Consent Withdrawal Mechanism

Finanjo Ventures Private Limited · Policy and operational standard

FieldDetail
Document ownerCompliance Officer
Version1.0
Approved byBoard of Directors on 10.07.2026
Effective date10.07.2026
Legal basisDPDP Act 2023 and DPDP Rules 2025; Credit Information Companies (Regulation) Act, 2005; RBI Master Direction on NBFC-Account Aggregators; SEBI (Investment Advisers) Regulations, 2013

1. Purpose and principle

Finanjo runs on user consent. Bank data arrives through the Account Aggregator framework only because the user said yes. Credit data arrives only because the user said yes. This document defines how a user takes that yes back, and what Finanjo does when they do.

The governing principle comes straight from the DPDP Rules, 2025: withdrawing consent must be as easy as giving it. If linking a bank account takes three taps, unlinking it cannot take a phone call and a form. Every consent Finanjo collects has a withdrawal path of equal or lower friction, built into the product, not hidden in support.

2. Types of consent Finanjo collects

Finanjo collects distinct consents for distinct purposes. Withdrawal of one does not affect the others, and no service unrelated to a withdrawn consent is denied because of the withdrawal.

ConsentWhat it coversCollected via
Account Aggregator data consentFetching bank account data (balances, transactions, deposits) through Finanjo's AA partner (Finvu)AA consent artefact approved by the user in the AA flow, with purpose, data types, frequency, and validity period
Credit bureau consentPulling the user's credit information report and score from TransUnion CIBIL, as a non-specified user under the Credit Information Companies (Regulation) Act, 2005Explicit in-app consent before each pull or enrolment. If Finanjo onboards additional bureaus in future, the same consent and withdrawal mechanism applies to each
Advisory agreementInvestment advisory relationship as a SEBI RIA clientSigned/accepted advisory agreement at onboarding
Processing consent (DPDP notice)Processing of personal data for the specified purposes in Finanjo's consent notice: app functionality, insights, Money Stories, subscription detectionStandalone, itemised DPDP consent notice at signup
Marketing & communicationsPromotional messages, product updates, campaign communicationsSeparate opt-in toggle, never bundled with service consents

3. Withdrawal channels

Withdrawal is available through the same surface where consent was given, plus fallback channels:

ChannelDetail
In-app (primary)Profile → Privacy & Consents. Every active consent is listed with a plain-language description and a withdraw control. Effect is immediate on confirmation.
AA app / Consent ManagerAA consents can also be revoked directly in the Finvu app or any consent manager interface where the consent artefact lives. Revocation there is honoured identically.
Website linkThe consent notice and every consent-related communication carries a direct link to the withdrawal page, as required by Rule 3 of the DPDP Rules.
Email[email protected] — verified against the registered account, then actioned within 2 working days.

No withdrawal path requires the user to state a reason, speak to retention staff, or complete any step that was not required to give the consent in the first place. A single optional, skippable feedback prompt is the maximum permitted friction.

4. What happens on withdrawal

4.1 Account Aggregator data consent

  • Finanjo triggers revocation of the consent artefact with the AA. All future data fetches under that artefact stop immediately.
  • Data already fetched is handled per Section 5 below: processing for the consented purpose ceases, and erasure timelines begin.
  • Features that depend on live bank data (cashflow, subscription tracking, Money Stories refresh) degrade gracefully: the app states plainly that data is no longer updating and why, in Jo's voice, without guilt-tripping the user.
  • The user can re-link at any time; re-linking creates a fresh consent artefact and never silently reuses the old one.

4.2 Credit bureau consent

  • No further pulls are made from TransUnion CIBIL. Any recurring refresh enrolment is cancelled with the bureau.
  • Previously fetched credit information reports stop being processed for insights and are queued for erasure per Section 5, subject to any retention obligation applicable to Finanjo as a non-specified user under the Credit Information Companies (Regulation) Act, 2005 and the terms of Finanjo's agreement with TransUnion CIBIL.
  • Withdrawal of this consent does not alter the credit information TransUnion CIBIL itself holds as a credit information company; the user is told this plainly, along with how to raise report accuracy disputes (see the Grievance Redressal Policy).

