Privacy Policy

Dreamplug Technologies Private Limited (“the Company /Dreamplug/ We / Us / CRED”) is committed to operating this website/app with the highest ethical standards and appropriate internal controls. Your privacy is important to us and maintaining your trust is paramount. This Privacy Policy explains how we collect, use, and disclose information about you. By using our website/app and affiliated services, you consent to the terms of our privacy policy (“Privacy Policy”) in addition to our Terms of Use. We encourage you to read this Privacy Policy regarding the collection, use, and disclosure of your information. If you are not comfortable with any of the terms or policies described in this Privacy Policy, you may choose to discontinue usage of our website/app. This Privacy Policy shall be subject to our Terms of Use available here.

This Privacy Policy applies to the website/app that link to this Privacy Policy but does not apply to those Dreamplug’s affiliates’ websites that have their own privacy policy. Any capitalised terms not defined hereunder shall hold the same definition as provided under the Terms of Use.

From time to time, we may supplement this Privacy Policy with additional information relating to a particular interaction that we may have with you.

Collection of Personal Information

  • Information you provide us

Pursuant to the services provided by us, we will ask you to provide certain information as a part of the registration process, and in the course of the interface of CRED. We will collect this information through various means and in various places through the App Services, including account registration forms, contact us forms, or when you otherwise interact with us. We will ask you to provide only such information lawfully and operationally required for the App Services and necessary to be collected by us for effectively providing the same.

Personal information we collect may be in the nature of, inter alia,

  1. Name
  2. Mobile number
  3. Email ID
  4. Date of Birth
  5. PAN number
  6. Address and Pin Code
  7. Gender
  8. Financial information such as credit card or debit card or other payment instrument details;

The collection and maintenance of any such data/information shall be subject to this Privacy Policy.

  • Information we collect as you access and use our services

We will also collect information relating to your use of our website/app through the use of various technologies. For example, when you visit our website/app, we may log certain information such as your IP address, browser type, mobile operating system, manufacturer and model of your mobile device, geolocation, preferred language, access time, and time spent. We will also collect information about the pages you view within our sites and other actions you take while visiting our website/app. Collecting information in this manner allows us to collect statistics about our website/app usage and effectiveness, personalise your experience whilst you are on our website/app, as well as customize our interactions with you and also assist in business development to enhance and expand the scope of the App Services.

We also maintain some records of Users who contact us for support, for the purpose of responding to such queries and other related activities. However, we do not provide this information to any third party without your permission, or utilize the same for any purposes not set out hereunder.

  • Information third parties provide about you

We may, on your consent, request certain third parties to provide information about you to further personalize your experience on our website/app, and provide certain services that cannot be accessed by all users of the website/app.

CRED is currently open only to credit card holders and to users who have a credit score greater than or equal to 750, determined through information supplied to us by third-party service providers that are expressly authorised by you to distribute such information (for example, Experian which is a credit information company registered under the Credit Information Companies (Regulation) Act, 2005). In order to check if you meet the eligibility criteria to become a member of CRED, you will be requested to provide Dreamplug with explicit consent to procure the same through the sign-up process of the App.

As part of activating an account with CRED, we may request your consent to connect with your email account for purposes of collecting your credit card bill details such as total amount due, minimum amount due and due date, and collecting such other information based on your merchant preferences, to be able to:

  1. Manage all credit card information at one place, remind you of the payment due
  2. Curate offers and rewards customised for you

Please note that this giving this consent is not mandatory and is completely voluntary. Also, we only open emails from banks and credit card issuers and do not open. read or access any other mail including your personal emails.

We hereby confirm that no other personal information or emails, will be accessed. For the sake of clarity, CRED employs automated processes for accessing and analysing information provided by a User; where we may need to use our algorithm to access a password-protected document utilizing information provided by you. For further information on how we process email and the security protocol we follow click here.

Use of Personal Information

The following paragraphs describe in more detail how we propose to use your personal information.

Fulfilling your Transaction Request

Any information provided by a User will be used solely for processing your transaction or for any other purposes for which you have granted access to such information to us, based on our mutual agreement / discussions / communications / correspondences. All personal information provided by you in our website/app which has been duly received and accepted by us will be used solely for the purpose of processing a transaction on the App. To enable such process, we may share information with authorised third-parties, for instance, our business partners, financial teams/institutions, or postal/government authorities involved in fulfilment of said transactions, if any. In connection with a transaction, we may also contact you as part of our customer satisfaction surveys or for market research purposes.

Personalising your Experience on our website/app

We may use information we collect about you to provide you with a personalised experience on our website/app, such as providing you with content in which you may be interested and making navigation on our sites easier.

