Privacy Policy

Trusave Fintech Private Limited and its subsidiaries (collectively "Bachatt") prioritizes safeguarding personal information and user trust. This policy outlines how personal data is collected, used, processed, and disclosed regarding Bachatt's products, services, website (bachatt.app), and mobile application. The policy does not apply to partners, who maintain separate privacy policies.

By using Bachatt's offerings, users acknowledge reading and agreeing to data processing per this policy and the Terms of Use.

User Provided Information

• Registration requires personal details including name, mobile number, email, date of birth, gender, and address.
• Additional services may require financial details, credit scores, card information, and official documents.
• Refusing to share requisite data restricts certain features.
• Device permissions (contacts, photos, camera, location, microphone, SMS, storage, calls, NFC) may be accessed with user consent, which can be revoked via device settings.

Marketing Communications Consent

• Users may consent to contact via phone, SMS, WhatsApp, and email regarding promotional offers, product updates, investment opportunities, educational content, and partner offers.
• Consent can be withdrawn by contacting [email protected].

Financial SMS Collection

• Bachatt collects only financial SMS from six-digit alphanumeric senders to identify bank accounts, cash flow patterns, and transaction details for investment recommendations.
• This data is not used for lending purposes.

Gmail Data for Mutual Funds

• With explicit consent, Bachatt accesses Gmail in read-only mode to retrieve mutual fund statements from CAMS, KFintech, NSDL, and CDSL.
• Only portfolio information is extracted and stored; original emails are not retained.

Application-Generated Information

• Usage data includes services accessed, interactions, rewards claimed, transaction details, IP addresses, browser type, operating system, device model, geolocation, language preferences, and access duration.

Third-Party Information

• Upon consent, Bachatt may request credit information from credit bureaus, conduct KYC verification, and share relevant customer and financial information with regulated entities and other authorized parties.
• Such persons may independently undertake credit assessment activities (including credit bureau checks), fraud prevention checks, and other evaluations necessary for credit decisioning.

Lending-Specific Data Collection & Borrower Consent

• For users availing lending services through the Bachatt platform, data collection is strictly need-based, with prior and explicit consent obtained from the borrower at each stage of the lending journey. All consent records are maintained in an auditable manner.
• The following data may be collected for lending purposes, subject to explicit borrower consent:
• Personal identification details (name, date of birth, gender, PAN, Aadhaar)
• Contact information (mobile number, email address, residential address, pincode)
• Financial information (income details, employment details, bank account information)
• Credit information (credit score, credit history - obtained from credit bureaus with explicit consent, by the regulated entity)
• KYC documentation (identity and address proof, as required by the RE)
• Bank statement data (via Account Aggregator framework or manual upload, shared directly with the RE)
• Any additional data points as required by the specific lending partner (RE)

Restrictions on Device Access for Lending Services

• In compliance with RBI Digital Lending Guidelines, the Bachatt application (DLA) does not access mobile phone resources such as files and media, contact lists, call logs, or telephony functions for lending purposes. One-time access may be requested for:
• Camera: For KYC verification, liveness check, and document capture during onboarding
• Location: For address verification during onboarding/KYC
• Microphone: Only if required for video KYC
• Such access is requested only with the borrower's explicit prior consent, is limited to the specific onboarding/KYC purpose, and no persistent access is retained thereafter.

Borrower Rights Regarding Data

• In accordance with RBI Digital Lending Guidelines, borrowers have the following rights:
• Right to Provide or Deny Consent: Borrowers may choose to provide or withhold consent for the collection and usage of specific data points. Withholding consent for mandatory data points may affect eligibility for lending services.
• Right to Restrict Disclosure to Third Parties: Borrowers may restrict the sharing of their personal data with third parties, except where mandated by regulatory or legal requirements.
• Right to Know Data Retention Duration: Borrowers are entitled to be informed about how long their personal data will be retained.
• Right to Revoke Consent: Borrowers may revoke previously granted consent at any time by contacting [email protected] or through the app settings. Revocation of consent may result in discontinuation of lending services.
• Right to Data Deletion / Right to Be Forgotten: Borrowers may request the erasure or deletion of their personal data by writing to [email protected], subject to retention obligations arising from ongoing loan contracts, regulatory requirements, or legal proceedings.

In compliance with RBI Digital Lending Guidelines, Bachatt discloses the following regarding third-party data collection and sharing in the context of lending services.

