Bachatt Logo
App
Loading...

Information Security Policy

Last Updated: 27 February 2026

Important information about Bachatt's Information security practices

Our Certifications

ISO/IEC 27001:2022

Information Security Management

CISA Certified

Cybersecurity Assurance

Google CASA Certified

Cloud Application Security

Core Policy Statement

Core Policy Statement

Bachatt is committed to maintaining the confidentiality, integrity, and availability of all information systems and user data. Our Information Security Management System (ISMS) is designed to protect against unauthorized access, use, disclosure, disruption, modification, or destruction of information.

Key Security Commitments

Key Security Commitments

Our key commitments for information security include:

  • Identifying, assessing, and managing information security risks.
  • Providing regular information security awareness training to our employees and partners.
  • Developing and implementing security policies, procedures, and guidelines.
  • Ensuring compliance with all applicable laws and regulations related to information security.
  • Continuously improving our ISMS to enhance security posture.
  • Protecting user data through encryption, access controls, and secure storage.
  • Promoting a security-conscious culture within the organization.
  • Collaborating with our partners and stakeholders to maintain a secure ecosystem.
  • Responding promptly and effectively to security incidents and breaches.
Lending Data Security & RBI Digital Lending Compliance

Lending Data Security & RBI Digital Lending Compliance

In addition to the general information security commitments, Bachatt adheres to the following security practices specifically for borrower data processed in connection with digital lending services, in compliance with RBI's Digital Lending Guidelines (RBI/2022-23/111 DOR.CRE.REC.66/21.07.001/2022-23).

Data Localization:

  • All borrower data, including personal information, financial data, credit information, and loan transaction records, is stored exclusively on cloud servers located within India.
  • No borrower data is transferred to or processed on servers outside India.

Access Controls:

  • Access to borrower data is restricted on a need-to-know basis, with role-based access controls enforced across all systems.
  • Multi-factor authentication is required for accessing borrower data systems.
  • Access logs are maintained and reviewed periodically.

Data Encryption:

  • All borrower data is encrypted at rest using industry-standard encryption (AES-256 or equivalent).
  • All data transmission occurs over secure, encrypted channels (TLS 1.2 or higher).

Data Segregation:

  • Borrower data collected for lending purposes is logically segregated from data collected for other Bachatt services (e.g., mutual fund investments).

Incident Response & Breach Notification:

  • Bachatt maintains a dedicated incident response plan for security breaches involving borrower data.
  • In the event of a breach: immediate identification and containment actions are initiated; affected borrowers and relevant regulatory authorities (including the RE and RBI, as applicable) are notified within legally prescribed timelines; a thorough investigation is conducted; remediation measures are implemented; and all breach-related records are maintained for regulatory audit purposes.

Periodic Security Audits:

  • Bachatt conducts periodic security assessments, including vulnerability assessments and penetration testing, to ensure the integrity and security of borrower data systems.

Third-Party Security:

  • All third-party service providers involved in processing borrower data are contractually required to maintain equivalent security standards and comply with applicable RBI guidelines and data protection laws.
  • Regulated entities (lending partners) independently undertake credit assessment, verification, and credit decisioning. Bachatt facilitates the secure transmission of borrower data, shared strictly on a need-to-know basis and pursuant to customer consent.

No Biometric Storage:

  • No biometric data is stored in systems associated with Bachatt's DLA, unless explicitly permitted under extant statutory guidelines.
Credit Information Access Guidelines

Credit Information Access Guidelines

Bachatt accesses credit information as an "authorized representative" for limited service-related purposes only.

  • We shall not aggregate, retain, store, copy, reproduce, republish, upload, post, transmit, sell or rent the Credit Information to any other person and the same cannot be copied or reproduced other than as agreed herein and in furtherance to applicable law including the CICRA.
  • The Parties agree to protect and keep confidential the Credit Information both online and offline.
  • Credit information is destroyed, purged, erased immediately upon consent revocation or completion of the transaction, within a maximum 6-month period.
  • You can revoke your consent for sharing credit information anytime by reaching out to our customer support team on +91 7982315462 or [email protected].

Disclaimer:

This policy is a general guideline and may be subject to change based on specific product or service offerings, regulatory requirements, or Bachatt's internal policies. Users are encouraged to review the specific terms and conditions associated with each service or product before use.