Privacy Policy
Effective Date: 28-Feb-2025
1. Introduction This Privacy Policy ("Policy") is a binding agreement between you ("User") and Shaha Finlease Private Limited ("SHAHA FINLEASE," "we," "us," "our"). By accessing or using our services, you acknowledge and agree to the terms of this Policy. No physical, electronic, or digital signature is required for this Policy to be effective.
This Policy explains how SHAHA FINLEASE collects, uses, shares, stores, processes, transfers, and discloses personal information ("PI"), including sensitive personal data or information ("SPDI") and digital personal data ("DPD"), provided by individuals, businesses, existing or prospective customers, and other users ("User(s)"). These data protection practices apply when Users interact with SHAHA FINLEASE via shahafinlease.com, our digital platforms, digital lending software, applications, or associated mobile applications (collectively, "Portal").
2. Commitment to Privacy At SHAHA FINLEASE, we prioritize the privacy of our Users and are committed to protecting their personal data, ensuring a secure online experience. This Policy outlines how personal data collected from, about, or provided by Users is processed by us. By consenting to our data practices, you acknowledge that your personal information will be collected, stored, used, and disclosed in accordance with this Policy.
3. Acceptance of Terms By accessing or using the Portal, you confirm that you have read, understood, and expressly agreed to this Policy. Users are encouraged to review this Policy carefully before using the Portal. SHAHA FINLEASE is not liable for privacy breaches resulting from User negligence. When Users access, download, or use our Services, they consent to the collection, transfer, storage, disclosure, and other uses of their information as per this Policy. A link to this Privacy Policy will be available on the Portal for easy reference.
4. Scope and Legal Compliance This Policy applies to all PI, SPDI, and DPD collected for the purpose of providing our Services. The term "PI" as used in this Policy includes SPDI, and DPD where applicable. This Policy is established in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("IT RSP Rules"), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("Intermediary Rules"), and the Digital Personal Data Protection Act, 2023, along with relevant guidelines issued by regulatory authorities.
5. Consent and Data Sharing By using the Portal or providing us with PI, SPDI, or DPD, you consent to our data practices, including collection, processing, storage, and sharing of your personal information with lenders, partners, and service providers for the purposes outlined in this Policy. If you do not agree with these terms, please refrain from using the Portal or sharing personal data with us.
6. Policy Updates SHAHA FINLEASE reserves the right to modify this Policy without prior notice due to changes in laws, regulatory requirements, or statutory directions. Users are advised to review this Policy periodically to stay informed about any changes and how their data is managed.
7. Digital Lending Compliance SHAHA FINLEASE may engage in activities that fall within the scope of "digital lending activity" as defined under the Digital Lending Guidelines ("DLG Guidelines") issued by the Reserve Bank of India ("RBI").
8. Information Collected by SHAHA FINLEASE
    · Personal Information: Data that uniquely identifies a User, including name, address, contact details, payment information, and identity documents.
    · Sensitive Personal Information: Financial details (e.g., bank accounts, credit/debit card details), passwords, and other sensitive identifiers, except for publicly available information.
    · Digital Personal Data: Personal data maintained in digital form
SHAHA FINLEASE collects and processes various types of User Information, depending on how Users interact with the Portal. This includes:
  1. Identifying information such as full name, address, email, phone number, date of birth, and bank/payment details.
  2. Device permissions including access to camera, microphone, and location for Know Your Customer ("KYC") verification.
  3. Device and browser information such as IP addresses, browser type, device model, operating system, and app usage data.
  4. Mobile device identifiers for advertising and analytics purposes.
  5. Credit-related information, including employment details, tax records, financial statements, and credit scores.
  6. Bank account details and transaction history.
  7. KYC documents including identity and address proofs, PAN, and photographs.
  8. User activity data, including search history, visited pages, and transaction logs.
  9. Information voluntarily shared by Users, such as uploaded documents, feedback, and reviews.
  10. Third-party data obtained from business partners, analytics providers, and financial institutions.
  11. Information collected via cookies and similar tracking technologies.
By providing this information, Users consent to its collection, processing, and usage as per this Policy.
