CredAssist ("we", "us") provides an internal analytics and decision-support software platform to RBI-regulated Non-Banking Financial Companies (NBFCs) and professional firms in India. This policy explains what data we handle, why, and the choices available to you.
Account data (you, our customer). When your organisation registers, we collect the name, work email address, organisation name, and optionally a phone number of authorised users, along with standard security metadata such as login timestamps, IP address and browser identifier. We use this to operate your workspace, secure your account, and communicate with you about the service.
Client-uploaded data (your borrowers and records). Files your organisation uploads — bank statements, ledgers, partner exports, NACH return files and similar records — may contain personal data of your borrowers. For this data, your organisation is the Data Fiduciary and CredAssist acts as a Data Processor under the Digital Personal Data Protection Act, 2023: we process it solely on your instructions, solely to deliver the analyses you request, and never for our own purposes.
All application data is stored on infrastructure located within India, consistent with Indian data-localisation expectations for the financial ecosystem. Uploads are isolated per tenant: no customer can ever access another customer's files, runs or borrowers.
Account data is retained for the life of your subscription and for a reasonable period afterwards for legal and audit purposes. Client-uploaded data is retained under your control: you may delete runs and files from within the product, and on termination of service we delete or return your data on written instruction. Security and access logs are retained for at least one year in line with applicable Indian requirements.
We apply reasonable security safeguards including encrypted transport (HTTPS/TLS), tenant isolation, hashed credentials, access logging, and least-privilege operational access. No system is perfectly secure; in the event of a personal data breach affecting your data, we will notify your organisation without undue delay so you can meet your own obligations.
Authorised users can review and correct their account details from within the product. For deletion requests, questions about this policy, or privacy concerns, write to team@credassist.co.in. If you are a borrower whose data was uploaded by an NBFC, please direct requests to that NBFC, which controls the purpose of processing; we will support them in fulfilling your request.