Privacy Policy

1. Commitment to Privacy

At Subilash Finance, your trust is our highest priority. We are committed to maintaining the confidentiality, integrity, and security of all personal, identification, and financial data shared by our borrowers. This policy governs how we collect, use, store, and protect your information.

2. Information We Collect

To provide microfinance credit assessments and comply with legal requirements, we collect the following sets of data:

• Personal Identifiers: Your full name, email address, physical mailing address, and registered mobile telephone number.
• Government Identification (KYC): Clear scanned copy of your combined Aadhar Card, PAN Card, Ration Card, Identity Card, passport size photograph, and bank passbook inside a single uploaded PDF document.
• Financial Data: Income parameters, bank details for EMI routing, active loan histories, and transaction status logs.
• Technical Data: Your device IP address, login timestamps, and session configurations captured for anti-fraud validation.

3. How We Process Your Data

Your personal and KYC information is processed strictly for the following operational workflows:

• To perform credit scoring evaluations and verify applicant identities.
• To dispatch verified one-time passwords (OTP) via email SMTP (using PHPMailer) for registration and forgot-password validations.
• To track outstanding loan cycles and record manual or automated EMI transaction histories.
• To prevent account takeover fraud, double financing attempts, and unauthorized system access.

4. Data Security & Secure Storage Vault

We implement enterprise-grade security controls to keep your files secure:

• PDF Scans Vault: All uploaded KYC PDF files are written directly into a secure subfolder located at `uploads/kyc/` in our server. The files are organized in segmented, user-specific subdirectories under strict absolute file gating.
• Session Security: We run active PHP session validation stamps (`$_SESSION`) to prevent URL bypasses and protect dashboard routes from public access.
• Databases: User passwords and security access codes are strictly hashed using high-entropy BCRYPT algorithms before being stored.

5. Third-Party Integrations & Data Exchange

We do not sell or lease your personal information. To facilitate payment routing, we share minimal transaction details with licensed service partners:

• Razorpay Payment Gateway: Razorpay handles payment cards, UPI codes, and Netbanking transactions directly. We send Razorpay the required transaction amounts and retrieve verified signature tokens to process EMIs.
• PHPMailer SMTP Dispatch: Shared email parameters are securely used to dispatch automated transactional alerts, account updates, and verification OTP dispatches.

6. User Rights & Data Deletion

Borrowers possess the right to inspect their registered details inside the `my-profile` dashboard page. In accordance with microfinance audit practices and banking laws, financial transaction logs, database records, and KYC history files must be retained as audit-ready parameters for a mandatory legal duration and cannot be instantly deleted upon request.