Depending on the User(s) (e.g., merchant, customer, cardholder, consumer, supplier, or business partner) and their interactions with SHAHA FINLEASE (via Website, Application, online portal, telephone, IVR, API, online, or offline), different categories of Personal Information (including Sensitive Personal Information) may be collected, used, stored, analyzed, combined, transferred, or otherwise processed. Any publicly available information or data disclosed under applicable laws (e.g., Right to Information Act, 2005) is not considered Sensitive Personal Information.
9. User Information Collection and Consent
The User Information includes any Personal Information and Sensitive Personal Information of the User(s). We may request additional User Information on a case-by-case basis. All User Information disclosed shall be deemed voluntarily provided, without coercion. SHAHA FINLEASE holds no liability for the authenticity, accuracy, or misrepresentation of User Information and is not responsible for its verification.
User(s) acknowledge and consent that third-party service providers such as partners, merchants, marketers, financial organizations, bureaus, verification agencies, and collection service providers may collect and use User Information through the Portal as per this Policy and their respective privacy policies. When User(s) avail products or services from our financiers, they agree to be bound by the financiers’ privacy policies.
Where possible, we indicate mandatory and optional fields on the Portal. User(s) can choose not to provide certain information, though it may limit their access to specific features. User Inputs posted and transmitted through the Portal are at the User(s)' own risk. While we implement security measures, we cannot guarantee absolute protection against unauthorized access. User(s) should be cautious when sharing sensitive information.
By using the Portal, the User(s) consent to the collection, storage, and use of their User Information for the services offered. We collect only relevant User Information necessary for providing services and shall not be liable for its authenticity. User(s) represent and confirm that their provided User Information is accurate and valid.
10. Methods of Collection of User Information
We may collect User Information through:
    1. Direct or indirect provision by the User(s);
    2. User(s) navigation on the Portal;
    3. Public domain sources;
    4. Independent third parties such as financiers, merchants, credit bureaus, etc.;
    5. The account aggregator ecosystem as per applicable regulations.
User(s) also consent to the collection of information from credit bureaus, Know Your Customer (KYC) Registration Agencies (KRAs), and account aggregator frameworks for KYC completion and credit evaluation, as required by financial institutions for processing applications for financial products
11. Use and Disclosure of User Information
User(s) explicitly consent to the use of their User Information for:
