Privacy Policy

This privacy policy (privacy policy) describes the methods of collection, use and disclosure of your information gathered on Chinmay (hereafter referred as “Website”) is owned and operated by Chinmay Finlease Limited platform. This privacy policy applies only to personal information collected on the platform. This privacy policy does not apply to information collected by the company in other ways, including information collected offline. Please read this privacy policy carefully. By continuing to use the services, or access the platform you agree to this privacy policy. If you do not agree to this privacy policy, you may not avail the services.

 

Access to the Platform is subject to the Terms and Conditions (Terms) accessible on the Platform, above terms used and not defined in this Privacy Policy, shall have the same meaning qualified to them in the Terms.

​

For the purpose of this Privacy Policy, the Customer or Borrower will hereinafter be denoted as "you."

​

YOU READ, UNDERSTAND, ACKNOWLEDGE AND UNCONDITIONALLY AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY.
 

IF YOU DO NOT AGREE TO THIS POLICY OR ANY PART THEREOF, PLEASE DO NOT USE/ ACCESS/ DOWNLOAD/ INSTALL THE PLATFORM OR ANY PART THEREOF.

​

1. INTRODUCTION

Chinmay Finlease Limited is a non-banking financial company ("Lender"). Under the loan agreement between you and the Lender, the App Platform is authorized to collect, store, verify, and share your personal information as required for loan processing. This information is collected via the mobile application.

​

We are committed to protecting your privacy and have outlined our data collection, use, and disclosure practices in this Privacy Policy. Please read it carefully to understand how we handle your personal information.

​​

2. DEFINITIONS

“LENDER” or “we” shall mean Chinmay Finlease Limited, a company incorporated under the Companies Act, 2013 having its registered office at 3rd and 4th Floor, Times Corporate Park, Thaltej-Shilaj Road, Opposite Copper Stone Flats, Ahmedabad, Gujarat- 380059.​

​

Lending Service Provider” (LSP) shall refer to an agent of a Regulated Entity (RE) (including another RE) who carries out one or more of the RE’s digital lending functions, or part thereof, including but not limited to customer acquisition, services incidental to underwriting and pricing, servicing, monitoring, and recovery of specific loans or loan portfolios on behalf of the RE. This is done in conformity with the extant outsourcing guidelines issued by the Reserve Bank of India (RBI).

​

“Digital Lending Apps/Platforms” (DLAs) shall mean Mobile and/or web-based applications, either standalone or as part of a suite of functions, with a user interface that facilitates digital lending services. DLAs include applications of the Regulated Entity (RE) as well as those operated by Lending Service Providers (LSPs) engaged by the RE for extending any credit facilitation services in conformity with RBI’s outsourcing guidelines.

​

“Customer(s)” or “you” or “End-Users” or "Borrower" shall mean any person who accesses, downloads, uses, and views the Platform and the Services.

​

“Loan” shall mean the loan that you may apply for through the Platform and which is sanctioned and granted by Lender, subject to the applicable terms and conditions of the Loan Agreement.

​

“Loan Agreement” shall mean the loan agreement to be executed between Lender and the Customer(s) for granting the Loan whether in physical or electronic form as may be applicable from time to time.

“Online Stores” shall mean the Windows Store, Android Google Play, iOS App Store, or any other online store or portal where the App will be made available by the Company to the End-Users from time to time.

“Outstanding Amount(s)” shall mean the Loan, interests, and charges due and payable by you to Lender, on the respective due date(s).

“Platform” shall mean the App and the Website collectively.

“Services” shall mean the services of granting, sanctioning, and lending of short-term loans through the Platform by Lender.

“Third Party Platforms” shall mean social networking platforms, such as Facebook, LinkedIn, and other similar platforms.

“User Data” shall mean any data, information, documents, or materials submitted with the Company before or during the use of the Services.

“Website” shall mean Chinmayfinlease.com, managed and operated by the Company to provide Services.
 

