Privacy Policy

This Privacy Policy applies to the website www.myshubhlife.com, the MyShubhLife mobile application, and related digital interfaces, channels, forms, APIs, and communication journeys operated under the MyShubhLife brand.

MyShubhLife ("MSL") is the brand of Datasigns Technologies Private Limited ("DTPL", "we", "us", or "our"). Following the acquisition of DTPL by U GRO Capital Limited ("U GRO"), DTPL operates in relevant journeys as a technology service provider ("TSP"), lending service provider ("LSP"), and/or support service provider to regulated lenders, including U GRO and other financial institutions, non-banking financial companies, banks, and co-lending partners (collectively, "Lenders" or "Regulated Entities").

DTPL is not to be construed as offering or promising the grant of any loan or financial product merely by reason of a user accessing the App or submitting information. Any credit facility, if approved, is sanctioned and disbursed by the applicable Lender or Regulated Entity, subject to its independent underwriting, policy checks, documentation, and legal requirements.

This Privacy Policy explains what information we collect, how we use it, how we share it, how long we retain it, the choices available to you, and how you can contact us.

This Privacy Policy is intended to reflect the applicable requirements of Indian law, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023, applicable rules and directions notified thereunder from time to time, the Prevention of Money Laundering Act, 2002 and related KYC requirements, the Reserve Bank of India's digital lending framework and related FAQs or clarifications, outsourcing norms applicable to regulated entities, and other applicable laws, circulars, directions, and judicial or regulatory requirements, as amended from time to time.

Where a particular service, lending journey, co-lending model, embedded finance arrangement, or partner-led flow is subject to additional contractual, regulatory, or product-specific disclosures, those disclosures shall apply in addition to this Privacy Policy.

We collect information that is necessary, proportionate, and relevant for the specific purpose for which it is sought. Some information is mandatory for access to certain services or products, while other information is optional. Where consent is required by law or by the design of a particular service, we will seek such consent through the App, a form, a click-through consent, or any other legally valid mode.

3.1 Information provided directly by you

Depending on the product, service, journey, or role in which DTPL is acting, we may collect the following categories of information directly from you:

• Identity and contact details such as name, mobile number, e-mail address, postal address, permanent and current address, date of birth, age, gender where relevant, and other profile information
• KYC and identification records such as PAN, Aadhaar-related information where lawfully permitted, CKYC-related information, passport, driving licence, voter ID, or other officially valid documents
• Business and employment information such as company name, occupation, employer details, GST details, Udyam information, income details, salary, turnover, business records, and other KYB inputs
• Financial information and supporting documents such as bank statements, income tax returns, financial declarations, repayment mandates, account details, or other documents relevant to a loan or financial product
• Images, documents, selfies, live photographs, signatures, video recordings, geotags, and related artefacts collected for KYC, video KYC, fraud control, or documentation purposes
• Communications, customer support interactions, complaint records, grievances, call recordings where disclosed, and written or digital submissions made by you

3.2 Information collected from devices, systems, and digital usage

To operate the App securely and efficiently, and to protect against fraud, misuse, account compromise, and unauthorized activity, we may collect technical and device-level information such as IP address, device type, operating system, browser type, app version, language, time zone, device identifiers, network information, session logs, crash diagnostics, clickstream information, access timestamps, and cookie or similar technology identifiers.

We may also collect limited device and telemetry information to secure the platform, detect anomalies, enable account authentication, support debugging, maintain audit trails, and comply with security requirements. We do not access contacts, call logs, microphone recordings, or other invasive device data unless explicitly required for a specific permitted use case and separately disclosed; as a general platform principle, DTPL does not rely on contacts or call logs for collections or customer tracing.

3.3 Information collected from third parties and ecosystem participants

Subject to law and the consent architecture applicable to the specific journey, we may receive information from third parties, including:

• Credit bureaus and information companies, such as CIBIL, CRIF High Mark, Experian, Equifax, or other bureau and score providers
• Account Aggregator ecosystem participants, financial information providers, or consent managers, where you have separately consented to the fetch and use of such information
• Lenders, co-lenders, sourcing partners, distribution platforms, embedded finance partners, lead generators, merchant platforms, marketplaces, or originators participating in the relevant journey
• KYC, KYB, video KYC, CKYCR, fraud screening, sanctions screening, verification, legal, valuation, field investigation, and due diligence service providers
• Your employer, business counterparties, references, service providers, or publicly available records, where verification is necessary and lawfully permitted
• Government databases, registries, public records, land or business databases, GST systems, court or insolvency records, and other lawful public sources

3.4 Permissions and product-specific access

Certain product journeys may require access to the camera, storage or file upload functionality, geolocation, SMS parsing of relevant business or transactional messages, Account Aggregator-based financial information, bureau reports, live image capture, video KYC, GST or business records, or other inputs strictly necessary for that product. In such cases:

• the purpose of the access will be disclosed; (b) the access will be sought only when relevant to the specific product or regulatory requirement; (c) the permission will not be used for unrelated purposes; and (d) where required, separate express consent will be obtained.

