Swastik Finance — Data Privacy Policy

1. Scope & Preamble

Swastik Finance ("Company", "we", "us") operates digital and physical financial services. This Policy describes how we collect, use, disclose, and protect customer data through our digital platforms, mobile app, and partner integrations.

2. Consent & Lawful Basis

We collect data only with valid, explicit consent. Consent is logged electronically or in writing and can be withdrawn at any time.

3. Purpose & Data Use

• Provide and manage lending services.
• Fulfil KYC and regulatory requirements.
• Send communications, reminders and alerts.
• Prevent fraud and manage risk.
• Improve services and meet compliance obligations.

4. Aadhaar & e-KYC

We comply with UIDAI and the Aadhaar Act (2016) for Aadhaar authentication. Biometric and Aadhaar data are encrypted, transmitted securely and stored only in Aadhaar Data Vaults where applicable. Aadhaar data is never transferred outside India.

5. Security Controls

• ISO/IEC 27001-aligned cybersecurity framework.
• Encryption at rest and in transit, key management via HSM.
• Role-based access, periodic security audits, vendor assessments.
• Incident response and business continuity plans tested regularly.

6. Rights & Grievance Redressal

Customers can review, correct, or delete their data subject to regulations. Grievance queries can be directed to:

grievance.redressal@swastikfinance.in