Consent Withdrawal Mechanism
Finanjo Ventures Private Limited · Policy and operational standard
| Field | Detail |
|---|---|
| Document owner | Compliance Officer |
| Version | 1.0 |
| Approved by | Board of Directors on 10.07.2026 |
| Effective date | 10.07.2026 |
| Legal basis | DPDP Act 2023 and DPDP Rules 2025; Credit Information Companies (Regulation) Act, 2005; RBI Master Direction on NBFC-Account Aggregators; SEBI (Investment Advisers) Regulations, 2013 |
1. Purpose and principle
Finanjo runs on user consent. Bank data arrives through the Account Aggregator framework only because the user said yes. Credit data arrives only because the user said yes. This document defines how a user takes that yes back, and what Finanjo does when they do.
The governing principle comes straight from the DPDP Rules, 2025: withdrawing consent must be as easy as giving it. If linking a bank account takes three taps, unlinking it cannot take a phone call and a form. Every consent Finanjo collects has a withdrawal path of equal or lower friction, built into the product, not hidden in support.
2. Types of consent Finanjo collects
Finanjo collects distinct consents for distinct purposes. Withdrawal of one does not affect the others, and no service unrelated to a withdrawn consent is denied because of the withdrawal.
| Consent | What it covers | Collected via |
|---|---|---|
| Account Aggregator data consent | Fetching bank account data (balances, transactions, deposits) through Finanjo's AA partner (Finvu) | AA consent artefact approved by the user in the AA flow, with purpose, data types, frequency, and validity period |
| Credit bureau consent | Pulling the user's credit information report and score from TransUnion CIBIL, as a non-specified user under the Credit Information Companies (Regulation) Act, 2005 | Explicit in-app consent before each pull or enrolment. If Finanjo onboards additional bureaus in future, the same consent and withdrawal mechanism applies to each |
| Advisory agreement | Investment advisory relationship as a SEBI RIA client | Signed/accepted advisory agreement at onboarding |
| Processing consent (DPDP notice) | Processing of personal data for the specified purposes in Finanjo's consent notice: app functionality, insights, Money Stories, subscription detection | Standalone, itemised DPDP consent notice at signup |
| Marketing & communications | Promotional messages, product updates, campaign communications | Separate opt-in toggle, never bundled with service consents |
3. Withdrawal channels
Withdrawal is available through the same surface where consent was given, plus fallback channels:
| Channel | Detail |
|---|---|
| In-app (primary) | Profile → Privacy & Consents. Every active consent is listed with a plain-language description and a withdraw control. Effect is immediate on confirmation. |
| AA app / Consent Manager | AA consents can also be revoked directly in the Finvu app or any consent manager interface where the consent artefact lives. Revocation there is honoured identically. |
| Website link | The consent notice and every consent-related communication carries a direct link to the withdrawal page, as required by Rule 3 of the DPDP Rules. |
| [email protected] — verified against the registered account, then actioned within 2 working days. |
No withdrawal path requires the user to state a reason, speak to retention staff, or complete any step that was not required to give the consent in the first place. A single optional, skippable feedback prompt is the maximum permitted friction.
4. What happens on withdrawal
4.1 Account Aggregator data consent
- Finanjo triggers revocation of the consent artefact with the AA. All future data fetches under that artefact stop immediately.
- Data already fetched is handled per Section 5 below: processing for the consented purpose ceases, and erasure timelines begin.
- Features that depend on live bank data (cashflow, subscription tracking, Money Stories refresh) degrade gracefully: the app states plainly that data is no longer updating and why, in Jo's voice, without guilt-tripping the user.
- The user can re-link at any time; re-linking creates a fresh consent artefact and never silently reuses the old one.
4.2 Credit bureau consent
- No further pulls are made from TransUnion CIBIL. Any recurring refresh enrolment is cancelled with the bureau.
- Previously fetched credit information reports stop being processed for insights and are queued for erasure per Section 5, subject to any retention obligation applicable to Finanjo as a non-specified user under the Credit Information Companies (Regulation) Act, 2005 and the terms of Finanjo's agreement with TransUnion CIBIL.
