1. Introduction

Finanjo Ventures Private Limited ("Finanjo", "we", "us", or "our") operates the Finanjo mobile application and website at finanjo.com (collectively, the "Platform"). We are committed to protecting the privacy and security of your personal and financial data.

This Privacy Policy explains what data we collect, how we use it, how long we retain it, your rights regarding your data, and how you can contact us. By using the Platform, you agree to the practices described in this Policy.

Finanjo is registered under the laws of India and complies with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, RBI guidelines on Account Aggregator (AA) framework, and all other applicable laws and regulations.

2. Information We Collect

2.1 Information You Provide

Name, email address, and mobile number at registration
PAN card details for KYC and financial product eligibility
Bank account information provided voluntarily for financial analysis
Credit card details connected by you for rewards and transaction analysis
Manually entered financial data including subscriptions, goals, and budgets
Communications you send us including support requests and feedback

2.2 Data via Account Aggregator (AA) Framework

With your explicit consent, Finanjo fetches your financial data through the RBI-regulated Account Aggregator framework. This includes:

Bank account transaction history
Account balances and statements
Credit card transactions, outstanding amounts, due dates, and reward points
Investment portfolio data including mutual funds and fixed deposits
Loan account details including EMI schedules and outstanding balances

AA data is fetched only with your active, purpose-specific, time-bound consent. You may revoke this consent at any time through the AA framework or through the Finanjo app.

2.3 Data from Google Services

If you sign in using Google Sign-In or connect any Google service to your Finanjo account, we may collect:

Your Google account name and email address
Profile picture (if available and permission granted)
Authentication tokens required to maintain your session

We do not access your Google Drive, Google Contacts, or any other Google data beyond what is explicitly listed above. We do not use Google user data for advertising or to train AI/ML models without your explicit consent.

2.4 Automatically Collected Data

Device information including operating system, device model, and unique device identifiers
App usage data including features accessed and session duration
IP address and approximate location (city-level only)
Crash reports and performance data

3. How We Use Your Information

We use your data solely for the purposes for which it was collected:

To provide personalised financial insights, analysis, and recommendations through Jo, our AI assistant
To display your transaction history, spending patterns, credit card rewards, and investment portfolio
To facilitate mutual fund investments, bill payments, and other financial transactions you initiate
To send you alerts, reminders, and notifications related to your finances (due dates, low balances, subscription renewals)
To conduct KYC verification for regulated financial products
To improve our product, fix bugs, and develop new features
To comply with legal and regulatory obligations
To respond to your support queries

We do not use your personal or financial data for targeted advertising. We do not sell your data to third parties.

4. Data Retention and Deletion

4.1 Retention Periods

We retain your data only for as long as necessary for the purposes described in this Policy or as required by applicable law:

Account and profile data: Retained for the duration of your account and for 3 years after account deletion, as required by financial regulations
Transaction and financial data fetched via Account Aggregator: Retained for 3 years from the date of collection, or as mandated by RBI guidelines
Credit card and investment data: Retained for 3 years from the date of last activity
Google Sign-In data (name, email, authentication tokens): Retained for the duration of your active session. Authentication tokens are invalidated upon account deletion
KYC documents: Retained for 5 years as required by PMLA and RBI norms
Support communications: Retained for 2 years from the date of resolution
App usage and analytics data: Retained for 12 months in identifiable form, after which it is anonymised or deleted

4.2 Deletion of Google User Data

If you signed in via Google or connected a Google account to Finanjo:

Your Google email and profile data is deleted from our active systems within 30 days of account deletion
Google authentication tokens are immediately invalidated upon account deletion and are not retained beyond the active session
We do not retain any Google user data beyond what is necessary to maintain your active session

To revoke Finanjo's access to your Google account at any time, visit Google Account Permissions at myaccount.google.com/permissions and remove Finanjo from connected apps.

