Privacy & Security

Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your personal information at Cashvia.

Last updated: August 2025

Our Commitment to Privacy

Cashvia is committed to protecting your information and maintaining the highest standards of data privacy and security. We comply with all applicable laws and regulations including:

Information Technology Act, 2000
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
Reserve Bank of India (RBI) Guidelines on Digital Lending and Data Security
Digital Personal Data Protection Act (DPDP Act), 2023

Applicability

This Privacy Policy applies to all personal information collected by Cashvia through various channels including:

Our website (https://growmoneycapital.com/)
Mobile application
Offline channels (physical forms, call centers, branch visits)
Third-party partners and service providers
Credit bureaus and verification agencies
Any other touchpoint where you interact with Cashvia services

This policy governs how we collect, use, store, share, and protect your personal information across all these channels to ensure consistent privacy protection regardless of how you choose to interact with us.

Definitions

Company References

“We”, “our”, “us” and “Cashvia” refer to “Grow Money Capital Private Limited”

Website & Services

“Site” refers to the website, mobile site, and the application that we provide and which includes a link to our Online Privacy Policy.

“You” or “your” refers to anyone who visits, accesses, browses or uses the Cashvia website at https://growmoneycapital.com/ or obtains our services through our website.

Personal Information

Means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

Sensitive Personal Data or Information (SPDI)

As defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, SPDI includes:

Passwords and financial information (bank account, credit card, debit card details)
Physical, physiological and mental health condition
Sexual orientation
Medical records and history
Biometric information

We handle SPDI with the highest level of security and only after obtaining your explicit consent. Such information is encrypted during transmission and storage, and access is strictly controlled.

Information We Collect

To provide you with our lending services and comply with regulatory requirements, we may collect the following categories of information:

Personal Information

Name, age, gender, and date of birth
Contact details (email address, phone number, residential address)
Identity proof details (PAN, Aadhaar, Voter ID, Passport, Driving License)
Employment information (employer name, designation, income details)
Educational qualifications

Financial Information

Bank account details (account number, IFSC code, bank statements)
Credit history and credit score
Loan details and repayment history
Income tax returns and financial statements
Details of assets and liabilities

Organizational Security

Role-based access control - employees access only data necessary for their role
Mandatory security training for all employees
Strict background verification for employees handling sensitive data
Non-disclosure agreements with all employees and vendors
Regular monitoring and logging of data access

Business Continuity & Disaster Recovery

Board-approved Business Continuity Plan (BCP)
Regular data backups and disaster recovery procedures
Redundant systems to ensure service availability
Incident response protocols for security breaches

Data Breach Response

In the unlikely event of a data breach, we will:

Immediately investigate and contain the breach
Notify affected users within 72 hours or as per regulatory requirements
Inform relevant regulatory authorities (RBI, CERT-In, etc.)
Take corrective measures to prevent future breaches
Provide guidance to affected users on protective measures

Your Rights as a Data Subject

Under the Digital Personal Data Protection Act, 2023, and other applicable laws, you have certain rights regarding your personal information:

Right to Access

You have the right to request access to your personal information held by us, including:

What personal data we hold about you
How we use your data
Who we share your data with
How long we retain your data

Right to Correction

You can request correction of inaccurate or incomplete personal information. We will:

Update incorrect information promptly
Verify your identity before making changes
Inform third parties of corrections where necessary
Maintain records of all corrections made

Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data, subject to:

Completion of loan obligations and statutory retention periods
Legal and regulatory requirements for data retention
We will anonymize data where complete deletion is not possible

Right to Withdraw Consent

Withdraw consent for data processing at any time
Opt-out of marketing communications
Note: Withdrawal may affect our ability to provide services

Right to Object & Data Portability

Object to processing of your data for specific purposes
Request transfer of your data to another service provider (where technically feasible)
Receive your data in a structured, commonly used format

How to Exercise Your Rights

To exercise any of these rights, please contact our Grievance Officer at the details provided below. We will respond to your request within 30 days.

