Privacy Policy

Circles
Policies
Decorative mark

This Privacy Policy (“Policy”) describes how Evolve Business Solutions PrivateLimited (“Evolve, “Company,” “we,” “us,” or “our”), a company incorporated under theCompanies Act, 2013 (CIN: U62013DL2025PTC456951), having its registered office at 31-B,Prahlad Market, Near Khalsa College, Karol Bagh, New Delhi-110005, India, collects, uses,discloses, and protects personal information of users (“you,” “your,” or “User”) who accessand use the “evolvefin” mobile application and/or the website www.evolvebusiness.in (collectively referred to as the “Platform”).

This Policy is an integral part of the “Terms of Use” governing your use of the Platform and related financial products and services. By continuing to access the Platform or availing any product or service, you acknowledge that you have” read, understood, and agreed to be bound by this Policy.

1. Legal Framework and Purpose

This Policy is prepared in accordance with:

  • Information Technology Act, 2000, and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
  • Digital Personal Data Protection Act, 2023 (“DPDPA”);
  • RBI’s Guidelines on Digital Lending (including Fair Practices Code, Master Directions for Non-Banking Financial Companies, and Outsourcing Guidelines);
  • Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021; and
  • Other applicable banking, data protection, and industry standards may be amended from time to time.

Evolve is committed to ensuring that your personal and financial information is collected lawfully, processed fairly, stored securely, and shared only where legally permitted and necessary to deliver our products.

2. Applicability

This Policy applies to:

  • Users who create an account or transact on the evolvefin app or website,
  • Applicants availing loans, digital payments, or ancillary services through the Platform, and
  • Any third-party partners providing regulated financial or ancillary services via the Platform.

You (customer) authorize us to collect, store, authenticate, verify and distribute the Personal Information (as defined below) as may be required to sanction the loan or provide you with any services on the applications or on the website. We recognize the expectations of its customers and the visitors to its applications/websites with regards to privacy, confidentiality and security of their personal information which we receive while browsing/ using our website/ services. We are committed to maintaining the confidentiality, integrity and security of all the personal information of our users. Keeping Your personal information secure and using it solely for activities related to Company’s business is our top priority.

We have taken adequate measures aimed at protecting the personal information entrusted and disclosed to us. This Policy is framed to inform you the privacy practice followed & the governing way in which the Company collects, uses, discloses, stores, secures and disposes your personal information and sensitive personal data or information.

This Privacy Policy explains how we protect the personal data provided through our Platform and how we use that information in connection with our Service offered through the Platform.

To register with us, you must be at least 21 (twenty one) years of age and a resident of India. Use of the Service is strictly prohibited for individuals under the age of 21 (twenty one) years or minors.

3. Definition

Personal Information refers to any data that directly or indirectly identifies you. This includes sensitive details such as your name, address, phone number, email, login credentials, tax information, marital and family details, business information, bank statements, and KYC documents. Any information you provide through application forms, emails, electronic platforms, or printed documents is treated as Information under this Policy.

By sharing your phone number on our platform, you authorize us and our representatives to contact you regarding the services you have chosen, provide product updates, share promotional offers, and inform you about other services offered by us or our authorized partners. When you submit your Information, you acknowledge and consent to its use and processing in accordance with this Privacy Policy and applicable laws.

Your Information may be used for data analysis, research, and may be shared with third‑party experts, service providers, or lending partners to deliver the services you request.

Retention of your Information is carried out in line with this Policy, Indian legal requirements, and agreements with our business partners, unless you withdraw your consent.

  • “Processing” refers to any automated operation performed on personal data, such as collection, storage, organization, use, sharing, or deletion.
  • “Publicly available information” means data that is lawfully accessible to the public, while all other data is treated as non‑public and safeguarded accordingly.
  • “User” refers to anyone using our services, website, or mobile app, and may also be referred to as “you”, “your” or “customer” in this Policy.

4. Categories of Services

“evolvefin” offers the following categories of services:

  • Digital Lending Services (facilitating personal or business loans in partnership with RBI-regulated lenders).
  • Communication Services – In partnership with Communication partners, evolvefin facilitates customer communication through SMS, WhatsApp, and other approved digital & physical channels, for purposes including service updates, transaction alerts, and promotional offers and services given to multiple companies.

Each service is governed by the corresponding section of this Policy.

5. The Policy

5.1. Registration and Profile Creation data

For account creation and authentication, we collect:

  • Full Name
  • Mobile Number
  • OTP authentication
  • Device identifiers (e.g., IP address, device ID, browser type, system logs)
  • Communication data (support requests, app feedback, or emails)

Purpose:

  • To create a user account and to authenticate you.
  • To prevent unauthorized access and ensure account security.
  • For customer support and communication.

