You hereby expressly consent to the collection, use, and processing of your information as may be required for the purpose of availing the Services offered through the Website or App. You acknowledge and agree that ISEOUS may collect such information as outlined in this Privacy Policy in order to facilitate both lending and non-lending services, including those provided in collaboration with financial institutions, third-party partners, service providers, and other affiliated entities, based on your expressed interest in and application for such Services.

ISEOUS will use your information solely for the purpose of providing the Services to you.

Digi Credit (ISEOUS) operates only as a digital facilitation platform. All underwriting, loan approval, disbursal, and collections activities are handled solely by Khosya Finlease Private Limited (NBFC). Applying on Digi Credit does not guarantee loan approval.

By choosing to access or avail any Services offered by ISEOUS, either independently or in collaboration with its third-party partners, it is imperative that you carefully read, understand, acknowledge, and unconditionally agree to be bound by the terms and conditions set forth in this Privacy Policy.

ISEOUS respects the privacy of its users and is committed to embedding privacy safeguards across all its operations in compliance with applicable laws. We recognize the critical importance of protecting your personal information and maintaining transparency regarding how we collect, use, store, transfer, disclose, and dispose of data obtained through your use of our products, services, online portals, and mobile applications.

We collect only the minimum personal information required to process your loan application and comply with legal obligations. We do not sell user data to third parties.

The personal information collected from you may include, but is not limited to: (i) personal details such as your name, address, date of birth, parent's names, and photograph; (ii) contact details such as your email address, residential address, and phone numbers; (iii) professional and business-related details including your employment type, employer information, industry, and business type; (iv) financial and credit-related information including your bank account details, transactions, credit history, loan information, and other related data; and (v) device-related information such as your location (with consent), device identifiers, IP address, IMEI number, log data, cookies, and similar technologies for security and service delivery purposes.

This collective and individual data is hereinafter referred to as "Customer Data."

THIRD-PARTY INFORMATION

ISEOUS may work in close coordination with its affiliates, business partners, technical sub-contractors, analytics providers, search information services, credit information companies, account aggregators, and other authorized third parties. In the course of providing our Services, we may lawfully receive information about you from such third-party sources. This information may include, but is not limited to, identity verification data, credit-related information, and other relevant records.

Any such information obtained from third-party sources may be combined with the data collected directly through the Website, App, or other digital platforms operated by ISEOUS, and will be treated in accordance with this Privacy Policy.

PERSONALLY IDENTIFIABLE INFORMATION (PII) DATA

ISEOUS may collect Customer Data, including Personally Identifiable Information (PII), either directly from you or through its service providers and partners, when you apply for any of our products or services, register on our Website or App, engage in any financial transaction, or otherwise interact with us in the course of your association with ISEOUS.

Such PII may be provided through online interfaces, physical forms, or during onboarding and verification processes. This may include, but is not limited to, your full name, contact details, government-issued identification, financial and employment information, and any other details that may be required to render services or comply with applicable legal and regulatory obligations.

DEVICE DATA

ISEOUS may process your device-related data ("Device Data") in accordance with the purposes outlined in this Privacy Policy. Before accessing such Device Data, the Website or App may request that you enable the necessary permissions through your mobile device settings. A general overview of the mobile application's behavior, including permission requirements, can be viewed within the permissions module of your device.

Our Website and App may also employ cookies and similar technologies, as well as third-party analytics tools (such as SDKs and APIs), to collect information about your interaction with our digital platforms. This includes metadata such as device identifiers, crash logs, browsing data, and other diagnostic signals.

With your explicit consent, ISEOUS and its service providers may access Device Data while you access the Website or while applying for loans, products, or services. You have the right to request deletion of your Device Data from our systems. Upon such deletion, please note that re-registration may be necessary to access the services again.

ISEOUS ensures that all personal data, including Device Data, is securely disposed of using appropriate and industry-standard destruction methods.

