Privacy Policy

1. Who We Are

FinMandi is an online financial information and comparison platform operated from India. We are a Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023, as we determine the purpose and means of processing your personal data.

Platform: finmandi.com
Nature: Financial product comparison, information, and lead generation
Contact: hello@finmandi.com

2. Information We Collect

We collect only the minimum personal data necessary for the purpose stated. This includes:

• Identity information — Full name provided in our eligibility or consultation forms
• Contact information — Mobile number and/or email address for follow-up communication
• Demographic information — City, monthly income, and product interest for matching purposes
• Usage data — Search queries, calculator inputs, pages visited, time spent, and interaction patterns
• Device and technical data — IP address, browser type, operating system, screen resolution, and referral source
• Cookie data — Preference cookies, analytics cookies, and advertising cookies (with your consent)

We do not collect sensitive personal data such as Aadhaar numbers, PAN numbers, bank account details, passwords, biometric data, or credit/debit card information.

3. Legal Basis for Processing

Under the DPDP Act, 2023, we process your personal data on the following legal bases:

• Consent — When you fill our eligibility form or interact with our tools, you provide express consent to process your data for the stated purpose
• Legitimate use — Processing necessary to respond to your voluntary query or request for financial product information
• Legal obligation — Where processing is required to comply with applicable Indian laws, RBI guidelines, or court orders

You have the right to withdraw your consent at any time. See Section 10 for details.

4. How We Use Your Information

Your personal data is used solely for the following stated purposes:

• To match you with relevant loan, insurance, credit card, or savings products based on your stated profile
• To provide free financial consultation and connect you with our advisory team
• To respond to your search queries and provide instant banking information
• To improve the accuracy of our calculators, comparisons, and content
• To send rate alerts, financial tips, or product updates — only if you have opted in
• To analyse website usage patterns and improve user experience
• To comply with legal obligations and prevent fraudulent activity
• To display relevant financial product advertisements via Google AdSense

We do not use your data for automated decision-making that produces legal or similarly significant effects without human oversight.

5. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Lending & financial partners — Only when you explicitly request a product, quote, or eligibility check through our platform
• Technology service providers — Third-party vendors who assist in operating our website under strict confidentiality agreements
• Google Analytics — Anonymised and aggregated usage data only. No personally identifiable information is shared
• Google AdSense — Cookie-based data for relevant financial advertisements, governed by Google's own privacy policy
• Legal requirements — When required by Indian law, court order, or regulatory authority
• Business transfer — In the event of a merger or acquisition, with appropriate notice to you

6. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience. You may control these through your browser settings.

• Essential cookies — Required for core functionality. Cannot be disabled
• Analytics cookies — Google Analytics for understanding user behaviour. Can be opted out via Google's opt-out tools
• Advertising cookies — Google AdSense for relevant financial advertisements
• Preference cookies — To remember your display and region preferences

7. Data Security

We implement reasonable security practices as required under Section 43A of the IT Act, 2000 and the DPDP Act, 2023, including:

• SSL/TLS encryption (HTTPS) on all pages and data transmissions
• Restricted access — only authorised personnel can access personal data on a need-to-know basis
• Regular security reviews and vulnerability assessments
• No storage of sensitive financial credentials such as bank account numbers or passwords
• Secure server infrastructure hosted with industry-standard providers

8. Data Retention

We retain your personal data only as long as necessary for the stated purpose or as required by Indian law:

• Eligibility form data — Retained for 12 months, then securely deleted or anonymised
• Analytics data — Anonymised data retained for up to 26 months (Google Analytics default)
• Communication records — Retained for 24 months for service quality and legal compliance
• Legal hold — May be retained longer if required by a court order or regulatory investigation

9. Your Rights as a Data Principal

Under the DPDP Act, 2023, you have the following rights:

• Right to access — Request a summary of the personal data we hold about you
• Right to correction — Request correction of inaccurate or incomplete data
• Right to erasure — Request deletion of your personal data, subject to legal retention requirements
• Right to grievance redressal — File a complaint with our Grievance Officer and subsequently with the Data Protection Board of India
• Right to withdraw consent — Withdraw consent for data processing at any time (see Section 10)
• Right to nominate — Nominate an individual to exercise your rights in the event of death or incapacity

To exercise any right, contact us at hello@finmandi.com. We will respond within 30 days.

10. Consent & Withdrawal

Your consent is obtained when you submit our forms, use our tools, or continue to use FinMandi after being presented with this policy.

To withdraw consent: Email hello@finmandi.com with subject line "Withdraw Consent" along with your name and mobile number. We will process your request within 7 business days.

11. Children's Privacy

FinMandi is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. Under the DPDP Act, 2023, processing of children's data requires verifiable parental consent. If you believe a minor has submitted information without parental consent, contact us immediately at hello@finmandi.com and we will delete such data promptly.

12. Cross-Border Data Transfer

Your data is primarily stored and processed within India. Where we use third-party services such as Google Analytics and AdSense, data may be processed on servers outside India, subject to those providers' privacy policies and standard contractual safeguards. We do not transfer sensitive personal financial data outside India.

13. Data Breach Notification

In the event of a personal data breach, FinMandi will:

• Notify the Data Protection Board of India as required under the DPDP Act, 2023
• Inform affected users whose data may have been compromised, without undue delay
• Take immediate remedial action to contain the breach and prevent recurrence
• Maintain a complete record of the breach and our response for regulatory purposes

14. Grievance Redressal

In accordance with the IT Act, 2000 and the DPDP Act, 2023, we have designated a Grievance Officer to address privacy concerns:

If you are not satisfied with our resolution, you may escalate your complaint to the Data Protection Board of India once fully operational under the DPDP Act, 2023.

15. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be posted on this page with a revised date. Continued use of FinMandi after changes constitutes acceptance of the updated policy. We recommend reviewing this page periodically.