Privacy Policy

At axio, we empower individuals with financial freedom and confidence. Our mission is to simplify how you manage, borrow, and spend money through innovative solutions tailored to your needs.

Privacy Policy
Collection of Information
Usage of Information
Non-Disclosure of Information
Cookies
Web Beacons
Referrals
Links to Third Parties
Social Media Widgets
Editing Customer Information
Data Retention
Changes to Privacy Policy
Severability
No Waiver
Governing Law or Dispute Resolution
Foreign Jurisdiction
Contact & Grievance Redressal
Employee Data Privacy Policy

1. GENERAL INFORMATION

This Privacy Policy (“Privacy Policy”) is being formulated upon receiving approval from the Board of Directors of CapFloat Financial Services Limited (hereinafter referred to as “CapFloat” or “us” or “we” or “our”). CapFloat committed to safeguard the privacy and security of Personal Data (defined below) collected and processed by CapFloat of its Users (defined below). This Privacy Policy explains our policy regarding the collection, use, disclosure and transfer of your Data by CapFloat.

In the course of using Platform (defined below) or availing the Services, CapFloat may become privy to Personal Data of its Users, including Data that is of a sensitive / confidential nature. CapFloat is strongly committed to protecting the privacy of all stakeholders and all stakeholder data and has necessary and reasonable measures in place to protect the confidentiality of all such Data. By availing our Services, Users are accepting the practices described here as part of the Privacy Policy.

This Privacy Policy sets out the types of Personal Data CapFloat collects from User through Platform, as well as the way in which CapFloat collects, uses, discloses, transfers to its Lending Service Providers (defined below), Technology Service Providers (defined below), third parties, store and protect User’s Personal Data. This Privacy Policy also identifies the rights and options available to User with respect to their Personal Data and the manner in which User may reach out to CapFloat should User have any concerns or queries regarding this Privacy Policy.

CapFloat is committed to protect your Personal Data through Reasonable Security Practices and Procedures (defined below) in accordance with Applicable Laws (defined below). Should User choose to not provide CapFloat with the requested Personal Data, CapFloat may be unable to offer User its Services (defined below).

Users are advised to carefully read the Privacy Policy before availing our Services through the Platform of any of our Partners or any other channels for communicating with CapFloat or sharing Data (defined below) (including any Personal Data) with CapFloat or its Partners in relation to our Services. CapFloat shall not be liable / responsible for any breach of privacy owing to the User’s negligence. Please note that the Partner’s Platforms and other digital platforms through which we may provide our Services may contain links to third party applications / digital platforms which are provided for your convenience. CapFloat is only responsible for the privacy practices and security of your Data processed in relation to our Services and recommends that Users check the privacy and security policies and procedures of each and every other application / digital platform that User visits.

2. DEFINITIONS

All capitalised terms used herein shall have the meanings as defined herein.

a. Applicable Laws means all provisions of laws, statutes, ordinances, rules, regulations, permits, certificates, judgments, decisions, decrees or orders of any     governmental authority applicable to a Person and includes the Digital Personal Data Protection Act 2023 (as applicable); Guidelines on Digital Lending 2022; Reserve     Bank of India (Know Your Customer (KYC)) Directions 2016; Information Technology Act 2000; Information Technology (Reasonable Security Practices and Procedures     and Sensitive Personal Data or Information) Rules 2011; and Credit Information Companies Act 2005 (“CIC Act”) read with the Credit Information Companies Rules     2006; each as amended from time to time.

b. Body Corporate means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities.

c. Co-lending Partner means such RE (defined below) providing loans in partnership with CapFloat pursuant to its contractual agreements with us.

d. Cookies means a small file placed on your device by our Partner’s Platform(s) when you either visit or use certain features of the Platform, which allows it to remember     your actions or preference for a certain period of time.

e. Data means and includes a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized    manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including) computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

f. DLA means digital lending applications / platforms which are mobile and web-based applications with user interface that facilitate digital lending services which     include applications under direct control and management of CapFloat as well as those operated by LSPs (defined below) engaged by CapFloat (defined below) for extending any credit facilitation services in conformity with extant outsourcing guidelines issued by the Reserve Bank of India.

g. KYC shall mean Know Your Customer.

h. Lending Service Providers or LSP means a lending service provider which acts as an agent of CapFloat who carries out one or more of CapFloat’s functions or part   thereof in customer acquisition, underwriting support, pricing support, servicing, monitoring, recovery of specific loan or loan portfolio on behalf of CapFloat in conformity with extant outsourcing guidelines issued by the Reserve Bank of India.

i. Partners means select third parties with whom CapFloat may have contracts for the businesses (including LSPs, DLAs, TSPs, etc.) and facilitating the Services    described in this Privacy Policy.

j. Person shall mean any natural person, company, corporation, partnership, proprietorship, trust, union, association, government or any agency thereof or any other     entity that may be treated as a person under Applicable Law.

k. Personal Data means any information that belongs to or relates to a natural person which, either directly or indirectly, in combination with other information available or    likely to be available with a Body Corporate, is capable of identifying such person.

l. Platform means the website, mobile application, any other platform owned and operated by CapFloat or its Partners through which Users avail our Services.

m. RBI shall mean the Reserve Bank of India.

n. Reasonable Security Practices and Procedures means security practices and procedures designed to protect Data (including Personal Data) from unauthorized     access,     damage, use, modification, disclosure or impairment, and as adopted by CapFloat as may be required under Applicable Laws.

o. Regulated Entities or REs means all commercial banks, primary (urban) co-operative banks, state co-operative banks, district central co-operative banks; and non-    banking financial companies (including housing finance companies).

p. Services shall mean provision of loans in the nature of buy-now-pay-later loans, personal loans, consumer durable loans, and such other loan facilities offered by     CapFloat, personal finance management and expense tracking services, and such other services that CapFloat may offer to the Users from time to time, through the Platform(s) or any other channel.

q. Technology Service Providers or TSPs shall mean an entity providing technological aid and services to enable functioning of the Platform.

r.  User or You shall mean any natural or legal person who avails the Services or accesses or uses the Platform in relation to the Services and in the event that a natural     person is representing a business entity or a Body Corporate, reference to such terms shall include a reference to such business entity and / or Body Corporate as well and other promoters of such business entity and / or Body Corporate. All references to “you” shall include yourself and any other persons you are authorised to and     required to provide consent for.

3. COLLECTION OF INFORMATION

What Data is collected?

During the use of the Platform for availing our Services, CapFloat may collect and process such information from the Users, including but not limited to the below mentioned:

a. Information that the Users provide to CapFloat by filling in forms on the Platform for availing the Services. This includes contact information such as name, email     address, mailing address, phone number, financial information, if any, unique identifiers such as username, account number, password and preferences information     such as favourites lists, and transaction history and any Data provided by the User at the time of registration / application for the Services offered by CapFloat directly     or through its Partners;

b. KYC Data. KYC information such as government-issued officially valid documents such as PAN card, voter ID, Goods and Services Tax (“GST”) details, and ration card,     voter identification card, Aadhaar card, driver’s license, Udyam information, etc. and any other document prescribed under Applicable Laws from time to time. This     data is only collected if you opt for a loan through our Platform. These accesses are for the purpose of on-boarding / KYC requirements and are only used on a need to     use / know basis.

c. Location data. Location data taken for on-boarding or KYC is taken for limited period and on a one-time basis by either us or our Partners, solely for the purpose of     undertaking KYC. However, the User may explicitly provide us location data for longer periods for specific use cases which is explicitly communicated to the User for     any other purpose and for which prior consent of the User has been taken.

d. Aadhaar data. CapFloat may also collect your Aadhaar number for verifying, authenticating and / or updating your Aadhaar number in accordance with the Aadhaar     (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 solely for the purpose of facilitation of loan to you. Collection of your Aadhaar details is not a mandatory requirement for availing our Services unless required under any Applicable Law. CapFloat ensures that your Aadhaar number shall be     disclosed only with your consent, and in a manner specified under Applicable Law.

e. Transaction Data. Information related to transactions that occur through the Platform or are related to the Services. For instance, it may include Services you’ve      requested or confirmed through the Platform.

f.  Financial Data. Financial information such as credit history, income information, loan application and payment details, bank account information, income tax returns     information, salaries, bank statements, etc. This data is collected for the purpose of establishing your creditworthiness and underwriting for providing our Services.

g. Information from regulated third-parties. With your express consent, CapFloat collects information from credit information companies and Central Registry of     Securitisation Asset Reconstruction and Security Interest of India (“CERSAI”) to help CapFloat with User due diligence and underwriting as part of provision of     Services.

