Protecting Your Privacy: Corestrat's Policy and Commitments

Privacy Policy

Last updated: 01 January 2024

Corestrat Labs Private Limited, a company incorporated under the provisions of the Companies Act, 2013, engaged to render certain services on the App or Website, (“CORESTRAT ”/ “We”/ “Us”/”Our”) are committed to upholding the privacy and security of the information supplied by every person (“User”/“You”/”Your”) accessing and using any version of the CORESTRAT application (“App”) on a compatible device. This privacy policy (“Privacy Policy”) briefly provides the way we collect and use user information.

The Company shall strive to seek only relevant personal information about You that are required for Us to provide You with the appropriate credit analysis and credit advice and other services more particularly stated in the Terms and Conditions. By accessing or using the Website, you signify that you have read, understood, and agree to be bound by this Privacy Policy. We may make changes to the Privacy Policy from time to time. We will notify you of any material changes by sending you an email, posting a notice on the home page of the Website, or posting a notice in your account when you first login after we have made changes. If you receive notification or a change in our Privacy Policy, you must review the new Privacy Policy carefully to make sure you understand our practices and procedures and such changes shall be effective immediately upon posting the updated or modified Privacy Policy on the CORESTRAT website.

The security of personal information about You is our priority. We protect this information by maintaining physical, electronic, and procedural safeguards that meet applicable law. We train our employees in the proper handling of personal and sensitive information. When We use other companies to provide services for us, we require them to protect the confidentiality of personal and sensitive information they receive. The Company does not sell or forward or rent your personal information you share with any third party for any purposes like marketing etc. without your explicit consent.

Your access and use of the Website following any such change constitutes your agreement to follow and be bound by this Privacy Policy, as updated or modified. For this reason, we encourage you to review this Privacy Policy each time you access and use the App. Your use of the Website and any disputes arising therefrom, is subject to this Privacy Policy as well as the terms and conditions, as set out below (“T&C”).

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

- - Account means a unique account created for You to access our Service or parts of our Service.
- - Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Corestrat Labs Private Limited.
- - Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
- - Country refers to: India
- - Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
- - Personal Data is any information that relates to an identified or identifiable individual.
- - Service refers to the Website.
- - Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
- - Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- - Website refers to Corestrat, accessible from https://corestrat.ai
- - You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

We collect personal information of the user. While some user information must be mandatorily provided, others are optional and certain portions of the information will remain private and some will be displayed to other users. Additional information may be gathered during subsequent use of the Website by the user, whenever the user chooses to provide it.
Certain mandatory information will be collected at the time of registration on the Website which is required to enable the user to login to the Website and for us to: (i) verify the user’s identity; (ii) determine the user’s eligibility for taking loans using, inter alia, our proprietary technology and such additional rules that may be determined by: (a) us; (b) our banking partners; or (c) both (a) and (b); and (iii) safeguard against illegal activities like fraud, cheating, misappropriation, etc.
We collect personal information, that includes any information concerning the personal or material circumstances of an identified or identifiable User, e.g. name, e-mail address, gender, date of birth, postal address, phone number, a unique login name, password, password validation, marital status, family details, business information and other details shared via application form or via email or via any other medium. It can also include information such as username, account number, password and any other personally identifiable information. While you can browse some sections of our website without being a registered member as mentioned above, most activities (such as availing of loans and other financial services on the Website and the App) require registration and for you to provide the above details. We will indicate the mandatory and the optional fields against the information requested from you. You always have the option to not provide your personal information by choosing not to use a particular service or feature on the Platform.
To use the facilities and services available on the Website, the user may be required, from time to time, to provide certain additional personal information after registration on the Website, which information shall be collected only upon receiving the user’s consent.
We may also automatically receive and collect certain anonymous information in standard usage logs through the web server, including mobile-identification information obtained from the equivalent of “cookies” sent to the Website, including mobile network information, standard web log information, traffic to and from our Website, tracking inside the Website and any other available information, from:
- an IP address, assigned to the device used by the User;
- the domain server through which the User accesses the Website and the functions and features therein; and
- the type of device used by the User (“Device”).
The User may choose to provide us with access to certain personal information stored by third parties like social networking sites (e.g. Facebook and Twitter). We will have access to such information to the extent allowed by the user’s privacy settings on that site and the user’s specific authorization. In the event the user associates a user account managed by us with an account maintained with any third party to enable us to access certain information maintained in such third-party managed accounts, the user agrees that we may collect, and use such information in accordance with this Privacy Policy.
The User may choose to provide us with access to certain personal information stored by third parties like social networking sites (e.g. Facebook and Twitter). We will have access to such information to the extent allowed by the user’s privacy settings on that site and the user’s specific authorization. In the event the user associates a user account managed by us with an account maintained with any third party to enable us to access certain information maintained in such third-party managed accounts, the user agrees that we may collect, and use such information in accordance with this Privacy Policy.
After obtaining the user’s specific consent to allow the App to access the user’s SMS, location and other relevant information from the hand-held device, we may collect relevant information from text messages (SMS) received by the Users from providers of services and/or products (including but not limited to retail outlets, financial institutions, mobile carriers and utility companies), that will enable us to provide better access to financial services and products to the Users. We will only access business messages that originate from alphanumeric senders.
In order to enhance our ability to provide valuable services and experiences to the user, we may: (i) automatically receive, collect and analyse your location information which may be accessed through a variety of methods including, inter alia, GPS, IP address, and cell tower location; and (ii) collect information pertaining to your Device and your usage thereof, including, inter alia, the names of the other applications on your mobile Device and how you use them, information about your Device, and information about your use of features or functions on your Device.
We collect a list of the installed applications’ information which includes the application name, package name, installed time, updated time, version name and version code of each installed application on your device to assess your creditworthiness and enrich your profile with pre-approved customized loan offers. We will access the camera function of the device to capture selfies for identity verification and collection of scanned documents during the KYC process.
We only access the data from the device one time. Explicit consent is also recorded from the user in that effect. This is in accordance with the Digital Lending guidelines defined by RBI.

