Privacy Policy

1. Introduction

STEM Fincorp ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our digital marketplace platform for financial products including credit cards, loans, insurance, and mutual funds.

By using our services, you consent to the collection and use of information in accordance with this policy. We comply with applicable data protection laws including the Digital Personal Data Protection Act, 2023 (once effective) and other relevant Indian regulations.

2. Information We Collect

We collect the following types of personal information:

3. How We Use Your Information

We use your personal information for the following purposes:

• Service Provision: To process your applications for credit cards, loans, and other financial products
• Partner Integration: To share your application data with our partner banks and financial institutions (like InCred for loans) for processing your applications
• Communication: To send you updates about your application status, account information, and important service notifications
• Customer Support: To respond to your inquiries, provide customer support, and resolve issues
• Compliance: To comply with legal obligations, regulatory requirements, and prevent fraud
• Improvement: To analyze usage patterns, improve our services, and enhance user experience
• Security: To protect our platform, detect and prevent fraud, and ensure security

4. Data Sharing with Third Parties

We share your information with the following parties:

5. Data Storage and Security

Storage Location: Your data is stored on secure cloud servers (Hostinger) located in Asia region. InCred-specific customer data is stored in InCred's systems as per their data storage policies.

Security Measures:

• HTTPS/TLS encryption for all data transmission
• OAuth 2.0 authentication for API access
• Database encryption and access controls
• Password hashing using industry-standard algorithms
• Regular security audits and vulnerability assessments
• Secure credential management
• API call logging and monitoring
• Regular security updates and patches

6. Consent Management

We obtain explicit consent from you before collecting and processing your personal information:

• Application Consent: You provide consent when filling out application forms
• CIBIL Consent: For loan applications, we obtain your explicit consent for CIBIL credit checks
• Data Sharing Consent: We inform you about data sharing with partner institutions and obtain your consent
• Consent Logging: All consents are logged and retained in our system for audit purposes

You have the right to withdraw your consent at any time by contacting us. However, withdrawal of consent may affect our ability to provide certain services.

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal and regulatory obligations
• Resolve disputes and enforce agreements
• Maintain records for audit and compliance purposes

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

8. Your Rights

You have the following rights regarding your personal data:

• Access: Request access to your personal data we hold
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal requirements)
• Portability: Request transfer of your data to another service provider
• Withdrawal: Withdraw consent for data processing
• Objection: Object to certain types of data processing

To exercise these rights, please contact us at the details provided in the "Contact Us" section below.

9. Data Masking and Protection

We implement data masking and protection measures:

• PII/SPDI data fields are masked in front-end applications
• Sensitive information like PAN numbers are partially masked in displays
• Access to full data is restricted to authorized personnel only
• All data access is logged and monitored

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and authentication
• Remember your preferences
• Analyze website usage and improve user experience
• Provide personalized content

You can control cookies through your browser settings. However, disabling cookies may affect some functionality of our platform.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.