Privacy Policy — Supar Bazaar Finance

When you use our financial services at suparbazaar.online, we may collect the following categories of personal information:

A. Identity & Contact Information

• Full Name — required to verify your identity for account opening and KYC compliance
• Email Address — for login, communication, and account alerts
• Phone Number — for OTP authentication, transaction alerts, and customer support
• Date of Birth — for age verification and eligibility assessment
• Residential / Mailing Address — required for credit card delivery and regulatory compliance
• Government-issued ID details (PAN, Aadhaar, Passport, Voter ID) — for KYC verification as mandated by RBI guidelines

B. Financial Information

• Bank Account Details — for linking accounts and processing withdrawals
• Credit/Debit Card Details — processed exclusively through RBI-compliant payment gateways; we do not store raw card numbers
• Income and Employment Information — for credit card eligibility and loan assessments
• Transaction History — to monitor account activity, detect fraud, and generate statements
• CIBIL / Credit Score — accessed with your consent for credit product approvals

C. Technical & Usage Data

• IP Address & Device Information — for security monitoring and fraud prevention
• Browser Type, Version & OS — to optimize performance across devices
• Cookies & Session Data — to maintain login sessions and personalise your experience
• Pages Visited & Click-through Data — to understand how you use our platform
• Referring URL — to improve marketing efforts

D. Communications

• Support ticket history, chat logs, and email threads when you contact us
• Feedback forms, survey responses, and reviews submitted voluntarily

We process your data only for legitimate, clearly defined purposes. The table below describes the primary uses:

We will never sell your personal data to third parties for their own marketing purposes. Marketing communications are sent only with your explicit opt-in consent, and you may withdraw consent at any time via your account settings or by clicking "Unsubscribe" in any email.

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

Authorised Third-Party Service Providers

• Payment Gateway Partners (e.g., Razorpay): To securely process credit card transactions and fund transfers. They are PCI-DSS compliant and bound by strict data protection agreements.
• KYC & Identity Verification Providers: Licensed bureaus for Aadhaar/PAN verification as required by RBI regulations.
• Credit Bureaus (e.g., CIBIL, Experian): For credit profile assessment with your prior consent.
• Analytics Providers (e.g., Google Analytics): Aggregated, anonymised data to understand platform usage. IP anonymisation is enabled.
• Marketing Platforms (e.g., Facebook Pixel): Only if you have consented to marketing cookies. You may opt out via cookie settings.
• Cloud Infrastructure & Hosting Providers: Our services are hosted on secure servers in India. Subprocessors are bound by Data Processing Agreements (DPA).
• Email / SMS Service Providers: For transactional alerts (OTPs, statements) and, with consent, promotional communications.

Legal & Regulatory Disclosures

• We may disclose your information to government authorities, law enforcement, or regulators (RBI, SEBI, PMLA enforcement) when legally compelled to do so.
• In the event of a merger, acquisition, or sale of assets, user data may be transferred with advance notice and continued privacy protection.

We use cookies and similar tracking technologies to enhance your browsing experience, maintain secure sessions, and analyse site performance. Below is a breakdown of cookies used on suparbazaar.online:

Managing Your Cookie Preferences

• Via our Cookie Banner: When you first visit our site, you can choose to "Accept All", "Decline" non-essential cookies, or access granular "Cookie Settings".
• Via your browser: Most browsers allow you to block or delete cookies through their settings (Chrome → Settings → Privacy & Security → Cookies).
• Google Analytics Opt-out: Install the Google Analytics Opt-out Browser Add-on.
• Facebook Pixel Opt-out: Visit Facebook Ad Preferences to control ad tracking.

At Supar Bazaar Finance, the security of your financial and personal data is our highest priority. We implement a multi-layered security framework:

Technical Safeguards

• SSL/TLS Encryption (HTTPS): All data transmitted between your device and our servers is encrypted through industry-standard TLS 1.2/1.3 protocols.
• AES-256 Encryption at Rest: Sensitive data fields (financial identifiers, passwords) are encrypted in our databases.
• Multi-Factor Authentication (MFA/OTP): All account logins and financial transactions require OTP verification via registered mobile number.
• Firewall & Intrusion Detection Systems (IDS): Continuous monitoring for suspicious activity, SQL injection, and brute-force attack attempts.
• Secure Payment Processing: Card payments processed via PCI-DSS Level 1 compliant gateways; raw card data never touches our servers.
• Regular Security Audits: Periodic vulnerability assessments and penetration testing by independent cybersecurity experts.

