Home/Privacy Policy

Privacy Policy

Effective Date: 25 Feb 2026

1. Introduction and Applicability

This Privacy Policy ("Privacy Policy" or "Policy") describes the manner in which Paperclip Innovative Solutions Private Limited, a company incorporated under the provisions of the Companies Act, 2013 and having its registered office in India (hereinafter referred to as the "Company", "Paperclip", "we", "our", or "us"), collects, receives, records, stores, processes, uses, transfers, discloses, and otherwise handles information relating to individuals who access, browse, register on, or otherwise interact with the Company's digital platform, including its website, mobile application, and any related digital interfaces (collectively referred to as the "Platform").

This Privacy Policy applies to all users of the Platform, including but not limited to:

  1. individuals who browse or access the Platform without registering an account;
  2. registered users who create and maintain accounts on the Platform;
  3. Buyers and Suppliers participating in Marketplace Transactions facilitated through the Platform; and
  4. individuals who apply for or access Finance Services facilitated through the Platform in connection with participating banks or non-banking financial companies.

This Policy governs the collection, use, processing, storage, retention, disclosure, and protection of information relating to such users ("Users", "You", or "Your") when interacting with the Platform or using the services made available through the Platform.

This Privacy Policy forms an integral part of and should be read together with the Terms of Service governing the use of the Platform. By accessing or using the Platform, registering an account, submitting information, or otherwise interacting with the Platform or the Company, You acknowledge that You have read, understood, and agreed to the practices described in this Privacy Policy.

If You do not agree with the terms of this Privacy Policy, You should discontinue use of the Platform and refrain from providing any information through the Platform.


2. Definitions

For the purposes of this Privacy Policy, unless the context otherwise requires, the following terms shall have the meanings assigned to them below. Terms not defined herein shall have the meanings assigned to them under the Terms of Service governing the use of the Platform.

2.1 "Applicable Law" means any statute, law, regulation, rule, guideline, circular, notification, or governmental directive applicable within the territory of India, including but not limited to the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and regulatory directions issued by the Reserve Bank of India or other competent authorities.

2.2 "Company" means Paperclip Innovative Solutions Private Limited, a company incorporated under the Companies Act, 2013, including its affiliates, subsidiaries, successors, and permitted assigns.

2.3 "Credit Facility" means any loan, credit line, financing product, or similar financial product offered by a participating bank or non-banking financial company and made available to eligible Users through the Platform.

2.4 "Credit Information Company" or "Credit Bureau" means any entity registered with the Reserve Bank of India under the Credit Information Companies (Regulation) Act, 2005, including but not limited to TransUnion CIBIL, Experian, Equifax, or CRIF High Mark.

2.5 "Device Data" means technical information collected from a User's device when accessing the Platform, including device identifiers, operating system details, IP address, browser information, network information, and other technical logs generated during Platform usage.

2.6 "Finance Services" means services facilitated through the Platform that enable Users to apply for Credit Facilities offered by participating Lenders, including loan application submission, KYC verification support, and communication of loan-related information.

2.7 "Financial Information" means any financial or transactional data relating to a User, including income details, bank account information, credit history, loan application information, and repayment data, collected for the purpose of facilitating Credit Facilities.

2.8 "KYC Information" means identity verification information collected for Know-Your-Customer verification, including government-issued identification documents, Aadhaar offline verification information where voluntarily provided, photographs, and other identity-related documentation.

2.9 "Lender" means any bank or non-banking financial company registered with the Reserve Bank of India that offers Credit Facilities to Users through the Platform.

2.10 "Marketplace Services" means the services provided through the Platform that enable registered Buyers and Suppliers to list, advertise, offer, purchase, or transact in goods or services.

2.11 "Personal Data" or "Personal Information" means any data about an identifiable individual that can directly or indirectly identify such individual, including information such as name, contact details, identification numbers, location data, or other information associated with a User.

2.12 "Platform" means the Company's website, mobile application, software interfaces, and related digital infrastructure through which the Company provides Marketplace Services and facilitates Finance Services.

2.13 "Processing" means any operation performed on Personal Data including collection, recording, storage, organization, structuring, retrieval, use, disclosure, transmission, deletion, or destruction.

2.14 "User" means any individual or entity that accesses, browses, registers on, or otherwise uses the Platform.


