Privacy Policy
1. PREAMBLE
Lionlender Finance Pvt. Ltd. (“LLFPL”, “Company”, “we”, “our”, “us”) is a Non-Banking Financial Company (NBFC – ICC) registered with the Reserve Bank of India under Section 45-IA of the RBI Act, 1934. We operate in accordance with the Companies Act, 2013, RBI Directions, and all applicable Indian laws.
LLFPL is committed to protecting the privacy and confidentiality of personal information. This Privacy Policy explains how we collect, use, store, share, retain, and safeguard personal data across our website, mobile application, digital lending systems, APIs, and associated services (“Platform”).
This Policy forms part of the Platform’s Terms of Use and applies to all users interacting with LLFPL through digital and physical channels.
This Policy complies with:
• Information Technology Act, 2000
• IT (Reasonable Security Practices and Procedures and SPDI) Rules, 2011
• IT (Intermediary Guidelines & Digital Media Ethics Code) Rules, 2021
• RBI Digital Lending Directions, 2025
• All applicable guidelines, notifications, and directives issued by regulators.
BY INSTALLING, ACCESSING, OR USING OUR PLATFORM, YOU CONSENT TO THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE, YOU SHOULD NOT USE THE WEBSITE, MOBILE APPLICATION, OR ANY RELATED SERVICES.
2. COVERAGE & APPLICABILITY
This Policy applies to all existing and prospective customers and any individual (“User”) who interacts with LLFPL through its Digital Properties, including the mobile app, website, and any electronic system used for offering secured or unsecured loans.
Minors (below 18 years) may access the Platform only under parental supervision.
LLFPL does not knowingly collect information from minors. Use of the Platform by minors is strictly prohibited.
Eligibility:
To use the Platform or avail LLFPL’s services, you must:
Be at least 18 years of age
And below 60 years of age
Be of sound mind
Not be disqualified under applicable laws
Be a resident of India
3. DEFINITIONS
a. Applicable laws mean all provisions of laws, statutes, ordinances, rules, regulations, permits, certificates, judgements, decisions, decrees or orders of any governmental authority applicable to a Person and includes the Digital Personal Data Protection Act 2023 (as applicable); Guidelines on Digital Lending 2022; Reserve bank of India (Outsourcing of Information Technology Services) Directions 2023; Reserve Bank of India Directions on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs 2017; Reserve Bank of India (Know Your Customer (KYC)) Directions 2016; Information Technology Act 2000; Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011; and Credit Information Companies Act 2005 (“CIC Act”) read with the Credit Information Companies Rules 2006; each as amended from time to time.
b. Cookies are small data files stored on your device that help us recognize you on subsequent visits and remember your preferences.
c. Data means and include a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer; and with respect to credit institutions or a credit information company, means such facts which are collected by or furnished to them, in respect of a borrower or client, as the case may be, and forms part of the credit information relating to such borrower or client, which is maintained, disseminated and used by them in accordance with the provisions of the CIC Act.
d. KYC shall mean Know Your Customer.
e. LSP means a lending service provider which is an agent of an RE who carries out one or more of lender’s functions or part thereof in customer acquisition, underwriting support, pricing support, servicing, monitoring, recovery of specific loan or loan portfolio on behalf of REs in conformity with extant outsourcing guidelines issued by the Reserve Bank of India.
f. Person shall mean any natural person, company, corporation, partnership, proprietorship, trust, union, association, government or any agency thereof or any other entity that may be treated as a person under applicable law.
g. Personal Data shall have the same meaning as that under Applicable Laws and shall include any information that relates to a natural person which, either directly or indirectly, in combination with other information available or likely to be available with a Body Corporate, is capable of identifying such person.
h. Platform means the website, mobile application, physical stores, kiosks, customer touchpoints and any other platform owned and/or operated by LLFPL.
i. Information means any personal, financial, transactional, or technical data relating to a customer or user, including identity details, contact information, KYC records, financial information, device or usage data, and any other data.
j. Consent means the clear, free, specific, and informed permission given by a customer for the collection, use, sharing, or processing of their Information.
k. Contractual Necessity means the processing of Information that is required to enter into, perform, or enforce a contract with a customer, including for providing financial products or services.
l. Legal Obligation means the processing of Information as required to comply with applicable laws, regulations, court orders, or the directions and guidelines issued by the Reserve Bank of India (RBI), as updated from time to time.
m. Legitimate Interest means the lawful and reasonable business purpose for which Information is processed, such as fraud prevention, network security, service improvement, and compliance monitoring, provided that such processing does not override the rights of the customer.