DATA PROVIDED BY YOU

In the course of using the Website, mobile application, or any associated internet-based services operated by Ecofin, we may collect and process the following categories of personal data directly provided by you:

• Information provided through forms filled out on the Website, mobile application, or any related digital platform operated by ISEOUS.
• Information shared during correspondence, whether via email, phone calls, chat, or other communication modes.
• Registration-related information, including data you submit when registering on our Website or App, subscribing to our services (such as applying for financial products), searching for services, or reporting a problem related to our services or platforms.
• Personal identification details, such as your name, address, gender, date of birth, email ID, contact number, username, password, and other account-related credentials.
• KYC and financial documents, which may include identity proof (e.g., PAN card, voter ID), address proof, proof of possession of Aadhaar (with Aadhaar number appropriately masked or redacted), employment details, salary slips, bank account number, bank statements, and credit-related information.
• Usage-generated data, such as logs, metadata, behavioral data, and other information arising from your interaction with our Website, App, and related platforms.

Such data is collected solely for the purpose of delivering our services, in compliance with applicable laws, and based on your explicit consent where required.

INFORMATION WE COLLECT AND USE

With your explicit consent, we may collect information about you from third parties such as credit bureaus, account aggregators, service providers, and our partners. This may include your credit history, financial details, and identity-related data.

We use this information to:

• Conduct identity verification and KYC;
• Assess your eligibility for products/services;
• Comply with applicable legal and regulatory requirements;
• Prevent fraud and ensure data integrity.

All data is processed lawfully, securely, and solely for the purpose of delivering our Services or those of our partners, in accordance with this Privacy Policy.

In addition to the purposes outlined in Section 2, ISEOUS may collect, use, and process your information for the following purposes, in compliance with applicable laws:

• To deliver products and services requested by you.
• To share information with third-party partners, service providers, and financial institutions, as required for credit assessment and service facilitation.
• To investigate potential breaches of the Terms of Use or to establish and defend against legal claims.
• To comply with applicable legal obligations, including but not limited to statutory disclosures, regulatory requirements, court orders, and directions from law enforcement agencies.
• To detect, prevent, and address fraud, money laundering, terrorist financing, and other unlawful activities.
• To communicate with you for operational, transactional, and promotional purposes via permitted modes such as email, SMS, or telephone.

All such use shall be consistent with your consent and the Privacy Policy governing the services offered by ISEOUS.

At ISEOUS, we are committed to safeguarding your personal data against unauthorized access, misuse, and disclosure by implementing appropriate technical and organizational security measures, proportionate to the sensitivity and nature of the data being processed.

We retain your information:

• To ensure continuity and quality of services;
• For support and operational communication;
• To detect, investigate, and prevent fraud or other unlawful activities; and
• To comply with applicable legal and regulatory obligations.

Your data is retained only for as long as necessary to fulfil the purposes outlined above, including statutory retention requirements.

Our mobile application requires certain permissions to function effectively and provide you with our services. Below are the specific permissions we request and how the collected data is used:

The key data collected from each permission granted in the device and how this data is used is further detailed below:

We may read the headers of all SMS to check the type of sender. We only read the indicative SMS content from 6-digit alpha numerical number for verification purposes.

Pertinent information such as sender names, SMS content, received timestamps are periodically collected for the purpose of provision of financial and allied services and the data is transmitted to third parties. This information may be securely transmitted to our Partner NBFC (Grow Money Capital Private Limited) and authorized service providers, only for the purposes described below.

It is important to note that we do not read or analyze personal or OTP messages, except OTP messages sent by us, which are linked to our purpose of use during lifetime of the app installed. This data may be used to verify financial statistics such as income, spending patterns which help us in the credit evaluation and may help us in facilitating higher limits, faster approval rates and for fraud detection & prevention.

With your explicit consent, our app may collect metadata about installed and system applications on your device. This information is securely processed through our trusted technology partner, Credeau (www.credeau.com), which provides device-intelligence services to our Partner NBFC, Grow Money Capital Private Limited.

