Data Security Policy

Credknow Solutions Private Limited

Purpose

The purpose of this Data Security Policy is to ensure the confidentiality, integrity, and availability of all data handled, stored, or transmitted by Credknow Solutions Private Limited ("Credknow"). This policy outlines the data security protocols to protect sensitive personal and financial information collected through our Digital Lending Application (DLA) and associated systems in compliance with applicable Indian laws, RBI regulations, and global data security standards.

Scope

This policy applies to:

  • All employees, contractors, vendors, and third-party service providers of Credknow.
  • All digital assets, databases, servers, networks, software, and devices (including BYOD) used to store, access, or process Credknow’s data.
  • All personal, financial, and business data of users collected or processed by Credknow’s DLA and systems.

Data Classification

  • Confidential Data: Includes customer PII, financial records, KYC data, and business-critical information.
  • Internal Data: Business operation data, non-public strategies, internal communications.
  • Public Data: Marketing materials, publicly disclosed financial reports, FAQs.

Data Protection Measures

Data Encryption: All sensitive data (in transit and at rest) shall be encrypted using AES 256-bit encryption. Communication is secured via HTTPS/SSL.

Database Security: Data is stored in Microsoft MSSQL, protected with robust authentication. Access logs are maintained.

System and Network Security: Firewalls, IDS, and antivirus solutions are implemented. Regular updates and patching are conducted.

Access Control: Role-Based Access Control (RBAC) is enforced with unique IDs and password policies.

Mobile and Remote Access Security

All mobile devices must be password-protected and encrypted. Remote access requires IT Head approval.

Data Backup and Recovery

Daily automated backups are performed and stored securely onsite and offsite. Regular restoration tests are conducted.

Incident Response and Breach Management

All suspected breaches must be reported to the Technical Head. Incident containment is initiated within 2 hours of detection.

Employee Responsibility and Training

All employees must undergo security training and are responsible for protecting data integrity and access.

Data Retention and Disposal

Data is retained as long as necessary and securely deleted when no longer required.

Third-Party and Vendor Compliance

Third parties accessing Credknow data must adhere to equivalent security policies.

Audits and Reviews

Internal and external IT security audits are conducted periodically with documented corrective actions.

Policy Updates

This policy is reviewed annually and updated as needed.

Compliance

Non-compliance may result in disciplinary action or legal consequences.