Third Parties Involved in Lending Data Processing:

• Regulated Entities (REs) / NBFCs: Loan underwriting, credit assessment, disbursal, and servicing (e.g., Muthoot FinCorp Ltd, and other RBI-registered lending partners)
• Credit Information Companies (CICs): Credit bureau checks and credit score retrieval (e.g., CIBIL/TransUnion, Experian, Equifax, CRIF High Mark)
• Account Aggregator (AA) Framework: Fetching bank statement data with borrower consent via RBI-licensed Account Aggregators
• KYC / Identity Verification Providers: Identity verification, Aadhaar authentication, PAN validation, and liveness detection
• DigiLocker: Fetching verified documents with borrower consent (Government of India)
• Payment / Mandate Partners: E-mandate registration and EMI collection, as specified by the RE
• E-Sign / Agreement Partners: Digital agreement signing, as specified by the RE
• Analytics Partners: App performance and user experience analytics (no lending-specific personal data shared)

Explicit Consents Obtained from Borrowers:

• Credit Bureau Consent: Consent to fetch the borrower's credit score and credit report from one or more Credit Information Companies.
• Mobile OTP Consent: Consent to verify the borrower's mobile number via OTP for authentication purposes.
• Device Permissions Consent: Consent for one-time access to camera, location, or microphone for KYC/onboarding purposes only.
• Data Sharing Consent: Consent to share the borrower's personal and financial data with the specific RE (lending partner) for loan processing.
• DigiLocker Access Consent: Consent to fetch verified documents from DigiLocker, where applicable.
• Bachatt Terms & Conditions and Privacy Policy Acceptance: Acknowledgment and acceptance of Bachatt's T&C and this Privacy Policy.
• Aadhaar Sharing Consent: Consent to share Aadhaar details with the RE for identity verification and KYC purposes.
• Bank Statement / Account Aggregator Consent: Consent to share bank account statement data with the RE via the Account Aggregator framework or manual upload.
• Lender-Specific Consent: Any additional consent as required by the specific RE/lending partner.
• All consents are recorded with timestamps and are auditable. Borrowers may view and manage their consent preferences through the Bachatt app or by writing to [email protected].

Communication Types:

• Transactional: Essential service messages, security alerts, transaction confirmations, KYC notifications
• Promotional: Marketing offers, product recommendations, investment opportunities
• Service: Product updates, app announcements, customer support
• Research: Surveys, feedback requests, market research

Communication Channels:

• Voice calls, SMS, WhatsApp, email, push notifications, in-app messages, physical mail, and other emerging platforms (subject to consent).

Preferences Management:

• Users manage settings through app settings, website accounts, or [email protected].
• Opt-out preferences are processed within 3-5 business days.
• Transactional communications continue after promotional opt-out.

Personalization:

• Communications are targeted based on investment preferences, risk profiles, transaction patterns, and demographics, controllable through app privacy settings.

Bachatt adopts reasonable physical, administrative, and technical safeguards protecting personal data from unauthorized access and disclosure.

Gmail Data Security:

• Extracted data is encrypted at rest using industry-standard encryption.
• Data transmission occurs over secure HTTPS connections.
• Only extracted portfolio information is stored; original email content is never retained.

Third-party websites linked through the application are not Bachatt's responsibility. Security researchers should report vulnerabilities to [email protected].

Users may view or modify personal data online or request copies by contacting support. Identity validation may be required. Responses are provided within 30 days. Contact [email protected] for policy questions or concerns.

Bachatt reserves modification rights at any time, effective immediately upon posting. Users are advised to periodically review the policy for updates.

For unresolved privacy concerns, users may contact the grievance officer:

• Name: Ashutosh Kashyap
• Email: [email protected]
• Phone: +91 79823 15462

If issues remain unresolved after 14 days, escalate to the grievance officer (details in Section 12).

In compliance with RBI's Digital Lending Guidelines, the following information is disclosed.

About Bachatt (LSP / DLA):

• Legal Entity: Trusave Fintech Private Limited
• Role: Lending Service Provider (LSP) operating a Digital Lending Application (DLA)
• Website: https://bachatt.app
• Customer Support: [email protected]
• Grievance Officer: Ashutosh Kashyap | [email protected] | +91 79823 15462

Lending Partners (Regulated Entities):

• Bachatt facilitates lending services in partnership with RBI-registered Regulated Entities (REs).
• Muthoot FinCorp Limited (NBFC) — Insta Personal Loan (EDI)
• For the most current list of partners, please visit https://bachatt.app/loans or contact [email protected].

Loan Product Details:

• Loan Type: Insta Personal Loan with Equated Daily Instalments (EDI)
• Ticket Size: ₹10,000 to ₹50,000
• Tenure, Interest Rate, Processing Fees: As determined by the RE based on the borrower's credit profile.
• A Key Fact Statement (KFS) containing the Annual Percentage Rate (APR), loan terms, fees, and charges is provided to the borrower prior to loan disbursal, as mandated by RBI.

Important Links:

• RBI Sachet Portal: https://sachet.rbi.org.in
• RBI Ombudsman for Digital Lending: https://cms.rbi.org.in
• Bachatt Privacy Policy: https://bachatt.app/policies/privacy-policy
• Bachatt Information Security Policy: https://bachatt.app/policies/information-security-policy