Privacy Policy
We value your privacy. Our privacy policy protects your data, ensuring its confidentiality and secure handling in accordance with legal requirements. This empowers your data privacy and helps you take control of your digital security.
Last reviewed on 20th September, 2023
Introduction
This Privacy Policy ("Policy") provides information about how we, OneBanc Technologies Private Limited, a company incorporated under the Companies Act, 2013 ("Company"/"we"/"us") collect, use, store, share, transfers and discloses information/data (used interchangeably hereafter) received from visitors/users of our website located at https://onebanc.ai and the OneBanc mobile application ("OneBanc"/"Platform"). This Policy is to be read with the Terms of Use and forms an integral part thereof.
About Our Policies
We are a proprietary mobile application developed, operated, and managed by the Company, whereby the Company brings the "neobanking experience" to fingertips of India's 150M+ young and emerging consumers. A neobank is a platform that delivers an intelligent banking experience to such consumers in partnership with an ecosystem of traditional banking partners and non-traditional financial service providers on one platform, which is simple, engaging, and contextual to the customer's financial life.
We are an iOS, Android, Windows, and Mac mobile application with a limited web-enabled interface. When downloaded on your smartphone, we provide you with a neo-banking experience as described above by enabling registered users to avail banking products and services ("Platform Services") from different banks, financial services providers, merchants, and vendors who partner with us ("Partners"). The Platform services facilitate the opening of savings bank accounts, undertaking of banking transactions through the Platform, and availing of loan and overdraft facilities through our partners.
Your privacy is important to us, and we appreciate your trust in us. We are committed to upholding the privacy and security of information supplied by you. Please take a moment to familiarise yourself with our privacy practices and to learn about our information-gathering practices. By registering on, or accessing our Platform, you acknowledge the acceptance of and agree to be bound by the terms and conditions of this Policy including the collection, usage, storage, sharing, transferring, and disclosure of your information as described herein and undertaken by the Company from time to time. If you do not agree to all the terms of this Policy, we recommend that you do not use the Platform. By using the Platform services or by otherwise providing us with your information, you will be deemed to have read, understood, and agreed to the practices and policies outlined in this Policy and you hereby agree to be bound by this Policy. We further reserve the right to update or modify this Policy at any time without prior notice and all such changes will be effective immediately upon posting the updated or modified Policy on the Platform and we will not be bound to inform you of any such modification. You are therefore encouraged to review this Policy each time you access or use the Platform. If you do not agree with this Policy at any time, you must not use the Platform or Platform Services, or provide us with any of your information. If you use the Platform Services on behalf of another person or entity, you represent that you are authorized by such individual or entity to:
  • Accept this Policy on such individual's or entity's behalf.
  • Consent on behalf of such individual or entity to our collection, use, and disclosure of such individual's or entity's information as described in this Policy.
This Policy is in line with the Company's commitment to comply with all applicable Data Privacy and protection requirements, including those prescribed under the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the Digital Personal Data Protection Act, 2023 (collectively "Data Privacy Law").
Definitions
"Non-Personal Information" is information that is not personally identifiable to you and that we automatically collect when you access our Platform with a web browser. It may also include publicly available information that is shared between you and others.
"Personally Identifiable Information" is any non-public information that is personally identifiable when you register or subscribe to services on the Platform. Personally Identifiable Information may include information such as your name, email address, phone number, credit card details, Aadhaar details, and other related information that you provide to us or that we obtain from you. This may, in certain circumstances, include sensitive personal information (as defined under the Data Privacy Law).
The term "Information" when used in this Policy includes both Non-Personal Information and Personally Identifiable Information.
Consent
Our Platform is not designed for use by anyone under the age of 18 (eighteen). We do not verify the age of our users, nor do we have any liability for such verification or lack thereof. We do not intentionally or knowingly collect Personally Identifiable Information from minors (persons below the age of 18 (eighteen)) and request that minors do not submit any information on the Platform. We may delete information and cancel accounts of users suspected of being under the age of 18.
Collection of Information
  • We may collect personal information from you. You control the amount and type of information you provide to us when using our Platform. You can browse our Platform to find out more about us and our services. While doing so you are not required to provide us with any Personally Identifiable Information. If you choose not to provide any Personally Identifiable Information, you can still visit our Platform, but you may be unable to access certain features and functions of our Platform.