h. Marketing related Data. We may collect information such as preferences regarding marketing messages from CapFloat and third parties, as well as your     communication preferences. CapFloat may use third-party advertising companies to serve advertisements when you visit the Platform(s). These companies may use     information about your usage preferences and about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. In the event you chose to interact with their advertisements and are redirected to their websites, you will be complying with their respective terms and conditions. CapFloat will not be responsible for product and services of such websites and is also not responsible for their privacy practices, as CapFloat does not own, manage or control such websites.

i.  Communication and User engagement Data. We may collect the following Data from you in relation to your communication with CapFloat:

    (i)  Information that the Users provide when the Users write directly to CapFloat (including by way of e-mail) or           other electronic communication, including for raising any grievances;

    (ii) Information that the Users provide to CapFloat over telephone. CapFloat may make and keep a record of the            information shared by the Users with CapFloat;

    (iii) Information that the Users provide to CapFloat by completing surveys or any other User engagement            campaigns run by CapFloat directly or through the Partners;

j. Data received from Partners. Information received from LSPs, DLAs, TSPs, and third parties on Users, including their Personal Data, relating to KYC, eligibility for the    Services, past repayment history, credit modelling, purchase patterns, etc.;

k. Account Aggregator Data. Information received from account aggregators in encrypted form and the subsequent decrypted output generated by CapFloat directly or     through any of its Partners. Such data is strictly confidential and the Partners, if any, assisting in processing / decrypting such data do not store such data and are data blind, i.e. have no direct visibility on the data received from account aggregators.

l.  Usage logs. Information relating to logs is automatically reported by the Platform / User’s browser each time the User accesses the Platform / web page. When the     User uses the Platform to avail the Services, CapFloat’s servers automatically record certain information. These server logs may include information such as the User’s     web request, Internet Protocol (IP) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other     such information. CapFloat uses this information, which does not identify Users, to analyse trends, to administer the Services on the Platform, to track Users' movements around the Platform / websites and to gather demographic information about the User base as a whole.

m. Other Data provided by the Users or processed as m. part of providing the Services. Information which may be processed as part of underwriting, debt collection, operations, compliance requirements and User grievance redressal or provided by the User for any specific purpose.

This Privacy Policy shall also apply to Data provided by employees, consultants and suppliers engaged by the Company. Information provided by the employees of the Company in the course of their employment including their name, address, Aadhaar Data, bank account details, and such other information as may be provided by the employee voluntarily may be used for the purpose of personnel management, administration, payroll processing, development and training, provision of employment benefits, access to Company’s premises, implementation of our policies, for the purpose of any legal proceedings and for day-to-day business operations of the Company. Any Data provided by consultants or suppliers in the course of provision of their services, may be used by the Company for onboarding such consultants or suppliers, processing payments, granting access to Company’s premises where required and such other purposes as may be agreed between the consultants/suppliers and the Company in the contracts executed by them.    

Specific disclaimers with respect to information collected.

a. CapFloat may supplement the information that you provide, with other information that CapFloat obtains from our dealings with you or which CapFloat receives from     other organizations, for example, our Partners and other third parties.

b. You are requested to provide CapFloat with accurate and complete Personal Data in order to avail our Services. CapFloat requests that any change to your Personal Data be communicated to CapFloat, for CapFloat to service you better.

c. Any reviews, comments, messages, blogs posted / uploaded / conveyed / communicated by Users on the public sections of any of the Platform(s) or other public fora becomes published content and is not considered Personal Data and is not subjected to this Privacy Policy.

d. In case User chooses to decline to submit Personal Data on the Platform as part of applying for or availing the Services, CapFloat may not be able to provide certain Services to the User. Reasonable efforts shall be made to notify the User of the same at the appropriate time. However, CapFloat will not be liable and or responsible for the denial of certain Services to the User or lack of providing the necessary information.

e. CapFloat may reference other sources of demographic and other information in order to provide Users with more targeted communications and promotions. CapFloat     uses Google Analytics, among others, to track User behaviour on the Platform(s). Google Analytics specifically has been enabled to support display of advertisements to help CapFloat gain an understanding of our User’s demographics and interests. The reports are anonymous and cannot be associated with any User associated     Personal Data that the User may have shared with CapFloat. You can opt-out of Google Analytics for display advertising and customize Google Display Network ads     using the Ads Settings options provided by Google.

f. By using the Platform for availing the Services and / or by providing the above information to CapFloat, the User consents to the collection, sharing, disclosure and    usage of the information by CapFloat in accordance with this Privacy Policy, other than for specific information that is collected and used based on User’s explicit    consent as outlined in this Privacy Policy. This Privacy Policy shall be disclosed to you while you apply for any of the Services or when we initiate processing of any of    your Personal Data, along with appropriate requisite consent requests for collection of your Personal Data in relation to the Services.

g. CapFloat including its employees, contractors and suppliers may also provide Personal Data through various channels including but not limited to documentation,     communication, electronic communication, contracts, agreements, and use of Services. This Privacy Policy is applicable to all such information collected by CapFloat. The reference to “User” shall also include employees, contractors and suppliers to the extent relevant and applicable.

4. USAGE OF INFORMATION

Access to Personal Data is strictly restricted and shared in accordance with certain specific internal procedures and safeguards that govern access.

CapFloat may use the User’s Personal Data in the following ways, viz:

a. Monitor, improve and administer the Services on the Platform(s) and improve the quality of Services;

b. Analyse how the Platform is used in relation to the Services, diagnose service or technical problems, maintain security;

c. Remember information to help the User effectively access the Services and raise any grievances or service the loans availed by the Users;

d. Monitor aggregate metrics such as total number of views, visitors, traffic and demographic patterns on the Platform(s) where the Services are hosted;

e. Establishing and verifying User’s identity for KYC purposes, in relation to our Services, including but not limited to ourselves as well as our LSPs, DLAs, and other third     parties.

f. To notify the User about changes to the Services or terms of the Services already availed by the User;

g. To disclose the information under special circumstances such as compliance with the applicable local law, court summons, court orders, requests / order from legal     authorities or law enforcement agencies requiring such disclosure;

h. To help the User apply for certain Services.

i. For the purpose of sending administrative notices, Services related alerts and other similar communication with a view to optimising the efficiency of the Platform.

j. Doing market research, troubleshooting, protection against error, project planning, fraud and other criminal activity.

k. To reinforce CapFloat’s agreement(s) or other loan documentations with the Users in relation to any of the Services.

l. For establishing identification and to fulfil other KYC requirements before beginning the account-based transaction.

m. To provide Users with the right kind of Services.

n. To fulfil internal checks and other risk parameters.

o. To safeguard the interest of the business, credit worthiness check, and to ensure compliance with laws including credit reporting.

p. To maintain effective communication on the Services availed by the User including but not limited to the transaction information, updates / changes to the Services,     assistance for the Users, grievance redressal, etc.

q. For marketing purpose, especially to promote the Services of CapFloat and to notify about new Services for the User. CapFloat may also use the User’s phone number,     email address or other Personal Data to send commercial or marketing messages with an option to subscribe / unsubscribe (where feasible). CapFloat may, however,     use the User’s email address and phone number for non-marketing or administrative purposes (such as notifying you of major changes, for User service purposes,     collection and recovery of loans, etc.).

r. CapFloat may contact the Users from time to time about updating of Personal Data to provide such features that CapFloat believe may benefit / interest the Users, or    are necessary to maintain the existing availed Services, or for collections or recovery of loans.

s. CapFloat may share information related to User spends, patterns and User Data tracked by it only in the form of aggregated statistics on data such as User spends by     category, date, time, bank balances, etc. with their Partners to facilitate its Services.

t. CapFloat may share such information related to the User in case of direct assignments, securitisation, merger, acquisition or divestment as highlighted in Para 5(d)     below,

u. CapFloat may share the information in connection with assignment or transfer of part or all of the business or assets, including with acquirers or potential acquirers      and their advisors, for the purpose of diligence.

v. For conducting background verification and for other purposes in relation to employment or the business of the Company where the User is an employee, contractor or     supplier.