4.3 How to Request Deletion

You may request deletion of your account and associated data at any time by:

Using the "Delete Account" option in the Finanjo app under Settings
Emailing us at [email protected] with subject line "Data Deletion Request"

Upon receiving a valid deletion request, we will delete or anonymise your personal data within 30 days, except where retention is required by law. We will send you a confirmation once deletion is complete.

5. Account Aggregator Framework — Data Flow and Storage

5.1 What is the Account Aggregator Framework

The Account Aggregator (AA) framework is an RBI-regulated data-sharing architecture that enables individuals to securely share their financial data across institutions with full consent control. Finanjo operates as a Financial Information User (FIU) within this framework, meaning we can request your financial data from Financial Information Providers (FIPs) — such as banks, NBFCs, and depositories — only after receiving your explicit, informed, and purpose-specific consent.

5.2 How Data Flows via Account Aggregator

The data flow under the AA framework works as follows:

You initiate a consent request on the Finanjo app for a specific financial purpose (e.g., spending analysis, investment tracking, or loan assessment)
A consent artefact is generated specifying the data type, purpose, frequency of fetch, and validity period
You review and approve the consent on the AA platform (e.g., Finvu, Setu, or another RBI-licensed AA)
Upon your approval, the AA fetches the requested financial data from the relevant FIPs (your banks, card issuers, depositories) in encrypted form
The AA transmits the encrypted data to Finanjo over a secure channel. The AA itself cannot read your data — it is a consent manager, not a data holder
Finanjo decrypts the data using your consent-linked encryption keys and processes it solely for the purpose stated in your consent artefact

At no point does Finanjo access your financial data without a valid, active consent artefact. The AA framework ensures that data access is always initiated by you.

5.3 Consent Management

Every AA consent has the following properties:

Purpose-bound: Data fetched for spending analysis cannot be used for loan assessment without a separate consent
Time-bound: Consents have a defined start and end date after which data fetch automatically stops
Revocable: You may revoke any active consent at any time through the Finanjo app or directly through the AA platform
Auditable: You can view all active and historical consents in the Finanjo app under Settings > Data & Permissions

When you revoke a consent, Finanjo stops fetching new data immediately. Data already fetched and retained under that consent is subject to the retention periods in Section 4 of this Policy, unless you separately request deletion.

5.4 Storage of AA Data

Financial data fetched via the AA framework is stored on secure, encrypted servers hosted in India. The following controls apply:

All AA data is encrypted at rest using AES-256 and in transit using TLS 1.2+
AA data is stored in logically isolated environments, separate from other application data
Access to raw AA data is restricted to authorised systems and personnel on a need-to-know basis
AA data is not used for any purpose beyond what is stated in the consent artefact under which it was fetched
AA data is not shared with any third party except as required for the specific purpose stated in the consent (e.g., sharing income data with a lending partner for loan assessment, with your prior consent)

Finanjo complies with all data storage and security norms prescribed by RBI for entities operating within the AA ecosystem.

6. Data Sharing, Regulated Partners, and Third Parties

6.1 Our Commitment to Regulated Partnerships

Finanjo is committed to working exclusively with regulated financial entities. We do not share your personal or financial data with any unregulated entity. Every partner that processes your financial data on behalf of Finanjo is regulated by one or more of the following authorities: the Reserve Bank of India (RBI), the Securities and Exchange Board of India (SEBI), the Insurance Regulatory and Development Authority of India (IRDAI), or the Pension Fund Regulatory and Development Authority (PFRDA).

Finanjo Ventures Private Limited is itself a SEBI-regulated entity. Our regulatory status ensures that we are held to the highest standards of data protection, investor protection, and financial conduct as prescribed by SEBI.

6.2 Mutual Fund Distribution Partners

For mutual fund investments made through the Finanjo app, we work with SEBI-registered and AMFI-regulated intermediaries including Fintech Primitives (Cybrilla Technologies), which operates as a Registered Transfer Agent licensed by SEBI. These partners collect and process certain personal and financial data — including your PAN, KYC details, bank account information, and investment instructions — as required by SEBI regulations and AMFI guidelines for the purpose of executing and settling your mutual fund transactions.