Cookies, Analytics & Device Data

Cookies

Our website uses cookies - small data files stored on your browser - to enhance your experience. Cookies help us:

Remember your login credentials and preferences
Understand how you use our website
Customize content based on your interests
Improve website performance and functionality
Analyze website traffic and user behavior

You can control cookies through your browser settings. However, disabling cookies may affect website functionality and your user experience.

Types of Cookies We Use

Essential Cookies:

Required for website functionality, login, and security

Analytical Cookies:

Help us understand website usage through Google Analytics and similar tools

Functional Cookies:

Remember your preferences and settings

Marketing Cookies:

Track your activity to show relevant advertisements (with your consent)

Web Beacons & Analytics

We use web beacons (pixel tags) and third-party analytics services to understand user behavior, measure campaign effectiveness, and improve our services. This data is used in aggregate form and does not personally identify you.

App Permissions and Data Collection

Our mobile application requires certain permissions to function effectively and provide you with our services. Below are the specific permissions we request and how the collected data is used:

The key data collected from each permission granted in the device and how this data is used is further detailed below:

SMS Permissions:

We may read the headers of all SMS to check the type of sender. We only read the indicative SMS content from 6-digit alpha numerical number for verification purposes.

Pertinent information such as sender names, SMS content, received timestamps are periodically collected for the purpose of provision of financial and allied services and the data is transmitted to third parties. This information may be securely transmitted to our Partner NBFC (Grow Money Capital Private Limited) and authorized service providers, only for the purposes described below.

It is important to note that we do not read or analyze personal or OTP messages, except OTP messages sent by us, which are linked to our purpose of use during lifetime of the app installed. This data may be used to verify financial statistics such as income, spending patterns which help us in the credit evaluation and may help us in facilitating higher limits, faster approval rates and for fraud detection & prevention.

Apps Permissions:

With your explicit consent, our app may collect metadata about installed and system applications on your device. This information is securely processed through our trusted technology partner, Credeau (www.credeau.com), which provides device-intelligence services to our Partner NBFC, Grow Money Capital Private Limited.

This data is used strictly for:

Detecting potential fraud (e.g., presence of VPNs, gambling, or other high-risk apps)
Supporting identity verification and credit risk assessment
Helping the NBFC offer faster credit approvals and more suitable credit limits

Important safeguards:

Only app metadata (name, package, version, install/update time, installer source) is collected.
No personal app usage data, messages, files, or content are accessed.
The data is not shared or sold for advertising or marketing.
Data is stored and processed only in India, in compliance with RBI Digital Lending Directions 2025 and the Digital Personal Data Protection Act, 2023.

Location Permissions:

With your explicit consent, our app may request one-time access to your device location. This is used strictly to:

Determine serviceability of your loan application
Reduce risk associated with loan processing
Provide pre-approved or customized loan offers
Support address verification, better credit risk assessment, and Know Your Customer (KYC) compliance

We do not continuously track your location. Location access is temporary and limited to the purposes stated above.

Device Permissions:

With your consent, our app may collect limited device-related information to enhance security and prevent fraud. This may include:

Device model
Operating system version
Available RAM and storage

We do not collect permanently identifiable device identifiers (such as IMEI, serial number, or MAC address), in full compliance with Google Play policies, RBI Digital Lending Directions 2025, and the Digital Personal Data Protection Act, 2023.

Phone State Permissions:

Our app may request Phone State permission only with your explicit consent. This is strictly for:

Verifying that the device has an active SIM and valid network connection at the time of onboarding and disbursement
Ensuring the transaction is carried out by the rightful customer and preventing spoofing/fraud

We do not use this permission for call logs, contacts, or any unrelated purposes. All access is carried out in line with RBI Digital Lending Framework and applicable Indian privacy laws.

Camera Permissions:

What is collected: Camera access is required for completing eKYC. This allows you to scan or capture identification details and documents digitally, making the process faster and reducing manual errors.

How it is used: The captured data is used to complete your eKYC verification, validate your identity, and confirm loan eligibility as per regulatory standards. We do not collect or store biometric data.