3. Legal and Regulatory Framework

This Privacy Policy has been prepared in accordance with applicable laws and regulatory frameworks governing data protection, digital services, and financial technology operations in India, including but not limited to:

  1. the Information Technology Act, 2000;
  2. the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
  3. the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, to the extent applicable;
  4. the Digital Personal Data Protection Act, 2023 ("DPDP Act");
  5. regulatory frameworks, circulars, and directions issued by the Reserve Bank of India (RBI) relating to digital lending, outsourcing of financial services, and lending service providers;
  6. the Credit Information Companies (Regulation) Act, 2005 and rules framed thereunder.

The Company undertakes to collect, process, and handle User information only for lawful purposes and in accordance with applicable legal obligations, regulatory requirements, and reasonable security practices.

Where Finance Services are facilitated through the Platform in collaboration with participating Lenders, the Company may also process information as a technology service provider or lending service provider acting on behalf of such Lenders, subject to contractual and regulatory requirements applicable to such arrangements.


4. Categories of Information Collected

Depending on the nature of Your interaction with the Platform and the specific Services used, the Company may collect and process different categories of information, including Personal Information, KYC Information, Financial Information, Transactional Information, Device Information, and Technical Data. The information collected is limited to what is reasonably necessary for providing Services, ensuring compliance with applicable laws, improving Platform functionality, and preventing misuse or fraudulent activity.

4.1 Personal Information

For the purposes of this Privacy Policy, "Personal Information" refers to information that identifies, relates to, describes, or can reasonably be used to identify an individual either directly or indirectly.

The Company may collect Personal Information including but not limited to:

  1. full name;
  2. date of birth or age;
  3. gender;
  4. residential or business address;
  5. email address;
  6. mobile phone number;
  7. profile details associated with a User account;
  8. business information in the case of Suppliers or commercial users.

Such Personal Information may be collected when a User registers an account on the Platform, updates profile information, places orders, communicates with customer support, participates in Marketplace Transactions, or otherwise interacts with the Platform.

The Company may also collect communications exchanged between the User and the Company, including messages sent through the Platform, emails, support requests, feedback submissions, and other correspondence relating to the Services.

4.2 KYC Information

Where required for the provision of Marketplace Services, Finance Services or for compliance with regulatory requirements relating to identity verification, anti-money laundering obligations, or fraud prevention, the Platform may collect Know-Your-Customer (KYC) information from Users.

Such information may include:

  1. Permanent Account Number (PAN) details;
  2. Aadhaar Offline KYC information voluntarily provided by the User through permissible offline verification mechanisms;
  3. government-issued identity documents;
  4. proof of address documentation;
  5. photograph or live selfie verification;
  6. video verification records where applicable;
  7. bank account details required for financial verification.

KYC Information may be collected directly from the User or through authorized third-party verification service providers engaged for identity verification purposes.

Where Aadhaar-based offline verification is used, the Company shall only collect such information with the explicit consent of the User and strictly in accordance with applicable laws and UIDAI guidelines.

4.3 Financial Information

Where Users apply for Credit Facilities through the Platform, the Company may collect certain financial information necessary to facilitate evaluation of loan applications by participating Lenders.

Such information may include:

  1. income information or financial disclosures submitted as part of loan applications;
  2. bank account information required for verification or disbursement purposes;
  3. transaction data relevant to financial assessment;
  4. credit history information obtained from credit bureaus pursuant to User consent;
  5. information relating to existing financial obligations;
  6. loan application data and related documentation.

The Company collects such information solely for the purpose of transmitting loan applications, supporting identity and financial verification processes, and facilitating interactions between Users and participating Lenders. The Company does not independently underwrite, sanction, or approve Credit Facilities, and all credit decisions remain the sole responsibility of the respective Lender.

4.4 Transactional Information

Where Users engage in Marketplace Transactions on the Platform, the Company may collect information relating to such transactions, including:

  1. products or services purchased or listed;
  2. order details and order history;
  3. payment confirmation details;
  4. delivery information;
  5. return, exchange, or refund requests;
  6. communications exchanged between Buyers and Suppliers through the Platform.

Such information is collected to enable the smooth functioning of Marketplace Transactions, facilitate logistics coordination, process payments, and provide customer support.

4.5 Device and Technical Information

When Users access or use the Platform, certain technical information may automatically be collected from the User's device or browser.

