Principles
We collect and process data only when needed to provide core services or meet legal obligations.
We explain purpose, scope, and retention at relevant steps, and avoid invisible processing whenever possible.
We provide reasonable options to manage permissions, preferences, and rights requests.
Data overview
Data types
- Account data: registration and verification information
- Loan and billing data: disbursement and repayment records
- Device and logs: security, troubleshooting, and performance analysis
- Support data: content submitted by users to customer support
Purposes
- Provide and maintain core services and customer support
- Fraud prevention and risk controls
- Compliance and audit requirements
- Improve product experience and stability
Retention (general)
Keep only what we need
We aim to retain data only for as long as needed to provide services, support users, or comply with legal and audit obligations.
Deletion requests
Where applicable, users may request deletion or withdrawal of consent, subject to product capability and regulatory requirements.
Security measures (high level)
Sensitive data uses encryption in transit and encryption at rest, where applicable.
Least privilege, separation of duties, logging, and audit trails help protect systems and data.
Monitoring and alerting support incident response and continuous improvement.