Services shall mean all services as provided for in the Terms and Conditions of the Platform, including loans and other services pertaining to personal finance management, including activities such as analysis of your bank account transactions, investment portfolios, deposits and any other instruments, aimed at furnishing users with analytical insights and data provided by LLFPL through its Platform.
4. CONSENT
By using the Platform, you consent to:
• Processing of your personal data for loan-related operations
• Aadhaar eKYC/OKYC, PAN/KYC verification, CKYC/CERSAI checks, DigiLocker access
• Communication for servicing, regulatory requirements, and permitted marketing
• Storage of information as per legal and business requirements
• e-mandate registration and e-sign-based authentication
Where required, explicit consent will be taken for non-essential cookies, device permissions, and additional data usage.
SOURCES OF INFORMATION
Following are the sources of 'information' collected by LLFPL:
· From the User, during the product application journey, either online
or offline.
· From User's browser, mobile application, or mobile device, including cookies etc.
· From its Service providers, dealers, agents/agencies, including the server from the User's browser, mobile app, or mobile device.
· Customer Information from Email with the consent of User as part of rendering Financial Services.
6. DATA COLLECTION
Collection of data:
LLFPL collects user data through online forms, mobile app permissions, APIs, and secure third-party integrations, solely for lawful business functions.
Core purposes include:
Identity verification and KYC compliance;
Creditworthiness assessment and loan processing;
Loan disbursement, repayment management, and fraud prevention;
Customer support and regulatory reporting;
Analytics, research, and service enhancement.
Processing of personal data by LLFPL complies with the Information Technology Act, 2000, the Digital Lending Guidelines, 2025 (as issued by the Reserve Bank of India), and all applicable laws.
Device and Permission-Based Data Use:
Location: Accessed once during onboarding to verify borrower location and service availability.
Phone and Device Information: Used for fraud prevention, device authentication, and communication enablement.
Camera: One-time access for KYC documentation and identity verification (e.g., selfie capture).
Mobile Application Data: Technical information (browser type, OS, IP, cookies, SDK analytics) may be collected to improve functionality and security.
No consent, may limit the availability of certain services such as loan eligibility or disbursement. Such implications will be clearly communicated at the time of consent.
LLFPL collects and stores only essential and limited biometric data, strictly where required by law and applicable regulations.
All collected data is used solely for legitimate business purposes including KYC verification, credit scoring, risk assessment, fraud prevention, and service improvement.
Purpose:
LLFPL uses the information collected from you for the following purposes:
To provide, operate, and support the financial services offered by LLFPL.
To promote and offer LLFPL’s products and services.
To evaluate, improve, and develop our existing services and features.
To provide customer support and enhance user experience.
To comply with applicable laws, regulations, and mandatory reporting requirements.
To share or process your information, as permitted by law or agreement, with third-party service providers involved in delivering LLFPL’s services.
To share information with Credit Information Companies (such as CIBIL, Experian, CRIF) for credit checks, behavioural analysis, and credit bureau reporting.
7. DEVICE PERMISSIONS (Lionlender App):
If User accesses Lionlender Mobile Application available on the Google Play and App Store, LLFPL may require certain device permissions to provide the User certain functionalities within the application in accordance with prevailing law/regulation. This further allows the User a seamless experience on LLFPL platform.
" Lionlender " application uses the below mentioned device level permissions:
Sr. No.
Permission
Description
Permission Availability
Purpose
1
Location
Allow app to access your location
Both Android and iOS
Customer KYC, Fraud Prevention
2
Contacts
Grants access to your contacts
Both Android and iOS
UPI services
3
Photos
Allows app to access your photos and videos
Both Android and iOS
UPI payments via QR code, OVD upload
4
Camera
Allows app to capture and upload photos
Both Android and iOS
UPI payments via QR code, OVD upload
5
Microphone
Grants access to your microphone
Both Android and iOS
Voice Search
6
Notifications
Allows app to send you notifications
Both Android and iOS
Transactional and promotional communication
7
Files, Media and Storage
Allows app to access your files
Both Android and iOS
Servicing customer requests for products, KYC, allowing customers to download product documents
8
Phone
Make and manage phone calls
Only for Android
SIM Binding for app security, UPI Registration
9
SMS
Send and view SMS
Only for Android
SIM Binding for app security, UPI Registration
Note: Customer contact details are accessed only to facilitate mentioned purposes. LLFPL does not store or use the same for any other purpose.