This may include:

  1. Internet Protocol (IP) address;
  2. device type and operating system;
  3. browser type and version;
  4. device identifiers;
  5. system configuration;
  6. application crash logs;
  7. timestamps of Platform access;
  8. network and connectivity information.

Such technical information helps the Company maintain Platform security, detect fraudulent activity, improve system performance, and enhance user experience.

4.6 Device Permissions

To enable specific functionalities of the Platform and certain regulated Finance Services, the Platform may request access to limited device permissions, strictly subject to the explicit, informed, and freely given consent of the User.

Such permissions may include:

  1. Camera access for identity verification, document capture, or KYC verification processes
  2. Location access for marketplace services, fraud detection, risk assessment, or regulatory compliance requirements applicable to financial services;
  3. Device metadata necessary for device verification or security monitoring.

The Platform shall not access SMS logs, call logs, contact lists, media files, or other sensitive device-level data unless:

  1. explicit and granular consent is obtained from the User; and
  2. such access is reasonably necessary for a lawful and disclosed purpose relating to regulated financial services.

Any such access shall be limited to the minimum information necessary for the stated purpose and shall be subject to strict data minimization and security safeguards.


5. Purposes of Collection and Processing of Information

The Company collects, processes, stores, and uses User information only for lawful, specific, and clearly disclosed purposes that are necessary for the operation of the Platform, the provision of Marketplace Services and Finance Services, compliance with legal and regulatory obligations, and the protection of the Platform and its Users from fraud or misuse.

The purposes for which information may be processed include, but are not limited to, the following:

5.1 Provision and Operation of Marketplace Services

Information collected through the Platform may be used for the purpose of enabling, managing, and facilitating Marketplace Transactions conducted between Buyers and Suppliers on the Platform.

This may include, without limitation:

  1. enabling Users to create and manage accounts on the Platform;
  2. displaying product or service listings created by Suppliers;
  3. facilitating communication between Buyers and Suppliers in connection with Marketplace Transactions;
  4. processing orders, payments, deliveries, returns, exchanges, or cancellations;
  5. coordinating logistics and shipment services through third-party logistics providers;
  6. providing customer support and handling transaction-related inquiries or complaints.

The Company processes such information solely for the purpose of enabling the efficient functioning of the Platform and facilitating legitimate commercial interactions between Users.

5.2 Facilitation of Finance Services

Where Users apply for Credit Facilities through the Platform, the Company may process User information for the purpose of facilitating loan application processing and enabling the transmission of relevant information to participating Lenders.

Such processing may include:

  1. collecting and transmitting Loan Applications to participating banks or non-banking financial companies;
  2. conducting identity verification and KYC checks through authorized service providers;
  3. retrieving credit information from Credit Information Companies pursuant to the User's explicit consent;
  4. enabling digital execution of loan documentation issued by Lenders;
  5. providing status updates relating to loan application processing.

The Company performs such functions strictly in its capacity as a technology service provider and lending service facilitator, and does not itself undertake credit underwriting, sanctioning, or disbursement of loans.

5.3 Regulatory Compliance and Legal Obligations

User information may be processed where necessary to comply with applicable laws, regulatory obligations, or lawful orders issued by competent authorities.

This may include compliance with obligations relating to:

  1. anti-money laundering laws;
  2. fraud detection and prevention;
  3. regulatory reporting requirements;
  4. tax compliance obligations;
  5. requests or investigations initiated by governmental or regulatory authorities.

The Company may retain and disclose information where required to comply with such legal obligations.

5.4 Fraud Prevention, Security, and Risk Monitoring

The Company may process information to maintain the security and integrity of the Platform and to detect or prevent fraudulent, unauthorized, or illegal activities.

Such processing may include:

  1. monitoring suspicious account activity;
  2. identifying fraudulent transactions;
  3. preventing abuse of promotional schemes or refund policies;
  4. detecting attempts to circumvent Platform security features.

This helps ensure the protection of Users, Suppliers, Lenders, and the Platform itself.

5.5 Platform Improvement and Analytics

Information may also be processed for internal operational purposes, including:

  1. improving the functionality, performance, and reliability of the Platform;
  2. analyzing usage patterns and user behavior;
  3. identifying technical issues or service disruptions;
  4. developing new features, services, or security measures.

