Last Updated: January 2025
This document explains what data KrimKar Financial Services Pvt Ltd accesses from third-party sources during your loan application and servicing journey on apply.krim.ai.
Credit Bureau (CIBIL / Experian / CRIF)
With your consent, we pull your credit report to assess creditworthiness. This includes your credit score, existing loans, repayment history, and any defaults or delinquencies. A soft enquiry is made which does not affect your credit score.
Account Aggregator (AA) Framework
Under the RBI-regulated Account Aggregator framework, we access your bank statement data to verify income and spending patterns. You explicitly authorise this access via your AA-registered financial institution. Access is time-limited and can be revoked at any time through your AA provider.
DigiLocker / UIDAI
We use DigiLocker to fetch government-issued documents including Aadhaar-verified name and address for KYC verification. Documents are accessed only with your explicit consent. Aadhaar numbers are hashed and never stored in plain text, in compliance with UIDAI guidelines.
NBFC Lending Partner
Your application data, KYC documents, credit report, and AA-sourced financials are shared with our RBI-registered NBFC lending partner(s) for loan origination, credit underwriting, and regulatory compliance. The final loan agreement is between you and the lending NBFC.
Data Retention
Bureau reports and loan data are retained for a minimum of 8 years post-loan closure as required by RBI/PMLA regulations. AA data access tokens expire after the consented period. DigiLocker document copies are deleted within 90 days of KYC approval.
Revoke Consent
You may revoke data access consent at any time by contacting us at privacy@krimkar.com. Note that revoking consent may affect your ability to continue with a pending loan application.
Contact
Data queries: privacy@krimkar.com
Grievance redressal: krimkar.com/grievance