3. ​COLLECTION OF USER PERSONAL INFORMATION

At Chinmay Finlease Limited, we are committed to offering a secure, efficient, and personalized user experience. We collect and store certain personal information with your explicit consent to enhance service quality and comply with regulatory requirements.

​

Information We Collect:

Basic Details: Name, email, gender, photograph, address, phone number, and PAN

Additional Data: Credit reports, transaction history, device/login info, and third-party profile data (if applicable)

While you may choose not to provide some information, this may limit access to certain features.
​​

4. PURPOSE OF COLLECTING INFORMATION

​​​All loans offered through the platform originate exclusively from the Lender, a registered NBFC. LSPs and DLAs are merely technology facilitators and do not provide or approve loans themselves.

We use your information to deliver a seamless user experience, comply with regulatory requirements, and enhance our services. This includes identity verification, KYC fetching & processing, credit Assessment, and usage analysis for Loan processing. We may also send personalized updates and financial offers.

Your data is securely stored as required to meet legal obligations, resolve disputes, and enforce agreements.

We collect and process the following data for providing loan-related services:

​

​

​​​

​

​​

​

​

​​

​

​

​

​​

​

​

​

​

​

​

​

​

​

​

​​

​​

​​

​

5. COLLECTION OF OTHER NON-PERSONAL INFORMATION

We automatically collect non-personal data such as IP addresses, browser and device details, and referrer URLs to enhance security, optimize performance, and analyze usage patterns. Cookies are used to personalize your experience and monitor traffic trends; these can be managed through your browser settings. We may also retain transaction history and user communications (e.g., emails or support requests) for customer support, dispute resolution, and regulatory compliance.​

​

6. DEVICE INFORMATION – COLLECTIONS & USAGE

We collect and monitor the information about the location of your device to provide serviceability of your loan application, to reduce risk associated with your loan application and to provide pre-approved customised loan offers. This also helps us to verify the address, make a better credit risk decision and expedite know your customer (KYC) process.

Information the App collects, and its usage, depends on how you manage your privacy controls on your device. When you install the App, we store the information we collect with unique identifiers tied to the device you are using. We collect information from the device when you download and install the App and explicitly seek permissions from You to get the required information from the device.

The information we collect from your device includes the hardware model, build model, RAM, storage; unique device identifiers like IMEI, serial number, SSAID; SIM information that includes network operator, roaming state, MNC and MCC codes, WIFI information that includes MAC address and mobile network information to uniquely identify the devices and ensure that no unauthorized device acts on your behalf to prevent frauds.

We collect information about your device to provide automatic updates and additional security so that your account is not used in other people’s devices. In addition, the information provides us valuable feedback on your identity as a device holder as well as your device behaviour, thereby allowing us to improve our services and provide an enhanced customized user experience to you.

​

7. PERMISSIONS

Camera Access: Required for capturing the user’s profile photo and for quick and accurate verification by scanning documents such as PAN. This facilitates auto-fill support and enhances the overall onboarding experience.

Storage Access: Allows secure download, upload, and storage of KYC and loan-related documents for faster processing.

Location Access (GPS): Helps assess service eligibility, verify address, evaluate risk, and prevent fraud.
Push Notifications: Keeps you updated on loan status, EMI reminders, policy changes, and security alerts.
 

Financial SMS Information:
We don’t collect, read or store your personal SMS from your inbox.

We collect and monitor only financial SMS sent by 6-digit alphanumeric senders from your inbox which helps us in identifying the various bank accounts that you may be holding, cash flow patterns, description and amount of the transactions undertaken by you as a user to help us perform a credit risk assessment which enables us to determine your risk profile and to provide you with the appropriate credit analysis. This process will enable you to take financial facilities from the regulated financial entities available on the Platform. This Financial SMS data also includes your historical data.

While using the app, it periodically sends the financial SMS information to our affiliate server and to us.

These permissions ensure a secure, efficient loan process and compliance with privacy regulations.

​​​​​​

8. CONSENT FOR CREDIT AND VERIFICATION INFORMATION

By applying for a loan, you consent to Lender accessing and using your PAN and credit information for credit assessment, fraud prevention, and regulatory compliance. This data may be shared with authorized third parties to process your application and may be re-evaluated periodically to offer better loan products.
 