As you access and use CRED, we may request access wherever applicable to your:

Sr No Permission Purpose
1 SMS Read OTP, alerting you against hidden charges in credit card statement and credit card bill payment reminders
2 Location Rewards personalization through location specific offers & validating security of transactions on platform
3 Contact Referral program and rewards personalization
4 Email Alerting you against hidden charges in credit card statement and credit card bill payment reminders

Please note that we only read transactional or promotional SMS and do not open, access or read any personal SMS.

Connecting Your Email Account

You can choose to provide explicit consent to connect your email accounts with your CRED account.

Once connected, the CRED website/app will securely access and analyze the contents of emails from banks, related to credit cards, for the purpose of keeping all the credit card account and statement details in one place, and remind the users of their credit card due payments and dates.

We encourage you to review your information prior to signing in through the applicable service.

You can choose to enable us to access one or more of your email accounts by connecting such account(s) with your CRED account. If you connect your email account, the CRED website/app will automatically access and analyze the contents of emails, from a small list of whitelisted senders that comprise of credit card issuing companies and banks, in your email account(s) on an ongoing basis for the purpose of identifying documents related to the applicable App Services availed by you, including credit card statements and reward related emails that may contain recent credit card statements, transactions, or linked rewards. This is to assist the user in collating details on the App, which will include common payment due dates, statements from the applicable services etc.

Once linked, the applicable information will then be extracted from your emails into your CRED account so that you may access the same through the CRED website/app on mobile and desktop.

CRED’s access to the email account/s is authorized through the email provider’s access mechanism. If you choose to have the CRED website/app track your credit card accounts, the CRED website/app will securely store account details for each of your credit card accounts, including your sign-in user name and authorisation tokens for tracked accounts. This information will be used to enable the CRED website/app to automatically access your applicable credit card statements to analyze, extract, and store information securely from such accounts for use in the CRED website/app.

You will be asked in each case whether you want to connect your email account.

You are free to de-link your email connection with CRED at any time. You may manage your connections to email and de-link the same at any time from the website/app.

For example, Google Mail’s permission settings are located at: A user de-link the access to their email any time they wish at this URL.

Providing Support

We may use your personal information to support our activities such as notifying you of any upcoming campaigns/programmes conducted by us.

In the course of providing such support to you, we may sometimes have incidental access to data that you have provided to us or data that is located on your system. This Privacy Policy does not apply to our access to or handling of this information; the conditions regarding the handling and processing of that data is covered by the applicable Terms of Use or other agreements between you and Dreamplug.


Subject to your express permission to use the information as described herein, the information you provide to us, as well as the information we have collected about you whether directly or indirectly, may be used by us for marketing purposes. You may at any time choose not to receive marketing materials from us by following the unsubscribe instructions included in each e-mail you may receive, by indicating so when we call you, or by contacting us directly.

Some of our campaigns/programmes/related events may be co-branded, that is sponsored by both the third parties and us. If you sign up for such campaigns/programmes/related events, please note that your information may also be collected by and shared with those third parties. We urge you to familiarise yourself with their privacy policies to gain an understanding of the manner in which they will handle information about you.

Monitoring or Recording of Calls, Chats and Other Interactions

Certain online transactions may involve you calling us or us calling you. They may also involve online chats. Please be aware that it is our general practice to monitor and in some cases record such interactions for staff training or quality assurance purposes or to retain evidence of a particular transaction or interaction.

Use of Information in the Social Computing Environment

We provide social computing tools on our website/app to enable online sharing and collaboration among members who have registered to use them. These include forums, wikis, blogs, and other social media platforms.

When registering to use these tools, you will be asked to provide certain personal information. Registration information that is not automatically made available to other participants as part of your profile will be subject to and protected in accordance with this Privacy Policy.

Any other content you post, such as pictures, information, opinions, or any other type of personal information that you make available to other participants on these social platforms, is not subject to this Privacy Policy. Rather, such content is subject to the terms of use of those platforms, and any additional guidelines and privacy information provided in relation to their use. We strongly urge to refer to them to better understand yours, ours, and other parties’ rights and obligations with regard to such content. We would also like to emphasise that the content you post on any such social computing platforms may be made available to others inside and outside our website/app.

Protect the Rights and Property of Dreamplug and Others

As required by law, at times we might be required to disclose your personal information to relevant authorities. In some cases, when we believe that such disclosure is necessary to protect our rights, or the rights of others, or to comply with a judicial proceeding, court order, or legal process served on our website/app we would share such information.

In some cases, Dreamplug may use vendors or suppliers located in various countries to collect, use, analyse, and otherwise process information on its behalf. It is Dreamplug’s practice to require such vendors or suppliers to handle information in a manner consistent with Dreamplug’s policies.

We may disclose information that identifies you at an individual level and which we have collected on our website/app, to other non-Dreamplug entities that are not acting as our suppliers, such as our business partners. Except as described in this Privacy Policy, we will only do so with your prior consent. For the sake of clarity, Dreamplug does not sell or lease such information.