    1. Identity verification and authentication;
    2. Authorization and risk management;
    3. Facilitating Portal usage;
    4. Conducting internal risk assessments;
    5. Compliance with legal obligations;
    6. Connecting User(s) with financiers, merchants, and other third parties;
    7. Sending surveys and marketing communications;
    8. Performing creditworthiness checks;
    9. Internal reviews, research, and surveys;
    10. Transaction processing;
    11. Diagnosing technical issues and providing support;
    12. Communication and advertisements;
    13. Report preparation and review;
    14. Contacting User(s) regarding services and offers;
    15. Enabling participation in interactive Portal features;
    16. Improving Portal content and integrity;
    17. Managing Our relationship with the User(s).
Further User(s) provides explicit consent for collection of information, on our Portal (which may be collected from the parties as per this Policy), which includes but is not limited to (“User Information”):
  1. Full name, address, email address, telephone number, date of birth and bank or payment details and any proof of identity and/or address, postal code, profile picture, password and other information User(s) may provide with User(s) account (including but not limited to, account holder, account name, account number, available balance and transaction history as may be required by Us to facilitate use of the Portal), ITR, Tax Certificates or any other income documents as necessary by Us, such as User(s) gender, mobile phone number and website and all other information, User(s) may provide Us through third-party sign-in services such as Facebook and Google. In such events/ cases, We fetch and store whatever information is made available to Us by the User(s) through these sign-in services or otherwise;
  2. Device’s’ camera, microphone, location or any other facility as may be required for Know Your Customer (“KYC”) purposes and which will be accessed only one time and only for KYC purposes; User(s) preferences including settings such as time zone and language, IP addresses, application, device or browser type, versions and configurations, operating systems, device brand and model, time zone setting, content, unique identifiers associated with User(s) device(s) and pages that User(s) access on the Portal, and the dates and times that User(s) visit the Portal, and paths taken;
  3. Unique mobile device identifier (e.g., IDFA or other device IDs on Apple devices like the iPhone and iPad), if User(s) are using Our Portal/ Affiliated parties on a mobile device, we may Use mobile device IDs (the unique identifier assigned to a device by the manufacturer), instead of cookies, to recognize the User(s). Unlike cookies, mobile device IDs cannot be deleted from records. We may share it with advertising companies, and they may Use device IDs to track the User(s)’s use of Our Portal, track the number of advertisements displayed, measure advertising performance and display advertisements that are more relevant to the User(s). We may also share it with analytics companies which may use mobile device IDs to track the User(s), usage of Our Portal. We access the User(s) phone resources or metadata only in compliance with applicable law;
  4. Credit related information or assessment, credit information and income information about the User(s) (e.g., employment contract, salary details, employer name, tax returns, bank account statements, income statements, balance sheet, cashflow statement), credit or score or reliability scores provided by third parties such as Our Financiers, financial institutions (including TransUnion CIBIL Limited and other credit bureaus) or similar third parties as permitted under applicable laws of India including Our business partners, independent service providers and Our group entities;
  5. Financial information such as the User(s) bank account numbers and bank account data including ACH, NEFT, IMPS and UPI ID details, salary and income details;
  6. KYC of the User(s) information including all proofs of identity and address, photograph, Permanent Account Number (PAN), etc
  7. Details of the User(s) visits to the Portal, including but not limited to, web logs and other communication data; other information related to the Portal such as the User(s) search queries, comments, domain names, search result selected, number of clicks, pages viewed and order of those pages, how long the User(s) visited our Portal, the date and time the User(s) used the Portal, error logs and other similar information;
  8. Information provided, uploaded, shared by the User(s) through Our Portal/Affiliated parties , including inter alia the User(s) PAN details, TAN details, details of incorporation, government and business-related approvals/ consents/ licenses, tax certificates, invoices, reviews, photographs, comments, lists, followers, the User(s) follow, current and prior purchase or browsing details, contact or notification information, and other information in the User(s) account profile; User(s) financial information (as defined under applicable laws) from an account aggregator as per applicable laws
  9. User(s) search details such as search terms the User(s) have looked up and results the User(s) selected;
  10. Communications between the User(s) and other Financiers, merchants, and other third parties through Our Portal/Affiliated parties; participation by the User(s) in a survey, poll, sweepstakes, contest, or promotion scheme; User(s) request for certain features (e.g., newsletters, updates or other products/ services);
  11. The information provided by the User(s) such as ratings, reviews, tips, photos, comments, likes, bookmarks, friends, lists, etc. to be published or displayed on publicly accessible areas of Our Portal or transmitted to other User(s) of Our Portals or third- parties (collectively, “User Inputs“);
  12. Information collected from third party business partners, technical sub-contractors, analytics providers, search information providers, such as delivery address or contact information or other details which may be combined with the User Information collected on the Portal and as provided in this Policy;
  13. Information collected from third party business partners, technical sub-contractors, analytics providers, search information providers, such as delivery address or contact information or other details which may be combined with the User Information collected on the Portal and as provided in this Policy;
The User Information includes any Personal Information and Sensitive Personal Information of the User(s).
SHAHA FINLEASE may disclose User Information as required by law, court orders, or legal procedures without prior notice. User(s) acknowledge that such disclosure is necessary and lawful
12. Storage of User Information
User Information is stored on servers in India, owned by SHAHA FINLEASE or third parties, and retained for at least five years after the end of the business relationship. We do not store biometric data.
13. Transfer of User Information
User Information is stored in India but may be transferred to third parties within or outside India for lawful purposes with User(s)’ consent. We ensure that such third parties provide data protection equivalent to SHAHA FINLEASE’s standards
14. Cookies and Tracking Technologies
We use cookies and tracking technologies to improve user experience, remember preferences, and enhance security. Cookies do not provide access to User(s) personal data but allow functionality improvements. User(s) may disable cookies, though it may limit Portal functionality.