Data collected by our mutual fund partners is governed by their own privacy policies and by SEBI and AMFI regulations. These entities are independently accountable to SEBI for their data handling practices. Finanjo only shares the minimum data required for transaction execution.

6.3 Fixed Deposit Partners

For fixed deposit products offered through the Finanjo app, we work with RBI-regulated banks and NBFCs. These institutions collect and process your KYC data, PAN, bank details, and investment instructions as required by RBI guidelines and the Prevention of Money Laundering Act (PMLA). All FD partners are entities licensed by the RBI and are independently subject to RBI's data protection and customer data guidelines.

6.4 Other Data Sharing

We do not sell your data.

Beyond regulated financial partners, we share your data only in the following circumstances:

Account Aggregator Framework: Data flows through RBI-licensed AA platforms under your explicit consent as described in Section 5
NBFC Lending Partners: If you apply for a loan product, relevant financial data is shared with RBI-regulated NBFCs solely for credit assessment, with your prior consent
Payment Processors: For processing transactions, with RBI-regulated payment entities
Cloud Infrastructure: Your data is hosted on secure cloud servers located in India
Legal Requirements: We may disclose data if required by a court order, regulatory authority, or applicable law

All third-party partners who process your data are bound by contractual data protection obligations and are regulated by the appropriate Indian financial regulators.

7. Data Security

We implement industry-standard technical and organisational measures to protect your data:

AES-256 encryption for data at rest
TLS 1.2+ encryption for all data in transit
Multi-factor authentication for internal system access
Regular security audits and vulnerability assessments
Access controls limiting data access to authorised personnel only
Compliance with RBI's cybersecurity framework for financial institutions

In the event of a data breach that is likely to affect your rights, we will notify you and the relevant authorities as required by the DPDP Act, 2023 within the prescribed timeframes.

8. Your Rights

Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the following rights:

Right to Access: Request a copy of the personal data we hold about you
Right to Correction: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your data, subject to legal retention requirements
Right to Withdraw Consent: Withdraw consent for data processing at any time, including AA consent
Right to Grievance Redressal: Lodge a complaint with our Grievance Officer
Right to Nominate: Nominate another individual to exercise rights on your behalf in the event of death or incapacity

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving your request.

9. Cookies and Tracking

Our website finanjo.com uses essential cookies for authentication and session management. We use analytics cookies to understand how users interact with our website. You may control cookie settings through your browser preferences.

Our mobile app does not use cookies but uses equivalent device identifiers for session management and analytics. You may reset your advertising ID through your device settings at any time.

10. Children's Privacy

The Finanjo Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at [email protected] and we will delete such data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, product features, or legal requirements. We will notify you of material changes through the app or via email at least 15 days before the changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the revised Policy.

All previous versions of this Policy are available upon request at [email protected].

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, we have appointed a Grievance Officer:

Name: Vikas Singh Chauhan

Designation: Grievance Officer

Email: [email protected]

Address: Finanjo Ventures Private Limited, Vaishali Nagar, Jaipur, Rajasthan, India

You may contact the Grievance Officer for any complaints or concerns regarding the processing of your personal data. We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt.

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India once constituted under the DPDP Act, 2023.

13. Contact Us

For general queries about this Privacy Policy or our data practices:

General Inquiries: [email protected]

Compliance and Data Requests: [email protected]

Grievance Officer: [email protected]

Website: finanjo.com

Finanjo Ventures Private Limited

Vaishali Nagar, Jaipur, Rajasthan, India

1. Introduction

2. Information We Collect

2.1 Information You Provide

Name, email address, and mobile number at registration
PAN card details for KYC and financial product eligibility
Bank account information provided voluntarily for financial analysis
Credit card details connected by you for rewards and transaction analysis
Manually entered financial data including subscriptions, goals, and budgets
Communications you send us including support requests and feedback

2.2 Data via Account Aggregator (AA) Framework

With your explicit consent, Finanjo fetches your financial data through the RBI-regulated Account Aggregator framework. This includes:

Bank account transaction history
Account balances and statements
Credit card transactions, outstanding amounts, due dates, and reward points
Investment portfolio data including mutual funds and fixed deposits
Loan account details including EMI schedules and outstanding balances

AA data is fetched only with your active, purpose-specific, time-bound consent. You may revoke this consent at any time through the AA framework or through the Finanjo app.