5. NON-DISCLOSURE OF INFORMATION

CapFloat shall not sell or rent Users’ Personal Data to anyone and will protect and maintain the confidentiality of the same. CapFloat may share Personal Data of its Users with its group companies in relation to offering of Services to the User, or for the purposes of the engagement subject to Applicable Laws. Confidentiality of User Data shall be maintained at all times except in the following circumstances:

a. CapFloat may disclose Users’ Data to governmental and other statutory bodies who have appropriate authorisation to access the same for any specific legal purposes.

b. CapFloat may disclose Users’ Data if it is under a duty to do so in order to comply with any legal obligation, or in order to enforce or apply the loan agreement(s) or    other documentation(s) agreed by the User as part of availing the Services, or to protect the rights, property or safety of CapFloat, its Users or others. This includes    exchanging information with other companies / agencies that work for fraud prevention and credit reference.

c. CapFloat may disclose Users’ Data to its agents under a strict code of confidentiality, where such sharing is required or permitted as per statutory or regulatory     requirements.

d. CapFloat may disclose Users’ Data to such third parties to whom it transfers whole or part of its rights and duties under the loan agreement(s) and other     documentation(s) entered into with the Users, such as Co-lending Partners. In such an event, the said third parties’ use of the information will be subject to such     confidentiality obligations as contained in this Privacy Policy. Users may be subject to the Co-lending Partners’ privacy policy in addition to this Privacy Policy if the     Services availed by the User entails loans sanctioned by CapFloat along with the Co-Lending Partner. Wherever applicable, the Users will be provided with the Co-    Lender’s privacy policy as well as part of availing the Services through the Platform. List of Co-Lending Partners of CapFloat is available on the link here.

e. CapFloat may disclose Users’ information to any member of its related or group companies including its subsidiaries, its ultimate holding company and its subsidiaries     for data processing under strict confidentiality measures, as the case may be, subject to Applicable Laws and as required for the purposes of providing the Services.

f. In the event that CapFloat sells or buys any business or assets, it may disclose the Users’ information to the prospective seller or buyer of such business or assets.    User, email and visitor information is generally one of the transferred business assets in these types of transactions. CapFloat may also transfer or assign such    information in the course of corporate divestitures, mergers or dissolution.

List of third parties with whom Users’ information is shared as per the circumstances specified above is listed here

6. SECURITY AND STORAGE OF INFORMATION

CapFloat shall store the User’s Personal Data for the later of (i) the duration for which the User is availing the Services, (ii) till any account-based relationship between the User and CapFloat subsists, or (iii) the duration for which CapFloat is mandated to retain Personal Data of the User under any Applicable Laws, including KYC related guidelines issued by the Reserve Bank of India and any anti-money laundering related laws in India.

CapFloat is committed to safeguarding the privacy, security, and integrity of Data collected, processed, and stored as part of providing the Services by adopting Reasonable Security Practices and Procedures. This section outlines the measures implemented by CapFloat to ensure the confidentiality and protection of User’s Data in accordance with Applicable Laws. By accessing and using the Platform to avail our Services and accepting this Privacy Policy, Users acknowledge and consent to the practices detailed herein regarding data storage, security protocols, encryption standards, and disclosure policies. CapFloat continuously endeavours to uphold industry best practices to prevent unauthorised access, misuse, or breach of User data while maintaining transparency in its data handling procedures.

a. All consent obtained from the Users availing the Services offered on the Platform are maintained by CapFloat in a clear and auditable manner.

b. CapFloat has established and implemented internal policies and procedures to ensure appropriate access controls with respect to data stored on its servers. It     ensures that Data stored is appropriately controlled and restricted.

c. CapFloat takes the security of its User’s Data and information very seriously. CapFloat protects the User’s information at rest and in-flight using bank-level data     security: at least 256 bit-encryption and Transport Layer Security (SSL where applicable). This creates an encrypted connection between the User’s device and     Platform. All information remains encrypted at all times.

d. If the User allows CapFloat to see its banking information online rather than in paper form, it is on a read-only basis. CapFloat does not have access to change, edit, or modify bank account information in any manner whatsoever. CapFloat cannot view the User’s banking username and passwords, and the same is securely stored in separate encrypted areas with its financial services providers.

e.  All information gathered and provided to CapFloat through the Platform is encrypted and securely stored within the controlled databases on its secure servers within     India. Access to the servers is password-protected and is strictly limited.

f. If enabled from the Platform, CapFloat takes a backup of User’s data on our cloud database. This is done for the purpose of enabling Users to get their data back in case their device’s data becomes unusable, if the device is lost, or the User moves to a new device.

g. CapFloat does not collect or store any biometric data in our systems or servers, and all limited and specific use of biometric data in any CapFloat Services is as per regulations and extant statutory guidelines only.

h. CapFloat ensures that its Partners do not store Personal Data of Users except some basic minimal data (viz., name, address, contact details of the User, etc.) that may be required to carry out their operations.

i. CapFloat has implemented clear policy guidelines regarding the storage of User data including the type of data that can be stored, the length of time for which data    can be stored, restrictions on the use of data, data destruction protocol, standards for handling security breach, etc. The same has been disclosed to CapFloat’s Partners and made publicly available on its Platform at all times.

j. CapFloat ensures that no biometric data, obtained with respect to Services, is stored / collected in the systems associated with its Partners, unless allowed under extant statutory guidelines.

k. CapFloat uses commercially reasonable safeguards to preserve the integrity and security of the Users’ information against loss, theft, unauthorised access, disclosure, reproduction, use or amendment.

l. The information that is collected from the Users may be stored at a destination inside India. By submitting information on the Platform in relation to the Services, the    Users agree to this transfer, storing and / or processing. CapFloat will take such steps as it considers reasonably necessary to ensure that the Users’ information is treated securely and in accordance with the Privacy Policy.

m. In using the Platform in relation to the Services, the Users accept the inherent security implications of data transmission over the internet. Therefore, the use of the Platform will be at the own risk of the Users.

n. CapFloat assumes no liability for any disclosure of User’s Data due to errors in transmission, unauthorised third-party access or other acts of third parties, or acts or omissions beyond its reasonable control and the User agrees not to hold CapFloat responsible for any breach of security unless such breach has been caused as a direct result of gross negligence or wilful default by CapFloat.

o. In the event CapFloat becomes aware of any breach of the security of the Users’ Data, it will promptly notify the Users and take appropriate action to the best of its ability to remedy such a breach as required under Applicable Laws.

p. Upon User’s written request sent at the email IDs set out below, to the effect of requesting CapFloat to delete all User related Personal Data, CapFloat will undertake all reasonable actions, legally mandated as per Applicable Laws, to delete and no longer store such Personal Data. CapFloat shall also ensure that upon such deletion requests from the Users, CapFloat shall mandate and ensure that the Partners also delete such Data in their possession in relation to the Services. However, the User must note that by previously consenting to the sharing of the Personal Data with third parties for their independent services, the User has made itself aware that CapFloat may not be able to enforce such deletion request upon such varied third parties and is not responsible nor liable for the deletion of your Personal Data by such third parties providing their independent services.

7. COOKIES AND WEB BEACONS

CapFloat collects certain Data from the User’s browser / Platforms using small data files called “cookies”, deployed by CapFloat or by the Partners. CapFloat uses session ID cookies to confirm that Users are logged in.

CapFloat encodes its cookies so that only CapFloat can interpret the Data stored in them. The User may remove or block this cookie using the User’s browser settings to disable the feature. CapFloat also stores transaction history. CapFloat may collect additional Data in ways not specifically described herein. For example, CapFloat may track information related to interactions with User Services or responses from surveys or other feedback tools. CapFloat uses this information to continually improve the Services provided to the User.

CapFloat’s Privacy Policy does not cover the use of cookies by its Partners. CapFloat does not have access or control over these cookies. CapFloat’s Partners may use session ID cookies to provide a custom User experience and to track the success of CapFloat’s partnership with them.

Certain web pages of the Platform contain electronic images known as “web beacons” (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyse how the Platform is used for availing the Services. Web beacons may also be used in some of CapFloat’s emails so as to know which emails and links recipients have opened, allowing it to gauge the effectiveness of its communications and marketing campaigns.

8. THIRD PARTY WEBSITES

The Platform(s) may contain pages of the Partners itself or may include links to other websites whose privacy practices may differ from those of CapFloat. CapFloat does not endorse, and is not responsible for the privacy practices adopted by the Partners, and the inclusion of a link on the Platform by the Partners or CapFloat does not imply any endorsement by CapFloat of the third party website, the website’s provider, or the information on the third party website. If the Users submit Personal Data to any of those websites or to the Partners, such information is governed by the privacy policies of such third party websites or Partners respectively, and CapFloat disclaims all responsibility or liability with respect to these policies or the websites. The Users are encouraged to carefully read the privacy policy of the Platform and any website that they visit.

9. OPTING OUT OR EDITING USER INFORMATION

When Users use the Platform, we make efforts in good faith to provide Users, as and when requested by Users, with access to their respective Personal Data, and shall further ensure that any User’s Personal Data or information found to be inaccurate or deficient shall be corrected or amended as feasible, subject to any requirement for such Personal Data to be retained by law or for legitimate business purposes.

Users may request opting out of email communications, User’s Personal Data deletion, erasure or correction and revocation of their consent previously granted by reaching out to use at  ask@axio.co.in. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests for which access is not otherwise required, or where retention of such User’s Personal Data by CapFloat may be permitted under applicable Data Protection Laws.

In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Because of the way we maintain certain services, after Users delete their information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.

Effecting any requests for deletion of the User’s Personal Data or revocation of any consents for processing of the User’s Personal Data may affect the Services and may even lead to discontinuation of Services if such processing of the User’s Personal Data is critical to provision of such Services.