9. MOBILE NUMBER COLLECTION & FRAUD PREVENTION

We collect and verify your mobile number to confirm the presence of an active SIM card on the registered device, preventing fraudulent transactions and unauthorized access while ensuring compliance with know-your-customer (KYC) regulations. As a key identifier, your mobile number plays a crucial role in securing your account and enabling seamless access to our financial services, making its verification mandatory.

​

10. USER RESPONSIBILITY & ACCOUNT SECURITY

You are solely responsible for all activity under your account. Lender is not liable for disputes, damages, or claims arising from misuse of services. You must keep your login credentials confidential to prevent unauthorized access. We reserve the right to accept or reject your registration without prior explanation. By using our platform, you acknowledge and accept these terms, responsibilities, and privacy policies.

​

11. COOKIES

We may use cookies to track your usage of the Platform. Cookies are small encrypted files that a website or service provider transfers to your device’s hard drive. These enable the system to recognize your device and remember certain information, enhancing your experience. By using our application, you consent to our use of cookies.

​

12. YOUR CONSENT

By using the Platform and providing your information, you consent to the collection, sharing, disclosure, and usage of the data you provide in accordance with this Privacy Policy. If we make changes to our Privacy Policy, we will update this page to inform you about how we collect, use, and share your information. Your continued use of the Platform or related DLAs constitutes your consent to processing by Lender and its Lending Service Providers (LSPs) as necessary for service delivery.

By agreeing to this Privacy Policy, you also consent to receive marketing and promotional communications. These may include SMS, emails, WhatsApp, and RCS messages, informing you about online and offline offers, products, services, and updates.

​

13. YOUR RIGHTS & DATA DELETION

You have specific rights regarding how your personal data is collected, used, and protected in the digital environment. These rights empower you to access, manage, correct, or delete your information, and ensure transparency and accountability from those handling your data.

You may update or correct your personal information by notifying us with accurate details. In certain cases, verification documents may be required.

Device settings allow you to manage permissions (e.g., location, camera, contacts). Adjusting these may affect service functionality.

To delete your personal data, use the app to submit your registered mobile number and verify it via OTP. Upon verification, your loan-related personal data will be securely deleted, subject to legal retention requirements.

​

14. DISCLOSURES TO INTERNAL AND/OR THIRD PARTIES

We do not sell, rent, or lease your personal data. However, we may share it with:

• Administrators: For internal operations and system maintenance, bound by strict confidentiality.

• Affiliates: To support service delivery and marketing efforts, in accordance with applicable privacy terms.

• Business Partners & Service Providers: Including payment Gateways, account aggregators, credit bureaus, and analytics providers, who support functions like KYC, credit checks, payment processing, and platform performance.

• Recovery Agencies: For bad debt recovery efforts in compliance with applicable laws and RBI guidelines.

• Asset Reconstruction Companies (ARCs): CFL may transfer, assign, sell, or otherwise dispose of any of our rights, obligations, or interests in your loan account to one or more Asset Reconstruction Companies (ARCs) or any other permitted third parties for the purpose of recovery, restructuring, or resolution of dues. In such cases, your account information, including personal data, may be shared with such entities as required under applicable laws and for legitimate business purposes.

• Joint Marketing Partners: Under formal agreements that include stringent data protection clauses.

• Link to Third-Party SDK: 
  The App has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a credit risk assessment. We ensure that our third party service provider takes extensive security measures in order to protect your personal information against loss, misuse or alteration of the data.
  Our third-party service provider employs separation of environments and segregation of duties and has strict role-based access control on a documented, authorized, need-to-use basis. The stored data is protected and stored by application-level encryption. They enforce key management services to limit access to data.
  Furthermore, our registered third party service provider provides hosting security – they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.

• Legal & Regulatory Authorities: As required by applicable law or regulatory order, without requiring your prior consent.

• In Case of Business Transfers: In the event of a merger, acquisition, or sale of assets, where such disclosure is necessary and you will be notified accordingly.