This data is used strictly for:

• Detecting potential fraud (e.g., presence of VPNs, gambling, or other high-risk apps)
• Supporting identity verification and credit risk assessment
• Helping the NBFC offer faster credit approvals and more suitable credit limits

Important safeguards:

• Only app metadata (name, package, version, install/update time, installer source) is collected.
• No personal app usage data, messages, files, or content are accessed.
• The data is not shared or sold for advertising or marketing.
• Data is stored and processed only in India, in compliance with RBI Digital Lending Directions 2025 and the Digital Personal Data Protection Act, 2023.

With your explicit consent, our app may request one-time access to your device location. This is used strictly to:

• Determine serviceability of your loan application
• Reduce risk associated with loan processing
• Provide pre-approved or customized loan offers
• Support address verification, better credit risk assessment, and Know Your Customer (KYC) compliance

We do not continuously track your location. Location access is temporary and limited to the purposes stated above.

With your consent, our app may collect limited device-related information to enhance security and prevent fraud. This may include:

• Device model
• Operating system version
• Available RAM and storage

We do not collect permanently identifiable device identifiers (such as IMEI, serial number, or MAC address), in full compliance with Google Play policies, RBI Digital Lending Directions 2025, and the Digital Personal Data Protection Act, 2023.

Our app may request Phone State permission only with your explicit consent. This is strictly for:

• Verifying that the device has an active SIM and valid network connection at the time of onboarding and disbursement
• Ensuring the transaction is carried out by the rightful customer and preventing spoofing/fraud

We do not use this permission for call logs, contacts, or any unrelated purposes. All access is carried out in line with RBI Digital Lending Framework and applicable Indian privacy laws.

What is collected: Camera access is required for completing eKYC. This allows you to scan or capture identification details and documents digitally, making the process faster and reducing manual errors.

How it is used: The captured data is used to complete your eKYC verification, validate your identity, and confirm loan eligibility as per regulatory standards. We do not collect or store biometric data.

Digicredit App is hosted in India and We ensure that every data or information that we collect from you is stored in servers located in India and the same is compliance with all the statutory/regulatory obligations.

We display just-in-time consent screens for permissions like SMS, location, phone state, and app list in accordance with Google Play policy.

A user wishing to have their name and related personal data removed from the records of Digi Credit may submit a request via the Digi Credit mobile application. Upon receipt, Digi Credit shall, subject to applicable laws, rules, regulations, and directions issued by competent regulatory or supervisory authorities (as amended from time to time), process the request to modify, delete, or anonymize the relevant data. Once the deletion or modification is completed, confirmation will be provided through the user's preferred mode of communication (e.g., email or call). Please note, deletion of such data may result in restricted or complete loss of access to Digi Credit's services.

By accessing or using the Digi Credit platform, you expressly consent to the collection, processing, storage, and sharing of your personal data by ISEOUS (the "Firm"), its affiliates, partners, and authorized third-party service providers for the purpose of delivering the requested products or services, addressing service-related queries, and for the legitimate purposes outlined under Sections 2 and 3 of this Privacy Policy.

You authorize the Firm and its partners to contact you via email, phone call, SMS, or any other means for service delivery, customer support, marketing of products or services, promotional offers, or updates—even if you are registered under Do Not Disturb (DND), Do Not Call (DNC), or the National Customer Preference Register (NCPR), to the extent permitted under applicable law.

You also confirm that you either own the information you have provided or have obtained necessary authorization from the owner thereof, and grant the Firm the right to use such information as described in this Privacy Policy. This includes permission to use, license, reproduce, distribute, disclose, and aggregate non-personally identifiable data derived from your use of the platform.

You may revoke the consent at any time via device settings or through in-app privacy controls. Please note that such revocation may affect our ability to provide certain services to you.

Digi Credit, operated by ISEOUS, does not rent, sell, or otherwise disclose your personally identifiable information to third parties, except in the following circumstances:

• With your explicit consent for the specific purpose disclosed.
• With financial institutions, banks, and regulated entities for delivering services or processing your requests.
• To service providers, partners, and affiliates involved in the provision of services through the App or Website.
• To investigate or prevent unlawful activities, suspected fraud, or potential threats to the safety or integrity of the platform.
• Pursuant to legal or regulatory obligations, including compliance with court orders, directions from law enforcement, or other statutory authorities.
• To enforce contractual obligations or defend legal rights in connection with the services availed through the platform.