  • If you choose to have with the Company, either a contractual or business relationship, or to use the Platform Services, the Company, and its Partners may need to contact you in connection with such relationship, or services. We may then be required to collect Personally Identifiable Information from you. While some of your information must be mandatorily provided, other information is optional, and while certain portions of the information will remain private, some information may be shared with third parties to facilitate certain features and functionalities of the Platform. Additional information may also be gathered from you during your subsequent use of the Platform. You hereby consent to such collection, use, display, processing, and handling as described in this Policy.
  • All information disclosed by you is with your consent, which is free, specific, informed, unconditional, and unambiguous and is deemed to be disclosed willingly and without any coercion. No liability pertaining to the authenticity, genuineness, misrepresentation, fraud, or negligence of the information disclosed shall lie on us nor will we be in any way responsible for verifying any information obtained from you.
  • You agree while disclosing the information to us, you will not:
    1. Impersonate another person.
    2. Suppress any material information.
    3. Furnish such information as is verifiably authentic.
  • Your information, including Personally Identifiable Information, may be transferred to, and maintained on systems located outside your state, country, or jurisdiction, and the applicable Data Privacy Laws may vary from those of your jurisdiction. You consent to such transfer and the application of the Data Privacy Laws to the exclusion of law applicable in your jurisdiction.
  • You acknowledge that you are licensing to us the right to use, modify, display, distribute, and create new material from the information provided by you through the Platform to render services through it and that by providing such information, you automatically agree to such a license without the payment of any fees.
  • We may also, to the extent permitted by law, use, license, reproduce, distribute, disclose, and aggregate all Non-Personal Information that is derived from your use of the Platform, and you hereby provide consent for the same.
Information That we Collect
The platform collects and uses the following Personally Identifiable Information and other data for the purposes specified below:
  • Information such as your name, date of birth, postal address, email address, mobile number, etc. will be required to be provided by you at the time of registering on the Platform.
  • You will be required to sign into the Platform using an MPIN, which you will set during the sign-up process. Additionally, you have the option to sign into the Platform with your Biometrics. This is an additional security feature within the Platform, for which you may opt.
  • Your profile information such as your username, password, and details regarding your activities on our Platform.
  • Information that is required by our Partners to provide services to you including information that we are required to collect as per a specific mandate from a partner bank or financial services company by applicable law such as information required to comply with the Reserve Bank of India's know-your-customer norms.
  • We may access banking and financial transaction details related to your use within the ecosystem of the Platform including bank account details, one-time passwords, PIN transaction passwords, the date and time of such transactions, etc. to:
    1. Provide you with customized content on the Platform.
    2. Monitor Platform usage.
    3. Improve the content and services provided on and through the Platform. However, do note, that we do not store any banking transaction details on the Platform.
    However, do note, that we do not store any banking transaction details on the Platform.
  • We collect information about all your activities on the Platform to enable us to service you better.
  • When you visit or leave the Platform (including our plugins or cookies or similar technology on the sites of others), the Company receives the URL of both the site you came from and the site you are proceeding to, to provide better services and prevent fraud. We also get information about your IP address, proxy server, operating system, web browser, add-ons, device identifier, features, and/or ISP or your mobile carrier. We will ask you to opt in before we use GPS or other tools to identify your precise location.
  • When you interact with the Platform, we collect server logs, which may include information like device IP address, access dates and times, other system activity, type of browser, and the third-party site or service you were using before interacting with the Platform to understand your usage of the Platform.
  • We may collect any other information which may your eligibility to avail of the platform Services.
  • We may also collect any other information that we require to provide a smooth mobile experience, including but not limited to SMS access for auto-OTP verification, camera/gallery/contacts access, etc for various functionalities within our Platform.
Uses of the Information Collected
The Company uses the information collected for the following general purposes:
  • To deliver the services made available through the Platform.
  • To curate specific services for you.
  • To help personalize your experience on the Platform.
  • To improve services offered to you.
  • To respond to the request that you send us such as your request for information, or your request to subscribe to a service provided on the Platform.
  • To administer, protect, and improve the Platform.
  • To better understand the preferences of users on the Platform.
  • To identify server problems.
  • To compile aggregated statistics about the usage of the Platform.
  • To help OneBanc in its internal business functioning.
  • Any other use that the Company may determine from time to time.
Storage and Retention of Your Information
  • We retain your data, (save and except upon withdrawal or termination) for the duration of your use of the Platform. We will delete information based on a request received from you within a reasonable period from receiving a deletion request. We archive your data and store it to comply with any data requests by government authorities in accordance with applicable law. We also retain your data for such period for reasons including but not limited to enabling you to restart your account on the Platform, to solve any unresolved issue relating to your Account, or an unresolved claim or dispute.
