Privacy Policy

Prosperon Finvisory Private Limited

Last updated: 22 February 2026

1. Privacy Policy

1.1 Introduction

Prosperon Finvisory Private Limited ("Prosperon", "we", "us", "our") respects the privacy of its users and customers and is committed to protecting personal data in accordance with applicable Indian laws, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

These policies apply to all users and customers availing or enquiring about services including loans, loan optimisation, investments, and insurance products through our website, applications, or offline channels.

1.2 Categories of Personal Data Collected

• Identity & Personal Details: Name, spouse name, father name, date of birth, gender
• Contact Details: Mobile number, personal and official email address
• Financial Information: Income details, salary slips, ITRs, related proofs
• KYC Information: PAN, Aadhaar (where applicable), passport, voter ID or other officially valid documents
• Asset Information: Property documents and related ownership records
• Credit Information: Credit reports and scores obtained from TransUnion CIBIL and other bureaus through authorized partners

1.3 Purpose of Collection

• Credit assessment and eligibility evaluation
• Loan optimization and financial advisory services
• KYC and identity verification
• Documentation support for lenders/NBFCs/banks
• Regulatory and compliance requirements

1.4 Sharing of Data

We may share data with:

• Credit bureaus (e.g., TransUnion CIBIL)
• Authorized service providers (e.g., IDSPay)
• Banks, NBFCs, and financial institutions (with consent)
• Verification and compliance vendors

We do not sell personal data.

1.5 User Rights

• Access their personal data
• Request correction or updates
• Request deletion subject to legal and regulatory obligations
• Raise grievances related to data protection and privacy

Privacy queries may be addressed to the Grievance Officer & DPO as listed in Section 5.

1.6 Children's Data

Prosperon does not knowingly collect personal data of children under the age of 18. If such data is inadvertently collected, it will be deleted upon becoming aware unless retention is required under applicable law or with verifiable consent from a parent or legal guardian.

2. User Consent & Authorization Policy

2.1 Consent Requirement

Prosperon collects and processes personal data only after obtaining explicit, informed consent from the user.

2.2 Mode of Consent

• Digital checkbox acceptance
• OTP-based confirmation
• Electronic acknowledgment within the application or website

2.3 Purpose-Specific Consent

• Credit bureau access
• KYC verification
• Sharing data with lenders or partners

2.4 Consent Records

Prosperon maintains auditable consent records including timestamp, IP/device details, purpose, and consent text version.

2.5 Insurance & Investment-Specific Consent

Where users avail or enquire about investment or insurance services, explicit consent is obtained for:

• Investment suitability analysis and advisory
• Insurance need analysis, proposal facilitation, and policy servicing
• Investment suitability analysis and advisory
• Sharing data with registered insurers, AMCs, distributors, or authorized partners

3. Information Security & Data Protection Policy

3.1 Security Measures

• Encryption of data at rest and in transit
• Secure servers and access controls
• Role-based access to sensitive information

3.2 Internal Access

Only authorized personnel with a legitimate business need may access personal or sensitive data.

3.3 API & Third-Party Security

All integrations with partners such as IDSPay and credit bureaus are conducted through secure, authenticated APIs.

3.4 Cross-Border Data Storage

Personal data may be stored or processed on secure cloud infrastructure provided by AWS or Google Cloud Platform (GCP), which may be located outside India. Appropriate safeguards are implemented as per applicable Indian laws.

4. Data Retention & Deletion Policy

4.1 Retention Period

Prosperon retains personal data only as long as necessary to fulfill the stated purpose and comply with legal obligations.

• Basic personal & contact data: Up to 1 year from last interaction
• Income details & proofs: Up to 180 days from completion
• KYC documents: Up to 1 year or longer if required by law
• Property documents: Up to 180 days unless legally required
• Credit bureau reports: Up to 90 days
• Consent logs & audit trails: Up to 5 years

4.2 Deletion

Data is securely deleted or anonymized once the purpose is fulfilled, subject to legal requirements.

5. Grievance Redressal & User Rights Policy

5.1 Grievance Officer & Data Protection Officer (DPO)

Designation: Grievance Officer & Data Protection Officer (DPO)

5.2 Resolution Timeline

Grievances will be acknowledged and resolved within 7-15 working days.

6. KYC & Document Handling Policy

KYC and document collection is conducted solely for identity verification, credit assessment, and compliance.

7. Third-Party Data Sharing & Processing Policy

Data is shared with third parties only for approved purposes under confidentiality obligations. Prosperon does not sell or misuse user data.

8. Incident & Data Breach Response Policy

Any unauthorized access, disclosure, or loss of data is treated as a security incident. Prosperon will promptly investigate, mitigate, and notify affected users and authorities where required.

9. Employee Data Access & Confidentiality Policy

Employees and contractors are bound by confidentiality obligations and granted access strictly on a need-to-know basis.

These policies are subject to periodic review and updates to reflect legal and operational changes.