Groww Credit Privacy Policy

1. Scope

1. We ask that you read this Privacy Policy (“Privacy Policy”) carefully as it contains important information about who we are, how and why we collect, use, store, transfer and share personal information, your rights in relation to your personal information, and how to contact us. This Privacy Policy should be read alongside, and in addition to the Groww Terms of Service (“Terms”), Credit Information Terms and any separate product or service agreement entered into between us from time to time.
2. Where we have used but have not explained the meaning of a capitalised term in this Privacy Policy, that capitalised term has the same meaning as mentioned under the Terms or Credit Information Terms. Whenever we refer to ‘information’ or ‘data’ under this Privacy Policy, we refer to your personal information (described in ‘Personal Information we collect’). Whenever we refer to the ‘law’ under this Privacy Policy, we are referring to those laws as amended from time to time.
3. By accessing our Services, using any medium: mobile app, mobile site, website, web app, or otherwise, you consent to us using your personal information in the way described in the Privacy Policy. 

IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT USE OR ACCESS OUR SERVICES. 

d. This Privacy Policy is divided into the following sections:

1. Who we are
2. How to contact us – Grievance Officer 
3. Personal information we collect
4. Where we collect personal information
5. How we use your personal information
6. Who we share your personal information with
7. Period for which we retain your personal information
8. Cookies and similar technologies
9. Your rights
10. Security practices 
11. Updates to the Privacy Policy
12. Governing Laws and Jurisdiction
13. Details of Associate Third Parties

2. Who we are

In this Privacy Policy, us, our, we, or Groww means Billionbrains Garage Ventures Private Limited (“BGV”), a private limited company which owns and operates the Groww Credit Platform (which term includes the application and the website) as and when required.

It is clarified that where any personal information is obtained from you basis of this Privacy Policy, the same shall be retained and stored by  the Partner REs only, whereas Groww shall be provided limited access to your data, including name, address, contact details etc. required for carrying out any lawful purpose. References therefore to us, our, we, or Groww must therefore be construed accordingly.

For the purpose of providing you the service, we collect, process, store and are responsible for certain personal information about you. When we do so, we are regulated by the Information Technology Act 2000, the Information Technology (Reasonable Security Practices and Procedures for Sensitive Personal Data and Information) Rules 2011, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Guidelines on Digital Lending, 2022 issued by the RBI and other Applicable Laws. Personal Data does not mean information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force; Personal Data includes “Sensitive Personal Data”, which relates to password; financial information such as bank account or credit card or debit card or other payment instrument details; physical, physiological and mental health condition; sexual orientation; medical records and history; biometrics or any other data categorized as sensitive under Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 and/or any applicable law in India.

3. How to contact us - Grievance Officer

If you have any questions, concerns or suggestions about how we collect, store or use your information, you can reach out to our Grievance Officer. This Grievance Officer will serve as the designated Grievance Officer under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011.

Name: Dharmesh Palan

Email ID: Grievances@groww.in 

Phone number: +91 9108800000 

Address : Vaishnavi Tech Park, 3rd Floor Sarjapur Main Road, Bellandur Bengaluru – 560103

4. Personal information we collect

Personal information means any information of a natural person which can assist in identification of that person. Below is a list of types of information that we may collect when you use the Platform or Services.

Type of personal information	Description
Personal	Details such as residential address, correspondence address, date of birth, documents such as identity card/ passport details/ Aadhaar details via Digilocker, PAN, and other similar OVD (as such term is defined by the RBI), live photo, educational information, and employment details such as position held, history, salary, benefits etc. We may also obtain your specimen signature.
Contact	Your name, phone number, email ID, address and other ways in which you can be contacted.
Financial	Details about income, expenses, credit history, transaction history, balances, payment details, details to enable transfer of monies, and other similar data. We may also record certain conversations with customer support agents to resolve your queries and grievances.
Contractual	Details to offer the Services to you through the Platform.
Locational	Data we get about where you are. This may come from your mobile phone or other electronic devices.
Technical	Details about the devices and technology you use such as hardware models, device IP address, operating systems and versions, software, preferred languages, unique device identifiers, advertising identifiers, serial numbers, device motion data, and mobile network data. We may also obtain access to your device’s camera, microphone, location, or such other device information or facility required to perform the Services.
Communications	What we learn about you from the communications between us, including any feedback that we may receive from you.
Public and third-party data	Details about you that are publicly available on the internet. We may also receive information about you from third-parties like credit bureau (as per the Credit Information Terms), business partners, technical sub-contractors, analytics providers, search information providers, etc.
Usage data	Data about how you use the Platform and interact with our Services including through the use of cookies or other tracking software. This includes data such as access dates and times, Platform features or pages viewed, Platform crashes and other system activity, type of browser, and third-party sites or services used before or in the course of interacting with our Services.
Consents	Any permissions, consents or preferences that you give us on our Platform or otherwise.
Additional Information	We may seek additional information than what is set out above, provided we will provide you with notice of seeking such data as well as the purpose for which such data may be utilised.
Lien Marking and associated information	We may obtain information from you pertaining to your mutual fund and/or securities holdings to enable you to utilise the Services. We may also obtain any other incidental information in this regard, that may help us provide you with the Services.