10. DATA RETENTION AND DELETION

All User information will be retained for as long as the User account is active or as needed to provide Services to the User, and CapFloat may retain User information for a longer period where permissible under applicable law, unless specifically requested by the User to delete the information as detailed below. This also enables returning Users to take advantage of backup of data and restore features where applicable.

If the User wishes to cancel its account, or revoke its previously granted consent for processing of their Personal Data, or requests that CapFloat no longer uses its Data to provide Services, the User may contact CapFloat at ask@axio.co.in.

However, CapFloat will retain and use User information as necessary to comply with its legal obligations, resolve disputes, enforce its agreements or for other business purposes, and for fraud / Anti Money Laundering (AML) / name screening and prevention purposes and to protect CapFloat’s legal rights and compliance with CapFloat’s legal obligations, in a manner prescribed under CapFloat’s board approved KYC policy.

11. CHANGES TO PRIVACY POLICY

CapFloat may change the Privacy Policy from time to time and post the updated version of the same on the relevant Platform(s) and on CapFloat’s / Partner website(s). CapFloat may e-mail periodic reminders of the Privacy Policy, unless User have instructed CapFloat not to.

The updated version of CapFloat’s terms will be effective as soon as they are accessible, and the User will be provided with notice of the updated Privacy Policy through email, and the Users shall be deemed to have accepted the terms of the updated Privacy Policy immediately, unless specifically rejected by the User. However, rejection of the Privacy Policy may lead to discontinuation of the Services if the updated Privacy Policy is crucial in delivery of the Services. CapFloat encourages Users to access the Privacy Policy frequently to stay informed about how CapFloat uses Personal Data.

12. INCORPORATION OF PRIVACY POLICY TO LOAN DOCUMENTS

This Privacy Policy is incorporated to the loan documents and other documentation(s) in relation to the Services availed by the Users.

13. SEVERABILITY

CapFloat has made every effort to ensure that Privacy Policy adheres with the Applicable Laws. The invalidity or unenforceability of any part of this Privacy Policy shall not prejudice or affect the validity or enforceability of the remainder of Privacy Policy.

14. WAIVER

The rights and remedies available under Privacy Policy may be exercised as often as necessary and are cumulative and not exclusive of rights or remedies provided by law. It may be waived only in writing. Delay in exercising or non-exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.

15. GOVERNING LAW AND DISPUTE RESOLUTION

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India and subject to the provisions of arbitration set out herein, the courts at Bangalore shall have exclusive jurisdiction in relation to any disputes arising out of or in connection with Privacy Policy.

If any dispute arises between CapFloat and the User in connection with or arising out of the validity, interpretation, implementation or alleged breach of any provision of the Privacy Policy, such dispute shall be referred to and finally resolved by arbitration in accordance with the Indian Arbitration and Conciliation Act, 1996 for the time being in force, which rules are deemed to be incorporated by reference in this clause.

There shall be one (1) arbitrator appointed mutually by CapFloat and the User, and the seat of the arbitration shall be Bangalore, India. The language of the arbitration proceedings and of all written decisions and correspondence relating to the arbitration shall be English.

16. CONTACT AND GRIEVANCE REDRESSAL

If you have any questions about this Privacy Policy or if you believe that your Personal Data is not handled in accordance with the Applicable Laws or this document, then you may contact us at:

Write to the Grievance Department at ask@axio.co.in.

User’s can also contact us by writing to us at axio, Gokaldas Platinum, New No 3 (Old No 211), Upper Palace Orchards, Bellary Road, Sadashiva Nagar, Bengaluru – 560080.

Additional details in relation to our grievance redressal mechanism and contact details of the grievance redressal officer can be found in our grievance redressal policy available at link.

No items found.

Access to personal information is strictly restricted and shared in accordance with certain specific internal procedures and safeguards that govern access. Certain features of the Website or App may be available for use without any need to provide details. Other features of the Website may require Users to provide details including but not limited to the User’s name, address, mobile number, email address, PAN No., employment & income details.

axio never will sell or rent personal information of its Users and stakeholders to anyone, at any time, for any reason. axio may use the User’s personal information in the following ways, viz:

  • Monitor, improve and administer the Website and improve the quality of services;
  • Analyse how the Website or App is used, diagnose service or technical problems, maintain security;
  • Remember information to help the User effectively access the Website or App;
  • Monitor aggregate metrics such as total number of views, visitors, traffic and demographic patterns;
  • To confirm the User’s identity in order to determine its eligibility to use the Website or App and avail of the services;
  • To notify the User about changes to the Website or App;
  • To enable axio to comply with its legal and regulatory obligations;
  • To help the User apply for certain products and services.
  • For the purpose of sending administrative notices, service related alerts and other similar communication with a view to optimising the efficiency of the Website or App.
  • Doing market research, troubleshooting, protection against error, project planning, fraud and other criminal activity.
  • To reinforce axio’s Terms of Use.
  • For establishing Identification and to fulfill other KYC requirements before beginning the account based transaction
  • To provide users with the right kind of products and services
  • To fulfill our internal checks and other risk parameters of the Company.
  • To safeguard the interest of the Business and to ensure compliance with laws including credit reporting.
  • To maintain effective communication on the service availed by the Customer including but not limited to the transaction information, updates/changes to the product, assistance for the Customers etc.
  • For marketing purpose, especially to promote the services of the Company and to notify about the new product/service offerings for the Customer. We may also use the user’s phone number, email address or other personally identifiable information to send commercial or marketing messages without the user’s consent [with an option to subscribe/unsubscribe (where feasible)]. We may, however, use the user’s email address and phone number without further consent for non-marketing or administrative purposes (such as notifying you of major changes, for customer service purposes, providing information about updates to axio App Services, billing, etc.).
  • We may contact the Users from time to time about updation of personal information to provide such features that we believe may benefit/interest the users.
  • axio also present information related to user spends, patterns and user data tracked by the company only in the form of aggregated statistics on data such as user spends by category, date, time, bank balances, etc. within our app/site or to our partners.
  • No personally identifiable data of an individual user such as name, phone number, email address, spends data, card details etc. would be shared with any other User and/or third party – unless explicitly approved by the concerned individual user in order to avail of certain services unless as required to fulfil axio’s legal and regulatory obligations.

axio pledges that it shall not sell or rent Users’ or stakeholders’ personal information to anyone. axio will protect every bit of the Users’ business or personal information and maintain the confidentiality of the same. With this seal of trust, axio makes its services available to the Users for assessment and analysis that include spend analysis, money management, credit and behaviour scoring, market and product analysis.

axio may share your personal information with its group companies in relation to offering of products and services to the User, or for the purposes of the engagement with its stakeholders. Otherwise, axio guarantees that it is going to keep all information confidential except in the following cases:

  • axio may disclose Users’ information to governmental and other statutory bodies who have appropriate authorisation to access the same for any specific legal purposes.
  • axio may disclose Users’ information if it is under a duty to do so in order to comply with any legal obligation, or in order to enforce or apply the Terms of Use (displayed on the Website), or to protect the rights, property or safety of axio, its Users or others. This includes exchanging information with other companies / agencies that work for fraud prevention and credit reference.
  • axio may disclose Users’ information to its agents under a strict code of confidentiality, where such sharing is required or permitted as per statutory or regulatory requirements.
  • axio may disclose Users’ information to such third parties to whom it transfers its rights and duties under the customer agreement entered into with the Users, where such sharing is required or permitted as per statutory or regulatory requirements. In such an event, the said third parties’ use of the information will be subject to such confidentiality obligations as contained in this Policy.
  • axio may disclose Users’ information to any member of its related or group companies including its subsidiaries, its ultimate holding company and its subsidiaries, as the case may be.
  • In the event that axio sells or buys any business or assets, it may disclose the Users’ information to the prospective seller or buyer of such business or assets. User, email and visitor information is generally one of the transferred business assets in these types of transactions. axio may also transfer or assign such information in the course of corporate divestitures, mergers or dissolution.

axio shall ensure that in case of disclosure of whole or part of the User’s information to a service provider or agent, within or outside India, the same shall be bound by obligations of confidentiality at least as strict as axio’s obligations under this Privacy Policy and the information shall be accorded the same level of protection as provided by axio under the terms of this Privacy Policy. axio may store the User’s information in locations outside the direct control of axio (for instance, on servers or databases co-located with hosting providers).