4.3 Advisory agreement

  • Termination of the advisory relationship follows the notice terms of the advisory agreement. Fees are settled on a pro-rata basis as per the agreement and SEBI norms.
  • Records that SEBI requires an Investment Adviser to maintain (KYC, risk profile, advice rendered, agreements) are retained for the mandated period of five years even after termination. The user is told this clearly at the point of withdrawal.

4.4 Processing consent and marketing

  • Withdrawal of a processing purpose stops that processing without delay. Withdrawal of marketing consent stops promotional communications within 48 hours; transactional and regulatory communications continue.
  • Withdrawal never affects the lawfulness of processing done before withdrawal, and the user is informed of this in the confirmation message.

5. Erasure after withdrawal

  • On withdrawal, personal data collected under that consent is erased once it is no longer needed for the consented purpose, unless retention is required by law (SEBI record-keeping, PMLA, tax statutes).
  • Where a statutory retention duty applies, the data is ring-fenced: access is restricted to compliance use, it is excluded from analytics and product features, and it is erased when the statutory period ends.
  • Where the DPDP Rules' erasure timelines apply, Finanjo sends the 48-hour advance notice before time-based erasure, giving the user a chance to retain their account if the erasure is inactivity-driven rather than withdrawal-driven.
  • Erasure covers backups and processors: data processors (cloud, analytics, AA ecosystem partners acting on Finanjo's instruction) are contractually bound to erase on instruction, and erasure completion is logged.

6. Records and audit trail

  • Every consent event — given, modified, withdrawn — is logged with timestamp, channel, consent artefact or notice version, and user identifier.
  • Consent records are retained for seven years, aligned with the record-keeping standard set for the consent ecosystem under the DPDP Rules, 2025.
  • Withdrawal requests and their completion (processing stopped, revocation confirmed with AA/bureau, erasure executed) are individually traceable end to end.
  • The audit trail itself contains no more personal data than necessary to evidence the consent lifecycle.

7. Timelines at a glance

EventStandard
Stop of data fetching after AA consent revocationImmediate on revocation of the consent artefact
Stop of processing after withdrawalWithout delay; systems updated within 24 hours
Stop of marketing communicationsWithin 48 hours
Acknowledgment of an email withdrawal requestWithin 2 working days
Response to any data rights requestWell within the 90-day DPDP outer limit; Finanjo targets 21 days
Pre-erasure notice (where applicable)At least 48 hours before erasure

8. Design requirements for the product team

  • The Privacy & Consents screen lists every live consent in plain language: what data, what purpose, when given, and one control to withdraw.
  • Withdrawal copy is written in Jo's voice: warm, plain, no dark patterns, no fake urgency, no pre-ticked retention offers.
  • Confirmation of withdrawal states exactly what stops, what is erased and when, what is retained under law, and how to come back.
  • Consent notices are standalone and itemised (never buried in T&Cs), available in English and, as Finanjo's language support expands, in Eighth Schedule languages consistent with the DPDP Rules.
  • When Consent Manager registration under Rule 4 becomes operational (from November 2026), Finanjo's consent APIs must be able to receive and honour withdrawal signals routed through registered Consent Managers.

9. Roles

RoleResponsibility
Compliance OfficerOwns this document; monitors DPDP Rules commencement dates and SEBI/RBI changes; quarterly review of withdrawal metrics
Data grievance contactHandles data rights requests and withdrawal-related complaints under the Grievance Redressal Policy
Product & engineeringBuilds and maintains withdrawal flows, revocation integrations (Finvu, TransUnion CIBIL), erasure pipelines, and the consent log
All teamsNo campaign, feature, or partner integration launches with a consent that lacks an equally easy withdrawal path

10. Review

This mechanism is reviewed at least annually and immediately upon: notification of Consent Manager registrations under Rule 4 of the DPDP Rules (effective November 2026), full commencement of the remaining DPDP Rules (May 2027), any change to the RBI AA Master Direction or ReBIT consent artefact specifications, or any SEBI change affecting client records and consent.