5. Sources of personal information

We may collect personal information about you from any of the following sources. 

a. Data you provide to us

1. Contact information (e.g., name, phone number, email ID and address).
2. Personal information to facilitate your use of the Platform like date of birth, age, etc.
3. Government-issued identifiers, including Aadhaar, PAN and GST information.
4. Photographs and signature copies.
5. Any other information which would help provide the Services offered on our Platform.
6. Any other information you provide us when you access the Platform or Services.
7. Data collected when you talk to us on the phone or in emails, web chats, letters, and surveys.
8. Any other information that we are required to collect by our Partner REs, or as a requirement under Applicable Laws.
9. Any information required for the purpose of engaging in collection and recovery processes, as required in accordance with law.

b. Data we collect when you use our Platform or Services

1. Geolocation data collected through your mobile phone or other electronic devices.
2. Usage data including data collected through cookies and other tracking software.
3. We also collect information from and about the device through which you access our app as set out above.

c. Data we collect from third parties

1. Your data available with the credit bureaus that we collect if you agree to the Credit Information Terms and appoint us as your authorized agent to pull your Credit Information from credit bureaus. 
2. Your data collected by other companies and partners that introduce you to us.
3. Your data collected from our partners, third-party vendors, including services that help us authenticate your identity, like KYC service providers.
4. Your data collected by social networks and other technology providers (for instance, when you click on one of our advertisements on social media platforms like Facebook or Google).
5. Your data available with fraud prevention agencies.
6. Your data available with other financial institutions (to facilitate transactions and to help prevent, detect and prosecute unlawful acts, money laundering, and fraudulent behaviour).
7. Your data present in public information sources.
8. Your data collected by third-party agents, suppliers, sub-contractors and advisers.
9. Your data collected by market researchers.
10. Your data available with government authorities, law enforcement agencies and regulatory bodies, to help us comply with our legal obligations.

6. How we use your personal information

We use your personal information only for the purposes set out below: 

a. Serve you

1. Provision of loan or facility or line of credit, and performance of credit check by partners duly authorised under law.
2. Manage our relationship with you or your business, including to provide Services to you, to conclude transactions, to generate and maintain user profiles, and to provide personalised features/ content of interest to you.
3. Communicate with you about our products and services, and responding to your requests/ queries, through calls, SMS messages, emails, Platform notifications or other means.  
4. Developing and carrying out marketing activities.
5. Studying how customers use our Platform and Services.
6. Delivering promotional offers including contacting you through calls, SMS messages, emails, Platform notifications or other means. 
7. Undertaking collections and recovery processes as maybe required in accordance with applicable law

b. Improve our business

1. Testing new products.
2. Analytics and research and otherwise improving our products and Services.
3. Managing how we work with other businesses that provide services to us and our customers.
4. Developing new ways to meet our customers’ needs and to grow our business.

c. Managing our operations 

1. Marketing and outreach, such as offering you special offers or other products or services we think that you may be interested in.
2. Collecting and managing fees and other charges. 
3. Collecting and recovering money that is owed to us.

BY USING THE WEBSITE/ AVAILING OUR SERVICES, YOU AUTHORISE US, OUR AFFILIATES & OUR ASSOCIATE PARTNERS TO CONTACT YOU VIA EMAIL OR PHONE CALL OR SMS (INCLUDING WHATSAPP) AND OFFER YOU THEIR SERVICES/ PRODUCT(S), MAKE PROMOTIONAL OFFERS IN RELATION TO THEIR SERVICES. THE FOREGOING CONSENT AND AUTHORISATION IS IRRESPECTIVE OF THE FACT THAT YOU HAVE REGISTERED YOURSELF UNDER DND OR DNC OR NCPR

d. Fraud prevention and managing risks 

1. Identifying, investigating, reporting and preventing fraud, money laundering and other crime.
2. Managing risk for us and our customers.
3. Managing and protecting our information technology infrastructure.
4. Complying with our legal obligations.
5. Investigating and responding to complaints and feedback.
6. Sharing information with government agencies, regulatory bodies, and law enforcement agencies, or such other authorities, authorised to seek data from us in accordance with applicable law or any judicial pronouncements.

e. Business management 

1. Operating our business in an efficient way, including managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit.
2. Carrying out our obligations arising from and exercising our rights set out in our contracts.

