Policy

Data Protection Policy

We comply with the Digital Personal Data Protection Act 2023 and follow industry best practices.

Encryption

All sensitive data (PAN, bank account, credit reports) is encrypted at rest using AES-256 and in transit using TLS 1.2+.

Role-based access control. Staff have access only to data relevant to their function. All access is audited.

Data is retained as required by regulation (typically 8 years for KYC and loan records). Beyond that we anonymize or delete.

Our cloud, payment, credit bureau and KYC providers are contractually bound to equivalent data-protection standards.

In the event of a personal data breach, we will notify affected users and the Data Protection Board within statutory timelines.