Legal

Privacy Policy

CromTask Business Solutions Private Limited · CIN U68200MP2025PTC075720 · GSTIN 23AAMCC5681Q1ZY

Effective date: 1 July 2026

1. Overview

CromTask Business Solutions Private Limited ("we", "us") respects your privacy. This Policy explains how we collect, use, store, and share personal data when you use the CromTask platform, purchase credit reports, or apply for loans through our partner network.

2. Data We Collect

  • Identity & KYC: name, date of birth, PAN, Aadhaar (where permitted), photograph, address proof.
  • Contact: email, mobile number, communication preferences.
  • Financial: income, employment/business details, bank statements, tax returns, collateral information.
  • Credit: bureau scores and reports obtained with your explicit consent at checkout or application.
  • Technical: IP address, device type, browser, session logs, and audit trails for security.
  • Payment: transaction references from payment gateways (we do not store full card numbers).

3. How We Use Data

  • Deliver credit reports and account services you request.
  • Process, verify, and route loan applications to partner lenders.
  • Authenticate users, prevent fraud, and enforce role-based access controls.
  • Send transactional notifications (application status, document requests, payment receipts).
  • Comply with legal obligations, RBI/regulatory requirements, and audit requests.
  • Improve platform performance and customer support quality.

4. Legal Basis & Consent

We process data based on your consent (credit pulls, sharing with lenders), contractual necessity (providing services), and legitimate interests (security, analytics). You may withdraw marketing consent at any time; withdrawal does not affect processing required for active applications or legal compliance.

5. Sharing of Data

We do not sell your personal data. We may share data with:

  • Partner banks & NBFCs — for loan underwriting and disbursement, only with your application consent.
  • Credit bureaus — to fetch reports you purchase or authorize during application.
  • Payment processors — to complete transactions securely.
  • Cloud infrastructure providers — encrypted storage and hosting under data-processing agreements.
  • Regulators or law enforcement — when required by applicable law or court order.

6. Data Security

We use industry-standard safeguards including TLS encryption in transit, encrypted document storage, role-based access (RBAC), and audit logging for sensitive document downloads. Access to KYC documents is restricted by application status and staff role. No system is 100% secure; please protect your credentials.

7. Retention

Account data is retained while your account is active. Loan application files are retained as required for regulatory, audit, and dispute-resolution purposes (typically up to 8 years after account closure or final loan settlement, unless a longer period is mandated). Draft applications inactive for 30 days may be automatically deleted.

8. Your Rights

You may request:

  • Access to personal data we hold about you.
  • Correction of inaccurate information via your profile or support.
  • Deletion where legally permissible (subject to retention for active loans/compliance).
  • Withdrawal of consent for non-essential processing.

Submit requests to support@cromtask.com. We respond within 30 days.

9. Cookies & Analytics

We use essential cookies for authentication and session management. Optional analytics may help us understand usage patterns. You can control cookies through your browser settings; disabling essential cookies may limit platform functionality.

10. Children

Our services are not directed to individuals under 18. We do not knowingly collect data from minors.

11. Grievance Officer

For privacy-related complaints, contact our Grievance Officer at grievance@cromtask.com. Registered Office: Plot No. 81, APR Colony, Karmeta Ward No. 73, Karmeta, Jabalpur, Madhya Pradesh – 482002, India

12. Changes

We may update this Policy from time to time. Material changes will be posted on this page with an updated effective date. Continued use after changes constitutes acceptance.

← Back to home