7. Who we share your personal information with

We do not share any sensitive or personal data about you with any third parties unless necessary. We will only disclose personal information to third parties for the reasons explained in this Privacy Policy or otherwise in the Terms. Below is a list of the types of third parties that we may share your personal information with. 

 

a. Groww Group

We may share your personal information with our group companies if that helps us with any of the purposes noted above or otherwise in the Terms.

b. Groww Partners 

We may share your information with businesses that we partner with to provide you our Services (“Groww Partners”). These include but are not limited to our Partner REs. The Groww Platform may host links to third party websites. We are not responsible for the content, activities or services related to such linked websites. 

c. Authorities

We may share your information with any government authority, regulatory body or law enforcement agency which seeks such information if we believe the disclosure is required or appropriate under Applicable Laws.

d. Service providers 

We may share your information with credit bureaus and third party service providers that help us provide Services to you. This includes vendors, agents, sub-contractors, suppliers, consultants, advisers and other service providers. 

e. General business 

We may share your information with third parties to grow and improve our business. This includes: 

1. Companies we have a joint venture or agreement to co-operate with.
2. Organisations that introduce you to us. iii. Market researchers.

1. Advisers who help us to come up with new ways of doing business.
2. Advertisers and technology providers that you use (such as third-party websites you visit, social networks, and providers of apps and smart devices). vi. While negotiating or in relation to a change of corporate control such as a restructuring, merger or sale of our assets, we may have to disclose our databases and information we have stored in the course of our operations. 
3. Other financial institutions to help prevent, detect and prosecute unlawful acts, money laundering or fraudulent behaviour. 
4. Registrar and share transfer agents, and asset management companies in the event of you availing the relevant Services which necessitate such disclosure

f. Sharing anonymised data

We may share anonymised data with other companies, but only after scrubbing all personally identifiable details and converting it into a format where it is no longer considered personal information under the law (as it is anonymised).

PLEASE REFER TO CLAUSE 14 OF THIS PRIVACY POLICY FOR A LIST OF ALL THIRD PARTY ENTITIES WITH WHOM YOUR DATA IS BEING SHARED.

8. How long we keep your personal information

a. Unless otherwise mentioned in the Credit Information Terms, we will keep your personal information as long as it is necessary to provide you Services on the Groww Platform (for the purposes listed in ‘How we use your information’). We will retain and use the information collected as necessary to comply with our obligations under Applicable Laws or contracts, resolve disputes or for other business purposes. Generally, we will not retain your Personal Data and other information for longer than the periods provided in the table below. However, the provisions of various laws require Your transaction logs to be stored for longer periods post the deletion of an account. Further, in the event of the pendency of any legal, regulatory and/or statutory proceeding or receipt of any legal and / or regulatory direction to that effect, We may be required by the law of the land to retain your Personal Data for longer periods.

Types of Data	Date Retention Period
Personal Data	End of your relationship with us + 5 years
KYC-Related Information	End of your relationship with us + 5 years
Information generated through one-time access to camera, microphone, and geo-location access	End of your relationship with us + 3 years
Information generated through one-time access to storage limited to information selected by the customer	End of your relationship with us + 3 years
Non-personal information	As required under law
User communications	End of your relationship with us + 5 years

b. To ensure compliance with Applicable Laws, we may need to retain information even after you have terminated your Account with us or stopped using the Groww Platform. We may also keep your contact information and other details for fraud prevention and for the exercise/defence of a legal claim or for providing evidence in legal proceedings. 

c. Post termination, we may continue to use your anonymised data which is aggregated or combined with anonymised data of other users. We use this for analytics, research and other business purposes. 

d. We will comply with the following procedure for destruction and disposal of Your Personal Data and other information:

(i) Our IT department is responsible for deleting or destroying electronic records. This includes ensuring that the Personal Data and other information is permanently removed and from company system and destroyed.

(ii) No Personal Data and other information that are currently involved in, or have open investigations, audits, or litigation pending shall be destroyed or otherwise discarded.

(iii) When retention requirements have been met, Personal Data and other information shall be immediately destroyed.