The link to third parties can be found here

axio collects certain information from the User’s browser using small data files called “cookies.” axio uses session ID cookies to confirm that customers are logged in. This type of cookie helps axio recognize a customer if he or she visits multiple pages on the Website during the same session, so that separate passwords are not required to access each page. These cookies terminate once the customer closes the browser. By default, axio uses a persistent cookie that stores customer login ID (but not password) to make it easier for the customer to login when returning to the Website. axio encodes its cookies so that only axio can interpret the information stored in them. The User may remove or block this cookie using the User’s browser settings to disable the feature.

axio also stores transaction history. axio may collect additional information in ways not specifically described herein. For example, axio may track information related to interactions with customer service or responses from surveys or other feedback tools. axio uses this information to continually improve the service provided to the customers.

axio’s Privacy Policy does not cover the use of cookies by its partners and affiliates. axio does not have access or control over these cookies. axio’s partners and affiliates may use session ID cookies to provide a custom user experience and to track the success of axio’s partnership with them.

No items found.
No items found.

The Website includes links to other websites whose privacy practices may differ from those of axio “formerly Capital Float”. The inclusion of a link does not imply any endorsement by axio of the third party website, the website’s provider, or the information on the third party website. If the Users submit personal information to any of those websites, such information is governed by the privacy policies of such third party websites and axio disclaims all responsibility or liability with respect to these policies or the websites. The Users are encouraged to carefully read the privacy policy of any website that they visit.

The Website includes Social Media Features, such as the Facebook “Like” button and Widgets, or interactive mini-programs that run on the Website. These features may collect the Users’ IP address, which page the Users are visiting on the Website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Website. The Users’ interactions with these features are governed by the privacy policy of the company providing it.

When Users use the Website or axio App, we make efforts in good faith to provide Users, as and when requested by Users, with access to their respective personal information, and shall further ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible, subject to any requirement for such personal information or sensitive personal data or information to be retained by law or for legitimate business purposes.

We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical, or for which access is not otherwise required.

In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Because of the way we maintain certain services, after Users delete your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.

To opt out of email correspondence from axio (formerly known as Capital Float) or make a change to (or delete) the User information stored in axio’s records, Users may write to us and Axio will respond to the User’s request within 30 days.

All User information will be retained for as long as the User account is active or as needed to provide services to the User, and axio may retain User information for a longer period unless specifically requested by the user to delete the information as detailed below. This also enables returning users to take advantage of backup of data and restore features where applicable.

If the User wishes to cancel its account or requests that axio formerly Capital Float no longer uses its information to provide services, the User may contact axio at ask@axio.in . Axio will retain and use User information as necessary to comply with its legal obligations, resolve disputes, and enforce its agreements or for other business purposes.

Specific requirements as per Prevention of Money Laundering Amendment Act, 2002 (Prevention of Money laundering Act, 2002 – Obligations of NBFCs in terms of Rules notified thereunder dated November 13, 2009, the NBFC should maintain for at least five years the following:

  • Transaction between the NBFC and the client, all necessary records of transactions, so as to provide, evidence for prosecution of persons involved in criminal activity.
  • Records pertaining to the identification of the customers and their address obtained while opening the account and during the course of business relationship.
  • All complex, unusual large transactions and all unusual patterns of transactions including STR, which have no apparent economic or visible lawful purpose. Such records and related documents should be made available to help auditors to scrutinize the transactions and also to Reserve Bank/other relevant authorities.
  • Adherence to obligations under Rule 3 of the Prevention of Money Laundering (Maintenance of Records)Rules, 2005 – amended from time to time.

In the event axio, the same will be updated on the Website. In case of any material changes to the Policy, the Users will be notified by email (sent to the email address specified in the User’s account) or by means of a notice on this Website prior to the change becoming effective. The Users are encouraged to periodically review this page for the latest information on its privacy practices.

Axio has made every effort to ensure that this Policy adheres with the applicable laws. The invalidity or unenforceability of any part of this Policy shall not prejudice or affect the validity or enforceability of the remainder of this Policy.

The rights and remedies available under this Policy may be exercised as often as necessary and are cumulative and not exclusive of rights or remedies provided by law. It may be waived only in writing. Delay in exercising or non-exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.

This Policy shall be governed by and construed in accordance with the laws of the Republic of India and subject to the provisions of arbitration set out herein, the courts at Bangalore shall have exclusive jurisdiction in relation to any disputes arising out of or in connection with this Policy.

If any dispute arises between axio (formerly known as Capital Float) and the User in connection with or arising out of the validity, interpretation, implementation or alleged breach of any provision of the Policy, such dispute shall be referred to and finally resolved by arbitration in accordance with the Indian Arbitration and Conciliation Act, 1996 for the time being in force, which rules are deemed to be incorporated by reference in this clause.

There shall be one (1) arbitrator and the seat of the arbitration shall be Bangalore, India. The language of the arbitration proceedings and of all written decisions and correspondence relating to the arbitration shall be English.

The Ministry of Electronics and Information Technology (MeitY) operates as the nodal agency for information technology in India.

axio (formerly known as Capital Float) makes no representation that the content contained on the Website is appropriate or to be used or accessed outside of the Republic of India. If the Users use or access the Website from outside the Republic of India, they do so at their own risk and are responsible for compliance with the laws of such jurisdiction.

In the event of User having any grievance relating to the Website or the App, the User may contact our Grievance Department at: ask@axio.co.in.

User’s can also contact us by writing to any of the following addresses:

axio, Gokaldas Platinum, New No 3 (Old No 211), Upper Palace Orchards, Bellary Road, Sadashiva Nagar, Bengaluru – 560080.

Axio Digital Private Limited, 101, Plexus Commercial Complex, Aundh ITI Road, Aundh, Pune – 411007.

1. GENERAL INFORMATION

This Privacy Policy (“Privacy Policy”) is being formulated upon receiving approval from the Board of Directors of CapFloat Financial Services Limited (hereinafter referred to as “CapFloat” or “us” or “we” or “our”). CapFloat committed to safeguard the privacy and security of Personal Data (defined below) collected and processed by CapFloat of its Users (defined below). This Privacy Policy explains our policy regarding the collection, use, disclosure and transfer of your Data by CapFloat.

In the course of using Platform (defined below) or availing the Services, CapFloat may become privy to Personal Data of its Users, including Data that is of a sensitive / confidential nature. CapFloat is strongly committed to protecting the privacy of all stakeholders and all stakeholder data and has necessary and reasonable measures in place to protect the confidentiality of all such Data. By availing our Services, Users are accepting the practices described here as part of the Privacy Policy.

This Privacy Policy sets out the types of Personal Data CapFloat collects from User through Platform, as well as the way in which CapFloat collects, uses, discloses, transfers to its Lending Service Providers (defined below), Technology Service Providers (defined below), third parties, store and protect User’s Personal Data. This Privacy Policy also identifies the rights and options available to User with respect to their Personal Data and the manner in which User may reach out to CapFloat should User have any concerns or queries regarding this Privacy Policy.

CapFloat is committed to protect your Personal Data through Reasonable Security Practices and Procedures (defined below) in accordance with Applicable Laws (defined below). Should User choose to not provide CapFloat with the requested Personal Data, CapFloat may be unable to offer User its Services (defined below).

Users are advised to carefully read the Privacy Policy before availing our Services through the Platform of any of our Partners or any other channels for communicating with CapFloat or sharing Data (defined below) (including any Personal Data) with CapFloat or its Partners in relation to our Services. CapFloat shall not be liable / responsible for any breach of privacy owing to the User’s negligence. Please note that the Partner’s Platforms and other digital platforms through which we may provide our Services may contain links to third party applications / digital platforms which are provided for your convenience. CapFloat is only responsible for the privacy practices and security of your Data processed in relation to our Services and recommends that Users check the privacy and security policies and procedures of each and every other application / digital platform that User visits.

2. DEFINITIONS

All capitalised terms used herein shall have the meanings as defined herein.

a. Applicable Laws means all provisions of laws, statutes, ordinances, rules, regulations, permits, certificates, judgments, decisions, decrees or orders of any     governmental authority applicable to a Person and includes the Digital Personal Data Protection Act 2023 (as applicable); Guidelines on Digital Lending 2022; Reserve     Bank of India (Know Your Customer (KYC)) Directions 2016; Information Technology Act 2000; Information Technology (Reasonable Security Practices and Procedures     and Sensitive Personal Data or Information) Rules 2011; and Credit Information Companies Act 2005 (“CIC Act”) read with the Credit Information Companies Rules     2006; each as amended from time to time.

b. Body Corporate means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities.

c. Co-lending Partner means such RE (defined below) providing loans in partnership with CapFloat pursuant to its contractual agreements with us.

d. Cookies means a small file placed on your device by our Partner’s Platform(s) when you either visit or use certain features of the Platform, which allows it to remember     your actions or preference for a certain period of time.

e. Data means and includes a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized    manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including) computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

f. DLA means digital lending applications / platforms which are mobile and web-based applications with user interface that facilitate digital lending services which     include applications under direct control and management of CapFloat as well as those operated by LSPs (defined below) engaged by CapFloat (defined below) for extending any credit facilitation services in conformity with extant outsourcing guidelines issued by the Reserve Bank of India.

g. KYC shall mean Know Your Customer.