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information.

Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

The technologies We use may include:

- Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.

- Flash Cookies. Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how You can delete Flash Cookies, please read “Where can I change the settings for disabling, or deleting local shared objects?” available at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html#main_Where_can_I_change_the_settings_for_disabling__or_deleting_local_shared_objects_

- Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies: Cookies: What Do They Do?.

We use both Session and Persistent Cookies for the purposes set out below:

Necessary / Essential CookiesType: Session CookiesAdministered by: UsPurpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Cookies Policy / Notice Acceptance CookiesType: Persistent CookiesAdministered by: UsPurpose: These Cookies identify if users have accepted the use of cookies on the Website.

Functionality CookiesType: Persistent CookiesAdministered by: UsPurpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

Method and manner of use of user information:

When the user registers with the Website, we will use the information supplied by the user to pull a credit report from credit bureaus and identity verification services to facilitate banks and other financial institutions to evaluate the user’s loan request in the context of the user’s complete financial situation.
We will also use the user information to enable activities and transactions that need to occur during the process of lending, such as:
- Generating and maintaining User profiles on the Website;
- Provide personalized features;
- Aiding financial services organizations to provide better services;
- Facilitating collection activities as needed;
- Maintaining regular communications with the user concerning transactions the user initiates, such as requesting information or assistance, submitting a loan request, making payments, transferring funds, etc.
- Modifying the Website from time to time to cater to the user’s interests;
- Providing the Website and the functions and features therein, efficiently;
- Preserve social history as governed by existing law or policy;
- You acknowledge that you are licensing us to use, modify, display, distribute and create new material from the information you provide through the Website to render certain services on the App. By providing such information, you automatically agree or promise that the owner of such information has expressly agreed to allow or license, as the case may be, us to use the information in the manner set out in this Privacy Policy, without the payment of any fees. We may, to the extent permitted by law, also use, license, reproduce, distribute, disclose, and aggregate, non-personally identifiable information that is derived through your use of the Website and you hereby provide consent for the same.

Sharing of information

We will not use user information for any purpose other than regarding the Website. Corestrat will not rent, sell or share user information and will not disclose any of the user’s personally identifiable information to third parties, unless:
it is pursuant to obtaining the user’s permission;
it is regarding the services being rendered through the Website;
it is to help investigate, prevent or act regarding unlawful and illegal activities; suspected fraud, potential threat to the safety or security of any person, violations of CORESTRAT ’s Terms & Conditions, or as a defence against legal claims;
it is a case of special circumstances such as compliance with court orders, requests/orders, notices from legal authorities or law enforcement agencies compel us to make such disclosure; and
it forms part of the information CORESTRAT shares with advertisers on an aggregate basis.