(iv) The authorized methods of destruction for non-electronic Personal Data and other information are shredding.

9. Cookies and similar technologies

1. We may use cookies to distinguish you from other users of our Services. This helps us provide you with a good experience, and also allows us to improve our Services. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device when you visit our Platform. Cookies send information back to the originating website on each subsequent visit, or to another website which recognises that cookie. Cookies also make it easier for you to log in and use our Platform.
2. We may use the following cookies:

1. Strictly necessary cookies required for the operation of our Platform (including, for example, cookies that enable you to log into secure accounts and use interactive features).
   
   
2. Analytical/performance cookies that allow us to recognise and count the number of visitors and users and see how they use the Platform to (for instance, without limitation) help us improve the way our Platform works or ensure that users can find what they are looking for easily.
3. Functionality cookies to help us recognise you when you return to our Platform to (for instance, without limitation) personalise our content for you, greet you by name and remember your preferences, such as choice of language or region.
4. Targeting cookies to record your visit to our Platform, the pages you have visited and the links you have followed. We may use this information to make our Platform and the information displayed on it, more relevant to your interests. We may also share the information with third parties for this purpose.

10. Your rights

You will have the following rights with regard to your data and you can exercise these rights by writing to our Grievance Officer at “Support@credit.groww.in”.

1. Confirmation: You can ask us to confirm if we are processing your personal data.
2. Review: You can ask us for a copy of your personal data held by us.
3. Rectification: You can inform us about changes to your personal data, and ask that we correct any erroneous or incorrect personal data held by us. We are not responsible for the authenticity of the data you provide us. Please ensure you notify us without undue delay of any changes to the personal data that you have provided to us by updating your details on the Platform or by contacting our Grievance Officer at the details provided in this Privacy Policy.
4. Restrictions on Processing: You can ask us to erase your personal data, block or restrict the processing of your personal data, or object about specific ways in which we use your personal data, and deny consent for use of any specific data. You may also in line with this right, restrict disclosure of your data to third parties.
5. Right to Opt Out: We or our service providers may communicate with you through voice calls, text messages, emails, Platform notifications, or other means. The communication may relate to (a) Services (as defined in the Terms), (b) promotional offers, or (c) any other information that we may want to share with you. You may opt out of receiving information about promotional offers by writing to us. But even if you opt out of receiving information from us, we may still send you non-promotional communication.
6. Withdrawal of Consent: You have the option to withdraw consent given to us for collection and processing of your personal data. In such cases, we reserve the right to stop providing Services for which your personal data was sought. Your withdrawal will become effective when you receive an acknowledgment from us. You understand that despite your request to withdraw consent, we may still need to retain some data about you to comply with Applicable Laws.

Please note that You may, in Your sole and absolute discretion, choose either: (i) not to provide the information, specific data requisitioned by Us from You in connection with Our Services from time to time or (ii) cancel/revoke Your consent so granted to collect Your Personal Data and/or communication that you have elected to receive from Us in relation to the information you have already shared with Us. However, in the event if You do not provide Your consent or later withdraw Your consent, We request you not to access the Platform and/or use the Services and We also reserve the right to not provide You any Services through the Platform. In such a scenario, the Company may delete Your information (Personal or otherwise) or de-identify it so that it is anonymous and not attributable to You.

PLEASE NOTE THAT NOTWITHSTANDING ANYTHING CONTAINED IN THIS PRIVACY POLICY, WE MAY RETAIN YOUR DATA IN OUR RECORDS FOR SUCH TIME PERIOD AS PRESCRIBED IN LINE WITH REGULATORY REQUIREMENTS.

11. Security Practices

We deploy adequate technical and organisational security measures to protect your personal information. Some of these include: firewalls, encryption, and access controls.  However, we do not guarantee that personal data will be completely protected. Any transmission of personal data by you is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained in the Platform, including through the illegal acts of third parties.

We request you to please ensure that you do not share your Account’s login, password, and OTP details with anybody.

We wish to mention that in case of non-compliance and/or breach with the privacy policy pertaining to access or usage of the computer resource, We shall have the right to terminate the access or usage rights of the Yours to the computer resource immediately or remove non-compliant information or both, as the case may be.

Please also note that while We observe reasonable security measures to protect Your Personal Information on all our digital platforms, security risks may still arise for reasons outside of Our control such as hacking, virus dissemination, force majeure events, breach of firewall etc. Please note that the above- mentioned measures do not guarantee absolute protection of Your Personal Data. It is further clarified that as long as You access and/or use the Platform (directly or indirectly) the obligation to ensure that You shall at all times take adequate physical, managerial, and technical safeguards, at Your end, to preserve the integrity and security of Your data which shall include and not be limited to Your Personal Information.