Where, pursuant to strategic or other business reasons, Dreamplug decides to sell, buy, merge, or otherwise reorganise businesses in some countries. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of such information from sellers. It is Dreamplug’s practice to seek appropriate protection for information in these types of transactions.


We provide all Users with the opportunity to opt-out of receiving non-essential (promotional, marketing-related) communications from us on behalf of our partners, and from us in general, after setting up an account. If you want to remove your contact information from all our lists and newsletters, please click on the unsubscribe button on the emailers or send an email request to

Account/Card Deletion

We provide all our Users an option through which a User may request deletion of a specific Card stored on his/her account or the complete account through the support section on the Cred App. Following such request, we delete all such information related to the specific card/account including but not limited to profile information, card data, transaction details, reward details, referrals details, statement details, google oauth sessions etc. that we are not required to retain.

In certain circumstances, we may be unable to delete your account, such as if there is any outstanding dispute or unresolved claims pending on your card/account. However, upon resolution of the issue preventing deletion, the information is immediately deleted and can’t be recovered thereafter. We may also retain certain information if necessary for our own legitimate business interests such as fraud prevention and enhancing users’ safety and security.

Users also have the option to request for an account deactivation instead. This will temporarily block user access to CRED App until they send a re-activation request on and successfully re-activate their account.


We use data collection devices such as “cookies”, etc. on certain parts of the App to help analyse the App Services, user interaction with the App, measure promotional effectiveness, and promote trust and safety. For the sake of clarity, “cookies” are small files placed on your device hard-drive/storage that assist us in providing the App Services. Please be informed that Dreamplug offers certain features via the App that are only available through the use of a “cookie”.

We also use cookies to allow you to enter a particular password less frequently during a session. Cookies also help us obtain information that assists in curating the Services more targeted to your interests. You are always free to decline our cookies if your device permits, although in that case you may not be able to use certain features on the app and you may be required to provide a password more frequently during a session.

Information Security and Accuracy

We intend to protect your personal information and to maintain its accuracy as confirmed by you. Dreamplug implements reasonable physical, administrative, and technical safeguards to help us protect your personal information from unauthorised access, use, and disclosure. For example, we encrypt all sensitive personal information such as credit card information when we transmit such information over the internet. We also require that our suppliers protect such information from unauthorised access, use, and disclosure.

Security Measures

At CRED we take security seriously. So seriously that we’re committed to securing your data as if it were our own. You can find more details: here.

Online Advertising

Dreamplug does not deliver third party online advertisements on the website/app but we advertise our activities and organizational goals on other websites/apps. We may collaborate with other website/app operators as well as network advertisers to do so. We request you to read and understand such concerned third party privacy policies to understand their practices relating to advertising, including what type of information they may collect about your internet usage. Dreamplug does not provide any information relating to your usage of the website/app to such website operators or network advertisers.

Links to third-party websites/apps

Dreamplug website/app may contain links to third party websites/apps that are not affiliated with Dreamplug. Dreamplug is not responsible for the privacy practices or the content of those other websites, or for any acts/ omissions by such third parties in the course of your transaction with them.


Any dispute over privacy is subject to this Privacy Policy and our Terms of Use, including limitations on damages, resolution of disputes, and application of the laws of India.

Changes to Privacy Policy

Dreamplug reserves the right to change this policy from time to time. Any changes shall be effective immediately upon the posting of the revised Privacy Policy. If we make any material changes, we will post a notice for 30 days at the top of this page notifying users when this Privacy Policy is updated or modified. We encourage you to periodically review this page for latest information on our privacy practices.

Privacy Questions and Access

If you have questions, concerns, or suggestions regarding our Privacy Policy, we can be reached using the contact information on our “Contact Us” page or at

In certain cases, you may have the ability to view or edit your personal information online. In the event your information is not accessible online and you wish to obtain a copy of particular information you provided to Dreamplug, or if you become aware the information is incorrect and you would like us to correct it, please contact us immediately.

Before Dreamplug is able to provide you with any information or correct any inaccuracies, however, we may ask you to verify your identity and to provide other details to help us to respond to your request. We will contact you within 30 days of your request.

Security and Responsible Disclosure

We at Dreamplug are committed about our customer's data and privacy. We blend security at multiple steps within our products with state of the art technology to ensure our systems maintain strong security measures. The overall data and privacy security design allows us defend our systems ranging from low hanging issue up to sophisticated attacks. You can read more about it here.

If you are a security enthusiast or a researcher and you have found a possible security vulnerability on Dreamplug products, we encourage you to report the issue to us responsibly.

You could submit a bug report to us at with detailed steps required to reproduce the vulnerability.

We shall put best of our efforts to investigate and fix the legitimate issues in a reasonable time frame, meanwhile, requesting you not to publicly disclose it. Additionally, if you have suggestions on how we could improve our security systems to make it more robust and safe for all users, you can share those with us at