Cred Pilot values your trust. This document explains what data we collect, how we process it, why we need it, and the safeguards we apply. Whenever we say “we,” “our,” or “us,” we are referring to Cred Pilot and its operating entity. All information referenced below is encrypted in transit and at rest, uploaded solely to https://api.credpilot.net/, and deleted once the stated purpose has been fulfilled.
By downloading, installing, or using the Cred Pilot mobile application you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please refrain from using the app.
We collect the following categories of data, each with a specific purpose and retention policy:
Personal Identification
This includes your name, date of birth, gender, PAN or Aadhaar number, address, email, and mobile number. It’s used for account creation, identity verification, and fraud checks. We will not share this information with any third party. All data is encrypted, securely uploaded to https://api.credpilot.net, and automatically deleted after onboarding or credit decision, unless legal retention is required.
SMS
We only collect, access, and store financial SMS data related to payroll credits, bank debits/credits, repayment confirmations, and overdue reminders. Furthermore, we only collect SMS messages received within the past 180 days. These SMS messages are used to support credit assessment, loan product matching, and risk analysis. We do not read or store your personal SMS data, nor do we share it with any third party. All information is encrypted, securely uploaded to https://api.credpilot.net, and automatically deleted after a credit decision is made.
Installed Applications List
We collect only limited information about installed financial apps, including the app package name and the date it was installed or updated. This helps verify device integrity and assess fraud risk. We do not share this data with any third party. All information is encrypted, securely uploaded to https://api.credpilot.net, and automatically deleted after the assessment is complete.
Device & Technical Info
We collect your device model, operating system version, IMEI, advertising ID, network type, and screen size. This is used for security, service optimization, and troubleshooting. This data is not shared with any third party. All information is encrypted, securely uploaded to https://api.credpilot.net, and automatically deleted after evaluation.
Camera / Media Files
Photos of ID documents or selfies provided for KYC (Know Your Customer) are used to meet regulatory compliance requirements. These files will never be shared with any third party. All information is encrypted, securely uploaded to https://api.credpilot.net, and automatically deleted after verification or credit decision.
Usage Analytics
We track which screens you view, the buttons you tap, and how long your sessions last. This helps us improve the user experience and fix bugs. We do not share this information with any third party. All data is encrypted, securely uploaded to https://api.credpilot.net, anonymized and aggregated after 30 days, and automatically deleted following credit evaluation.
All data is encrypted both in transit and at rest before being uploaded to the specified endpoint.
Account Registration & KYC – To create your profile and satisfy know-your-customer obligations.
Creditworthiness & Product Fit – To evaluate eligibility, set limits, and present suitable credit offers.
Fraud Detection & Security – To recognise suspicious activity, prevent duplicate accounts, and secure transactions.
Customer Support – To answer queries, resolve disputes, and improve service quality.
Regulatory Compliance – To meet requirements under RBI regulations, anti-money-laundering laws, and applicable tax statutes.
Service Enhancement – To analyse aggregated usage patterns, roll out new features, and optimise performance.
Licensed Lending Partners & Service Providers – Only to the extent necessary to underwrite, disburse, or service your credit facility.
Regulators & Law-Enforcement – When mandated by court order, statutory notice, or applicable law.
Professional Advisors – Auditors, lawyers, or consultants bound by confidentiality obligations.
We never sell or lease your personal data to third-party marketers.
TLS/SSL Encryption for every data packet to and from https://api.credpilot.net/.
Token-Based Access Controls limiting internal data visibility to authorised personnel.
24 × 7 Intrusion Monitoring with automated anomaly detection and incident-response procedures.
Regular Pen-Tests & Audits aligned with ISO 27001 best practices.
Access / Correction – View or update stored personal details via the in-app profile section.
Deletion – Use the in-app “Delete My Data” feature to request permanent erasure (subject to Section 7).
Consent Withdrawal – Uninstalling the app stops further collection, but previously gathered data may be retained where the law requires.
Active Account – Data is kept for the duration of the relationship and six years thereafter, as prescribed under RBI and income-tax guidelines.
Rejected / Abandoned Applications – Data is purged within 90 days.
Regulated Logs – Transaction records required for dispute resolution or audit remain until the minimum statutory period ends, then are securely destroyed.
Cred Pilot is intended for adults (18+). We do not knowingly collect information from minors. If you believe a minor has provided data, please contact us for immediate deletion.
We may amend this Privacy Policy to reflect legal, technical, or business changes. When we do, we will notify you via in-app alert or email. Continued use of the app constitutes acceptance of the revised terms.
Questions or concerns? Reach our Data Protection Officer at support@paasamrea.com—we respond within seven business days.