Mandatory: Mobile number and Full Name

5.2. Data Collected During Service Use

Depending on the specific product you choose, evolvefin (acting as a Digital Lending Application (DLA)) may collect or facilitate collection of:

  • Identity and KYC Data: PAN, Aadhaar (masked/offline XML), selfie, Digital signature, etc.
  • Personal & Demographic Info: Address, date of birth, gender.
  • Employment or Business Data: Employer name, income details, business registration, GST returns, etc.
  • Financial Data: Bank account details, statements, repayment history, credit score, loan repayment data.
  • Device Data: IP address, usage logs, geolocation, device fingerprint for fraud prevention.
  • Transaction Data: UPI transactions, loan applications, or payment status.

Purpose:

  • Credit underwriting and assessment of loan eligibility by regulated Lending Partners.
  • KYC and identity verification as per RBI and statutory requirements.
  • Fraud detection, compliance checks, and monitoring account behavior.
  • Customer service and communication.

Evolve engages with various third parties, service partners, and affiliates for the purpose of collecting, storing, transferring, and processing your information as required for its business operations. The list of such third-party service providers is mentioned below and may be updated by Evolve from time to time. We encourage you to review this list periodically to stay informed about the entities handling your information.

5.3. Purpose of Collection and Lawful Basis

Your personal information is collected and processed only for lawful, specific, and necessary purposes, such as:

  • Service Enablement: To provide financial products, loans, or UPI transactions.
  • Identity Verification: To comply with KYC, AML, and RBI-mandated verification procedures.
  • Customer Support: To handle queries and feedbacks.
  • Marketing and Communication: To share offers or new services (optional consent).
  • Compliance and Legal Obligations: To comply with RBI guidelines, court orders, law enforcement, or tax authorities.
  • Security and Fraud Prevention: To detect, prevent, and investigate unauthorized access, spam, or misuse.

We do not use, share, or sell your information for any purpose beyond those stated above.

5.4. Data Storage and Retention

  • All servers and data are located within India, in compliance with RBI and DPDPA requirements.
  • Data is retained only for the duration necessary to fulfil lawful business or contractual obligations and as per regulatory norms.
  • User data is retained for 10 years from last activity or loan closure (whichever is later) to comply with statutory audit and record‑keeping requirements.

5.5. Data Sharing and Disclosures

Your personal information may be disclosed to the following entities strictly on a need-to-know and lawful basis:

  • Lending Partners (RBI‑regulated banks/NBFCs) – for KYC, credit decisions, loan servicing, and recovery.
  • Authorized Payment Service Providers – for UPI or other payment settlements.
  • Regulatory or Government Authorities – upon legal request or compliance obligations.
  • Third-Party Vendors and Cloud Partners – providing analytics, hosting, or customer support under strict confidentiality agreements.
  • Audit, Legal, or Compliance Professionals – for dispute management or reporting as mandated by law.

All third-party processors are bound by written contracts to ensure compliance with RBI, IT, and DPDPA requirements.

5.6. Data Security Measures

Evolve employs industry-standard and RBI‑mandated data security frameworks, including but not limited to:

  • SSL/TLS encryption for data in transit.
  • AES-256 encryption for data at rest.
  • ISO 27001 certified data center practices.
  • Firewalls and intrusion detection systems.
  • Strict role-based access control for employees and third-party vendors.
  • Regular vulnerability assessments and penetration testing (as per RBI’s cybersecurity directives).
  • Incident response and breach notification framework, with user alerts and regulatory reporting obligations.

5.7. Your Rights and Controls

As per the Digital Personal Data Protection Act, 2023, and this Policy, you have the following rights:

  • Access: Obtain a copy of personal data held about you.
  • Correction: Request rectification of inaccurate or outdated information.
  • Withdrawal of Consent: Revoke consent provided earlier (subject to ongoing contractual obligations).
  • Deletion/Erasure: Request deletion of personal data after account closure and regulatory retention.
  • Data Portability: Request data in a machine-readable form (where applicable).
  • Grievance Redressal: File complaints regarding misuse, breach, or data handling.

To exercise these rights, email or reach out to our Grievance Officer (details below).

5.8. Grievance Redressal Officer (GRO)

Name: Ankur Yadav

Designation: Grievance Officer

Email: care@evolvebusiness.in

The Officer will acknowledge and address all valid data privacy-related complaints within 14 working days in compliance with RBI’s Customer Grievance Redressal Framework.

5.9. Your Consent

By using the Platform, creating an account, or availing any product, you expressly:

  • Grant consent to collect, process, and share your information as per this Policy.
  • Authorize data transfers to RBI‑regulated partners and statutory bodies for lawful purposes; and
  • Understand that withdrawal of consent may result in discontinued or limited access to services.

6. Policy Updates

Evolve reserves the right to modify this Policy at any time to comply with evolving legal and regulatory requirements. Updated versions will be published on the Platform and will take effect immediately unless stated otherwise. Your continued use of the Platform constitutes consent to the updated Policy.

Evolve Business Solutions Pvt. Ltd. reaffirms its commitment to protecting the confidentiality, integrity, and availability of user data in line with RBI, DPDPA, and IT Act compliance standards.