  • All Know-your-Customer-related information is collected on behalf of our Partners as mandated by applicable law, for facilitating authentication by such Partners. We do not process or store such information.
Information Security
  • We use accepted industry standards to store and protect information that you have submitted to us and that we collect, both during transmission and once received and stored, against loss, theft, unauthorized access, disclosure, copying, use, or alteration, as required under the Data Privacy Laws. Your Personally Identifiable Information is kept secure behind secure networks and is only available to a limited number of people who are bound by confidentiality obligations. This Privacy Policy and the security controls and practices implemented by us to protect your Personally Identifiable Information shall be by the reasonable security practices and procedures as per the Data Privacy Laws. To the extent possible, all data is encrypted and stored.
  • Our Platform has reasonable security measures and safeguards in place to protect your privacy and personally identifiable Information from loss, misuse, unauthorized access, disclosure, destruction, and alteration of the information in compliance with applicable laws. Further, whenever you change or access your account on the Platform or any information relating to it.
  • We use HTTPS for secure transmission of data from end-user systems to our cloud server.
  • All passwords are stored in the database in an encrypted format using AES 256-bit encryption.
  • However, please be advised that no method of transmission over the internet, or method of electronic storage, is 100% (one hundred percent) secure. Therefore, although we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security and your use of the Platform is at your sole risk and discretion. We do not warrant that such information may not be misused in the event our safeguards and protocols are breached by a malicious third party. Further, we are not liable for the actions of other users with whom you may choose to share your information. We will, however, promptly notify you if we discover that any of your information is compromised because of a security breach.
  • If a password is used to help protect your account and account information, it is your responsibility to keep the password confidential. You must ensure that you always log out of your account, before sharing your device with a third party.
Cookies and Tracking Tools
  • We use data collection devices such as "cookies" or other similar technology in the Platform to help analyse our app page flow, study traffic patterns in order to customise your experience, measure promotional effectiveness, match your interests and preferences, improve Platform performance, keep track of preferences that you specify while you access the Platform, support security measures, assist in identifying possible fraudulent activities, promote trust and safety and improve the services we provide. Please refer to our Cookies Policy for more information on our usage of cookies.
  • We may also use third-party tracking tools to improve the performance and features of our Platform that are designed to collect only Non-Personal Information about your use of the Platform. However, you understand that such tools are created and managed by parties outside our control, and we are not responsible for what information is captured or used by such third parties.
  • We automatically receive information from your web browser or mobile device including the name of the website from which you entered our Platform, the name of the website to which you are headed when you leave our Platform, if any, and other information such as your device usage information, features of the device and your location. We also receive the IP address of your computer, the device or proxy server you use to access the internet, your internet provider̓s name, your web browser type, and your computer operating system. We use such information to analyse trends and to help improve our Platform.
Links to Other Sites
Our Platform may contain links to third-party sites that are not operated by us. If you click on a third-party link, you may be redirected to the third-party's site. We have no control over and assume no responsibility for the content, privacy policy or practices of a third-party site. We advise you to separately review the privacy policy of every such site you visit.
Sharing of Information
  • We share your personal information with third parties who perform services on our behalf. We share information with vendors who help us manage our online registration process or payment processors or transactional message processors.
  • We share information with third parties and or business partners who partner with us on the Platform. Each of our Partners have their own privacy policies. You are advised to familiarise yourself with such policies.
  • We may share your information with our other corporate entities and affiliates. These entities and affiliates may market themselves to you because of such sharing unless you explicitly opt-out of such communication.
  • We may be legally required to disclose your information if such disclosure is:
    1. Required by subpoena, law, or other legal process.
    2. Necessary to assist law enforcement officials or government enforcement agencies.
    3. Necessary to investigate violations of or otherwise enforce our legal terms.
    4. Necessary to protect us from legal action or claims from third parties including you or other users.
    5. Necessary to protect the legal rights, personal property or personal safety of the Company, our users, employees, and affiliates.
    6. Necessary for any other reasonable purpose that the Company may, in its sole discretion, deem fit.
  • We may share your information with an acquirer, assignee, or other successor entity in connection with a sale, merger, or reorganisation of all or all the equity, business, or assets of the Company. For example, if a part of our business is sold, we may provide our customer list as part of that transaction.
  • From time-to-time we conduct contests for our users. We may use third-party service providers to collect and collate data for such contests. We may share your information with such service providers during the said contests.