For clarity, unless a particular product, regulatory process, or consent screen expressly states otherwise, DTPL does not access contacts, call logs, or microphone data, and does not use a user's contact list to follow up on the user's whereabouts.

We may process your information for one or more of the following purposes, to the extent relevant for the specific service, product, or journey:

• To establish your identity and verify KYC, KYB, legal capacity, business existence, or eligibility
• To create, maintain, and secure your account and your interaction with the App
• To assess, facilitate, or support eligibility checks, underwriting, loan origination, servicing, or other financial product workflows
• To retrieve, process, and validate bureau data, bank statements, Account Aggregator information, tax records, business records, repayment records, and other underwriting inputs where relevant
• To detect, investigate, prevent, or report fraud, suspicious activity, account misuse, cyber incidents, impersonation, or other unlawful conduct
• To communicate with you regarding your account, application, service requests, transactions, repayment reminders, product servicing, complaint handling, legal notices, and regulatory disclosures
• To facilitate loan servicing, collections support, dispute resolution, customer support, and record maintenance in accordance with law and fair practices
• To improve product design, analytics, platform performance, service quality, training, audits, internal governance, and risk management
• To comply with statutory, regulatory, contractual, prudential, supervisory, audit, tax, accounting, and legal obligations
• To defend or enforce legal rights, investigate incidents, and preserve evidence and records where reasonably required
• To send optional marketing, product awareness, or value-added service communications where permitted by law and where appropriate preferences or consents exist

By using the App, registering an account, applying for a product, proceeding through a consent-based workflow, or voluntarily submitting data, you acknowledge and agree to the processing of your data in accordance with this Privacy Policy, the applicable product disclosures, and applicable law. Where the applicable law requires explicit consent, we will seek your consent in a clear and specific manner.

You may, subject to law and the operational requirements of the relevant service, withdraw consent for specific categories of data processing where consent is the basis for such processing. Withdrawal of consent may affect our ability, or the relevant Lender's ability, to provide the service, continue onboarding, assess eligibility, disburse a facility, or service an existing relationship where the information remains necessary.

Where the relevant product or law requires a separate consent artefact—for example, bureau consent, Account Aggregator consent, CKYCR or KYC-related consent, or consent for optional marketing communications—the terms of that separate consent will also apply.

We do not sell your personal data. We may share information, on a need-to-know and minimum-necessary basis, with the following categories of recipients for legitimate and lawful purposes:

• The relevant Lender, Regulated Entity, co-lender, or financial institution evaluating or servicing your product
• Embedded finance partners, sourcing partners, merchant platforms, or channel partners involved in the specific user journey, to the extent necessary and lawful
• Credit bureaus, Account Aggregator ecosystem participants, KYC/KYB agencies, CKYCR service providers, verification providers, legal and valuation vendors, and fraud-risk service providers
• Cloud service providers, software vendors, communication service providers, customer support vendors, analytics partners, collection support agencies, and other service providers engaged by DTPL and/or the relevant Lender
• Group entities, affiliates, successors, acquirers, or entities involved in a restructuring, merger, acquisition, assignment, or transfer of business, subject to applicable law and continuity of service requirements
• Courts, tribunals, arbitral authorities, regulators, government departments, law enforcement agencies, statutory bodies, ombudsman mechanisms, auditors, or professional advisers where disclosure is required or reasonably necessary
• Any other person or entity where you have specifically requested the service or separately consented to such sharing

We may engage third-party service providers, processors, subcontractors, agents, cloud or hosting providers, verification agencies, communications vendors, software vendors, collection support agencies, legal counsel, auditors, analytics providers, or other operational partners to support the Services. Such persons or entities may access your information only to the extent necessary to perform services on our behalf or on behalf of the relevant Lender, and are expected to handle such information in accordance with contractual confidentiality and security obligations and applicable law.

We retain information only for as long as it is reasonably necessary for the purposes for which it was collected, or as required for legal, regulatory, accounting, audit, fraud prevention, risk monitoring, dispute resolution, limitation periods, enforcement, archival, or evidentiary purposes.

Retention periods may differ by category of data and by product. For example, KYC/KYB records, account records, servicing records, complaint records, consent logs, audit trails, litigation-hold materials, or regulatory records may be retained for longer periods where required or justified. Data that is no longer required may be deleted, anonymised, de-identified, archived, or securely destroyed in accordance with our retention protocols and applicable law.

Where DTPL acts as an LSP or TSP and the relevant Lender also retains data independently to satisfy its own statutory, prudential, contractual, or audit obligations, that retention shall be governed by the Lender's applicable privacy notice, contractual terms, and legal obligations.

Information collected and processed under this Privacy Policy is ordinarily stored and processed in India, except where a lawful, controlled, and necessary transfer is made in accordance with applicable law, contractual arrangements, security requirements, and the business model applicable to the service. Where cross-border processing or access is required, we shall endeavour to ensure that such processing remains lawful, need-based, and subject to reasonable safeguards.

