The entities comprising Dreamplug Technologies Private Limited, its subsidiaries and affiliated companies (collectively referred to herein as "the Company," "Dreamplug," "We," "Us," or "CRED"), place paramount importance on safeguarding the privacy and security of your personal information ("Personal Data"). We prioritize the establishment and maintenance of your trust.
This Privacy Policy (“Privacy Policy” or "Policy") outlines the methods and principles governing our collection, use, processing, and disclosure of your Personal Data in connection with your use of our products, services, and our website. Please note that this Policy does not apply to our partners, each of whom may maintain their own privacy policy. In situations where you interact with such partners, we strongly encourage you to review the privacy policy applicable to that particular site, service or interaction.
For utilization of the CRED application, it is a prerequisite for you to share specific data during the registration phase and for your activities on the application.
For registration purposes, we may collect personal details such as your name, mobile number, email ID, date of birth, and Permanent Account Number (PAN).
For providing certain services, we may require supplementary information, including but not limited to your residential address, financial details, credit score, credit/debit card specifics, and any other officially valid documents (OVDs).
Not sharing the requisite data may lead to certain features being restricted, unavailable, or unusable. For instance, withholding your address would render e-commerce transactions involving delivery impossible to complete.
Where you opt to provide any device permissions such as contact list, photos, camera, location, microphone, SMS, storage, phone calls and NFC, CRED may retrieve, retain and use the data sourced through such device permissions.
You retain the right to revoke the aforementioned access by amending access permissions within your device's settings.
Through your utilization of our application or website, we gather information such as:
Upon receiving your explicit consent, we may request certain third parties to provide information about you to furnish specific services and authenticate your information.
You can activate ‘CRED Protect’ by linking your email account(s) with your CRED account. If you authorize the linkage and connection of your email account with CRED, we may access the email account to collect certain financial information such as:
- credit card bill specifics such as total amount due, minimum amount due and due date, and other financial and transactional information;
- details of insurance policies;
- details regarding other bills such as utility bills;
- other financial details.
- Consolidating all your credit card information in one place and sending reminders for payment due dates;
- Curating offers and rewards customized for you;
- Curating your motor insurance details in one place and sending reminders for renewal dates;
- Providing insight into your spending pattern(s) to enhance your financial awareness and assist in making more informed decisions;
- Identifying utility billers and insurers/insurance service providers you transact with to retrieve your utility bill and/or insurance details;
- Curating specific financial/investment/other products based on your past financial behavior, transactions, and investments.
The Company's access to your email account(s) is facilitated through the email provider's access mechanism. If you authorize the CRED website/app to track your credit card accounts, the CRED website/app will securely store account particulars for each email account, including your sign-in user name and authorization tokens for tracked accounts.
We restrict our email reading to those related to financial services, such as credit card statements, loan statements, bank statements, insurance policies, biller details, etc., and we do not access any personal emails. For clarity, CRED employs automated processes for accessing and analyzing information provided by you, which may involve our algorithm to access a password-protected document utilizing your data.
For further details on how we process emails and the security protocol we follow, please click here.
Your explicit consent is required for us to access one or more of your email accounts. Please note that your consent to any of the above is purely voluntary. You may revoke the access to your email at any time.
We may receive information about you that assists us in identifying fraud and safety issues.
We may employ your personal data for the execution of the contract of services via the CRED application, in legitimate business interests, and for regulatory compliance purposes.
Your Personal Data will be instrumental in creating and updating your account, delivering services, processing your transactions, and for essential internal functions such as software bug troubleshooting, operational problem resolution, data analysis, testing, research, usage and activity trend monitoring, and analysis. Additionally, we may use your Personal Data to carry out data analytics to improve the user experience, enhance performance, and accomplish desired results. We will pseudonymize/ anonymize your data wherever possible to uphold your privacy.
With your explicit and prior consent, we may use the information generated by your usage of our application, excluding data collected from other sources such as emails, etc., for promotional purposes. This consent is entirely voluntary, and you can opt-out of receiving marketing materials from us at any time by following the unsubscribe instructions provided, indicating your preference when we call you, or directly contacting us. If you wish to remove your contact information from all our lists and newsletters, please click the unsubscribe link provided in the emails or send an email request to support@cred.club.