2.3 Data from Google Services

If you sign in using Google Sign-In or connect any Google service to your Finanjo account, we may collect:

Your Google account name and email address
Profile picture (if available and permission granted)
Authentication tokens required to maintain your session

2.4 Automatically Collected Data

Device information including operating system, device model, and unique device identifiers
App usage data including features accessed and session duration
IP address and approximate location (city-level only)
Crash reports and performance data

3. How We Use Your Information

We use your data solely for the purposes for which it was collected:

To provide personalised financial insights, analysis, and recommendations through Jo, our AI assistant
To display your transaction history, spending patterns, credit card rewards, and investment portfolio
To facilitate mutual fund investments, bill payments, and other financial transactions you initiate
To send you alerts, reminders, and notifications related to your finances (due dates, low balances, subscription renewals)
To conduct KYC verification for regulated financial products
To improve our product, fix bugs, and develop new features
To comply with legal and regulatory obligations
To respond to your support queries

We do not use your personal or financial data for targeted advertising. We do not sell your data to third parties.

4. Data Retention and Deletion

4.1 Retention Periods

We retain your data only for as long as necessary for the purposes described in this Policy or as required by applicable law:

Account and profile data: Retained for the duration of your account and for 3 years after account deletion, as required by financial regulations
Transaction and financial data fetched via Account Aggregator: Retained for 3 years from the date of collection, or as mandated by RBI guidelines
Credit card and investment data: Retained for 3 years from the date of last activity
Google Sign-In data (name, email, authentication tokens): Retained for the duration of your active session. Authentication tokens are invalidated upon account deletion
KYC documents: Retained for 5 years as required by PMLA and RBI norms
Support communications: Retained for 2 years from the date of resolution
App usage and analytics data: Retained for 12 months in identifiable form, after which it is anonymised or deleted

4.2 Deletion of Google User Data

If you signed in via Google or connected a Google account to Finanjo:

Your Google email and profile data is deleted from our active systems within 30 days of account deletion
Google authentication tokens are immediately invalidated upon account deletion and are not retained beyond the active session
We do not retain any Google user data beyond what is necessary to maintain your active session

To revoke Finanjo's access to your Google account at any time, visit Google Account Permissions at myaccount.google.com/permissions and remove Finanjo from connected apps.

4.3 How to Request Deletion

You may request deletion of your account and associated data at any time by:

Using the "Delete Account" option in the Finanjo app under Settings
Emailing us at [email protected] with subject line "Data Deletion Request"

5. Account Aggregator Framework — Data Flow and Storage

5.1 What is the Account Aggregator Framework

5.2 How Data Flows via Account Aggregator

The data flow under the AA framework works as follows:

You initiate a consent request on the Finanjo app for a specific financial purpose (e.g., spending analysis, investment tracking, or loan assessment)
A consent artefact is generated specifying the data type, purpose, frequency of fetch, and validity period
You review and approve the consent on the AA platform (e.g., Finvu, Setu, or another RBI-licensed AA)
Upon your approval, the AA fetches the requested financial data from the relevant FIPs (your banks, card issuers, depositories) in encrypted form
The AA transmits the encrypted data to Finanjo over a secure channel. The AA itself cannot read your data — it is a consent manager, not a data holder
Finanjo decrypts the data using your consent-linked encryption keys and processes it solely for the purpose stated in your consent artefact

At no point does Finanjo access your financial data without a valid, active consent artefact. The AA framework ensures that data access is always initiated by you.