We implement reasonable technical, organisational, and administrative security practices to protect personal data against unauthorised access, use, disclosure, alteration, destruction, accidental loss, or misuse. Such measures may include access controls, role-based restrictions, encryption in transit and at rest where appropriate, secure coding, network security controls, logs and monitoring, vendor due diligence, confidentiality obligations, training, and incident response procedures.

No transmission over the internet and no electronic storage system can be guaranteed to be completely secure. While we take commercially reasonable and legally expected steps to safeguard information, users acknowledge that residual risks remain.

If a security incident affecting personal data comes to our attention, we may take such steps as are appropriate under the circumstances, including containment, investigation, remediation, coordination with service providers or Lenders, restoration of controls, communication with affected stakeholders where required, and notifications to authorities or affected persons where mandated by law.

Subject to applicable law and the nature of the service, you may have the ability to:

• Access details of our data handling practices through this Privacy Policy and other relevant disclosures
• Seek correction, completion, or updating of inaccurate or outdated information held by us
• Request deletion of data, subject to lawful retention obligations and legitimate operational requirements
• Withdraw consent for specific processing activities where consent is the basis of processing
• Object to or opt out of optional marketing communications
• Seek grievance redressal through the channels described below

You may write to us at support@myshubhlife.com or grievance@myshubhlife.com if you wish to request deletion of personal data, withdrawal of a consent previously given, restriction of optional data processing, or cessation of optional promotional communications.

We may decline or partially comply with a deletion request where retention is required by law, necessary for an existing contractual relationship, necessary to complete an ongoing transaction, needed for fraud prevention or dispute handling, or otherwise justified under applicable law. We may also suspend, restrict, or discontinue certain Services if the requested data or consent is necessary to provide or continue such Services.

You are responsible for providing accurate and updated information. You may correct, update, or seek rectification of inaccuracies in your information through the App where available or by writing to support@myshubhlife.com or grievance@myshubhlife.com. We may, where appropriate, request proof or supporting documentation before making changes to identity, KYC, financial, or account information.

We may send you transactional, service, legal, security, repayment, account, grievance, or regulatory communications through in-app notifications, SMS, e-mail, telephone, WhatsApp, or other approved channels, to the extent permitted by law and relevant to the product or service. These are distinct from optional marketing communications.

Where you opt out of optional promotional or marketing communications, you may continue to receive essential transactional or service-related communications that are necessary to operate, secure, service, or legally administer your relationship with us or the relevant Lender.

When you use the website or certain digital channels, we may use cookies, pixels, SDKs, tags, and similar technologies to remember preferences, maintain sessions, improve navigation, support analytics, understand usage trends, detect abuse, and improve service performance. You may be able to manage cookies through your browser or device settings, though disabling some cookies may affect site performance or feature availability.

The App and Services are intended for persons who are legally competent to contract. We do not knowingly solicit or provide services to children in any manner. If we become aware that information has been collected in violation of applicable law concerning children or persons lacking legal capacity, we may take appropriate corrective action, including deletion or restriction, subject to law.

Where data reaches end-of-life under our retention framework, and where continued retention is not required, such data may be securely deleted, purged, destroyed, anonymised, or de-identified using methods appropriate to the storage medium and the sensitivity of the information. The method adopted may vary depending on whether the information resides in live systems, archives, backups, logs, or third-party hosted environments.

We may modify, supplement, or update this Privacy Policy from time to time to reflect changes in law, regulation, product design, corporate structure, service providers, technology, or operating practices. The updated version will be posted on the relevant digital channel with the revised effective date. Continued access to or use of the App or Services after such update may be treated as acknowledgement of the revised Privacy Policy, subject to any additional consent requirements under applicable law.

If you have any grievance, complaint, request, or question relating to this Privacy Policy, your personal data, your consent, or your experience on the App, you may contact us at support@myshubhlife.com or grievance@myshubhlife.com.

DTPL will endeavour to acknowledge and address grievances in accordance with applicable law and internal grievance timelines. Where the grievance relates to a lending product, the concerned Lender or Regulated Entity may also be involved in resolution, and the Regulated Entity shall remain responsible for complaints arising out of the actions of LSPs engaged by it, in accordance with applicable RBI requirements.

Where required by the applicable lending framework, the details of the designated grievance redressal officer / nodal officer of DTPL and of the relevant Lender shall be displayed on the website, App, or product journey. If a complaint remains unresolved within the timeframe prescribed under the applicable RBI framework, the user may escalate the matter to the relevant Regulated Entity and, where eligible, to the RBI's Integrated Ombudsman mechanism.

This Privacy Policy shall be governed by the laws of India. Subject to any mandatory consumer, regulatory, or statutory remedy available under applicable law, the courts at Bengaluru, Karnataka shall have jurisdiction over disputes arising out of or relating to this Privacy Policy.