This includes Lending Service Providers (LSPs) and Digital Lending Apps/Platforms (DLAs) acting on our behalf to facilitate loan origination, KYC, repayment collection, and support services under strict data privacy agreements. We share data only when necessary, with your express consent when required. However, we’re not liable for how third parties handle any additional data you choose to provide directly to them.

​

15. DATA RETENTION

We retain your Personal Information for as long as your registration remains active and any outstanding amounts are due to the Lender. Additionally, we may keep your Personal Information as required to comply with legal obligations, resolve disputes, and enforce agreements. Upon receiving a reasonable written request, we will attempt to delete your Personal Information. However, there may be delays in the deletion process, and backed-up copies may persist even after removal. This applies to data processed by us directly as well as via our Lending Service Providers (LSPs) and Digital Lending Apps/Platforms (DLAs), all of whom operate under RBI-compliant frameworks.

​

16. SECURITY

The Platform intends to protect your information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative and technical safeguards to help us protect your information from unauthorized access, use and disclosure. For example, we encrypt all information when we transmit over the internet. We also require that our registered third party service providers protect such information from unauthorized access, use and disclosure.

Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavour to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in India as per applicable law.

​

We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks.

In addition, the Website and App have been certified for the following security certifications:

​

a. ISO 9001: being the international standard that details requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements with the requisite security protections.

b. ISO 27001 (formally known as ISO/IEC 27001:2005): is a specification for an information security management system (ISMS) and is the suggested level of certification required under the Information Technology Act, 2000. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.

​

We aim to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including:

a. We use encryption to keep your data private while in transit;

b. We offer security feature like an OTP verification to help you protect your account;

c. We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems;

d. We restrict access to personal information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations;

e. Compliance & Cooperation with Regulations and applicable laws;

f. We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it.

​

g. Data transfers;

h. We ensure that Aadhaar number is not disclosed in any manner.

​

We or our affiliates maintain your information on servers located in India. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000 and rules made thereunder

When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.

​

17. DATA TRANSFERS

The Lender ensures that all personal and sensitive customer data is stored on servers it owns and manages, which are located in India. We comply with the Information Technology Act, 2000 and applicable rules governing data protection and transfers.

We are dedicated to protecting your personal information. We ensure that our partners (LSPs/DLAs) only store essential data like your name and contact details, with us, we as the Regulated Entity, always responsible for your data's privacy and security.

After securely transferring data to the Lender (NBFC), the LSPs/DLAs are required to permanently delete it from their systems, as per RBI guidelines.

​

18. ACCESS TO PERSONAL DATA

Access to personal data is strictly restricted to authorized personnel who require such access in order to perform their job functions. Data access is governed by a robust role-based access control mechanism. Each role is granted access only to the minimum necessary data required for their responsibilities, in accordance with the principle of least privilege.

​

19. ACCESSING AND MODIFYING PERSONAL INFORMATION

If you need to access, review, or modify your Personal Information, you must log in to your User Account and update the necessary details. Keeping your Personal Information accurate and up to date ensures better service and seamless communication.

​

20. ANCILLARY SERVICES

We may offer additional services such as chat rooms, blogs, and review sections as part of our platform. Any communication or content shared by you through these services (including text, images, audio, financial information, and feedback) will be considered non-confidential, subject to applicable laws. We are not obligated to refrain from reproducing, publishing, or using such content for any purpose.

You are solely responsible for the accuracy and truthfulness of the content you share. By submitting feedback, you assign us all worldwide rights, titles, and interests in any associated copyrights or intellectual property. We may use your feedback in any manner we deem appropriate.

​

21. COMMUNICATIONS FROM THE PLATFORM

Special Offers and Updates: We may send you promotional communications regarding products, services, special deals, or company newsletters. You have the option to unsubscribe via the provided mechanism in each communication or by emailing us at support@chinmayfinlease.com.

Service Announcements: Certain service-related announcements may be required by law or platform operations. These are non-promotional in nature, and you may not opt out of receiving them.

