Schema

Privacy Policy

Effective Date: 1 August 2021

Last updated: 30th June 2026

Inditab Esolutions Private Limited ("EaseMyDeal", "we", "us") values your privacy and ensures that your personal information is handled with the highest standards of care. This Privacy Policy governs your information when you use our platform—whether via website, mobile app, APIs, or white-label integrations—and is an integral part of our Terms & Conditions.

1. Applicability & Scope

1.1 This Privacy Policy is incorporated by reference into the Terms & Conditions and governs data handling procedures; for service performance, refunds, and dispute forums, refer to the T&C. Covers all EaseMyDeal users accessing services like: recharges, bill payments (BBPS), credit card payments, gold & gift PPI, loans, travel bookings, wallet services, and micro-transactions.

1.2 When accessed via partner whitelabel or API integrations, partner terms govern service delivery; EaseMyDeal's data processing remains strictly limited to disclosed purposes and subject to contractual safeguards with partners.

1A. Applicability & Scope

1A.1 For loan and credit products, EaseMyDeal acts solely as a Lending Service Provider / sourcing (lead) partner of RBI-regulated lenders. EaseMyDeal is NOT a lender, does not lend from its own funds, and does not take credit decisions. All lending, underwriting, sanction, disbursement, servicing and recovery are carried out by the Regulated Entity (the lender).

1A.2 Current lending partner: Vivifi India Finance Private Limited, a Non-Banking Financial Company registered with the Reserve Bank of India (Certificate of Registration No. N-09.00447; CIN U65923TG2016PTC110767), which offers the product u201cFlexSalaryu201d. The lender is the Data Fiduciary for loan data and is accountable for its storage and security. We will update this section if lending partners change; the current list of registered NBFC/bank partners is also disclosed in the apps store listing.

1A.3 As a Lending Service Provider, EaseMyDeal stores only the minimal data necessary to facilitate the introduction (such as your name, contact details and basic eligibility inputs). Detailed credit, KYC and financial data are collected and held by the lender. All such data is stored on servers located in India.

1A.4 Before you avail a loan, the lender provides a Key Fact Statement (KFS) setting out the loan amount, Annual Percentage Rate (APR), tenure, all fees and the cooling-off/look-up period. EaseMyDeal does not charge you any fee for facilitation that is not disclosed in the KFS.

2. Information We Collect

2.1 Personal Identifiers: Name, Mobile No, Email ID, date of birth, contact details, KYC documents (PAN, Masked Aadhaar, etc.), device identifiers, IP address, and login credentials. Device identifiers and IP addresses are collected for security, fraud prevention, session management, and regulatory audit trails.

2.2 Transactional & Behavioral Data: Recharge & bill details, credit card/loan applications, travel itineraries, transaction histories, and in-app usage analytics. For loan facilitation, we do NOT collect precise (GPS) location; any location reference is approximate and derived only where you provide it. Device fingerprints/identifiers are used strictly for fraud prevention and security, not for harvesting your personal content.

2.3 Sensitive Data: Masked Aadhaar, encrypted financial credentials, and medical or health data if availed via services.

2.4 Cookies & Tracking Data: Session cookies, behavioral analytics, marketing pixels, and device fingerprints.

2.4 Cookies & Tracking Data: Session cookies, behavioral analytics, marketing pixels, and device fingerprints.

3. Legal Grounds for Data Processing

3.1 Consent: By default, opt-in for data use beyond service delivery (e.g., marketing, personalization).

3.2 Performance of Contract: Necessary for executing service agreements between the User and EaseMyDeal or third-party providers. Essential transaction facilitation, KYC/AML verification, dispute handling, and settlement processing are performed on the basis of executing the service agreement between the User and EaseMyDeal or third-party service providers.

3.3 Regulatory Compliance: Obligations under RBI, NPCI, IT Act 2000, DPDP Act 2023, SEBI, and more. Regulatory compliance (RBI, NPCI, FIU, IT Act 2000, DPDP Act 2023, SEBI, and other applicable laws) constitutes a legal obligation that permits processing without consent where required by law.

3.4 Legitimate Interests: Improving platform security, preventing fraud, and optimizing service delivery—unless overridden by User rights.

4. Use of Your Information

  1. Transaction facilitation, KYC/AML compliance, dispute resolution, refunds, and chargebacks.
  2. Personalization via AI models: recommendation of products (loans, gift PPI, travel, etc.).
  3. Platform improvement, fraud detection, risk analytics, and internal auditing.
  4. Regulatory & forensic reporting (e.g., to RBI, FIU).
  5. Marketing and promotional communication—with an option to withdraw at any time.
  6. Credit report analysis and scores displayed are for educational purposes only and do not influence lender underwriting decisions.

