CredAssist ← Back to credassist.co.in

DPDP Act Compliance

Digital Personal Data Protection Act, 2023 · Last updated July 2026

This page summarises how CredAssist supports its customers' obligations under India's Digital Personal Data Protection Act, 2023 (DPDP) and the DPDP Rules, 2025.

Our role: Data Processor

For borrower and transaction data uploaded by a customer, the customer NBFC or firm decides the purpose and means of processing and is the Data Fiduciary. CredAssist processes that data only on the customer's documented instructions and is a Data Processor. We enter into a Data Processing Agreement (DPA) with every customer that sets out, contractually:

What customers remain responsible for

As Data Fiduciaries, customers remain responsible for the lawful basis of their processing: obtaining borrower consent or relying on a legitimate use, issuing notices, honouring Data Principal rights (access, correction, erasure, grievance), and their own breach notifications. CredAssist provides the tooling and contractual support to make those obligations practical to meet.

Data Principals (borrowers)

If your personal data was uploaded to CredAssist by a lender, that lender is the Data Fiduciary for your data. Please direct any access, correction or erasure request to the lender; we act on their instructions and will support the fulfilment of your request. If you believe your data is being processed on our systems unlawfully, you may also write to team@credassist.co.in and we will route the matter to the relevant customer without delay.

Contact

Data protection questions, DPA requests, and vendor due-diligence questionnaires: team@credassist.co.in.

The DPDP Rules, 2025 phase in through 2026–2027. We track the compliance timeline and update our practices and this page as obligations come into force. This summary is provided in good faith and does not constitute legal advice.
© 2026 CredAssist · credassist.co.in PrivacyTermsDPDP team@credassist.co.in