Where possible, the Company may rely on aggregated or anonymized data for such analytical purposes.


6. Sharing and Disclosure of Information

The Company does not sell or trade Users' Personal Information. However, information may be shared with certain categories of entities where necessary for the provision of Services, regulatory compliance, or legitimate operational purposes.

6.1 Sharing with Participating Lenders

Where Users apply for Credit Facilities through the Platform, the Company may share relevant information with participating Lenders, including banks and non-banking financial companies.

Such information sharing may include:

  1. identity and KYC information;
  2. financial information relevant to loan applications;
  3. credit bureau reports retrieved with User consent;
  4. documentation submitted by Users in support of loan applications.

This sharing is necessary to enable Lenders to conduct credit evaluation, underwriting, documentation, disbursement, and regulatory reporting in connection with Credit Facilities.

6.2 Sharing with Service Providers

The Company may engage third-party service providers to assist in operating the Platform and providing Services.

These may include:

  1. payment gateways and payment aggregators;
  2. cloud infrastructure providers;
  3. KYC and identity verification agencies;
  4. analytics and fraud detection service providers;
  5. logistics and delivery partners;
  6. communication service providers.

Such service providers receive access to User information only to the extent necessary to perform their contractual functions and are required to maintain appropriate confidentiality and security standards.

6.3 Sharing with Regulatory Authorities

The Company may disclose User information where required:

  1. under applicable laws or regulations;
  2. pursuant to lawful orders issued by courts, tribunals, or governmental authorities;
  3. in response to investigations conducted by regulatory or law enforcement agencies.

Such disclosure shall be limited to the extent required to comply with the relevant legal obligations.

6.4 Corporate Restructuring

In the event of a merger, acquisition, restructuring, or transfer of assets involving the Company, User information may be transferred to the acquiring entity or successor organization as part of such corporate transaction, subject to applicable legal obligations relating to confidentiality and data protection.


7. Data Storage and Security

The Company implements reasonable administrative, technical, and physical safeguards designed to protect User information from unauthorized access, disclosure, alteration, or destruction.

Such safeguards may include:

  1. encryption of sensitive data during transmission and storage;
  2. access control mechanisms restricting data access to authorized personnel;
  3. system monitoring and audit logging;
  4. regular security assessments and vulnerability testing.

Access to sensitive categories of data, including financial information and KYC documentation, is restricted to authorized personnel on a need-to-know basis. While the Company takes commercially reasonable steps to protect information, Users acknowledge that no electronic transmission or storage system can be guaranteed to be completely secure.


8. Data Retention

The Company retains User information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted under applicable law.

User information may be retained for purposes including:

  1. providing and improving Services;
  2. complying with legal or regulatory obligations;
  3. maintaining records required under agreements with Lenders or Vendors;
  4. resolving disputes or enforcing contractual rights.

Where information is no longer required for legitimate purposes, the Company may delete or anonymize such information in accordance with internal data retention policies and applicable legal requirements.


9. User Rights

Subject to applicable law, Users may have certain rights with respect to their Personal Information processed by the Company.

These rights may include:

  1. the right to access information held about them;
  2. the right to request correction of inaccurate or outdated information;
  3. the right to withdraw previously provided consent for certain processing activities;
  4. the right to request deletion of information where legally permissible.

Requests relating to such rights may be submitted to the Company using the contact details provided in this Privacy Policy. The Company may decline or limit such requests where required to comply with legal obligations or where retention of information is necessary for legitimate operational or regulatory purposes.


10. Consent Management and Legal Basis of Processing

The Company processes Personal Data primarily on the basis of User consent and legitimate operational necessity, in accordance with the Digital Personal Data Protection Act, 2023 and other Applicable Laws.

Users provide consent for the collection and processing of their Personal Data by:

  1. registering an account on the Platform;
  2. submitting information through forms or applications on the Platform;
  3. applying for Marketplace Services or Finance Services;
  4. granting device permissions through their device settings;
  5. executing or accepting digital consent declarations required for KYC, credit information retrieval, or loan processing.

Such consent shall be considered specific, informed, and freely given, and shall be obtained prior to the collection or processing of Personal Data where required under Applicable Law.