h. Lending Service Providers or LSP means a lending service provider which acts as an agent of CapFloat who carries out one or more of CapFloat’s functions or part   thereof in customer acquisition, underwriting support, pricing support, servicing, monitoring, recovery of specific loan or loan portfolio on behalf of CapFloat in conformity with extant outsourcing guidelines issued by the Reserve Bank of India.

i. Partners means select third parties with whom CapFloat may have contracts for the businesses (including LSPs, DLAs, TSPs, etc.) and facilitating the Services    described in this Privacy Policy.

j. Person shall mean any natural person, company, corporation, partnership, proprietorship, trust, union, association, government or any agency thereof or any other     entity that may be treated as a person under Applicable Law.

k. Personal Data means any information that belongs to or relates to a natural person which, either directly or indirectly, in combination with other information available or    likely to be available with a Body Corporate, is capable of identifying such person.

l. Platform means the website, mobile application, any other platform owned and operated by CapFloat or its Partners through which Users avail our Services.

m. RBI shall mean the Reserve Bank of India.

n. Reasonable Security Practices and Procedures means security practices and procedures designed to protect Data (including Personal Data) from unauthorized     access,     damage, use, modification, disclosure or impairment, and as adopted by CapFloat as may be required under Applicable Laws.

o. Regulated Entities or REs means all commercial banks, primary (urban) co-operative banks, state co-operative banks, district central co-operative banks; and non-    banking financial companies (including housing finance companies).

p. Services shall mean provision of loans in the nature of buy-now-pay-later loans, personal loans, consumer durable loans, and such other loan facilities offered by     CapFloat, personal finance management and expense tracking services, and such other services that CapFloat may offer to the Users from time to time, through the Platform(s) or any other channel.

q. Technology Service Providers or TSPs shall mean an entity providing technological aid and services to enable functioning of the Platform.

r.  User or You shall mean any natural or legal person who avails the Services or accesses or uses the Platform in relation to the Services and in the event that a natural     person is representing a business entity or a Body Corporate, reference to such terms shall include a reference to such business entity and / or Body Corporate as well and other promoters of such business entity and / or Body Corporate. All references to “you” shall include yourself and any other persons you are authorised to and     required to provide consent for.

3. COLLECTION OF INFORMATION

What Data is collected?

During the use of the Platform for availing our Services, CapFloat may collect and process such information from the Users, including but not limited to the below mentioned:

a. Information that the Users provide to CapFloat by filling in forms on the Platform for availing the Services. This includes contact information such as name, email     address, mailing address, phone number, financial information, if any, unique identifiers such as username, account number, password and preferences information     such as favourites lists, and transaction history and any Data provided by the User at the time of registration / application for the Services offered by CapFloat directly     or through its Partners;

b. KYC Data. KYC information such as government-issued officially valid documents such as PAN card, voter ID, Goods and Services Tax (“GST”) details, and ration card,     voter identification card, Aadhaar card, driver’s license, Udyam information, etc. and any other document prescribed under Applicable Laws from time to time. This     data is only collected if you opt for a loan through our Platform. These accesses are for the purpose of on-boarding / KYC requirements and are only used on a need to     use / know basis.

c. Location data. Location data taken for on-boarding or KYC is taken for limited period and on a one-time basis by either us or our Partners, solely for the purpose of     undertaking KYC. However, the User may explicitly provide us location data for longer periods for specific use cases which is explicitly communicated to the User for     any other purpose and for which prior consent of the User has been taken.

d. Aadhaar data. CapFloat may also collect your Aadhaar number for verifying, authenticating and / or updating your Aadhaar number in accordance with the Aadhaar     (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 solely for the purpose of facilitation of loan to you. Collection of your Aadhaar details is not a mandatory requirement for availing our Services unless required under any Applicable Law. CapFloat ensures that your Aadhaar number shall be     disclosed only with your consent, and in a manner specified under Applicable Law.

e. Transaction Data. Information related to transactions that occur through the Platform or are related to the Services. For instance, it may include Services you’ve      requested or confirmed through the Platform.

f.  Financial Data. Financial information such as credit history, income information, loan application and payment details, bank account information, income tax returns     information, salaries, bank statements, etc. This data is collected for the purpose of establishing your creditworthiness and underwriting for providing our Services.

g. Information from regulated third-parties. With your express consent, CapFloat collects information from credit information companies and Central Registry of     Securitisation Asset Reconstruction and Security Interest of India (“CERSAI”) to help CapFloat with User due diligence and underwriting as part of provision of     Services.

h. Marketing related Data. We may collect information such as preferences regarding marketing messages from CapFloat and third parties, as well as your     communication preferences. CapFloat may use third-party advertising companies to serve advertisements when you visit the Platform(s). These companies may use     information about your usage preferences and about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. In the event you chose to interact with their advertisements and are redirected to their websites, you will be complying with their respective terms and conditions. CapFloat will not be responsible for product and services of such websites and is also not responsible for their privacy practices, as CapFloat does not own, manage or control such websites.

i.  Communication and User engagement Data. We may collect the following Data from you in relation to your communication with CapFloat:

    (i)  Information that the Users provide when the Users write directly to CapFloat (including by way of e-mail) or           other electronic communication, including for raising any grievances;

    (ii) Information that the Users provide to CapFloat over telephone. CapFloat may make and keep a record of the            information shared by the Users with CapFloat;

    (iii) Information that the Users provide to CapFloat by completing surveys or any other User engagement            campaigns run by CapFloat directly or through the Partners;

j. Data received from Partners. Information received from LSPs, DLAs, TSPs, and third parties on Users, including their Personal Data, relating to KYC, eligibility for the    Services, past repayment history, credit modelling, purchase patterns, etc.;

k. Account Aggregator Data. Information received from account aggregators in encrypted form and the subsequent decrypted output generated by CapFloat directly or     through any of its Partners. Such data is strictly confidential and the Partners, if any, assisting in processing / decrypting such data do not store such data and are data blind, i.e. have no direct visibility on the data received from account aggregators.

l.  Usage logs. Information relating to logs is automatically reported by the Platform / User’s browser each time the User accesses the Platform / web page. When the     User uses the Platform to avail the Services, CapFloat’s servers automatically record certain information. These server logs may include information such as the User’s     web request, Internet Protocol (IP) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other     such information. CapFloat uses this information, which does not identify Users, to analyse trends, to administer the Services on the Platform, to track Users' movements around the Platform / websites and to gather demographic information about the User base as a whole.

m. Other Data provided by the Users or processed as m. part of providing the Services. Information which may be processed as part of underwriting, debt collection, operations, compliance requirements and User grievance redressal or provided by the User for any specific purpose.

This Privacy Policy shall also apply to Data provided by employees, consultants and suppliers engaged by the Company. Information provided by the employees of the Company in the course of their employment including their name, address, Aadhaar Data, bank account details, and such other information as may be provided by the employee voluntarily may be used for the purpose of personnel management, administration, payroll processing, development and training, provision of employment benefits, access to Company’s premises, implementation of our policies, for the purpose of any legal proceedings and for day-to-day business operations of the Company. Any Data provided by consultants or suppliers in the course of provision of their services, may be used by the Company for onboarding such consultants or suppliers, processing payments, granting access to Company’s premises where required and such other purposes as may be agreed between the consultants/suppliers and the Company in the contracts executed by them.    

Specific disclaimers with respect to information collected.

a. CapFloat may supplement the information that you provide, with other information that CapFloat obtains from our dealings with you or which CapFloat receives from     other organizations, for example, our Partners and other third parties.

b. You are requested to provide CapFloat with accurate and complete Personal Data in order to avail our Services. CapFloat requests that any change to your Personal Data be communicated to CapFloat, for CapFloat to service you better.

c. Any reviews, comments, messages, blogs posted / uploaded / conveyed / communicated by Users on the public sections of any of the Platform(s) or other public fora becomes published content and is not considered Personal Data and is not subjected to this Privacy Policy.

d. In case User chooses to decline to submit Personal Data on the Platform as part of applying for or availing the Services, CapFloat may not be able to provide certain Services to the User. Reasonable efforts shall be made to notify the User of the same at the appropriate time. However, CapFloat will not be liable and or responsible for the denial of certain Services to the User or lack of providing the necessary information.

e. CapFloat may reference other sources of demographic and other information in order to provide Users with more targeted communications and promotions. CapFloat     uses Google Analytics, among others, to track User behaviour on the Platform(s). Google Analytics specifically has been enabled to support display of advertisements to help CapFloat gain an understanding of our User’s demographics and interests. The reports are anonymous and cannot be associated with any User associated     Personal Data that the User may have shared with CapFloat. You can opt-out of Google Analytics for display advertising and customize Google Display Network ads     using the Ads Settings options provided by Google.

f. By using the Platform for availing the Services and / or by providing the above information to CapFloat, the User consents to the collection, sharing, disclosure and    usage of the information by CapFloat in accordance with this Privacy Policy, other than for specific information that is collected and used based on User’s explicit    consent as outlined in this Privacy Policy. This Privacy Policy shall be disclosed to you while you apply for any of the Services or when we initiate processing of any of    your Personal Data, along with appropriate requisite consent requests for collection of your Personal Data in relation to the Services.

g. CapFloat including its employees, contractors and suppliers may also provide Personal Data through various channels including but not limited to documentation,     communication, electronic communication, contracts, agreements, and use of Services. This Privacy Policy is applicable to all such information collected by CapFloat. The reference to “User” shall also include employees, contractors and suppliers to the extent relevant and applicable.