5.3 Consent Management

Every AA consent has the following properties:

Purpose-bound: Data fetched for spending analysis cannot be used for loan assessment without a separate consent
Time-bound: Consents have a defined start and end date after which data fetch automatically stops
Revocable: You may revoke any active consent at any time through the Finanjo app or directly through the AA platform
Auditable: You can view all active and historical consents in the Finanjo app under Settings > Data & Permissions

5.4 Storage of AA Data

Financial data fetched via the AA framework is stored on secure, encrypted servers hosted in India. The following controls apply:

All AA data is encrypted at rest using AES-256 and in transit using TLS 1.2+
AA data is stored in logically isolated environments, separate from other application data
Access to raw AA data is restricted to authorised systems and personnel on a need-to-know basis
AA data is not used for any purpose beyond what is stated in the consent artefact under which it was fetched
AA data is not shared with any third party except as required for the specific purpose stated in the consent (e.g., sharing income data with a lending partner for loan assessment, with your prior consent)

Finanjo complies with all data storage and security norms prescribed by RBI for entities operating within the AA ecosystem.

6. Data Sharing, Regulated Partners, and Third Parties

6.1 Our Commitment to Regulated Partnerships

6.2 Mutual Fund Distribution Partners

6.3 Fixed Deposit Partners

6.4 Other Data Sharing

We do not sell your data.

Beyond regulated financial partners, we share your data only in the following circumstances:

Account Aggregator Framework: Data flows through RBI-licensed AA platforms under your explicit consent as described in Section 5
NBFC Lending Partners: If you apply for a loan product, relevant financial data is shared with RBI-regulated NBFCs solely for credit assessment, with your prior consent
Payment Processors: For processing transactions, with RBI-regulated payment entities
Cloud Infrastructure: Your data is hosted on secure cloud servers located in India
Legal Requirements: We may disclose data if required by a court order, regulatory authority, or applicable law

All third-party partners who process your data are bound by contractual data protection obligations and are regulated by the appropriate Indian financial regulators.

7. Data Security

We implement industry-standard technical and organisational measures to protect your data:

AES-256 encryption for data at rest
TLS 1.2+ encryption for all data in transit
Multi-factor authentication for internal system access
Regular security audits and vulnerability assessments
Access controls limiting data access to authorised personnel only
Compliance with RBI's cybersecurity framework for financial institutions

In the event of a data breach that is likely to affect your rights, we will notify you and the relevant authorities as required by the DPDP Act, 2023 within the prescribed timeframes.

8. Your Rights

Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the following rights:

Right to Access: Request a copy of the personal data we hold about you
Right to Correction: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your data, subject to legal retention requirements
Right to Withdraw Consent: Withdraw consent for data processing at any time, including AA consent
Right to Grievance Redressal: Lodge a complaint with our Grievance Officer
Right to Nominate: Nominate another individual to exercise rights on your behalf in the event of death or incapacity

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving your request.

9. Cookies and Tracking

Our mobile app does not use cookies but uses equivalent device identifiers for session management and analytics. You may reset your advertising ID through your device settings at any time.

10. Children's Privacy

11. Changes to This Policy

All previous versions of this Policy are available upon request at [email protected].

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, we have appointed a Grievance Officer:

Name: Vikas Singh Chauhan

Designation: Grievance Officer

Email: [email protected]

Address: Finanjo Ventures Private Limited, Vaishali Nagar, Jaipur, Rajasthan, India

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India once constituted under the DPDP Act, 2023.

