This Privacy Policy explains how Loan Sphere, operated by YULAN MARKETING PRIVATE LIMITED (the “Company”, “we”, “our”, or “us”), collects, uses, stores, and protects your personal information when you use our mobile application (“App”).
YULAN MARKETING PRIVATE LIMITED is a duly incorporated Non-Banking Financial Company (NBFC) under the Companies Act, 1956, with Corporate Identification Number (CIN) U51909WB1994PTC062496, having its registered office at 4 Raja Wood Munt Street, 4th Floor, Kolkata, West Bengal – 700001, India.
As a licensed NBFC Lender, we are authorized and regulated to provide loan services directly to customers in compliance with the guidelines of the Reserve Bank of India (RBI).
By downloading, registering, or using the App, you acknowledge that the Company acts as the Lender for loans offered through Loan Sphere and agree to the terms of this Privacy Policy. If you do not agree, please do not use the App.
We follow a purpose-limited, consent-based, and minimal-collection approach. Depending on how you use Loan Sphere, we may collect the following:
1.1 Information You Provide Directly
Identity & Contact: Name, date of birth, gender, photograph/selfie (for liveness/face-match), address, email, mobile number.
KYC Documents: PAN, Aadhaar (where you provide explicit consent), driving license or other officially valid documents.
Financial & Employment: Bank account details (account number, IFSC), income proofs, payslips, employer/profession details, loan purpose.
Evidence You Upload: Scanned documents or images for KYC/address/income; limited to the files you choose.
1.2 Information Collected Automatically (App/Device)
Device & App: Device identifiers (e.g., Android ID/IDFV), operating system & version, app version, language/locale, network information, time zone, crash/error logs, performance metrics.
Security Signals: IP address, approximate geolocation (city/region), device integrity & risk signals (e.g., rooted/jailbroken status), session telemetry to detect fraud and unusual activity.
Usage Analytics: Screens viewed, clickstream, session duration, feature engagement; recorded in aggregate/de-identified form where possible.
We do not access your call logs, SMS, photo gallery, or microphone unless explicitly required for a specific feature and with your clear consent. For ordinary loan use, we do not collect SMS/call logs.
1.3 Information from Authorized Third Parties
Credit Information Companies (CICs): CIBIL, Experian, Equifax, CRIF High Mark—credit score, credit history, enquiries, and repayment performance (where you consent).
KYC/Verification Partners: CKYC registry look-ups; PAN verification; Aadhaar e-KYC via authorized KUAs/AUAs (with OTP/explicit consent); sanction/PEP screening as legally required.
Banks/Payment Partners: Mandate status (eNACH/UPI AutoPay), settlement confirmations, chargeback/return codes, and reconciliation data.
Account Aggregators (AA): If you opt-in, bank statement/transaction data shared via AA strictly for underwriting and ongoing risk monitoring.
Fraud-Prevention Databases: Signals from industry anti-fraud networks and telecom validations where lawful and with necessary consents.
1.4 Sensitive/High-Risk Data Handling
When we process facial images for liveness/face-match or Aadhaar data, it is strictly for identity verification and fraud prevention. We do not use biometric or Aadhaar information for advertising or unrelated profiling.
1.5 Runtime Permissions We May Request
Camera: KYC selfie and document capture.
Photos/Files: Uploading KYC/income proofs (limited to your selection).
Location (precise): Fraud checks and compliance.
Phone state/device signals: Security, risk and account protection.
You can grant/deny permissions in your device settings. Some services may be unavailable if a necessary permission is not granted.
We process data under one or more legal bases: your consent, to perform a contract (provide loans/services you request), legal/regulatory obligations, and legitimate interests (fraud prevention, service improvement). Specifically:
2.1 To Provide and Operate Loan Services
Identity & KYC: Verify who you are; conduct CKYC/Aadhaar/PAN checks; screen against regulatory lists; prevent impersonation and duplicate/ synthetic profiles.
Underwriting & Risk: Assess creditworthiness using data you provide, bureau data, AA data (if opted-in), and security signals; determine loan amount/tenure/rate; continuous portfolio risk monitoring.
Disbursement & Repayment: Process payouts to your bank account; set up and manage eNACH/UPI AutoPay mandates; collect repayments; handle reversals and refunds.
Customer Support: Respond to queries, complaints, chargebacks; investigate issues; record and review interactions for training and compliance.
2.2 Safety, Security, and Fraud Prevention
Device Fingerprinting & Velocity Checks: Detect bots, account takeovers, multi-account abuse, location anomalies, rooted/jailbroken devices.
Abuse Monitoring: Prevent money laundering, terrorism financing, or unlawful use; support audits and law enforcement requests where mandated.
2.3 Communications
Transactional: Application status, KYC reminders, mandate alerts, repayment schedules, due/overdue notices via in-app, SMS, email, or calls.
Service Messages: Policy changes, feature updates, security notices.
Marketing (Optional): Offers, rate promotions, new features; sent only with your consent. You can opt out anytime via in-app settings or the unsubscribe link.
2.4 Analytics and Product Improvement
Performance & Reliability: Crash logs and telemetry to fix bugs and improve stability.
