EasyRateLoans: Privacy Policy

Last Updated: August 28, 2025

At EasyRateLoans, your privacy is paramount. This Privacy Policy ("Policy") describes how EasyRateLoans ("we," "us," or "our") collects, uses, processes, stores, and protects your personal and financial information when you use our web-based platform and its associated services (collectively, the "Platform"). We are committed to safeguarding your data with the highest standards of security and transparency, in strict compliance with applicable Indian laws, including the Digital Personal Data Protection (DPDP) Act, 2023.

By accessing or using the EasyRateLoans Platform, you agree to the terms of this Privacy Policy and our Terms and Conditions. If you do not agree with this Policy, please do not use our Platform.

1. Our Role

EasyRateLoans operates as a Lending Service Provider (LSP) and/or an Account Aggregator (AA) for various regulated financial entities ("Lending Partners"). Our primary function is to facilitate the discovery, assessment, and application process for various credit products. We are not a lender and do not make credit decisions. All lending decisions and loan disbursements are made by our Lending Partners.

2. Information We Collect

We collect information to provide and improve our services, facilitate loan matching, and ensure compliance. The type of information collected depends on your interaction with our Platform.

2.1. Information You Provide Directly:

• Contact Information: Name, email address, mobile number, residential address.
• Identity Information: Date of birth, PAN (Permanent Account Number), Aadhaar number (for eKYC purposes, with explicit consent).
• Employment and Financial Information: Employment type (salaried, self-employed), company name, monthly income, existing loan obligations.
• Loan Preferences: Desired loan type, loan amount, tenure, purpose of the loan.
• Account Credentials: Only for verification (e.g., OTP for mobile number verification), never for direct access to your bank accounts.

2.2. Information We Collect with Your Explicit Consent:

• Account Aggregator (AA) Data: With your explicit, time-bound consent via the AA framework, we collect authenticated financial data directly from your Financial Information Providers (FIPs, typically banks). This may include:
  • Bank Account Transaction History (up to 12 months for income verification, cash flow analysis, existing EMI identification, financial discipline assessment).
  • GST Returns (for MSMEs, GSTR-1 and GSTR-3B data for verified revenue and operational health).
• Credit Bureau Data: With your explicit consent, we perform a soft inquiry with credit bureau partners (e.g., CIBIL, Experian) to access your credit score and credit history. This helps in assessing your baseline risk profile and probability of approval.

2.3. Information Collected Automatically (Non-Personally Identifiable):

• Device and Usage Data: Device type, operating system, browser type, IP address, browsing patterns on our Platform, features used, pages visited, time spent. This data helps us improve Platform performance and user experience.
• Location Data: General geographic location derived from your IP address, used for regional service optimization.

3. How We Use Your Information

• Loan Matching and Personalization:
  • To assess your eligibility for various loan products from our Lending Partners.
  • To use our AI engine to match you with the most suitable loan offers based on your profile, preferences, and creditworthiness.
  • To provide transparent "Total Cost of Loan" calculations and APRs.
• Platform Functionality and Improvement:
  • To operate, maintain, and improve the functionality of the EasyRateLoans Platform.
  • To personalize your user experience and deliver relevant content and features.
  • To develop new products and services.
• Communication:
  • To communicate with you about your loan applications, offers, and Platform updates.
  • To send you marketing communications about products and services that may interest you (you can opt-out at any time).
• Compliance and Security:
  • To comply with legal and regulatory obligations, including the RBI's Digital Lending Directions and the DPDP Act, 2023.
  • To prevent fraud, detect security incidents, and protect against malicious, deceptive, fraudulent, or illegal activity.
  • To enforce our Terms and Conditions.
• Research and Analytics:
  • To perform data analysis, research, and audits to understand user behavior and market trends (always with anonymized or aggregated data where possible).
• Grievance Redressal:
  • To process and resolve your complaints and queries through our integrated grievance redressal system.

4. How We Share Your Information

• With Lending Partners: When you select a loan offer, we share your relevant personal and financial information with the specific Lending Partner(s) to process your application. This is done with your explicit consent.
• With Service Providers: We may share data with trusted third-party service providers who perform services on our behalf, such as cloud hosting, data analytics, KYC/identity verification, credit bureau services, and e-sign providers. These service providers are contractually obligated to protect your data and use it only for the purposes for which it was shared.
• For Legal and Regulatory Compliance: We may disclose your information if required by law, court order, or governmental regulation, or if we believe such action is necessary to (a) comply with a legal obligation, (b) protect and defend the rights or property of EasyRateLoans, (c) prevent or investigate possible wrongdoing in connection with the Platform, (d) protect the personal safety of users of the Platform or the public, or (e) protect against legal liability.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email or a prominent notice on our Platform if such a transfer occurs.
• Aggregated or Anonymized Data: We may share aggregated or anonymized data (which cannot be used to identify you personally) with third parties for research, analysis, marketing, or other business purposes.

We will never sell or rent your personal information to third parties for their marketing purposes without your explicit consent.

5. Data Security and Retention

• Security Measures: We implement robust technical, administrative, and physical security measures to protect your data from unauthorized access, disclosure, alteration, or destruction. These measures include:
  • End-to-end encryption (TLS 1.3) for data in transit.
  • AES-256 encryption for data at rest.
  • Tokenization of sensitive PII (PAN, Aadhaar).
  • Strict Role-Based Access Control (RBAC) to limit data access.
  • Regular security audits, vulnerability assessments, and penetration testing by certified third-party agencies.
  • Deployment across multiple Availability Zones (AZs) for high availability and disaster recovery.
• Data Minimization Principle: We adhere strictly to the principle of data minimization, collecting only the necessary data.
• Data Retention: We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to provide our services, to comply with legal and regulatory obligations, and to resolve disputes. The specific retention period will vary depending on the type of data and the purpose of processing.

6. Your Data Protection Rights

In accordance with the DPDP Act, 2023, you have the following rights regarding your personal data:

• Right to Access: You have the right to request access to a summary of your personal data held by EasyRateLoans.
• Right to Correction: You have the right to request correction or updating of any inaccurate or incomplete personal data.
• Right to Erasure (Withdrawal of Consent): You have the right to withdraw your consent for data processing at any time. The process for withdrawing consent will be as simple as giving it. Upon withdrawal of consent, we will cease processing your data, subject to legal and contractual obligations.
• Right to Grievance Redressal: You have the right to lodge a complaint with our Nodal Grievance Redressal Officer if you believe your data protection rights have been violated.

You can exercise these rights through your user dashboard on the Platform or by contacting our Nodal Grievance Redressal Officer (details below).

7. Children's Privacy

EasyRateLoans is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently received personal information from a user under the age of 18, we will delete such information from our records.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated Policy on our Platform and updating the "Last Updated" date. We encourage you to review this Policy periodically. Your continued use of the Platform after any changes indicates your acceptance of the updated Policy.