5. Sharing & Disclosure

5.1 Service Execution: Shared with banks, NBFCs, issuers (gold/gift PPI), partners (travel, bill payment), and credit bureaus. For loan facilitation, your loan application data is shared, on your consent, with the RBI-registered lender and its authorised service providers solely to process your loan. For other services, we share data with the relevant banks, PPI issuers, billers/aggregators and credit bureaus as required to deliver that specific service. We disclose the identity of the recipient lender to you before the data is shared.

5.2 Registered Consent: For loan facilitation services (sharing credit reports, scores) -- User must provide informed consent, retractable anytime.

5.3 Legal & Risk: Disclosed to regulators, law enforcement, or courts under lawful demand; suspicious activity reports may be filed without prior notification to the User.

5.4 Corporate Transfers: In mergers or acquisitions, data will be transferred under equivalent protection.

5.5 No Third-Party Sale: User data will not be sold, rented, or traded.

6. Data Retention

  1. Transactional Records: Retained for regulatory compliance (typically 5 to 7 years) or longer if required by law.
  2. Sensitive Data: Retained for regulatory compliance if required by law. Otherwise, deleted immediately once the purpose expires.
  3. Data Localisation: All loan-related personal and credit data is stored on servers located in India.

7. Security Measures & Certifications

  1. PCI DSS Level 2, SAR Audits, CISA/CICRA adherence.
  2. End-to-end encryption (TLS at rest and in transit).
  3. Multi-layer security: AppLock, OTPs, PINs, biometric access.
  4. Regular vulnerability & ASV scans, third-party audits & VAPT, SOC-2 style controls.

8. User Rights

  1. Access, correct, or delete personal data (subject to regulatory exceptions).
  2. Withdraw consent for non-essential processing (e.g., marketing).
  3. Withdraw consent for credit reports.
  4. Grievances: You may contact our Officer (https://www.easemydeal.com/grievance-policy). For loan-related grievances, you may also approach the lenders Grievance Redressal Officer / Nodal Officer (details in the loan KFS and on the lenders website) and, if unresolved within the prescribed time, escalate to the RBI Complaint Management System (cms.rbi.org.in) / RBI Ombudsman. We will acknowledge complaints and respond within the timelines prescribed under applicable RBI and DPDP requirements.

8A. Account & Data Deletion

8A.1 You can delete your EaseMyDeal account and associated personal data at any time, by writing to our Officer at support@easemydeal.com from your registered email with the subject Account & Data Deletion.

8A.2 On receiving a verified request, we will delete or irreversibly anonymise your personal data within 7 working days, except data we are required by law (e.g., RBI, PMLA, GST, Income-tax) to retain. Such legally-retained records (typically 5u20137 years) are kept securely, access-restricted, and used only for compliance, and are deleted when the retention period ends.

8A.3 Where a loan is active or amounts are outstanding, account closure may be completed only after the loan relationship with the lender is settled; in such cases we will delete all data that is not legally required to be retained.

8A.4 We will confirm completion of your deletion request in writing. Withdrawing consent or deleting your account may mean we can no longer offer you certain services.

9. Cookie & Tracking Management

Strictly segregated: necessary, analytics, performance, functional, and marketing cookies.

10. Children & Minors Policy

Users must be 18+. We do not knowingly collect data from minors. Use of the platform by minors is only under parental/guardian supervision.

11. Digital Personal Data Protection Act, 2023 (DPDP)

Compliant with DPDP:

  • Data fiduciary disclosures, rights-enabled dashboards, data breach notifications, and grievance redress mechanisms.

12. Information Security Governance

Structured policies ensuring Confidentiality, Integrity, and Availability. Managed by a Risk Management Committee with regular board reporting.

13. Third-Party Integration & APIs

Data shared via APIs only under strict agreements, limiting access to specific data elements and purposes. Logs are maintained for audit and tracking.

14. Transparency & Notices

Policy updated periodically. Significant changes announced via in-app notification or email, with "Last Updated" timestamp prominently displayed.

15. Liability Limitation — Privacy Data Breaches

  • Liability capped to the actual convenience fee retained per transaction or INR 100, whichever is lower.
  • No liability for third-party breaches (banks, NBFCs, partners).