- Withdrawal of this consent does not alter the credit information TransUnion CIBIL itself holds as a credit information company; the user is told this plainly, along with how to raise report accuracy disputes (see the Grievance Redressal Policy).
4.3 Advisory agreement
- Termination of the advisory relationship follows the notice terms of the advisory agreement. Fees are settled on a pro-rata basis as per the agreement and SEBI norms.
- Records that SEBI requires an Investment Adviser to maintain (KYC, risk profile, advice rendered, agreements) are retained for the mandated period of five years even after termination. The user is told this clearly at the point of withdrawal.
4.4 Processing consent and marketing
- Withdrawal of a processing purpose stops that processing without delay. Withdrawal of marketing consent stops promotional communications within 48 hours; transactional and regulatory communications continue.
- Withdrawal never affects the lawfulness of processing done before withdrawal, and the user is informed of this in the confirmation message.
5. Erasure after withdrawal
- On withdrawal, personal data collected under that consent is erased once it is no longer needed for the consented purpose, unless retention is required by law (SEBI record-keeping, PMLA, tax statutes).
- Where a statutory retention duty applies, the data is ring-fenced: access is restricted to compliance use, it is excluded from analytics and product features, and it is erased when the statutory period ends.
- Where the DPDP Rules' erasure timelines apply, Finanjo sends the 48-hour advance notice before time-based erasure, giving the user a chance to retain their account if the erasure is inactivity-driven rather than withdrawal-driven.
- Erasure covers backups and processors: data processors (cloud, analytics, AA ecosystem partners acting on Finanjo's instruction) are contractually bound to erase on instruction, and erasure completion is logged.
6. Records and audit trail
- Every consent event — given, modified, withdrawn — is logged with timestamp, channel, consent artefact or notice version, and user identifier.
- Consent records are retained for seven years, aligned with the record-keeping standard set for the consent ecosystem under the DPDP Rules, 2025.
- Withdrawal requests and their completion (processing stopped, revocation confirmed with AA/bureau, erasure executed) are individually traceable end to end.
- The audit trail itself contains no more personal data than necessary to evidence the consent lifecycle.
7. Timelines at a glance
| Event | Standard |
|---|---|
| Stop of data fetching after AA consent revocation | Immediate on revocation of the consent artefact |
| Stop of processing after withdrawal | Without delay; systems updated within 24 hours |
| Stop of marketing communications | Within 48 hours |
| Acknowledgment of an email withdrawal request | Within 2 working days |
| Response to any data rights request | Well within the 90-day DPDP outer limit; Finanjo targets 21 days |
| Pre-erasure notice (where applicable) | At least 48 hours before erasure |
8. Design requirements for the product team
- The Privacy & Consents screen lists every live consent in plain language: what data, what purpose, when given, and one control to withdraw.
- Withdrawal copy is written in Jo's voice: warm, plain, no dark patterns, no fake urgency, no pre-ticked retention offers.
- Confirmation of withdrawal states exactly what stops, what is erased and when, what is retained under law, and how to come back.
- Consent notices are standalone and itemised (never buried in T&Cs), available in English and, as Finanjo's language support expands, in Eighth Schedule languages consistent with the DPDP Rules.
- When Consent Manager registration under Rule 4 becomes operational (from November 2026), Finanjo's consent APIs must be able to receive and honour withdrawal signals routed through registered Consent Managers.
9. Roles
| Role | Responsibility |
|---|---|
| Compliance Officer | Owns this document; monitors DPDP Rules commencement dates and SEBI/RBI changes; quarterly review of withdrawal metrics |
| Data grievance contact | Handles data rights requests and withdrawal-related complaints under the Grievance Redressal Policy |
| Product & engineering | Builds and maintains withdrawal flows, revocation integrations (Finvu, TransUnion CIBIL), erasure pipelines, and the consent log |
| All teams | No campaign, feature, or partner integration launches with a consent that lacks an equally easy withdrawal path |
10. Review
This mechanism is reviewed at least annually and immediately upon: notification of Consent Manager registrations under Rule 4 of the DPDP Rules (effective November 2026), full commencement of the remaining DPDP Rules (May 2027), any change to the RBI AA Master Direction or ReBIT consent artefact specifications, or any SEBI change affecting client records and consent.