Organisational Safeguards

• Strict role-based access control — only authorised employees can access user data, on a need-to-know basis.
• All employees handling sensitive data undergo regular data privacy and security training.
• Signed confidentiality agreements with all staff and contractors who access personal data.

Data Retention

• Account and transaction data is retained for a minimum of 5 years as required under the PMLA (Prevention of Money Laundering Act, 2002).
• Inactive accounts may have data deleted (excluding legally mandated records) after 3 years of inactivity, with 30-day prior notice.
• Marketing preferences and consent data are retained for 2 years from the last interaction.

As a user of our platform, you have the following rights over your personal data. To exercise any of these rights, contact us at shaport.suparbazaar.xyz with your registered email and account details:

• 📋 Right to Access: Request a copy of the personal data we hold about you.
• ✏️ Right to Rectification: Correct inaccurate or incomplete information in your profile.
• 🗑️ Right to Erasure ("Right to be Forgotten"): Request deletion of your data where no legal obligation requires its retention.
• ⏸️ Right to Restrict Processing: Request that we temporarily halt processing your data while a dispute is being resolved.
• 📤 Right to Data Portability: Receive your data in a structured, machine-readable format (e.g., CSV/JSON).
• 🚫 Right to Object: Object to processing based on legitimate interests, particularly for direct marketing.
• 🔙 Right to Withdraw Consent: Withdraw previously given consent at any time without affecting prior lawful processing.
• 📝 Right to Lodge a Complaint: File a complaint with the relevant data protection authority in India.

Please note that some requests may be limited where we have legal obligations to retain certain data (e.g., transaction records under PMLA), or where deletion would conflict with our legitimate interest in fraud prevention.

Our platform may contain links to external websites, resources, or partner services. This Privacy Policy applies only to suparbazaar.online and does not govern the practices of third-party sites.

Third-Party Services We Integrate

• Google Analytics: Provides website traffic and usage statistics. Data is anonymised and governed by Google's Privacy Policy.
• Razorpay (or equivalent payment gateway): Handles all payment processing. Subject to Razorpay's privacy policy and PCI-DSS standards.
• Facebook Pixel: Used with consent for marketing conversion tracking. Governed by Meta's Data Policy.
• CIBIL / Credit Bureaus: Credit score checks are performed via licensed bureaus and governed by their respective policies.
• Aadhaar KYC (via UIDAI): Identity verification conducted through UIDAI's authorised API. Aadhaar data is not stored beyond verification.

We encourage you to review the privacy policies of any third-party services you interact with through our platform. We are not responsible for the data practices of these third parties.

Supar Bazaar Finance provides financial services that are strictly intended for adults aged 18 years and above. Our platform does not knowingly:

• Target, solicit, or collect personal information from children under the age of 18.
• Allow minors to create accounts, apply for credit products, or conduct financial transactions.

All account registrations require date-of-birth verification, and users must confirm they are 18 or older during the sign-up process. KYC documentation further ensures age compliance.

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data practices. When we make changes:

• The "Last Updated" date at the top of this page will be revised.
• For material changes that significantly affect how we process your data, we will notify you via email (to your registered address) and/or display a prominent notice on our platform at least 14 days before the changes take effect.
• For minor, non-material updates (such as clarifications or corrections), changes will be published directly with the updated date.
• Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically. All previous versions of this policy are archived and can be requested by contacting our support team.

This Privacy Policy and all disputes relating to the processing of your personal data are governed by the laws of India, including but not limited to:

• The Information Technology Act, 2000 and its amendments
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• The Prevention of Money Laundering Act (PMLA), 2002
• Reserve Bank of India (RBI) Master Directions on Know Your Customer (KYC)
• The Digital Personal Data Protection Act, 2023 (upon full enactment)

Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in India. You agree to submit to the jurisdiction of such courts for the resolution of any such disputes.