4. USAGE OF INFORMATION

Access to Personal Data is strictly restricted and shared in accordance with certain specific internal procedures and safeguards that govern access.

CapFloat may use the User’s Personal Data in the following ways, viz:

a. Monitor, improve and administer the Services on the Platform(s) and improve the quality of Services;

b. Analyse how the Platform is used in relation to the Services, diagnose service or technical problems, maintain security;

c. Remember information to help the User effectively access the Services and raise any grievances or service the loans availed by the Users;

d. Monitor aggregate metrics such as total number of views, visitors, traffic and demographic patterns on the Platform(s) where the Services are hosted;

e. Establishing and verifying User’s identity for KYC purposes, in relation to our Services, including but not limited to ourselves as well as our LSPs, DLAs, and other third     parties.

f. To notify the User about changes to the Services or terms of the Services already availed by the User;

g. To disclose the information under special circumstances such as compliance with the applicable local law, court summons, court orders, requests / order from legal     authorities or law enforcement agencies requiring such disclosure;

h. To help the User apply for certain Services.

i. For the purpose of sending administrative notices, Services related alerts and other similar communication with a view to optimising the efficiency of the Platform.

j. Doing market research, troubleshooting, protection against error, project planning, fraud and other criminal activity.

k. To reinforce CapFloat’s agreement(s) or other loan documentations with the Users in relation to any of the Services.

l. For establishing identification and to fulfil other KYC requirements before beginning the account-based transaction.

m. To provide Users with the right kind of Services.

n. To fulfil internal checks and other risk parameters.

o. To safeguard the interest of the business, credit worthiness check, and to ensure compliance with laws including credit reporting.

p. To maintain effective communication on the Services availed by the User including but not limited to the transaction information, updates / changes to the Services,     assistance for the Users, grievance redressal, etc.

q. For marketing purpose, especially to promote the Services of CapFloat and to notify about new Services for the User. CapFloat may also use the User’s phone number,     email address or other Personal Data to send commercial or marketing messages with an option to subscribe / unsubscribe (where feasible). CapFloat may, however,     use the User’s email address and phone number for non-marketing or administrative purposes (such as notifying you of major changes, for User service purposes,     collection and recovery of loans, etc.).

r. CapFloat may contact the Users from time to time about updating of Personal Data to provide such features that CapFloat believe may benefit / interest the Users, or    are necessary to maintain the existing availed Services, or for collections or recovery of loans.

s. CapFloat may share information related to User spends, patterns and User Data tracked by it only in the form of aggregated statistics on data such as User spends by     category, date, time, bank balances, etc. with their Partners to facilitate its Services.

t. CapFloat may share such information related to the User in case of direct assignments, securitisation, merger, acquisition or divestment as highlighted in Para 5(d)     below,

u. CapFloat may share the information in connection with assignment or transfer of part or all of the business or assets, including with acquirers or potential acquirers      and their advisors, for the purpose of diligence.

v. For conducting background verification and for other purposes in relation to employment or the business of the Company where the User is an employee, contractor or     supplier.

5. NON-DISCLOSURE OF INFORMATION

CapFloat shall not sell or rent Users’ Personal Data to anyone and will protect and maintain the confidentiality of the same. CapFloat may share Personal Data of its Users with its group companies in relation to offering of Services to the User, or for the purposes of the engagement subject to Applicable Laws. Confidentiality of User Data shall be maintained at all times except in the following circumstances:

a. CapFloat may disclose Users’ Data to governmental and other statutory bodies who have appropriate authorisation to access the same for any specific legal purposes.

b. CapFloat may disclose Users’ Data if it is under a duty to do so in order to comply with any legal obligation, or in order to enforce or apply the loan agreement(s) or    other documentation(s) agreed by the User as part of availing the Services, or to protect the rights, property or safety of CapFloat, its Users or others. This includes    exchanging information with other companies / agencies that work for fraud prevention and credit reference.

c. CapFloat may disclose Users’ Data to its agents under a strict code of confidentiality, where such sharing is required or permitted as per statutory or regulatory     requirements.

d. CapFloat may disclose Users’ Data to such third parties to whom it transfers whole or part of its rights and duties under the loan agreement(s) and other     documentation(s) entered into with the Users, such as Co-lending Partners. In such an event, the said third parties’ use of the information will be subject to such     confidentiality obligations as contained in this Privacy Policy. Users may be subject to the Co-lending Partners’ privacy policy in addition to this Privacy Policy if the     Services availed by the User entails loans sanctioned by CapFloat along with the Co-Lending Partner. Wherever applicable, the Users will be provided with the Co-    Lender’s privacy policy as well as part of availing the Services through the Platform. List of Co-Lending Partners of CapFloat is available on the link here.

e. CapFloat may disclose Users’ information to any member of its related or group companies including its subsidiaries, its ultimate holding company and its subsidiaries     for data processing under strict confidentiality measures, as the case may be, subject to Applicable Laws and as required for the purposes of providing the Services.

f. In the event that CapFloat sells or buys any business or assets, it may disclose the Users’ information to the prospective seller or buyer of such business or assets.    User, email and visitor information is generally one of the transferred business assets in these types of transactions. CapFloat may also transfer or assign such    information in the course of corporate divestitures, mergers or dissolution.

List of third parties with whom Users’ information is shared as per the circumstances specified above is listed here

6. SECURITY AND STORAGE OF INFORMATION

CapFloat shall store the User’s Personal Data for the later of (i) the duration for which the User is availing the Services, (ii) till any account-based relationship between the User and CapFloat subsists, or (iii) the duration for which CapFloat is mandated to retain Personal Data of the User under any Applicable Laws, including KYC related guidelines issued by the Reserve Bank of India and any anti-money laundering related laws in India.

CapFloat is committed to safeguarding the privacy, security, and integrity of Data collected, processed, and stored as part of providing the Services by adopting Reasonable Security Practices and Procedures. This section outlines the measures implemented by CapFloat to ensure the confidentiality and protection of User’s Data in accordance with Applicable Laws. By accessing and using the Platform to avail our Services and accepting this Privacy Policy, Users acknowledge and consent to the practices detailed herein regarding data storage, security protocols, encryption standards, and disclosure policies. CapFloat continuously endeavours to uphold industry best practices to prevent unauthorised access, misuse, or breach of User data while maintaining transparency in its data handling procedures.

a. All consent obtained from the Users availing the Services offered on the Platform are maintained by CapFloat in a clear and auditable manner.

b. CapFloat has established and implemented internal policies and procedures to ensure appropriate access controls with respect to data stored on its servers. It     ensures that Data stored is appropriately controlled and restricted.

c. CapFloat takes the security of its User’s Data and information very seriously. CapFloat protects the User’s information at rest and in-flight using bank-level data     security: at least 256 bit-encryption and Transport Layer Security (SSL where applicable). This creates an encrypted connection between the User’s device and     Platform. All information remains encrypted at all times.

d. If the User allows CapFloat to see its banking information online rather than in paper form, it is on a read-only basis. CapFloat does not have access to change, edit, or modify bank account information in any manner whatsoever. CapFloat cannot view the User’s banking username and passwords, and the same is securely stored in separate encrypted areas with its financial services providers.

e.  All information gathered and provided to CapFloat through the Platform is encrypted and securely stored within the controlled databases on its secure servers within     India. Access to the servers is password-protected and is strictly limited.

f. If enabled from the Platform, CapFloat takes a backup of User’s data on our cloud database. This is done for the purpose of enabling Users to get their data back in case their device’s data becomes unusable, if the device is lost, or the User moves to a new device.

g. CapFloat does not collect or store any biometric data in our systems or servers, and all limited and specific use of biometric data in any CapFloat Services is as per regulations and extant statutory guidelines only.

h. CapFloat ensures that its Partners do not store Personal Data of Users except some basic minimal data (viz., name, address, contact details of the User, etc.) that may be required to carry out their operations.

i. CapFloat has implemented clear policy guidelines regarding the storage of User data including the type of data that can be stored, the length of time for which data    can be stored, restrictions on the use of data, data destruction protocol, standards for handling security breach, etc. The same has been disclosed to CapFloat’s Partners and made publicly available on its Platform at all times.

