DEV-AASHISH CAPITALS PRIVATE LIMITED is an NBFC registered with the Reserve Bank of India, holding a valid Certificate of Registration.
Registered Office : 498,FIRST FLOOR, UDYOG VIHAR PHASE 3, GURUGRAM, HARYANA, 122016
We, at DEV-AASHISH CAPITALS PRIVATE LIMITED, an RBI-approved NBFC (“We”), understand privacy and its value. Therefore, it is important for us to make You (“You” or “Customer” or “User”), who access our loan products through our approved Digital Lending Apps (DLAs) and Lending Service Providers (LSPs)—including —(collectively, the “Platform”), understand the reason behind collection of your information and its usage and the manner in which we collect, use, store and share information about you (this “Privacy Policy”).
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
Digital Lending Directions 2025 issued by the Reserve Bank of India (RBI)
Digital Personal Data Protection Act, 2023
Other applicable acts, regulations and rules which require the publishing of a privacy policy for handling of or dealing in personal information including sensitive personal data or information and all applicable laws, regulations, guidelines provided by applicable regulatory authorities including but not limited to the RBI
You hereby provide your explicit, informed, and freely given consent for the collection, processing, storage, sharing, and usage of your data by DEV-AASHISH CAPITALS PRIVATE LIMITED and, where applicable, by our authorized DLAs/LSPs acting on our behalf, solely for the purposes described in this Privacy Policy, and in compliance with applicable Indian laws and regulations.
Your consent is obtained through clear and auditable means, including (but not limited to) SMS-based consent, OTP-based confirmation, electronic forms, and in-app notifications, depending on the nature of the data being collected.
We will never collect or use any personal data, financial data, or device-level data without your specific consent for that category of data.
We may, with your explicit consent, read the headers of SMS to determine the type of sender.
We only read indicative content from recognised 6-digit alphanumeric financial senders for verification purposes.
Pertinent information (e.g., sender name, indicative content, timestamp) may be collected solely for providing financial and allied services and shared only with our regulated entity and contracted service providers for these purposes.
We do not read or analyse personal messages or OTPs, except OTPs sent by us for authentication while the app is installed.
This data may be used to verify financial statistics (income/spend patterns), assist in credit evaluation, enable higher limits/faster approval and detect/prevent fraud.
Our partner apps operating on our behalf may collect the list of installed and system applications on your device and securely share it with our trusted processor, Credeau (www.credeau.com), which provides device-intelligence services to DEV-AASHISH CAPITALS PRIVATE LIMITED (data controller).
This data is used to detect potential fraud (e.g., VPNs, gaming or other high-risk apps) and to assess risk more accurately, enabling faster approvals and suitable credit limits.
The data is collected only after your explicit consent, stored in India, and is not sold.
Location (with consent): collected one-time or as permitted to support:
Device information (limited): device model, OS version, available RAM/storage, network status.
We do not collect permanently identifiable device numbers (e.g., IMEI, serial numbers).
We may request Phone State permission strictly to verify the devices active SIM and network status at the time of onboarding and disbursement, helping us ensure that the transaction corresponds to the rightful customer and is not spoofed.
Collection of information required for credit assessment and underwriting of loan products and value-added services.
Access to your mobile device’s location, camera, and microphone only for e-KYC or video KYC verification purposes.
Access to your credit bureau data, bank statements, GST returns, and related information (only after express consent for each instance).
Secure sharing of personal data with regulated entities and service providers for service delivery.
You may withdraw consent anytime by contacting our Grievance Officer or through Platform settings. Withdrawal will not affect prior lawful processing but may impact your ability to access certain services.
We ensure disclosure of the identity of Regulated Entities (RE), Lending Service Providers (LSP), and Digital Lending Apps (DLA) at every stage (platform interface, sanction letter, KFS, loan agreement).