13. Contact Us

For general queries about this Privacy Policy or our data practices:

General Inquiries: [email protected]

Compliance and Data Requests: [email protected]

Grievance Officer: [email protected]

Website: finanjo.com

Finanjo Ventures Private Limited

Vaishali Nagar, Jaipur, Rajasthan, India

1. Introduction

2. Information We Collect

2.1 Information You Provide

Name, email address, and mobile number at registration
PAN card details for KYC and financial product eligibility
Bank account information provided voluntarily for financial analysis
Credit card details connected by you for rewards and transaction analysis
Manually entered financial data including subscriptions, goals, and budgets
Communications you send us including support requests and feedback

2.2 Data via Account Aggregator (AA) Framework

With your explicit consent, Finanjo fetches your financial data through the RBI-regulated Account Aggregator framework. This includes:

Bank account transaction history
Account balances and statements
Credit card transactions, outstanding amounts, due dates, and reward points
Investment portfolio data including mutual funds and fixed deposits
Loan account details including EMI schedules and outstanding balances

AA data is fetched only with your active, purpose-specific, time-bound consent. You may revoke this consent at any time through the AA framework or through the Finanjo app.

2.3 Data from Google Services

If you sign in using Google Sign-In or connect any Google service to your Finanjo account, we may collect:

Your Google account name and email address
Profile picture (if available and permission granted)
Authentication tokens required to maintain your session

2.4 Automatically Collected Data

Device information including operating system, device model, and unique device identifiers
App usage data including features accessed and session duration
IP address and approximate location (city-level only)
Crash reports and performance data

3. How We Use Your Information

We use your data solely for the purposes for which it was collected:

To provide personalised financial insights, analysis, and recommendations through Jo, our AI assistant
To display your transaction history, spending patterns, credit card rewards, and investment portfolio
To facilitate mutual fund investments, bill payments, and other financial transactions you initiate
To send you alerts, reminders, and notifications related to your finances (due dates, low balances, subscription renewals)
To conduct KYC verification for regulated financial products
To improve our product, fix bugs, and develop new features
To comply with legal and regulatory obligations
To respond to your support queries

We do not use your personal or financial data for targeted advertising. We do not sell your data to third parties.

4. Data Retention and Deletion

4.1 Retention Periods

We retain your data only for as long as necessary for the purposes described in this Policy or as required by applicable law:

Account and profile data: Retained for the duration of your account and for 3 years after account deletion, as required by financial regulations
Transaction and financial data fetched via Account Aggregator: Retained for 3 years from the date of collection, or as mandated by RBI guidelines
Credit card and investment data: Retained for 3 years from the date of last activity
Google Sign-In data (name, email, authentication tokens): Retained for the duration of your active session. Authentication tokens are invalidated upon account deletion
KYC documents: Retained for 5 years as required by PMLA and RBI norms
Support communications: Retained for 2 years from the date of resolution
App usage and analytics data: Retained for 12 months in identifiable form, after which it is anonymised or deleted

4.2 Deletion of Google User Data

If you signed in via Google or connected a Google account to Finanjo:

Your Google email and profile data is deleted from our active systems within 30 days of account deletion
Google authentication tokens are immediately invalidated upon account deletion and are not retained beyond the active session
We do not retain any Google user data beyond what is necessary to maintain your active session

To revoke Finanjo's access to your Google account at any time, visit Google Account Permissions at myaccount.google.com/permissions and remove Finanjo from connected apps.

4.3 How to Request Deletion

You may request deletion of your account and associated data at any time by:

Using the "Delete Account" option in the Finanjo app under Settings
Emailing us at [email protected] with subject line "Data Deletion Request"

5. Account Aggregator Framework — Data Flow and Storage

5.1 What is the Account Aggregator Framework

5.2 How Data Flows via Account Aggregator

The data flow under the AA framework works as follows:

You initiate a consent request on the Finanjo app for a specific financial purpose (e.g., spending analysis, investment tracking, or loan assessment)
A consent artefact is generated specifying the data type, purpose, frequency of fetch, and validity period
You review and approve the consent on the AA platform (e.g., Finvu, Setu, or another RBI-licensed AA)
Upon your approval, the AA fetches the requested financial data from the relevant FIPs (your banks, card issuers, depositories) in encrypted form
The AA transmits the encrypted data to Finanjo over a secure channel. The AA itself cannot read your data — it is a consent manager, not a data holder
Finanjo decrypts the data using your consent-linked encryption keys and processes it solely for the purpose stated in your consent artefact

At no point does Finanjo access your financial data without a valid, active consent artefact. The AA framework ensures that data access is always initiated by you.