j. CapFloat ensures that no biometric data, obtained with respect to Services, is stored / collected in the systems associated with its Partners, unless allowed under extant statutory guidelines.

k. CapFloat uses commercially reasonable safeguards to preserve the integrity and security of the Users’ information against loss, theft, unauthorised access, disclosure, reproduction, use or amendment.

l. The information that is collected from the Users may be stored at a destination inside India. By submitting information on the Platform in relation to the Services, the    Users agree to this transfer, storing and / or processing. CapFloat will take such steps as it considers reasonably necessary to ensure that the Users’ information is treated securely and in accordance with the Privacy Policy.

m. In using the Platform in relation to the Services, the Users accept the inherent security implications of data transmission over the internet. Therefore, the use of the Platform will be at the own risk of the Users.

n. CapFloat assumes no liability for any disclosure of User’s Data due to errors in transmission, unauthorised third-party access or other acts of third parties, or acts or omissions beyond its reasonable control and the User agrees not to hold CapFloat responsible for any breach of security unless such breach has been caused as a direct result of gross negligence or wilful default by CapFloat.

o. In the event CapFloat becomes aware of any breach of the security of the Users’ Data, it will promptly notify the Users and take appropriate action to the best of its ability to remedy such a breach as required under Applicable Laws.

p. Upon User’s written request sent at the email IDs set out below, to the effect of requesting CapFloat to delete all User related Personal Data, CapFloat will undertake all reasonable actions, legally mandated as per Applicable Laws, to delete and no longer store such Personal Data. CapFloat shall also ensure that upon such deletion requests from the Users, CapFloat shall mandate and ensure that the Partners also delete such Data in their possession in relation to the Services. However, the User must note that by previously consenting to the sharing of the Personal Data with third parties for their independent services, the User has made itself aware that CapFloat may not be able to enforce such deletion request upon such varied third parties and is not responsible nor liable for the deletion of your Personal Data by such third parties providing their independent services.

7. COOKIES AND WEB BEACONS

CapFloat collects certain Data from the User’s browser / Platforms using small data files called “cookies”, deployed by CapFloat or by the Partners. CapFloat uses session ID cookies to confirm that Users are logged in.

CapFloat encodes its cookies so that only CapFloat can interpret the Data stored in them. The User may remove or block this cookie using the User’s browser settings to disable the feature. CapFloat also stores transaction history. CapFloat may collect additional Data in ways not specifically described herein. For example, CapFloat may track information related to interactions with User Services or responses from surveys or other feedback tools. CapFloat uses this information to continually improve the Services provided to the User.

CapFloat’s Privacy Policy does not cover the use of cookies by its Partners. CapFloat does not have access or control over these cookies. CapFloat’s Partners may use session ID cookies to provide a custom User experience and to track the success of CapFloat’s partnership with them.

Certain web pages of the Platform contain electronic images known as “web beacons” (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyse how the Platform is used for availing the Services. Web beacons may also be used in some of CapFloat’s emails so as to know which emails and links recipients have opened, allowing it to gauge the effectiveness of its communications and marketing campaigns.

8. THIRD PARTY WEBSITES

The Platform(s) may contain pages of the Partners itself or may include links to other websites whose privacy practices may differ from those of CapFloat. CapFloat does not endorse, and is not responsible for the privacy practices adopted by the Partners, and the inclusion of a link on the Platform by the Partners or CapFloat does not imply any endorsement by CapFloat of the third party website, the website’s provider, or the information on the third party website. If the Users submit Personal Data to any of those websites or to the Partners, such information is governed by the privacy policies of such third party websites or Partners respectively, and CapFloat disclaims all responsibility or liability with respect to these policies or the websites. The Users are encouraged to carefully read the privacy policy of the Platform and any website that they visit.

9. OPTING OUT OR EDITING USER INFORMATION

When Users use the Platform, we make efforts in good faith to provide Users, as and when requested by Users, with access to their respective Personal Data, and shall further ensure that any User’s Personal Data or information found to be inaccurate or deficient shall be corrected or amended as feasible, subject to any requirement for such Personal Data to be retained by law or for legitimate business purposes.

Users may request opting out of email communications, User’s Personal Data deletion, erasure or correction and revocation of their consent previously granted by reaching out to use at  ask@axio.co.in. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests for which access is not otherwise required, or where retention of such User’s Personal Data by CapFloat may be permitted under applicable Data Protection Laws.

In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Because of the way we maintain certain services, after Users delete their information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.

Effecting any requests for deletion of the User’s Personal Data or revocation of any consents for processing of the User’s Personal Data may affect the Services and may even lead to discontinuation of Services if such processing of the User’s Personal Data is critical to provision of such Services.

10. DATA RETENTION AND DELETION

All User information will be retained for as long as the User account is active or as needed to provide Services to the User, and CapFloat may retain User information for a longer period where permissible under applicable law, unless specifically requested by the User to delete the information as detailed below. This also enables returning Users to take advantage of backup of data and restore features where applicable.

If the User wishes to cancel its account, or revoke its previously granted consent for processing of their Personal Data, or requests that CapFloat no longer uses its Data to provide Services, the User may contact CapFloat at ask@axio.co.in.

However, CapFloat will retain and use User information as necessary to comply with its legal obligations, resolve disputes, enforce its agreements or for other business purposes, and for fraud / Anti Money Laundering (AML) / name screening and prevention purposes and to protect CapFloat’s legal rights and compliance with CapFloat’s legal obligations, in a manner prescribed under CapFloat’s board approved KYC policy.

11. CHANGES TO PRIVACY POLICY

CapFloat may change the Privacy Policy from time to time and post the updated version of the same on the relevant Platform(s) and on CapFloat’s / Partner website(s). CapFloat may e-mail periodic reminders of the Privacy Policy, unless User have instructed CapFloat not to.

The updated version of CapFloat’s terms will be effective as soon as they are accessible, and the User will be provided with notice of the updated Privacy Policy through email, and the Users shall be deemed to have accepted the terms of the updated Privacy Policy immediately, unless specifically rejected by the User. However, rejection of the Privacy Policy may lead to discontinuation of the Services if the updated Privacy Policy is crucial in delivery of the Services. CapFloat encourages Users to access the Privacy Policy frequently to stay informed about how CapFloat uses Personal Data.

12. INCORPORATION OF PRIVACY POLICY TO LOAN DOCUMENTS

This Privacy Policy is incorporated to the loan documents and other documentation(s) in relation to the Services availed by the Users.

13. SEVERABILITY

CapFloat has made every effort to ensure that Privacy Policy adheres with the Applicable Laws. The invalidity or unenforceability of any part of this Privacy Policy shall not prejudice or affect the validity or enforceability of the remainder of Privacy Policy.

14. WAIVER

The rights and remedies available under Privacy Policy may be exercised as often as necessary and are cumulative and not exclusive of rights or remedies provided by law. It may be waived only in writing. Delay in exercising or non-exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.

15. GOVERNING LAW AND DISPUTE RESOLUTION

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India and subject to the provisions of arbitration set out herein, the courts at Bangalore shall have exclusive jurisdiction in relation to any disputes arising out of or in connection with Privacy Policy.

If any dispute arises between CapFloat and the User in connection with or arising out of the validity, interpretation, implementation or alleged breach of any provision of the Privacy Policy, such dispute shall be referred to and finally resolved by arbitration in accordance with the Indian Arbitration and Conciliation Act, 1996 for the time being in force, which rules are deemed to be incorporated by reference in this clause.

There shall be one (1) arbitrator appointed mutually by CapFloat and the User, and the seat of the arbitration shall be Bangalore, India. The language of the arbitration proceedings and of all written decisions and correspondence relating to the arbitration shall be English.

16. CONTACT AND GRIEVANCE REDRESSAL

If you have any questions about this Privacy Policy or if you believe that your Personal Data is not handled in accordance with the Applicable Laws or this document, then you may contact us at:

Write to the Grievance Department at ask@axio.co.in.

User’s can also contact us by writing to us at axio, Gokaldas Platinum, New No 3 (Old No 211), Upper Palace Orchards, Bellary Road, Sadashiva Nagar, Bengaluru – 560080.

Additional details in relation to our grievance redressal mechanism and contact details of the grievance redressal officer can be found in our grievance redressal policy available at link.

Great experience simplified

Available on Google Play and App Store. Download now.
from Play Store
from Apple Store

axio (formerly known as Capital Float, Walnut & Walnut 369) is the brand name of CapFloat Financial Services Private Limited, an NBFC registered with the RBI.

© 2025 axio. All rights reserved

Legal and Regulatory

Terms and ConditionsPrivacy PolicyLegalRBI Sachet Portal
Schedule of Charges

Resources

About usBlogsMediaXEFFAQContact UsAxio Digital Pvt Ltd