Credeau logoCredeau
Credeau logoCredeau

Privacy Policy

1. Introduction

Credeau Solutions Private Limited ("Credeau", "we", "our", "us") is a private limited company incorporated on 7 March 2024 under the Companies Act, 2013 of India, with Corporate Identity Number (CIN) U70200UP2024PTC198977 and registered office at F-364, Sector-63, Noida, Gautam Buddha Nagar–201301, Uttar Pradesh, India.

Credeau builds AI-driven decisioning and lending-intelligence products—including the Forge (on-premise) and Gator (cloud/SaaS) suites—that enable banks, NBFCs, and fintech enterprises to launch and scale digital credit products securely and compliantly.

As a Technology Service Provider (TSP), Credeau delivers its solutions in two primary modes:

  • On-Premise Deployment (e.g., MobileForge, CredForge BRE): All customer data remains entirely within the client's own infrastructure; Credeau has no access to end-customer personal data.
  • Credeau-Hosted APIs (e.g., MobileGator, BureauGator, FraudGator, AccountGator, LocationGator, ExGator): When clients elect to use our managed cloud services, we process only the data necessary to provide contracted intelligence, strictly under the client's instructions and consent framework.

This Privacy Policy explains how we collect, use, disclose, and safeguard information across these contexts, and outlines the choices and rights available to our clients and, where applicable, their end-users.

2. Roles

  • Data Processor / Technology Service Provider: For hosted deployments where Credeau processes data on behalf of a client financial institution.
  • Data Controller: Only for our own corporate, website, and partner information.

3. Data We May Process

We process only the data provided to us by our client institutions or by you with consent. Depending on the product configuration, this can include:

Identity & Financial Data:

Identifiers such as user/lead IDs, PAN, Aadhaar name and address, date of birth, gender, declared income, employment details, loan purpose and history, bank-statement or Account Aggregator data, credit bureau reports and scores.

Location:

Location details (latitude/longitude, derived city/state/pincode) to verify address, check serviceability, customize offers, and detect unusual activity for underwriting or fraud prevention.

Device Data:

With permission, limited device information (IP address, operating system, hardware model, unique device identifiers, SIM status) is collected to detect potential fraud, assess risk, and ensure only authorized devices act on your behalf. You may request deletion of such data at any time. All data is processed securely and never shared without consent.

SMS:

With explicit consent, we may read SMS headers and indicative content only from 6-digit alphanumeric senders to verify financial statistics (income, spending patterns) and support credit evaluation. We do not read personal messages or OTPs except OTPs sent by Credeau or our clients. Collected details—sender names, indicative content, timestamps—are used for underwriting, fraud detection, and faster approvals.

Apps / Installed Applications:

Upon consent, we may collect the list of installed and system applications on the device to detect potential fraud (e.g., presence of VPNs, high-risk or betting apps) and to assess creditworthiness. This is a one-time access at onboarding or before each disbursement and is handled securely.

Phone State:

One-time access during onboarding and prior to each disbursement to check SIM status and device identifiers for fraud detection (e.g., multiple loan applications from the same device). We do not access contacts or call logs.

4. Purpose of Processing

Data is processed solely to:

  • Provide and improve Credeau products and services.
  • Enable real-time credit decisioning, affordability assessment, fraud detection, and risk analytics.
  • Meet legal and regulatory obligations (including the RBI Digital Lending Guidelines and India's DPDP Act 2023).
  • Support security, debugging, and service improvement.

5. Data Sharing

  • No Sale of Data: We never sell personal information.
  • Service Providers / Sub-processors: We don't share data with any 3rd party.
  • Regulatory Authorities: When required by law.

6. International Transfers

Where clients require hosting outside India, any cross-border transfers comply with the DPDP Act 2023 and other applicable data-protection frameworks.

7. Security

We implement strong technical and organizational safeguards—including encryption in transit and at rest, regular vulnerability assessments, role-based access controls, and continuous monitoring—to protect all data handled by our systems.

8. Data Retention

  • Hosted Client Data: Retained only for the duration specified in client contracts or legal requirements, then securely deleted or anonymized.
  • Corporate Data: Retained as long as necessary for legitimate business or statutory obligations.

9. Your Rights

Where applicable (DPDP Act 2023, GDPR, etc.), you may request access, correction, deletion, or portability of your personal data. When Credeau acts as a processor, such requests should be directed to the financial institution that collected your data.

10. Forge Products – Special Note

For on-premise deployments (e.g., MobileForge, CredForge BRE), all customer data stays within the client's own cloud or data centre. Credeau receives only minimal metadata required for license validation or updates.

11. Updates

We may update this Policy from time to time. Material changes will be posted on our website and, where appropriate, notified to our clients.

12. Contact

For any privacy-related queries or to exercise your rights:

Data Protection Officer (DPO)

Sanyam Jain
Credeau Solutions Private Limited
Address: F-364, Sector-63, Noida, Gautam Buddha Nagar–201301, Uttar Pradesh, India
Mobile: +91 9599016449
Email: sanyam.jain@credeau.com