidental loss, destruction, or damage to information. Our security measures include encryption of sensitive data, regular security audits, access controls, and employee training on data protection. We have implemented appropriate security measures to deal with suspected data security breaches as required by Indian cybersecurity regulations. However, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. Further, you are responsible for maintaining the confidentiality and security of your login ID and password, and you may not provide these credentials to any third party.

During any security breach, all the relevant stakeholders (both internal and relevant partners and statutory authorities) shall be informed with the relevant information as may be required by the applicable laws, including any data breach notification requirements under the Information Technology Act and regulations issued by sectoral regulators like RBI. As required by Indian law, security incidents affecting personal data will be reported to CERT-In (Indian Computer Emergency Response Team) within the timeframes specified in applicable regulations.

MoneyKarma India stores your personal information only on servers located in India in compliance with Indian data localization requirements, particularly for financial data as mandated by the Reserve Bank of India. Information about our customers is retained to meet their servicing requirements, except as mandated in our arrangements with our business partners to provide services to you unless you withdraw consent. Information retention is done per this policy in compliance with applicable law/regulatory requirements in India, including but not limited to the Information Technology Act 2000, the Prevention of Money Laundering Act 2002, and guidelines issued by the Reserve Bank of India and other financial sector regulators.

In the following situation, MoneyKarma may retain your information for an extended period (i) in case of requirement of any investigations under law or as part of any requirements before courts/tribunals/forums/commissions, etc.; (ii) to enhance/improve our products/services and (iii) as required under contractual arrangements with business partners.

MoneyKarma may retain your credit report and credit score from Credit bureaus, including but not limited to a copy of your consumer credit report including credit score, at any time for (i) a limited period of six months or (ii) till such time the credit information is required to be retained to satisfy the purpose for which it was provided or (iii) until you withdraw your consent to store such Consumer Credit Information.

Like most standard websites, we also use log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user's movement in the aggregate, and gather broad demographic information for aggregate use. We may combine this automatically collected log information with other information we collect about you. We do this to improve the services we offer to you, as well as to improve marketing, analytics, and site functionality.

Any information about our customers taken to facilitate digital lending services is retained for eight years to meet our customers' servicing requirements, as per the Reserve Bank of India's Guidelines on Digital Lending dated September 2, 2022. This duration will be determined from the most recent instance of customers accessing MoneyKarma services. We also comply with other Indian regulations regarding data retention, including the Prevention of Money Laundering Act (which requires certain records to be maintained for 5 years after the business relationship has ended) and Income Tax regulations. Please note that MoneyKarma India may need to retain basic identification details to comply with applicable legal and compliance requirements under Indian law.

In accordance with RBI's Digital Lending Guidelines, we ensure that all lending service providers (LSPs) and digital lending apps (DLAs) associated with MoneyKarma have appropriate data protection measures in place, and we obtain your explicit consent before collecting any data from your device. We also ensure that your data is not stored on any foreign servers outside India, in compliance with data localization requirements.

If you feel that we do not require the retention of your personal information or ask us to delete or remove your data where you think we do not have the right to process it, we shall destroy or delete such customer information in accordance with the provisions of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011. You may, at any time while availing of our Services or otherwise, withdraw the consent given earlier to us to collect and use your sensitive personal data or information by writing to us at askus@moneykarma.com with the subject line "Data Consent Revocation." After successful verification of your consent withdrawal request, the same shall be processed within 45 days from receipt of such request, subject to successful verification, as per Indian regulatory requirements. In some cases, if you have taken MoneyKarma services, we may not be able to delete your data. This is because as per the applicable Indian law, including RBI regulations, Prevention of Money Laundering Act, and Income Tax requirements, we may be required to retain your data so that we/our partner banks/NBFCs can continue to provide the services you availed or comply with legal obligations. We assure you that such retained information shall be protected following applicable Indian cyber security norms, including the standards prescribed under the Information Technology Act and RBI guidelines.

We may use third-party advertising companies and/or ad agencies to serve ads when you visit our Website. These companies may use information (excluding your name, address, email address, or telephone number) about your visits to this Website to provide advertisements on this Website and other third-party websites about goods and services that may be of interest to you.

We use third-party service providers to serve ads on our behalf across the internet and sometimes on this Website. They may collect anonymous information about your visits to our website and your interaction with our products and services. They may also use information about your visits to this and other Websites for targeted advertisements for goods and services. No personally identifiable information is collected or used in this process.

There might be other sites related to our Banking and Non-Banking partners linked to MoneyKarma and other affiliates. The personal information you provide to those sites is not our property or responsibility. These affiliated sites may have different privacy practices, and we encourage you to read the privacy policies of these websites when you visit them. MoneyKarma holds no responsibility for the content of the privacy policies or terms of use, etc., of these third-party websites.

Requests for exceptions to this policy shall be reviewed by the Chief Information Security Officer (CISO) and the Chief Information Officer (CIO). Departments requesting exceptions shall provide such requests to the CIO. The request should specifically state the scope of the exception along with justification for granting the exception, the potential impact or risk attendant upon granting the exception, risk mitigation measures to be undertaken by the IT Department, initiatives, actions, and a time frame for achieving the minimum compliance level with the policies set forth herein. The CIO shall review such requests and confer with the requesting department.

If you have any concerns or grievances or want to address any discrepancy concerning the processing of any of the information/data you provided to MoneyKarma India, please contact our Grievance Officer (Mr. Saiprasad Jella) by email addressed to askus@moneykarma.com as required under Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011. Our Grievance Officer is based in India and will respond to your concerns within 30 days as required by Indian regulations. We will study the matter and take action as we deem appropriate under the circumstances following Indian law. You also have the right to approach relevant Indian authorities including the Adjudicating Officer appointed under the Information Technology Act 2000 if you are not satisfied with our response.