8. COOKIES AND TRACKING TECHNOLOGIES
Cookies:
LLFPL uses cookies and similar tracking technologies on its Website and Mobile Application (“Platform”) to enhance your browsing experience, improve functionality, analyse usage patterns, and ensure the security and integrity of the Platform.
The types of cookies used on the Platform include:
Strictly Necessary Cookies
These cookies are essential for the operation of the Platform and enable core functions such as page navigation, secure login, session management, and fraud prevention. The Platform cannot function properly without these cookies.Performance and Analytics Cookies
These cookies collect information about how users interact with the Platform, such as pages visited, time spent, and error diagnostics. The data collected is aggregated and used to improve Platform performance and user experience.Functional Cookies
These cookies enable enhanced functionality and personalization, such as remembering your preferences, language settings, or device information. If you disable these cookies, certain Platform features may not function properly.
Tracking Technologies:
In addition to cookies, LLFPL may use tracking technologies such as web beacons, pixels, SDKs, and device identifiers to:
Authenticate users
Prevent fraud and enhance security
Measure performance, analytics, and usage trends
Enable push notifications and app functionality
Improve Platform stability and troubleshoot issues
These technologies may collect information such as device type, operating system, IP address, browser type, mobile identifiers, usage metrics, and interaction data.
9. INFORMATION SHARING AND THIRD PARTIES
LLFPL shares data only with trusted third-party and service providers under strict confidentiality and contractual safeguards.
These may include:
Financial institutions, banks, NBFCs, and credit bureaus;
KYC verification agencies, payment gateways, and e-signing partners;
Cloud service providers and technology vendors;
Regulatory or governmental authorities, when mandated by law.
No personal or government-issued identification (such as PAN or Aadhaar) is sold, misused, or disclosed without lawful authority.
Data Governance and Trainings:
LLFPL follows strong data governance practices to ensure transparency, accuracy, and responsible use of customer information. We collect and use data only for authorised purposes and strictly in line with the consent provided by the customer. Our employees are trained to handle data ethically and securely, following guidelines on data classification, minimisation, accuracy, confidentiality, and limited sharing with third parties. We continuously update our data governance and training programmes to maintain high standards of privacy, security, and accountability.
10. LENDING SERVICE PROVIDER (LSP)
LLFPL may work with RBI-compliant Lending Service Providers (LSPs) for certain limited tasks in the digital lending process, as permitted under RBI’s Digital Lending Guidelines. These LSPs may help with customer onboarding, KYC support, technology integration, basic communication, and non-financial operational activities.
LLFPL always retains full control over all regulated lending functions, including credit assessment, loan approval, pricing, KYC/AML checks, disbursement, servicing, and collections. LSPs cannot make lending decisions, determine charges, misrepresent themselves, or use customer data for cross-selling, profiling, or any commercial activity beyond LLFPL’s authorised purpose.
Only the minimum data required for the LSP’s assigned task is shared, and all sharing follows RBI rules, LLFPL’s internal security policies, and strict outsourcing and confidentiality agreements. LSPs must protect the data, cannot retain it longer than necessary, and must delete it once their work is completed. They are prohibited from sharing, storing, or using LLFPL customer data for any unrelated activities.
Any misuse, unauthorised access, or data breach by an LSP is treated as a serious and reportable incident. LLFPL will also publish and regularly update the list of authorised LSPs and their roles on its official app, as required by RBI.
Authorized Lending Service Providers (LSPs) – LLFPL
Sr. No.
LSP Name
Role / Services Provided
Purpose of Data Access
Type of Data Accessed
1
Signzy Technologies Pvt. Ltd.
API services for GST, ITR verification, and financial document validation
To verify borrower financials, authenticate documents, support underwriting
GST data, ITR data, business details (as applicable)
2
Accumn Data Solutions (Bank Aggregator / Statement Analyzer)
Bank account aggregation, bank statement analysis, financial pattern analysis
To assess creditworthiness, evaluate transaction history, support risk assessment
Bank statements, bank account metadata, transaction patterns
3
Digitap.AI
Aadhaar Offline XML KYC, PAN verification, identity validation
To complete KYC onboarding as required under PMLA & RBI norms
Aadhaar Offline XML, PAN details, identity attributes
4
Easebuzz Pvt. Ltd.