Information Security

User Information transmitted over the internet is protected with encryption, using the Secure Socket Layer (SSL) or equivalent protocols.
If a password is used to help protect user accounts and account information, it is the responsibility of the user to keep the password confidential. You must ensure that you always log out, before sharing the device with a third party and it is advised that the user utilize a service to protect access to the user’s Device.
We shall use generally accepted industry standards to protect the user information submitted to us, both during transmission and upon receipt. However, please be advised that no method of transmission over the Internet, is 100% secure. Therefore, even though we strive to use commercially acceptable means to protect user information, we cannot guarantee its absolute security and your use of the Website is at your sole risk and discretion. We also cannot warrant that such user information may not be misused in the event our safeguards and protocols are breached by a malicious third party. Further, we are not liable to, nor can we fully control the actions of other users with whom you may choose to share your information.
The collection, usage, and sharing of User information by CORESTRAT shall be in compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 , RBI regulations and other applicable laws.

Data Storage / Deletion Policy

The user acknowledges that the Platform has duly collected the information with the users consent and the user has the option to not provide such information or deny consent for use of specific information or revoke the consent already given. However, any withdrawal of such personal information will not be permitted in case any Service availed by the user is active. Where a consent has been withdrawn the Platform does not guarantee or be liable for providing such Service. The user shall have the following rights pertaining to the information collected by us.
- Deny Consent: The user shall have the right to deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the App delete/ forget the data. However, any such denial will not prejudice the right of the Lending Partners to retain any data in relation to the loans availed by you or by the non-lending service providers in relation to the non-lending services provided. Further, in case of a denial of a consent, the Platform does not provide a guarantee or will not be liable towards the continued facilitation of the Services if any such controls are exercised.
- Withdraw Consent: The user may withdraw consent to contact the user, for the continued collection, use or disclosure of user information, at any time, or request for deletion of login account by raising a request on the App or by mailing Us at [email protected]. However, Platform does not provide a guarantee of Services if any such controls are exercised. Further, if the user has availed any loan facilities from our lending partner, the lending partner shall have the right to continue processing the information till such credit facility has been repaid in full, along with any interest and dues payable and/or for such period as may be allowed under applicable law.
- However, We, shall not retain user data and information if it is no longer required by Us and there is no legal requirement to retain the same. Do note that multiple legal bases may exist in parallel, and We may still have to retain certain data and information at any time. Also, the information may still be used for the execution of any outstanding or termination activity of any Lending or Non-lending Services. Unless there is a regulatory/operational need to retain any user information, it will be wiped from the system within 5 years from the cessation of the relationship.
If the user no longer wishes to receive notifications about CORESTRAT services, the user may change his/her notification preferences by contacting CORESTRAT at [email protected]. CORESTRAT reserves the right to close the user account if the user opts out of receiving certain crucial notices that are required to perform the CORESTRAT services through its Website. The user may not opt out of receiving notifications about due or past due amounts that the user owes CORESTRAT or any other collections efforts.

Procedure for correcting inaccuracies in the information

The user may correct or update any information online. In the event of loss of access details, the user may retrieve the same or receive new access details by sending an e-mail to: [email protected]

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law of Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation

Protect and defend the rights or property of the Company

Prevent or investigate possible wrongdoing in connection with the Service

Protect the personal safety of Users of the Service or the public

Protect against legal liability

Data Sharing with Third party

Corestrat may share personal information of a user with Credit Rating Agencies and such information shall be shared with Credit Rating Agencies in the event the Reserve Bank of India issues guidelines or direction in this regard.

Security Precautions

The platform intends to protect your information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative and technical safeguards to help us protect your information from unauthorized access, use and disclosure. For example, we encrypt all information when we transmit over the internet.
Our platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavour to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in India as per applicable law.
We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks.
We aim to protect users from unauthorized access, alteration, disclosure or destruction of information we hold, including:
- We use encryption to keep your data private while in transit;
- We offer security feature like an OTP verification to help you protect your account;
- We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems;
- We restrict access to personal information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations;
- Compliance & Cooperation with Regulations and applicable laws;
- We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it.
- Data transfers;
- We ensure that Aadhaar number is not disclosed in any manner.
We or our affiliates maintain your information on servers located in India. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000 and rules made thereunder.

Children’s Protection Policy

Corestrat’s Services are intended for users who are 21 years and older only. Accordingly, we will not knowingly collect or use any Personal Information from individuals that we know to be under the age of 21. In addition, we will delete any information from our database that we know originates from an individual under the age of 21.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Grievance Redressal Officer

In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of our Grievance Officer are provided below:We use encryption to keep your data private while in transit;We offer security feature like an OTP verification to help you protect your account.

Name: Lucy Sabu
Designation: Grievance Redressal Officer
Address: Tower-D, Diamond District, Bangalore
Email: [email protected]

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

By email: [email protected]