This Privacy Policy and the security controls and practices implemented by Us to protect Your Personal Information shall be the reasonable security practices and procedures under Section 43A of the Information Technology Act, 2000. Further, while providing the Services to you, we shall also ensure compliance with various technology standards/requirements on cybersecurity stipulated under applicable laws including but not limited to reporting of any security breach or incident to authorities designated under any applicable law.

12. Updates to this Privacy Policy

We may update this Privacy Policy from time to time at our discretion. We urge you to keep visiting this page so you remain updated about the changes, if any. This Privacy Policy may be subject to continuous review and modification. While we will make reasonable efforts to keep you posted on any updates to this Privacy Policy, we recommend that you review this Privacy Policy periodically.

We reserve the right to change/modify the information provided on or via this Site, including the terms of this disclaimer, at any time, however we will obtain you consent for any material changes to the Privacy Policy. You can determine when the terms and conditions were last modified by referring to the “Last Updated” legend below. You are obliged to exercise your independent diligence on the information provided on or via this Site before arriving at any decision and you will be solely responsible for your actions. We shall not be held responsible for all or any actions that may subsequently result in any loss, damage and or liability on account of such a change in the information on this Site. Your continuous use of the website/mobile application following the posting of changes shall mean that You accept and agree to the changes and shall be legally bound by the same.

13. Governing Law and Jurisdiction

This policy will be governed by and construed in accordance with the laws of India and subjected to the exclusive jurisdiction of Courts of Bangalore.

14. Details of Associated Third Parties

Sr. No.	Entity Name	Services Provided
1	IDFC First Bank Limited	Lending Partner
2	Aditya Birla Finance Limited (ABFL)	Lending Partner
3	Kisetsu Saison Finance India Private Limited (Credit Saison India)	Lending Partner
4	Central Registry of Securitisation of Asset Reconstruction and Security Interest of India (CERSAI)	Onboarding Support
5	Webklipper Technologies Private Limited	Communication Services
6	Salesforce India Private Limited	Analytics
7	Google Cloud India Private Limited	Events Ingestion and Analytics
8	National Securities Depository Limited	Onboarding Support
9	Digiotech Solutions Private Limited	NACH Mandate
10	Groww Pay Services Private Limited	Software Infrastructure Support
11	Razorpay Software Private Limited	Facilitates Collection
12	Groww Serv Private Limited	Collections Agency
13	Freshworks Technologies Private Limited	Customer Support
14	Solutions Infini Technologies Private Limited	Customer Support

 

15	HyperVerge Technologies Private Limited	Onboarding Support
16	GupShup Technology India Private Limited	Communication Services
17	V-Connect Systems and Services Private Limited	Communication Services
18	Netcore Cloud Private Limited	Communication Services
19	Groww Creditserv Technology Private Limited	Lending Partner
20	ICICI Bank Limited	Banking Partner
21	Yes Bank Limited	Banking Partner
22	Kotak Mahindra Bank Limited	Banking Partner
23	Equifax Credit Information Services Private Limited	Credit Bureau
24	Experian Credit Information Company of India Private Limited	Credit Bureau
25	Groww Wealth Management Private Limited (Formerly known as Finments Tech Private Limited)	VKYC & Digilocker TSP
26	CRIF High Mark Credit Information Services Private Limited	Credit Bureau
27	Dashboard Account Aggregation Services Private Limited (Saafe)	Account Aggregators
28	Cookiejar Technologies Private Limited (Finvu)	Account Aggregators
29	TransUnion CIBIL Limited	Credit Bureau
30	Finsec AA Solutions Private Limited (OneMoney)	Account Aggregators
31	NeSL Asset Data Limited (NADL)	Account Aggregators
32	TartanHQ Solutions Private Limited (Tartan)	Enhanced Due Diligence
33	Finsec AA Solutions Private Limited (OneMoney)	Account Aggregators
34	Zujo Tech Private Limited (VideoSDK)	Onboarding Support
35	Analog Legalhub Technology Solutions Private Limited	Collections Agency
36	Fibe (Social Worth Technologies Private Limited)	Lender
37	Kfin Technologies Limited	Registrar and Share Transfer Agent
38	Computer Age Management Services	Registrar and Share Transfer Agent
39	DSP Finance Private Limited	Lender

This Privacy Policy was last updated on 13th February, 2025.