Payment Gateway Services
To process loan repayments, automate EMI collections, validate payment status
Payment details, UTR reference, transaction logs (no access to full card/bank credentials)
11. DATA RETENTION AND DESTRUCTION
All personal data is securely stored on servers located in India and retained only for as long as required for the stated purpose, compliance with law, or defence against legal claims. Basic identification and contact details may be retained for non-lending operations as required by regulatory obligations.
Upon expiry of the retention period or completion of business purpose, data is deleted or anonymized as per LLFPL’s Data Retention and Disposal Procedure. Secure digital erasure methods are applied to all records, and no residual copies are preserved beyond lawful necessity.
LLFPL shall retain/store User's Information in India if it is required to provide services or as long as it is required for business purpose. Retention of Information will be as per applicable law/regulatory requirements in India.
LLFPL may retain the following kinds of information (not exhaustive):
Sr. No.
Kinds of information
Retention Period
1
KYC Documents (Identify and Address proof, and Account Opening Form)
During the tenure of relationship and at least 5 years after cessation of the relationship.
2
Loan Files containing documents like Application Form, Income Documents, agreements etc., collected at the time of opening account and thereafter in respect of Closed Account
During the tenure of relationship and 5 years from closure of Loan.
3
Loan Files containing documents like Application Form, Income Documents, agreements etc., collected at the time of opening account and thereafter in respect of Closed Account (for B2B Loans availed through our dealer/partners)
During the tenure of relationship 5 years from closure of Loan.
4
Customer Walk-in Complaint/ Suggestion register
5 years
5
All necessary records of transactions between the LLFPL and the User.
5 years from the date of transaction.
6
Deceased Constituents A/c. (Death Certificates, Affidavits, Letters of Disclaimer, Succession Certificate copies, and other related correspondence)
8 years
Information may be retained for an extended period
(i) in case of requirement of any investigations under law or as part of any requirement before Courts/Tribunals/Forums/Commissions etc. and
(ii) to enhance / improvise the products /services of LLFPL.
If retaining Customer information is no longer necessary, we make every effort to securely destroy or delete it as per applicable regulations.
12. SECURITY STANDARDS AND INCIDENT RESPONSE
Security Standards:
Securing the User’s information is of paramount importance to LLFPL. The Company adopts a holistic approach to information security and undertakes the following measures to ensure protection, integrity, and confidentiality of all data collected, processed, or stored:
1. Strong Security Measures:
LLFPL uses proper technical and administrative safeguards to protect its systems and internal information from unauthorized access, changes, or misuse.
2. Following the Law:
LLFPL complies with all applicable laws and regulations related to information security, including the IT Act, IT Rules for data protection, and RBI’s Digital Lending Directions, 2025.
3. Regular Checks and Audits:
LLFPL conducts regular external security audits and assessments to detect risks and improve its security controls.
4. Limitation of Liability:
Although LLFPL takes reasonable steps to secure User information, no digital system is 100% secure. Users understand that sharing data online always involves some risk.
5. Third-Party Security:
Any partners, vendors, or service providers working with LLFPL must follow similar data protection standards. Misuse of data or any breach by them can lead to penalties or legal action as per agreements.
6. User Awareness:
LLFPL will keep Users informed about its security practices. Users should also follow safe digital habits, keep login details confidential, and report any suspected security issues to the Grievance Officer.
Incident Response:
LLFPL implements comprehensive physical, technical, and organizational controls to safeguard personal data. This includes encryption of all communications (HTTPS), firewalls, multi-layered authentication, and restricted employee access. Passwords and backup media are encrypted, and data is not stored on unsecured devices.
In case of any data breach, LLFPL follows a structured incident-response protocol consistent with CERT-In and RBI guidelines, including:
Immediate containment and impact assessment;
Notification to regulatory authorities and affected users where required;
Detailed investigation and remedial action;
Post-incident review and policy enhancement.
13. USER RESPONSIBILITY:
User acknowledges the following:
LLFPL or its authorized employees may contact the User to request necessary personal information. The User must verify the identity of the caller by checking LLFPL’s official contact number on its website before sharing any information.
LLFPL will not be responsible for any privacy breach caused by the User’s negligence.
Users should access LLFPL’s services only through its official website, app, or verified links.
