🛡️ Data Protection

Data Protection

Comprehensive security measures to protect your sensitive information

Last updated: 12 September 2025

Our Security Commitment

We implement industry-leading security measures and follow best practices to protect your data. Our multi-layered approach ensures that your sensitive information remains secure at all times.

Security First Approach

We treat data security as our top priority, implementing multiple layers of protection and continuously monitoring for threats to ensure your information remains safe.

Security Measures

Multi-layered security approach to protect your data

Encryption

  • End-to-end encryption for all data transmission
  • AES-256 encryption for data at rest
  • TLS 1.3 for secure communication
  • Encrypted database connections

Access Control

  • Multi-factor authentication (MFA)
  • Role-based access permissions
  • Regular access reviews and audits
  • Principle of least privilege

Infrastructure

  • Secure cloud infrastructure (AWS/Azure)
  • Regular security patches and updates
  • Intrusion detection systems
  • 24/7 security monitoring

Data Handling

  • Data anonymization and pseudonymization
  • Secure data deletion procedures
  • Data retention policies
  • Regular data backups

Compliance & Certifications

We meet the highest industry standards for data protection

GDPR Compliance

Full compliance with General Data Protection Regulation

  • Right to access personal data
  • Right to rectification
  • Right to erasure
  • Data portability
  • Consent management

ISO 27001

Information Security Management System certification

  • Risk assessment and management
  • Security policies and procedures
  • Incident response planning
  • Continuous improvement

SOC 2 Type II

Security, availability, and confidentiality controls

  • Security controls audit
  • Availability monitoring
  • Confidentiality protection
  • Processing integrity

PCI DSS

Payment Card Industry Data Security Standard

  • Secure payment processing
  • Cardholder data protection
  • Network security
  • Regular security testing

Your Data Rights

You have complete control over your personal data

Access

Request a copy of all personal data we hold about you

Rectification

Correct any inaccurate or incomplete personal data

Erasure

Request deletion of your personal data

Portability

Receive your data in a structured, machine-readable format

Restriction

Limit how we process your personal data

Objection

Object to certain types of data processing

Incident Response

Our structured approach to handling security incidents

1

Detection

Immediate

Automated monitoring and user reporting systems

2

Assessment

Within 1 hour

Security team evaluates the scope and impact

3

Containment

Within 2 hours

Isolate affected systems and prevent further damage

4

Investigation

Within 24 hours

Forensic analysis to determine cause and extent

5

Notification

Within 72 hours

Notify affected users and authorities if required

6

Recovery

As needed

Restore services and implement preventive measures

Data Retention

How long we keep your data and why

Personal Data

We retain your personal data only as long as necessary to provide our services and comply with legal obligations.

  • • Account data: Until account deletion + 30 days
  • • Transaction data: 7 years for tax compliance
  • • Communication data: 3 years for support purposes
  • • Analytics data: 2 years in anonymized form

Loan Records

Defaulter information is retained for legitimate business purposes and community protection.

  • • Verified records: 10 years from last update
  • • Unverified records: 2 years from creation
  • • Disputed records: Until resolution + 1 year
  • • Deleted records: 30 days in backup systems

Data Protection Questions?

Our data protection team is available to answer any questions about how we protect your information.