5.3 Consent Management

Every AA consent has the following properties:

Purpose-bound: Data fetched for spending analysis cannot be used for loan assessment without a separate consent
Time-bound: Consents have a defined start and end date after which data fetch automatically stops
Revocable: You may revoke any active consent at any time through the Finanjo app or directly through the AA platform
Auditable: You can view all active and historical consents in the Finanjo app under Settings > Data & Permissions

5.4 Storage of AA Data

Financial data fetched via the AA framework is stored on secure, encrypted servers hosted in India. The following controls apply:

All AA data is encrypted at rest using AES-256 and in transit using TLS 1.2+
AA data is stored in logically isolated environments, separate from other application data
Access to raw AA data is restricted to authorised systems and personnel on a need-to-know basis
AA data is not used for any purpose beyond what is stated in the consent artefact under which it was fetched
AA data is not shared with any third party except as required for the specific purpose stated in the consent (e.g., sharing income data with a lending partner for loan assessment, with your prior consent)

Finanjo complies with all data storage and security norms prescribed by RBI for entities operating within the AA ecosystem.

6. Data Sharing, Regulated Partners, and Third Parties

6.1 Our Commitment to Regulated Partnerships

6.2 Mutual Fund Distribution Partners

6.3 Fixed Deposit Partners

6.4 Other Data Sharing

We do not sell your data.

Beyond regulated financial partners, we share your data only in the following circumstances:

Account Aggregator Framework: Data flows through RBI-licensed AA platforms under your explicit consent as described in Section 5
NBFC Lending Partners: If you apply for a loan product, relevant financial data is shared with RBI-regulated NBFCs solely for credit assessment, with your prior consent
Payment Processors: For processing transactions, with RBI-regulated payment entities
Cloud Infrastructure: Your data is hosted on secure cloud servers located in India
Legal Requirements: We may disclose data if required by a court order, regulatory authority, or applicable law

All third-party partners who process your data are bound by contractual data protection obligations and are regulated by the appropriate Indian financial regulators.

7. Data Security

We implement industry-standard technical and organisational measures to protect your data:

AES-256 encryption for data at rest
TLS 1.2+ encryption for all data in transit
Multi-factor authentication for internal system access
Regular security audits and vulnerability assessments
Access controls limiting data access to authorised personnel only
Compliance with RBI's cybersecurity framework for financial institutions

In the event of a data breach that is likely to affect your rights, we will notify you and the relevant authorities as required by the DPDP Act, 2023 within the prescribed timeframes.

8. Your Rights

Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the following rights:

Right to Access: Request a copy of the personal data we hold about you
Right to Correction: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your data, subject to legal retention requirements
Right to Withdraw Consent: Withdraw consent for data processing at any time, including AA consent
Right to Grievance Redressal: Lodge a complaint with our Grievance Officer
Right to Nominate: Nominate another individual to exercise rights on your behalf in the event of death or incapacity

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving your request.

9. Cookies and Tracking

Our mobile app does not use cookies but uses equivalent device identifiers for session management and analytics. You may reset your advertising ID through your device settings at any time.

10. Children's Privacy

11. Changes to This Policy

All previous versions of this Policy are available upon request at [email protected].

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, we have appointed a Grievance Officer:

Name: Vikas Singh Chauhan

Designation: Grievance Officer

Email: [email protected]

Address: Finanjo Ventures Private Limited, Vaishali Nagar, Jaipur, Rajasthan, India

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India once constituted under the DPDP Act, 2023.

13. Contact Us

For general queries about this Privacy Policy or our data practices:

General Inquiries: [email protected]

Compliance and Data Requests: [email protected]

Grievance Officer: [email protected]

Website: finanjo.com

Finanjo Ventures Private Limited

Vaishali Nagar, Jaipur, Rajasthan, India