The collection of information is solely for delivering regulated digital lending and non-lending services, in line with:
RBI Digital Lending Directions, 2025
Digital Personal Data Protection (DPDP) Act
IT Act and Rules
Part A: Lending Services – Information for loan facilitation, underwriting, sanction, and disbursal.
Part B: Non-Lending Services – Information for user registration and value-added services.
User Personal Information – full name, email ID, PAN, address, mobile number, postal code, banking details
Social Account Information – if you register using a Google account, we collect your email ID and public profile details (name, email)
Device Information & Installed Apps Data – unique identifiers, log information (IP, crashes, search queries, date/time), performance data, diagnostic data (used for app functionality, troubleshooting, updates, and a customized experience)
Location, Camera, Microphone Access – location for address verification/KYC; camera for document scanning/e-KYC
Third-Party Information – credit bureau data; KYC/payments providers (e.g., Cashfree); bank account/UPI details for repayments
User-Provided Information – form submissions, registration details, correspondence, loan applications, KYC documents, etc.
We use collected information to:
We may share your information with third parties, strictly on a need-to-know basis, and only for lawful purposes:
All personal and financial data collected from you is retained only as long as necessary to fulfil the purposes outlined in this Privacy Policy or as required by applicable law, whichever is longer.
As mandated under the RBI’s Digital Lending Guidelines, no personal information, financial information, or device data collected through DLAs/LSPs shall be stored by such DLAs/LSPs beyond immediate processing. All such data is stored only with the Regulated Entity, i.e., DEV-AASHISH CAPITALS PRIVATE LIMITED, in servers located in India.
Retention timelines:
Data may be retained for longer periods if required for legal, regulatory, or audit purposes.
While we ensure that third-party SDKs/partners are compliant with applicable Indian laws and RBI guidelines, we do not control their privacy practices. We encourage you to review their respective privacy policies when you interact with them through our Platform.
DEV-AASHISH CAPITALS PRIVATE LIMITED exercises due diligence in onboarding and monitoring partners, including confidentiality agreements, data-protection clauses, and audit rights.
We use cookies, pixel tags, and similar technologies to enhance your browsing experience, analyse user traffic, and provide customized content.
You may disable cookies from your browser settings, but certain features of the Platform may not function properly if cookies are disabled.
We do not permit third-party advertising cookies or behavioural trackers on our lending apps/websites, in compliance with RBI Digital Lending Guidelines.
Despite best efforts, no transmission over the Internet or storage system can be guaranteed as 100% secure. By using the Platform, you acknowledge this inherent risk.
As a User of the Platform, you are entitled to the following rights under the Digital Personal Data Protection Act, 2023 and RBI’s Digital Lending Guidelines: Right to Access, Rectification, Withdraw Consent, Erasure (subject to statutory retention), Restrict Processing, Data Portability, and Grievance Redressal.
We will process such requests in accordance with applicable Indian laws. To exercise your rights, please contact our Grievance Officer (details below).
In accordance with the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and the RBI’s Digital Lending Guidelines, the name and contact details of the Grievance Officer are provided below:
The Grievance Officer shall acknowledge your complaint within 24 hours of receipt and endeavour to resolve the same within 30 days, as per applicable regulatory framework.
Disputes will be resolved through a two-step Alternate Dispute Resolution (ADR) mechanism that shall survive termination/expiry of this Policy.
This Privacy Policy shall be governed by, interpreted, and construed in accordance with the laws of India, without regard to conflict of law principles.
DEV-AASHISH CAPITALS PRIVATE LIMITED reserves the right to amend, modify, or update this Privacy Policy at any time. The revised Privacy Policy will be posted on the Platform with an updated “Last Modified” date.
Continued use signifies your acceptance of the modified Privacy Policy.
By accessing the Platform and availing services of DEV-AASHISH CAPITALS PRIVATE LIMITED through our approved DLAs/LSPs, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.
For any information regarding the Privacy Policy, please contact us on
care@devaashish.com ,
498,FIRST FLOOR, UDYOG VIHAR PHASE 3, GURUGRAM, HARYANA, 122016