Privacy Policy

Caply Finserv Private Limited

Effective Date: April 1, 2026

This Privacy Policy (“Policy”) outlines [Your Company Name] Private Limited (“Company”, “We”, “Us”, or “Our”) practices in relation to the collection, storage, use, processing, and disclosure of personal data that you (“You” or “User”) have chosen to share with Us when You download and use Our mobile application “Caply” or use the services available on [caply.co.in] (collectively referred to as the “Platform”). Please read this Policy carefully before using the Platform.

This Policy is governed by the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and the Digital Personal Data Protection Act, 2023 (“DPDPA”), as applicable.

1. INFORMATION WE COLLECT

We collect the following categories of personal data from You:

1.1 Information You Provide Us

  • Identity data: Full name, date of birth, gender
  • Contact data: Mobile number, email address, residential address
  • KYC data: PAN, Aadhaar number (masked/VID only), government-issued identity documents
  • Financial data: Bank account details, income details, credit information
  • Correspondence: Messages, feedback, and support queries

1.2 Information We Collect Automatically

  • SMS transactional messages from banks and financial institutions (read-only, for expense tracking)
  • Device data: Device ID, OS version, IP address, app usage data
  • UPI and payment transaction metadata
  • Log data: Pages visited, time spent, features accessed

1.3 Information from Third Parties

  • Credit bureau data (CIBIL, Experian, Equifax, CRIF) for loan eligibility assessments
  • Bank account transaction data via Account Aggregator (AA) framework / NBFC-AA
  • KYC data from UIDAI, NSDL, or other authorised verification agencies

2. PURPOSE OF DATA COLLECTION

We use Your personal data solely for the following purposes:

  • To provide, maintain, and improve the Services, including expense tracking, budget insights, and financial summaries
  • To facilitate loan applications, credit assessments, and onboarding with our lending partners (NBFCs and Banks)
  • To conduct KYC/AML verification as required under applicable laws
  • To generate spending reports, analytics, and personalised financial insights
  • To send transactional notifications, service updates, and support communications
  • To comply with legal obligations under RBI guidelines, SEBI regulations, IRDAI norms, and applicable Indian laws
  • To detect, investigate, and prevent fraudulent or unauthorised activity
  • To improve app performance through analytics and crash reporting

3. SMS & DEVICE PERMISSIONS

The App may request access to the following device permissions:

  • SMS (Read): To read bank transaction SMS alerts for auto-categorisation of expenses. We do not read personal, OTP, or non-transactional messages.
  • Contacts (Optional): Only to facilitate peer transactions if You explicitly choose to enable this feature.
  • Camera / Storage: To upload KYC documents or profile photographs when required.
  • Location (Optional): Only for GPS-based mileage tracking for expense entries, if enabled.

You may revoke any of these permissions at any time through your device settings. Revoking permissions may limit certain features of the App.

4. DATA SHARING & DISCLOSURE

We do not sell Your personal data. We may share Your information in the following limited circumstances:

4.1 With Lending Partners

With RBI-registered NBFCs and banks on our platform, solely to process loan applications You initiate. A list of lending partners is available at [lending-partners-page-link].

4.2 With Service Providers

With third-party vendors who assist us in delivering Services, including KYC verification agencies, cloud hosting providers, payment processors, analytics platforms, and customer support tools — all bound by confidentiality agreements.

4.3 With Regulators & Law Enforcement

Where required by applicable law, court order, regulatory directive, or governmental authority.

4.4 In Business Transfers

In the event of a merger, acquisition, or sale of assets, Your data may be transferred to the successor entity, subject to the same protections as this Policy.

5. DATA LOCALISATION & STORAGE

All Your personal data, including financial data, is stored exclusively on servers located within India. We do not transfer Your personal data to any third country or offshore jurisdiction.

Data is retained only for as long as necessary to fulfil the purposes described in this Policy, or as required by applicable laws. Upon account deletion, non-mandatory data will be anonymised or deleted, subject to legal retention obligations.

6. DATA SECURITY

We implement industry-standard security measures including:

  • 256-bit SSL/TLS encryption for data in transit
  • AES-256 encryption for sensitive data at rest
  • Role-based access controls, limiting employee access to personal data
  • Regular security audits, penetration testing, and vulnerability assessments
  • ISO 27001-aligned information security practices

While We implement reasonable security measures, no digital system is completely immune to breaches. You are responsible for maintaining the confidentiality of your account credentials.

7. COOKIES & TRACKING TECHNOLOGIES

Our website and App may use cookies and similar tracking technologies to enhance user experience, analyse app usage, and remember Your preferences. You may disable cookies through your browser or device settings; however, this may affect certain features of the Platform.

8. YOUR RIGHTS AS A DATA PRINCIPAL

Under the DPDPA 2023 and applicable regulations, You have the right to:

  • Access: Request a summary of personal data We hold about You
  • Correction: Request correction of inaccurate or incomplete personal data
  • Erasure: Request deletion of Your personal data (subject to legal retention obligations)
  • Grievance Redressal: Lodge a complaint with our Grievance Officer or the Data Protection Board of India
  • Withdrawal of Consent: Withdraw consent for data processing, subject to consequences on service availability

To exercise these rights, contact our Grievance Officer at: grievance@caply.co.in

9. GRIEVANCE OFFICER

In accordance with the Information Technology Act, 2000 and rules thereunder, the details of our Grievance Officer are:

Name: Shivkumar

Email: grievance@caply.co.in

Address: HSR Layout, Sector – 1, Bengaluru – 560001, Karnataka, India

We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt.

10. CHILDREN’S PRIVACY

Our Services are not directed to individuals below 18 years of age. We do not knowingly collect personal data from minors. If We become aware that a minor has provided personal data without parental consent, We will delete such data promptly.

11. THIRD-PARTY LINKS

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of such third parties. We encourage You to review their privacy policies before sharing any personal information.

12. CHANGES TO THIS POLICY

We reserve the right to update this Policy at any time. Material changes will be notified via the App or email at least 7 days prior to their effective date. Continued use of the Platform after changes constitutes Your acceptance of the updated Policy.

13. GOVERNING LAW

This Policy is governed by and construed in accordance with the laws of the Republic of India. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts in Bengaluru, Karnataka.

Scroll to Top