Cashvia App is hosted in India and We ensure that every data or information that we collect from you is stored in servers located in India and the same is compliance with all the statutory/regulatory obligations.

We display just-in-time consent screens for permissions like SMS, location, phone state, and app list in accordance with Google Play policy.

Automated Credit Decisions

Cashvia uses automated algorithms and credit scoring models to evaluate loan applications and make credit decisions.

Our automated systems analyze various data points including your credit history, income, employment status, and other relevant factors to determine loan eligibility and terms.

Your Rights:

You have the right to know that automated decision-making is being used
You can request human review of automated decisions
You can ask for an explanation of the decision-making criteria
You have the right to contest decisions made solely by automated means

Please contact our Grievance Officer if you wish to understand or challenge any automated credit decision.

Link to Third Party Websites

Our site includes links to other websites whose privacy practices may differ from those of Cashvia. The inclusion of a link does not imply any endorsement by Cashvia of the third-party website, the website’s provider, or the information on the third-party website.

If users submit personal information to any of those websites, such information is governed by the privacy policies of such third-party websites and Cashvia disclaims all responsibility or liability with respect to these policies or the websites. Users are encouraged to carefully read the privacy policy of any website that they visit.

Children’s Privacy Protection

Protection of children’s privacy is a priority for Cashvia. We are committed to complying with applicable laws regarding children’s data.

Our services are not intended for individuals below the age of 18 years. We do not knowingly collect, store, or process personal information from anyone under 18 years of age.

If You Are a Parent or Guardian:

If you believe your child has provided personal information to us, please contact us immediately. We will take prompt steps to delete such information from our records.

We encourage parents and guardians to monitor and guide their children’s online activities and ensure they do not share personal information without permission.

Policy Updates & Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

How We Notify You of Changes

Material changes will be notified via email or SMS to your registered contact details
Prominent notice on our website and mobile app
Updated 'Last Modified' date at the top of this policy
For significant changes, we may seek fresh consent

Your Acceptance

Continued use of our services after policy updates constitutes your acceptance of the modified policy. If you do not agree with the changes, please discontinue use of our services and contact us to close your account (subject to outstanding obligations).

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information.

Grievance Redressal & Contact

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address your privacy concerns and complaints.

Contact Details of Grievance Officer

Name:

Dhruv Bhardwaj

Designation:

Grievance Redressal Officer

Email:

support@cashvia.in

Phone:

+91-8800831648

Response Timeline:

We will acknowledge your complaint within 24 hours and resolve it within 30 days

How to File a Complaint

Send an email to the Grievance Officer with details of your concern
Include your name, contact details, and a description of the issue
Attach relevant documents or evidence if applicable
You will receive an acknowledgment with a complaint reference number

Escalation

If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate your complaint to the Data Protection Board of India (once constituted) or approach the appropriate legal forum as per applicable laws.

Governing Law & Jurisdiction

This Privacy Policy and any disputes arising out of or related to it shall be governed by the laws of India, including but not limited to:

Information Technology Act, 2000 and Rules thereunder
Digital Personal Data Protection Act, 2023
Reserve Bank of India Act and Guidelines
Other applicable Indian laws and regulations

Jurisdiction:

Any disputes, claims, or legal proceedings arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in [City Name], India.

Your Consent

By using our site, you hereby provide consent that you agree and consent to the collection, transfer, use, storage, disclosure, and sharing of your information as described and collected by us in accordance with this Policy.

If you do not agree with the Policy, please do not use or access our site.

Disclaimer

All the information on our website is published in good faith and for general information purposes only. Cashvia does not make any warranties about the completeness, reliability, and accuracy of this information. Any action you take upon the information you find on this website is strictly at your own risk. We will not be liable for any losses and/or damages in connection with the use of our site.

From our site, you can visit other sites by following hyperlinks to such external sites. While we strive to provide only quality links to useful and ethical websites, we have no control over the content and nature of these sites. These links to other websites do not imply a recommendation for all the content found on these sites.

Please be sure to check the Privacy Policies of external sites as well as their “Terms of Service” before engaging in any business or uploading any information.