All such sharing shall be in accordance with applicable laws, and the recipients of such information shall be bound by appropriate confidentiality and data protection obligations.

Digi Credit, operated by ISEOUS, implements robust data security and safety measures in line with industry best practices. In the unlikely event of a data breach, Digi Credit shall promptly invoke its internal Incident Response Protocol to contain, investigate, and mitigate any risks arising from such breach. Where required under applicable laws or regulatory guidelines, Digi Credit shall notify affected users and the appropriate authorities within the prescribed timelines, providing relevant details and updates to ensure transparency and user protection.

Digi Credit, operated by ISEOUS, may engage various third parties in connection with the App or for rendering the Services. Please note that once you interact with or are redirected to any third-party platform, application, or service, this Privacy Policy shall cease to apply, and Digi Credit shall not be responsible for the privacy practices or content of such third parties.

Third-party service providers (such as financial institutions, co-lending partners, credit bureaus, payment gateways, or account aggregators) may access your data strictly for purposes connected with the Services. Where applicable, we ensure that such entities are contractually bound to maintain the confidentiality and integrity of your data and to use it solely in accordance with applicable laws and for the purposes consented to by you.

However, such third parties may have their own privacy policies and may operate under different legal frameworks and jurisdictions. We recommend that you review their respective privacy policies to understand how your personal data will be processed.

Please be aware that if you proceed with a transaction involving such third-party services, your data may be governed by the laws of the jurisdiction in which such third parties or their infrastructure are located. Once you leave the Digi Credit App or Website, you will be governed by the terms and privacy policies of the respective third-party platform, and Digi Credit and ISEOUS disclaims any liability for their acts or omissions.

For your convenience, a list of third parties engaged by Digi Credit in connection with the Services is made available [at this link], which is updated periodically.

In the event that any Personal Information provided by you is inaccurate, incomplete, or outdated, you shall have the right to submit the updated, complete, and correct information to Digi Credit, operated by ISEOUS, for rectification.

Upon receiving such a request, Digi Credit will undertake reasonable steps to verify the updated information and, upon successful verification, update the same in its records within a reasonable period, in accordance with applicable laws and internal policies.

In cases where modification of Personal Information is sought, Users may be required to furnish valid supporting documents evidencing the change (e.g., government-issued identification, utility bills, or employer letters) to enable proper verification by Digi Credit.

We encourage you to ensure that your information remains accurate and current at all times to avoid any disruption in the provision of Services. Digi Credit shall not be held liable for any consequences arising due to inaccurate or outdated data provided by the User.

Digi Credit, operated by ISEOUS, reserves the right to amend, modify, or update this Privacy Policy at any time, to reflect changes in legal, regulatory, or operational requirements, or based on legitimate business purposes.

Any material changes to this Privacy Policy will be notified to you through one or more of the following means:

• A notice displayed on the Digi Credit website or mobile application;
• An email sent to your registered email address associated with your account.

You are encouraged to periodically review this Privacy Policy to stay informed about how your information is protected and used. Continued use of our Services after such changes shall constitute your acceptance of the revised Privacy Policy.

In case you do not agree with the changes, you may choose to discontinue use of the Services in accordance with the terms herein.

This Privacy Policy is deemed to be an integral part of, and is hereby incorporated by reference into, the Terms of Use ("Terms") and any other specific terms or agreements that govern your use of the Digi Credit website, mobile application, and associated services ("Services").

By accessing or using the Services, you acknowledge that you have read, understood, and agreed to be bound by both this Privacy Policy and the Terms of Use, as amended from time to time.

For any queries, concerns, or requests relating to this Privacy Policy or the handling of your personal information, you may contact us at:

Registered Office:
ISEOUS
211, New Delhi House, 27 Barakhamba Road, Delhi–110 001

We are committed to addressing your concerns in a timely and responsible manner, in accordance with applicable laws and internal grievance redressal protocols.