Privacy Policy

Beyond Credit Technologies Private Limited ("Company", "we", "us", or "our") operates the Beyond Credit platform — including the website, web application, dashboards, APIs, document workflows, loan tape processing tools, analytics modules, and all related services. This Privacy Policy explains how we collect, store, use, disclose, and protect information when NBFCs, lenders, investors, funds, financial institutions, authorised representatives, administrators, and visitors use the Platform. By accessing or using the Platform, creating an account, uploading documents, submitting financial data, booking a demo, or communicating with us, you confirm that you've read and understood this Policy. This Policy should be read together with our Terms and Conditions.

This Policy covers all information processed through the Platform — from onboarding records and KYC data to deal room activity, loan tape files, audit logs, and cookies. It doesn't apply to third-party websites or services we don't control, except where those third parties process data on our behalf under a written agreement.

We collect information directly from you and your colleagues during registration, onboarding, document upload, deal room activity, support interactions, and communications. We also collect information automatically through logs, cookies, session tracking, API activity monitoring, and security systems. Where you've connected third-party services, we collect data from those integrations. We may also receive information from public sources, regulatory databases, business information providers, and counterparties, where permitted by law.

We use the information we collect to provide and operate the Platform — managing accounts, onboarding, deal pipelines, document processing, loan tape workflows, duplicate detection, analytics, and all other features. We use it to run automated tools like OCR, document parsing, Excel automation, and teaser generation. We use it to enable communication features and send you account-related, security, and service notifications. We use it to keep the Platform secure, investigate misuse, and maintain audit trails. We also use it to improve our products and to comply with legal and regulatory obligations. Where communications are involved, you may have opt-out rights for non-essential messages.

The Platform uses automated tools — OCR, document parsers, Excel engines, duplicate detection algorithms, scoring models, and analytics logic — to extract, transform, and generate outputs from the data you upload. These tools are designed to make your workflows faster and more efficient, but they're not infallible. Outputs from automated processing must always be independently reviewed before being relied upon for lending, investment, legal, regulatory, or financial decisions.

We store and process user data in a hosted environment secured within a Virtual Private Cloud on Amazon Web Services. Data is encrypted in transit using TLS/HTTPS and encrypted at rest using AES-256. We maintain role-based access controls, API key hashing, rate limiting, security headers, input validation, and comprehensive audit logging. We perform regular penetration testing through a third-party CERT-empanelled vendor. We also have a formal Business Continuity and Disaster Recovery plan, reviewed and tested annually. That said, no system is completely immune to attack. Clients are responsible for their own device security, password hygiene, credential management, and access controls.

We classify all information based on sensitivity and confidentiality. Highly Confidential data (such as user personal data stored in our databases) receives the highest protection. Confidential data (including non-personal user data, client contracts, and financials) receives strong protection with restricted access. Internal data (business metrics, process documentation) is accessible only to relevant staff. Public information (such as this Privacy Policy) is made available openly. The most sensitive classification level always takes precedence when different types of data are combined.

Information you intentionally share through the Platform — profiles, deal room documents, teasers, financial data, Q&A responses, and loan tape outputs — may be visible to authorised counterparties, such as NBFCs, investors, and lenders, based on the access controls and sharing settings you configure. We share information with trusted service providers and subprocessors who help us operate the Platform — hosting, storage, email delivery, analytics, OCR, PDF processing, cloud infrastructure, security monitoring, and support. These providers are contractually bound to use your data only for the purposes we authorise. We may also disclose information to regulators, courts, law enforcement, or government authorities where required by law or legal process, and to protect the rights, property, or safety of the Company, Clients, or third parties. In the event of a merger, acquisition, or corporate restructuring, information may be transferred as part of that transaction, subject to appropriate safeguards.

We aim to store primary platform data on servers in India where feasible. Some third-party providers we use — for cloud infrastructure, analytics, email delivery, or security — may process or store limited data in other jurisdictions. When this happens, we ensure appropriate contractual and technical safeguards are in place, consistent with applicable Indian law including the Digital Personal Data Protection Act, 2023.

We retain your data for as long as is necessary to provide the Platform, meet our contractual obligations, comply with applicable laws and regulations, resolve disputes, and maintain required audit trails. Retention periods vary by data type. Account records, financial data, audit logs, and loan tape data may be retained for extended periods where required by law — for example, under the Prevention of Money Laundering Act, the Companies Act, or applicable RBI directions. Data that's no longer required will be deleted or anonymised, subject to any legal or regulatory retention obligations. Backed-up data may persist in encrypted backups for a limited period before being overwritten. If you'd like to request deletion or correction of your personal data, email us at support@beyondcred.it. We'll respond within the timelines required by applicable law. Note that some requests may not be possible to fulfil fully if legal or regulatory obligations require us to keep certain records.

Subject to applicable law and identity verification, you may have rights to access, correct, or delete your personal data, withdraw consent where consent is the basis for processing, or raise a grievance about how your data is handled. To exercise any of these rights, contact support@beyondcred.it. We'll handle your request within the timelines required under applicable law.

We use essential cookies for authentication, security, and session management — these are necessary for the Platform to work. We may also use analytics tools (such as Google Analytics) to understand how the Platform is used and to improve it. You can manage non-essential cookies through your browser settings. Disabling essential cookies may affect Platform functionality.

Clients are responsible for making sure they have the legal right to upload and process all data they bring to the Platform — including borrower records, KYC documents, financial data, mailbox records, and any third-party confidential information. Clients must not upload data they don't have the right to share. The Company is not in a position to independently verify whether uploaded data has been lawfully obtained.

The Platform is for business use by adults and organisations only. We don't knowingly collect data from anyone under the age of 18. If we become aware that such data has been collected, we will take steps to delete it.

We operate under applicable Indian law, including the Information Technology Act, 2000, the IT (Reasonable Security Practices and Procedures and SPDI) Rules, 2011, the Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025, CERT-In directions, and applicable RBI guidelines.

We may update this Privacy Policy from time to time. We'll post the updated version on the Platform and, where appropriate, notify you by email. Continuing to use the Platform after an update takes effect means you've accepted the revised Policy.

For privacy questions or data rights requests, reach us at support@beyondcred.it. Website: www.beyondcred.it.