15. Third-Party Sharing of User Information
User Information is not shared with third parties unless necessary for providing services. Such disclosure shall not result in wrongful loss or gain to any party. Third-party partners may use cookies or tracking technologies, which are governed by their policies.
16. Third-Party Content
SHAHA FINLEASE’s Portal may contain links to third-party websites. We do not control or guarantee compliance with our privacy standards on those sites. User(s) access third-party links at their own risk and should review their privacy policies.
17. Right to Withdraw Consent
User(s) may withdraw consent for processing their data. However, this may impact service provision. Requests for withdrawal should be directed to the Nodal Officer as outlined in the Grievance Redressal section.
18. Grievance Redressal
For complaints under applicable laws, including IT and FinTech regulations, User(s) may contact:
19. Governing Law and Dispute Resolution
This Policy is governed by the laws of India. Disputes shall be resolved through arbitration under the Arbitration and Conciliation Act 1996, with Hyderabad courts having exclusive jurisdiction.
20. Submission of Information
Information submitted to SHAHA FINLEASE via the Portal, emails, or other means is considered SHAHA FINLEASE’s property. We do not guarantee email security during transmission.
21. Updating User Informatio
User(s) must update their information as necessary via their account settings or by contacting customer care at kamal.vyas@shahafinlease.com.
22. Acceptance of Terms
By accessing the Portal, submitting an application, or sharing information with SHAHA FINLEASE, User(s) acknowledge and accept this Policy and consent to the use and disclosure of information as outlined herein.

Content Privacy
Intellectual Property
User(s) are granted access to the Portal solely for permitted use in accordance with this Policy. The content and services available on the Portal, including but not limited to text, images, videos, audio, and graphics, are the property of SHAHA FINLEASE or are used with permission. These materials are protected under applicable copyright laws, trademarks, service marks, and international treaties.
The trademarks, logos, slogans, and service marks (collectively referred to as “Trademarks”) displayed on the Portal are registered and unregistered Trademarks of SHAHA FINLEASE and other respective owners. No rights or licenses to use these Trademarks are granted without prior written consent from SHAHA FINLEASE or the relevant third-party owner. Any misuse of the Trademarks or Portal content is strictly prohibited.
SHAHA FINLEASE will actively enforce its intellectual property rights, including seeking legal action for any violations. Equitable relief, including damages (direct, indirect, consequential, and exemplary), may be pursued in addition to other available legal remedies.
Restrictions on Use
User(s) agree to use the Portal strictly for personal purposes. Any commercial use, distribution, transfer, or exploitation of the information available on the Portal, including any activities that may compete with SHAHA FINLEASE’s business interests, is strictly prohibited.
User(s) acknowledge that the Portal has been developed through substantial investment and effort by SHAHA FINLEASE and others, constituting valuable intellectual property and trade secrets. User(s) must protect the proprietary rights of SHAHA FINLEASE and its content providers and promptly notify SHAHA FINLEASE of any unauthorized access or potential intellectual property violations.
User(s) may download and store Portal content for personal use only, subject to restrictions that prevent storage on network-connected servers or shared storage devices. All intellectual property on the Portal remains the exclusive property of SHAHA FINLEASE.
Privacy Restrictions
The content of the Portal must not be displayed, reproduced, or printed in any form, in whole or in part, without prior written approval from SHAHA FINLEASE. Any unauthorized copying, modification, uploading, downloading, transmission, or distribution of Portal content for commercial purposes is strictly prohibited. Unauthorized reproduction of Portal materials, with or without modifications, constitutes a copyright violation and an illegal act.
Access Restriction
SHAHA FINLEASE reserves the right to deny User(s) access to the Portal, in whole or in part, at its sole discretion, without prior notice. The Portal is available only to individuals legally capable of forming binding contracts under applicable law. Users deemed “incompetent to contract” under the Indian Contract Act, 1872 (including un-discharged insolvents) are ineligible to use the Portal.