Several CRED products, including but not limited to CRED Cash, CRED Mint, CRED Garage, and insurance policies or covers offered through the CRED application, are offered in association with other commercial partners of CRED. When you avail such products or services, any data you provide and the data collected from your use of the application shall be shared with the respective third parties with whom CRED has partnered. Their usage of this data will be governed by their terms and conditions and privacy policy, including sharing with their subcontractors, if any.
In compliance with the law, we may need to disclose your Personal Data to the relevant regulatory authorities.
Subject to your explicit consent, we may disclose certain information created by your use of our application to CRED’s group entities and partners that are not acting as our suppliers or business partners. For clarity, we do not sell or lease such information.
Some of our reward promotions /campaigns /programs/ related events may be co-branded or sponsored by third parties and us. If you opt-in for such reward promotions /campaigns /programs /associated events, please note that your information may be collected and shared with those third parties. We advise familiarizing yourself with their privacy policies to understand how they will handle your information.
We may display targeted or non-targeted third-party online advertisements on the CRED app. We may engage in collaborations with other website/app operators. We encourage you to familiarize yourself with their advertising practices, including the types of information they may collect. No Personal Data is shared with any third-party online advertiser. CRED does not provide any information about your usage of the CRED application to such third party online advertisers.
We utilize cookies to accumulate small fragments of information on designated portions of the application to facilitate analysis of application Services, user engagement, and measurement of promotional effectiveness. Kindly note that specific features offered through the application are only available via a “cookie.”
Cookies are used to reduce the frequency of password entry during a session. Cookies further assist us in obtaining information beneficial for tailoring Services more precisely to your interests. You have the discretion to decline our cookies if your device allows, although this may limit your ability to utilize certain features on the application, and you may need to provide your password more frequently during a session.
We are committed to preserving the integrity of your Personal Data and maintaining its accuracy. We adopt reasonable physical, administrative, and technical safeguards to protect your Personal Data from unauthorized access, use, and disclosure. For instance, sensitive personal data such as credit card information, is encrypted when transmitted over the internet. Furthermore, we ensure that our commercial partners and vendors safeguard such information. We anonymize or pseudonymize your data wherever feasible to uphold your privacy.
We integrate security measures at multiple levels within our products and employ state-of-the-art technology to ensure robust security measures in our systems. This comprehensive security and privacy design allows us to defend our systems from potential threats. More details regarding this can be found here.
When using the application, you may encounter links to third-party websites/apps not affiliated with CRED. Please note that CRED holds no responsibility for their privacy practices, content of those other websites, or any acts/omissions by such third parties during your transaction with them.
If you are a security enthusiast or researcher and detect a potential security vulnerability within CRED's products, we urge you to responsibly report the issue to us. Kindly submit a detailed bug report, including steps required to reproduce the vulnerability, to us at support@cred.club. We pledge our best efforts to investigate and rectify legitimate issues within a reasonable timeframe while requesting you not to disclose it publicly.
We extend an option to all our Users to petition for the deletion of their account via the support section of the CRED application. Upon receiving such a request, all information corresponding to the specific account, including but not limited to profile details, card data, reward specifics, referral data, statement particulars, Google OAuth sessions, will be eradicated.
There might be scenarios where we may not be able to execute account deletion, such as if there exists an outstanding dispute, credit products availed through the CRED application, transactions suspected to be fraudulent, unresolved claims attached to your account. Notwithstanding, upon resolution of the obstruction preventing deletion, the relevant information is promptly deleted and cannot be retrieved thereafter. We may continue to retain certain information if deemed necessary for regulatory compliance, legitimate business interests like fraud prevention, enhancing user safety and security, or to fulfill our legal and contractual obligations.
In addition to this, you have the opportunity to request an account deactivation/archival. This will provisionally inhibit your access to CRED application until you forward a re-activation request to support@cred.club and successfully reactivate your account.
Under certain circumstances, you might be able to view or modify your personal data online. If your information is not accessible online, and you desire to procure a copy of specific information you provided to us, or if you become aware of inaccuracies in the data, we encourage you to reach out to us forthwith for correction.
Before we can supply you with any information or rectify any inaccuracies, we may ask you to validate your identity and provide additional details to confirm your identity and facilitate our response to your request. We commit to reaching out to you within 30 days of your request.