  • We retain the right to collect and use any Non-Personal Information collected from your use of our Platform, and to aggregate such data for internal analytics that improve our Platform, as well as for use or resale to others. At no time is your Personally Identifiable Information included in such data aggregations.
  • We may share your information with other third parties for reasons not described in this Policy. We will endeavour to inform you before we do this. The collection, storage, and processing of data by the above third parties either pursuant to us sharing it with them or where you submit the data directly to such parties, are subject to their own data protection policies and security practices. While we will endeavour to ensure that such parties, as described above, have in place a privacy policy like ours before sharing your information with them, you agree and acknowledge that we are in no way privy to the data protection practices of these parties, and we are not responsible for their adherence to applicable Data Privacy Law and norms.
  • You also specifically agree and consent to us collecting, storing, processing, transferring, and sharing information related to you with third parties for rendering Services to you and we shall in no manner be responsible or be under any obligation to inform you or seek additional consent from you for such sharing of information. Further, you agree and acknowledge that you shall strictly keep all information of other individuals confidential and shall not disclose such information to any third party unless expressly consented to by the individual whose information is being disclosed. In no circumstance whatsoever will we be responsible or liable for any breach of confidentiality by you or other individuals on the Platform.
Rights of the User
  • We share your personal information with third parties who perform services on our behalf. We share information with vendors who help us manage our online registration process or payment processors or transactional message processors.
  • You have a right to opt-out of providing any of your information, including your Personally Identifiable Information. However, in such event, we reserve the right to refuse or limit your access and use of the Platform, and its features.
  • We may share your information with our other corporate entities and affiliates. These entities and affiliates may market themselves to you because of such sharing unless you explicitly opt-out of such communication.
  • You acknowledge and agree that merely un-installing the Platform from your mobile device will not result in the deletion of your information from the Platform. You have the right to withdraw your consent to the use, disclosure, or transfer of your information, including your Personally Identifiable Information, and request for its deletion from the Platform's databases. However, some information relating to your interaction with the Platform may not be deleted to maintain the integrity and security of the Platform, and such information will be anonymised upon your withdrawal of consent.
  • We may share your information with an acquirer, assignee, or other successor entity in connection with a sale, merger, or reorganisation of all or all the equity, business, or assets of the Company. For example, if a part of our business is sold, we may provide our customer list as part of that transaction.
  • If information, including Personally Identifiable Information that you have submitted on the Platform is no longer accurate, current, or complete, you may update or correct your information using the Platform. However, the Company reserves the right to use information obtained previously to verify your identity or take other actions that it believes is appropriate pursuant to such correction or update.
Marketing Communications and Procedure for Opt-Out
  • When you register with us, the information supplied by you will be used to generate and maintain your profile on the Platform; provide personalized features; allow you to use interactive features; provide customer support; modify the Platform to cater to your interests; maintain regular communications with you and carry out other similar actions. To this end, we may contact our users via email, SMS, or notifications on our Platform as we deem appropriate.
  • We may also combine your information with information we collect from other companies and use it to improve and personalise our services, content, and advertising.
  • In furtherance to your usage of the Platform, you expressly waive the do not call ("DNC")/do not disturb ("DND") registrations on your phone/mobile numbers on our contacting you for such purpose and usage. Hence, there will be no DNC/DND check required for the number you have used on our Platform.
  • We fully comply with national laws regarding spam. You can always opt-out of receiving further promotional email correspondence from us or our affiliates. Please note that it may take about 72 (seventy-two) business hours to process your request.
Copyright
We and our Partners hold the copyright, and other intellectual property rights to the Platform and all the material on the Platform. We also own all the trademarks displayed on the Platform, unless otherwise indicated. You must not use any of our material or intellectual property on the Platform without our explicit consent.
Amendments
The Company reserves the right to change, modify, add, or remove portions of this Policy at any time, but will alert you that changes have been made by indicating on the Policy the date it was last updated. When you use the Platform, you are accepting the current version of this Policy as posted on the Platform at that time.
Grievances Redressal
If you have a grievance regarding our privacy policy or data usage practices, you may reach out to our Grievance Redressal Officer at the details below:
Grievance Redressal Officer: Ms. Dhwani Malaviya
Grievance Redressal Officer shall redress the grievances within one month from the date of receipt of the said grievance. You agree not to register a false or frivolous grievance or complaint.
If you have any questions about our privacy practices or this Policy, please contact us by dropping a message through the Platform or writing to us at compliance@onebanc.ai