Users understand the risks of data/privacy breaches and will be solely responsible for any unauthorized disclosure of personal information or losses resulting from their own actions.
To stay safe, Users should follow these precautions:
i. Always ensure the website address begins with “https” before making online transactions.
ii. Avoid using third-party extensions, plug-ins, or add-ons that may track or steal information.
iii. Type information manually instead of using auto-fill features to prevent unwanted data storage.
iv. Do not access the darknet, suspicious websites, or download content from unreliable sources.
v. Disable cookies before visiting websites to prevent unwanted tracking, unless the User knowingly accepts them.
vi. Do not reply to emails from unknown or suspicious senders.
vii. Review the Privacy Policy of any website/app to understand what data is collected and how it is used before proceeding.
Download apps only from reliable and authentic sources. Avoid clicking on unidentified links shared via email, SMS, social media, or any other platform.
14. USER RIGHTS UNDER THE DPDP ACT, 2023
Under the Digital Personal Data Protection Act, 2023, you have the following rights regarding your personal data:
Right to Access
You can ask us for a summary of the personal data we hold about you and how we use it.Right to Correction/Update
If your personal data is incorrect, incomplete, or outdated, you can request that we correct or update it.Right to Withdraw Consent
You may withdraw the consent you previously gave for processing your personal data. After withdrawal, we will stop processing it unless required by law.Right to Erasure
You can request deletion of your personal data when it is no longer needed, except where we must keep it for legal, regulatory, or operational reasons.Right to Nominate
You may nominate another person to exercise your rights on your behalf in case of your incapacity or death, as per the Act’s requirements.Right to File a Grievance
You can raise a complaint with our Grievance Officer if you believe your data has been misused or your rights have not been respected.Right to Approach the Data Protection Board
If you are not satisfied with our response, you can escalate the matter to the Data Protection Board of India for further review.
15. EXTERNAL LINKS
Our website or mobile application may contain links to third-party sites. If you click on these links, you will be redirected to external websites that are not operated or controlled by LLFPL.
We strongly encourage you to review the privacy policies of these external websites before sharing any information. LLFPL is not responsible for the content, privacy practices, or activities of any third-party sites or services.
16. AMENDMENTS AND UPDATES
LLFPL may update this Policy annually or whenever needed to reflect regulatory or operational changes. The updated Policy will be published on the official website and mobile app. By continuing to use the Platform, you accept the revised Policy. Users are advised to check this page regularly, as updates take effect immediately upon posting.
17. OMNIBUS CLAUSE
All extant & future master circular/directions/guidance/guidance notes issued by Regulatory Authorities and other applicable regulations from time to time would be the directing force for the Privacy Policy and will supersede the contents of this policy.
18. GRIEVANCE REDRESSAL AND CONTACT INFORMATION
Users may first contact the relevant department based on the nature of their concern. These channels serve as the initial touchpoint for resolving operational, technical, and data‑related queries.
Lending Services: grievance.lionlenderfinance@lionlender.in
Application Issues: developer@lionlender.in
For Queries: info@lionlender.in
All complaints raised at this level are recorded in the Company’s internal grievance management system, reviewed by the responsible team, and addressed in accordance with established timelines and regulatory expectations.
The concerned department shall acknowledge complaints within 24 hours and resolve them within 15 days in compliance with applicable regulatory guidelines.
Escalation to Nodal Officer:
If the grievance remains unresolved or if the User believes that the issue requires higher-level intervention, the User may directly escalate the complaint to the Company’s Nodal Officer, whose details are as follows:
Mr. Vitesh Patel
Phone: 8007004455
Email: nodalofficer@lionlender.in
The Nodal Officer will conduct a comprehensive evaluation, re‑examine all facts, communications, and supporting documents from previous levels, and issue a final, reasoned decision. The Nodal Officer must resolve all escalated complaints within 15 working days from the date of registration of the grievance.
Registered Office for Physical Correspondence
Users may also submit written complaints via post to the Company’s registered office:
Lionlender Finance Pvt. Ltd.
Registered Office: Plot No. 223, Shop No. 04, 05, 06,
First Floor, Umiya Leela Apartment, Near Lakadganj Garden,
Chapru Nagar, Lakadganj, Nagpur-440008, India.
Website: www.lionlender.in
Download the App
Get started on your application with minimal paperwork. We're committed to a fast approval process to get funds to your account as quickly as possible.
Check Your Eligibility