For questions, concerns, or suggestions relating to our Privacy Policy, we can be contacted via the details on our "Contact Us" page or at support@cred.club.
Personal Data will be retained only for the duration necessary to fulfill the purposes elucidated in this Privacy Policy, unless a longer retention period is necessitated by law or for directly related legitimate business purposes. Once the Personal Data is no longer required, it will be disposed of securely.
CRED reserves the right to modify this policy at its discretion from time to time. Any amendments shall take effect immediately upon posting the revised Privacy Policy. We advise you to periodically review this page for the most recent information on our privacy practices. Your usage of the CRED application shall be deemed to be consent to the Privacy Policy as modified from time to time.
Our company is in full compliance with ISO 27701: 2019[4] and 27001:2013 certifications, demonstrating our commitment to maintaining and implementing requisite Privacy and Information Security policies and procedures. We ensure adherence to industry-standard best practices and applicable controls in line with these certifications.
We have successfully satisfied the "Data Localization" stipulations as per the guidelines prescribed by the Reserve Bank of India (RBI), ensuring that all payment data is securely stored within the territorial limits of India.
Our usage of information received from Google APIs will comply with the Google API Services User Data Policy, encompassing the requirements for Limited Use.
In the event of any grievance pertaining to our privacy policy or practices involving the usage of data, the Grievance Redressal Officer may be contacted at the coordinates provided here in below:
Grievance Redressal Officer: Mr. Atul Patro Email: grievanceofficer@cred.club
The Grievance Redressal Officer is obligated to resolve grievances within a period of one month from the receipt of the grievance.
This section pertains solely to users who avail of the services of CRED Cash and/or CRED Flash facilitated through the CRED application. The CRED application operates as a digital lending application (DLA) with CRED functioning as a lending service provider (LSP) to diverse banks and non-banking financial companies (Lenders). This facilitates users' access to personal loans or similar products from the Lenders (Credit Products). A comprehensive list of lenders is available at cred.club/terms. Be advised that, in addition to this privacy policy, you may be subject to the privacy policies of the Lenders as well as other obligations stipulated in the loan documents.
1. As a constituent of the Credit Product application process, CRED may share data you have previously provided with the Lender(s) and / or certain insurers (if you avail of insurance with your Credit Product). Additional information may be required during the application process. Information specifically provided to access Credit Products or generated upon successful receipt of credit from the Lenders will be retained to the extent required by CRED to fulfill its obligations.
2. Pertaining to the information specifically provided during the Credit Product application process, CRED and the lender shall collectively decide and adhere to a clear policy guideline regarding the storage of customer data, including data type, storage duration, data usage restrictions, data destruction protocol, security breach handling standards, and more.
3. CRED will not collect or store biometric data within the CRED application.
4. CRED application will not access mobile phone resources such as files and media, contact lists, call logs, telephony functions, etc., in relation to the Credit Products or as part of its role as a DLA/LSP. However, with your explicit prior consent, CRED may seek one-time access to facilities like the camera, microphone, location, or any other necessity for onboarding/KYC requirements in connection with Credit Products.
All data will be housed in servers located within India.
You may revoke access to various access permissions such as contacts permission and SMS permission via your mobile operating system's app settings or similar functions. You may also request deletion of your data in accordance with the account termination section as set out above. However, CRED as LSP and the Lenders may still retain data as required by applicable law, to the extent that any amounts are outstanding under any Credit Products or till the time approved in-principle credit limit is available to You, or to the extent any fraud or fraudulent transactions are suspected in connection with the Credit Products.
1. CRED uses the following sub-contractors/technology service providers to offer Credit Products. Some of your data/data concerning Credit Products may be shared with these entities and/or stored in their systems:
2. As an LSP, CRED provides the Lender's collections/recovery services. To perform this function, if any amount is overdue with respect to any Credit Product, your data may be shared with the following sub-contractors, who may contact you for debt counseling and to encourage repayment of outstanding amounts:
3. When you utilize Credit Products to execute payments to merchants, relevant transaction data may be shared and stored by the pertinent payment aggregators and/or the merchants.
4. When you utilize Credit Products to execute payments to merchants, relevant transaction data may be shared and stored by the pertinent payment aggregators and/or the merchants.