Customer Service: We regularly engage with customers about their accounts and service requests via email or phone, depending on their preferred communication method. Additionally, they can reach out to us through the Chatbox feature in the app.

​

22. TERMINATION

The Company reserves the right to terminate these Terms under the following circumstances: if you breach any provision of these Terms, if required by law, if the Company decides to discontinue its Services or cease operations of the Platform, upon the expiration of your license to use the App, or in case of non-payment of Outstanding Amount(s). Even after uninstallation of the App or termination of these Terms, the Company reserves the right to track you until all your obligations, including payment of any Outstanding Amount(s), are fulfilled. Upon termination, your rights and licenses under these Terms will cease, and you must immediately cease using the Platform and Services while ensuring full repayment of any dues. Termination does not exempt you from fulfilling any pending obligations, including repayment of Outstanding Amount(s).

​

23. INDEMNIFICATION

You agree to indemnify and hold us, our subsidiaries, affiliates, officers, agents, partners, and employees harmless against any third-party claims or demands (including reasonable attorney fees) arising from:
(i) Any Personal Information or content you submit through the platform.
(ii) Your violation of this Privacy Policy.
(iii) Your infringement on another user's rights.

​

24. LIMITATIONS OF LIABILITY

You expressly acknowledge and agree that the Company shall not be liable for any direct, indirect, incidental, special, consequential, or exemplary damages, including but not limited to loss of profits, goodwill, data, or other intangible losses, even if the Company has been advised of the possibility of such damages. This includes, but is not limited to, damages resulting from your use or inability to use the services, unauthorized access to or alteration of your Personal Information, or any other matter relating to the services provided through the platform.

​

25. GOVERNING LAWS AND DUTIES

Our Privacy Policy is governed by and compliant with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, ensuring the protection of your personal information. You have control over the information we collect and how it is used. Device-level settings allow you to manage permissions, such as camera or audio access. You can delete your app account or request content removal from our servers as per applicable laws by contacting our Support team. Additionally, you can turn off location and contact permissions at your discretion, maintaining control over your data privacy.

This Agreement is governed by the laws of India, and any disputes shall be subject to the exclusive jurisdiction of the courts in Ahmedabad, Gujarat, India. The Company, its directors, officers, employees, representatives, or service providers shall not be liable for any direct, indirect, incidental, special, consequential, or exemplary damages, including but not limited to loss of profits, goodwill, data, or device-related issues arising from the use or inability to use the Services, Platform failures, performance issues, security breaches, or any external threats like viruses affecting user devices.

​

26. FORCE MAJEURE

The Company shall not be held liable for any failure or delay in performing its obligations due to circumstances beyond its reasonable control, including but not limited to natural disasters, government actions, network failures, cyberattacks, war, strikes, or unforeseen operational disruptions.​

​

27. CONTACT US

You have the right to report any security incidents to the Grievance Redressal Officer (GRO), whose details are provided below. If you become aware of any unauthorized use of your information by our personnel or agents, you may prevent such use by notifying us within 7 days of being informed of the intended usage. Additionally, you may exercise this right at any time by contacting us at support@chinmayfinlease.com.

​

GRIEVANCE OFFICER

In compliance with the Information Technology Act, 2000, and the applicable regulations, the contact details of the Grievance Officer are provided below for your reference:
Email: grievance@chinmayfinlease.com
Phone: 07948519054
Address:  3rd  Floor, House no 14,
Times Corporate Park,
Opposite Copper Stone Flats,
Thaltej, Ahmedabad, Gujarat - 380059
Time: Mon - Sat (10:00 - 19:00)
 

28. CHANGES TO THIS POLICY

We reserve the right to change, modify, add, or remove portions of this Privacy Policy at any time for any reason. In case, any changes are made in the Privacy Policy, we shall update the same on the Platform. Once posted, those changes are effective immediately, unless stated otherwise. We encourage you to periodically review this page for the latest information on our privacy practices. Continued access or use of the Services constitute Your acceptance of the changes and the amended Privacy Policy.

​

​