Usage Insights: Aggregate/de-identified analytics to improve user experience, eligibility flows, and risk models.
Automated Decision-Making/Profiling: Certain underwriting and fraud checks are automated. Where required, we provide a channel to request an explanation and contest a decision, subject to applicable law and system constraints.
2.5 Compliance & Record-Keeping
Regulatory Reporting: To credit bureaus and regulators, as applicable.
Retention: Keep records for periods required by law (e.g., KYC/AML and accounting retention), dispute resolution, tax audits, chargeback windows, and legal defense.
We never sell or rent your personal information. We share data only on a need-to-know basis, under contracts that require confidentiality, security, and lawful use:
3.1 Within the Lending Ecosystem
Credit Bureaus (CICs): To pull credit reports during underwriting and to report repayment performance and defaults.
Banks/Financial Partners: For disbursement, collections, co-lending/ financing (if applicable), reconciliation, and mandate management.
Payment Processors & NPCI Rails: UPI/eNACH mandate setup, repayments, and settlements.
3.2 Verification & Risk Partners
KYC Providers: CKYC lookups; PAN validation; Aadhaar e-KYC via authorized providers (with your consent); video-KYC vendors where applicable.
Fraud-Prevention & Security Vendors: Device integrity, liveness, face-match, velocity checks, and anomaly detection tools.
3.3 Operational Service Providers
Cloud/IT & Data Hosting: Secure infrastructure, databases, backup, and disaster recovery.
Customer Support & Communication: Contact centers, email/SMS/voice gateways, push notification services (for transactional and—if opted-in—marketing messages).
Analytics & Crash Reporting: App performance and reliability tooling (aggregate/de-identified where feasible).
Collections Partners: Engaged only when necessary (e.g., prolonged delinquency) and required to follow applicable laws and our code of conduct.
Professional Advisors: Auditors, lawyers, consultants, and compliance advisors under confidentiality obligations.
3.4 Regulatory, Legal, and Business Events
Regulators/Law Enforcement/Courts: When required to comply with law, enforce our rights, or respond to lawful requests.
Business Transfers: During mergers, acquisitions, restructuring, or asset sales, your data may be transferred to another entity subject to this Policy or a policy with materially similar protections.
3.5 Safeguards on Sharing
Purpose Limitation: Third parties may use data only for the specific purpose we share it for.
Security & Compliance: Contractual controls, access restrictions, encryption in transit/at rest where applicable, and audit rights.
No Ad Tracking: We do not permit third-party ad networks to track you across apps via our SDKs, and we do not share your personal data for behavioural advertising.
3.6 Cross-Border Transfers (If Any)
We aim to store and process data in India. If data must be transferred outside India (e.g., to a secure cloud region or specialist vendor), we do so with appropriate contractual and technical safeguards to ensure a level of protection comparable to Indian law.
(1). What data is collected
Our app may request access to your device camera to capture a live image or short video of your face during the identity verification (KYC) process.
The app does not access or store Apple’s Face ID biometric template.
No additional facial recognition data is collected for any purpose outside of identity verification.
(2). Why it is collected
The collected face data is used solely for verifying your identity as part of the KYC process.
It helps confirm that the applicant is a real person, matches the face against official identity documents (such as PAN or Aadhaar card), and prevents fraud.
The data is also used to comply with applicable financial and legal regulations.
(3). Whether it is shared
Face data may be securely transmitted to our authorized and regulated KYC/verification service providers to perform identity verification.
The data is not shared with any other third parties.
The data is never sold, rented, or used for advertising, marketing, analytics, or personalization purposes.
(4). How long it is retained
Face data and other identity verification information are used solely to complete the KYC verification process. In compliance with applicable financial regulations, this data will be retained for at least five years after verification is completed, after which it will be securely deleted or permanently anonymized.
(5). User rights
You have the right to request deletion of your face data at any time after verification is complete.
You may withdraw consent for the collection of face data, noting that doing so may prevent completion of the KYC process and use of certain app features.
Instructions for deletion or consent withdrawal:
(6). Security measures
All collected face data is encrypted in transit and at rest.
Access to face data is restricted to authorized personnel only.
We implement industry-standard security practices to protect data from unauthorized access, disclosure, or modification.
We use encryption, firewalls, and secure servers to protect your data.
Only authorized personnel have access to sensitive information.
Despite our best efforts, no system can guarantee 100% security; you agree to use the App at your own risk.
We retain your personal and financial data only as long as necessary for providing services, meeting regulatory requirements, or resolving disputes.
Once data is no longer required, we securely delete or anonymize it.
You have the right to:
Access and review your personal data.
Request correction of inaccurate or incomplete information.
Request deletion of your account and associated data (subject to legal and regulatory obligations).
Withdraw consent for data usage, though this may limit your access to loan services.
We may update this Privacy Policy from time to time. Updated versions will be posted within the App. Continued use of the App after updates constitutes acceptance of the revised Privacy Policy.
If you have any questions or concerns regarding this Privacy Policy or your personal data, please contact us at:
Email: support@yulanmarketing.com
Phone: 91 7384073787
Address: 4 Raja Wood Munt Street, 4th Floor, Kolkata, West Bengal – 700001, India