Users may withdraw previously granted consent by contacting the Company or by modifying permissions within their device settings, subject to the limitations that withdrawal of consent may restrict access to certain features or Services where the relevant data is necessary for regulatory compliance or operational functionality. Where consent is withdrawn, the Company shall cease processing Personal Data for the relevant purpose unless such processing is required:

  1. to comply with legal or regulatory obligations;
  2. to enforce contractual rights;
  3. to detect or prevent fraud;
  4. or to establish, exercise, or defend legal claims.

11. Credit Information and Credit Bureau Processing

Where Users apply for Credit Facilities through the Platform, the Company may facilitate the retrieval and transmission of credit information from Credit Information Companies registered under the Credit Information Companies (Regulation) Act, 2005.

Such processing shall occur only after the User has provided explicit and informed consent through a separate credit bureau consent declaration.

Upon such consent, the Company may:

  1. retrieve credit reports and credit scores from authorized Credit Information Companies;
  2. share relevant application data with participating Lenders for the purpose of credit evaluation;
  3. transmit repayment information or loan performance information to Lenders where required.

Users acknowledge that:

  1. credit bureau inquiries may be conducted by one or more participating Lenders;
  2. such inquiries may involve "hard" or "soft" credit checks depending on the Lender's internal policies;
  3. multiple credit bureau inquiries may occur where the User's loan application is routed to multiple Lenders.

The Company itself does not determine credit eligibility and does not independently modify or influence credit scores maintained by Credit Information Companies.


12. Role of the Company as Data Fiduciary and Data Processor

Depending on the nature of the Services being provided, the Company may act either as a Data Fiduciary or as a Data Processor under applicable data protection laws.

12.1 Data Fiduciary Role

For activities relating to the operation of the Platform, including account registration, Marketplace Services, and general Platform functionality, the Company acts as a Data Fiduciary, determining the purposes and means of processing Personal Data.

In this capacity, the Company is responsible for:

  1. ensuring lawful processing of Personal Data;
  2. implementing appropriate security safeguards;
  3. responding to User requests relating to Personal Data.

12.2 Data Processor Role

Where the Company processes Personal Data on behalf of participating Lenders in connection with Finance Services, including loan application transmission, KYC verification support, or credit bureau processing, the Company may act as a Data Processor providing technology and operational services to such Lenders.

In such cases:

  1. the relevant Lender remains responsible for determining the purpose and legal basis for processing Personal Data in connection with Credit Facilities;
  2. the Company processes Personal Data strictly in accordance with contractual obligations and regulatory requirements applicable to such arrangements.

13. Data Localization

User Personal Data collected through the Platform shall be stored and processed on secure infrastructure located within India. The Company does not routinely transfer Personal Data outside India unless such transfer becomes necessary for lawful operational purposes and is permitted under Applicable Law.

Where any cross-border data transfer is required, the Company shall ensure compliance with the Digital Personal Data Protection Act, 2023 and implement appropriate contractual and technical safeguards.


14. Cookies and Tracking Technologies

The Platform may use cookies and similar technologies to enhance user experience, analyze Platform performance, and ensure the proper functioning of the Platform.

Cookies are small text files stored on a User's device that enable the Platform to recognize returning Users and remember certain preferences. Users may configure their browser settings to disable cookies; however, certain features of the Platform may not function properly if cookies are disabled.


15. Third-Party Links

The Platform may contain links to websites or services operated by third parties.

The Company does not control such third-party websites and is not responsible for their privacy practices or content. Users are encouraged to review the privacy policies of such third-party platforms before providing any personal information.


16. Modifications to This Privacy Policy

The Company reserves the right to modify or update this Privacy Policy from time to time in order to reflect changes in legal requirements, operational practices, or Platform functionality.

Any updated version of this Privacy Policy shall be published on the Platform and shall become effective upon publication. Continued use of the Platform following such updates shall constitute acceptance of the revised Privacy Policy.


17. Grievance Redressal

Users may contact the Company's designated Grievance Officer for any concerns or complaints relating to the processing of Personal Information.

Name: Vishal Suryavanshi

Designation: Chief Grievance Officer

Email: info@gopaperclip.in

The Company shall endeavor to acknowledge and address grievances within the timelines prescribed under applicable law.


18. Governing Law

This Privacy Policy shall be governed by the laws of India. Any disputes arising in connection with this Policy shall be subject to the dispute resolution mechanism specified in the Terms of Service governing the use of the Platform.