Privacy Policy

Magnet Financial Services Private Limited

Last Updated: February 2026

Magnet Financial Services Private Limited (“Magnet”, “Company”, “we”, “our”, or “us”) is committed to protecting the privacy, confidentiality, and security of personal and financial information entrusted to us by customers, applicants, website users, and service partners. Information is essential to deliver financial services; however, we ensure that all personal data is collected, processed, stored, and disclosed strictly for legitimate business purposes and in compliance with applicable legal and regulatory requirements.

This Privacy Policy explains how we collect, use, share, protect, and retain personal and customer information in connection with our lending and related financial services, whether accessed through our website, mobile platforms, digital onboarding systems, physical documentation, or customer support channels.

By accessing our website or availing any services of Magnet, you consent to the practices described in this Privacy Policy.

1. Our Privacy Commitments

Magnet follows a structured privacy and information security framework and commits to:

  • Maintaining strict standards of security and confidentiality of customer information
  • Collecting only such information as is necessary for lawful and legitimate business purposes
  • Using personal data only for disclosed and consented purposes
  • Allowing access to personal data only to authorized and trained personnel
  • Disclosing personal data only where required for service delivery, regulatory compliance, or legal obligation
  • Maintaining integrity and accuracy of customer information
  • Ensuring third-party service providers follow equivalent confidentiality standards

2. Scope of This Policy

This Policy applies to personal and financial information collected through:

  • Loan and product applications
  • Customer onboarding and KYC processes
  • Website and customer portals
  • Mobile or digital platforms
  • Verification and field investigations
  • Customer service interactions
  • Third-party verification agencies
  • Regulatory reporting systems

3. Information We Collect

We may collect the following categories of information depending on the product and regulatory requirements.

Personal Identification Information

Name, date of birth, gender, photograph, signature, PAN, Aadhaar (where legally permitted), CKYC number, and identity proof documents.

Contact Information

Residential and business address, email address, mobile number, alternate contact details.

Financial and Business Information

Bank account details, income information, GST data, financial statements, balance sheets, transaction data, repayment capacity indicators.

Credit Information

Credit bureau reports, credit scores, repayment history, default records obtained from authorized credit information companies.

KYC and Verification Information

KYC documents, video KYC recordings, geo-location tags (where required), verification reports, site visit reports, and photographs of residence/business premises.

Technical and Usage Information

IP address, device identifiers, browser type, access logs, cookies, and website usage data for security and analytics.

Diagnostic and Support Information

Where technical issues arise, we may collect limited diagnostic data necessary to resolve service issues.

4. Lawful Purpose of Use

Personal and customer information is processed for legitimate purposes including:

  • KYC and AML compliance
  • Customer due diligence under PMLA
  • Credit appraisal and underwriting
  • Loan processing and servicing
  • Fraud detection and risk monitoring
  • Regulatory and statutory reporting
  • Customer communication and account servicing
  • Payment processing and collections
  • Internal audits and compliance checks
  • Product improvement and analytics
  • Legal enforcement and dispute resolution

Processing is based on customer consent, contractual necessity, regulatory obligation, and legitimate business interest.

5. Consent

We obtain consent at the time of data collection through:

  • Application forms
  • Digital consent checkboxes
  • OTP verification
  • Electronic acceptance
  • Signed documents

Customers may withdraw consent in writing; however, withdrawal may affect our ability to provide services and will not apply retrospectively where processing is legally required.

6. Data Storage and Localization

Customer personal and financial data is stored on secure servers and systems located within India in compliance with RBI data localization expectations. Data may be stored:

  • At Company offices
  • At secured data centers
  • With regulated cloud infrastructure providers located in India

Due to internet routing, data in transit may pass through other jurisdictions.

7. Sharing and Disclosure

We do not sell or trade personal information.

We may share information strictly on a need-to-know basis with:

  • Credit Information Companies
  • Central KYC Registry
  • Banks and payment system partners
  • KYC and verification agencies
  • Collection and recovery agencies
  • Technology and cloud service providers
  • Auditors and legal advisors
  • Regulators and statutory authorities
  • Affiliates and group entities where permitted

All third parties are bound by confidentiality and data protection obligations.

8. Regulatory and Legal Disclosures

Information may be disclosed where required under:

  • RBI regulations
  • PMLA requirements
  • Court orders or lawful subpoenas
  • Statutory filings
  • Regulatory inspections

Where feasible and lawful, we may notify customers before disclosure.

9. Marketing Use

We may use contact information to send product and service communications. Customers may opt out of marketing communications. Service and regulatory communications cannot be opted out of.

We will not use customer names/logos in marketing materials without separate written permission.

10. Cookies and Analytics

Our website may use cookies and similar tools for:

  • Session management
  • Security
  • Fraud prevention
  • Performance analytics

Users may disable cookies through browser settings, though some features may not function.

11. Information Security Safeguards

We maintain appropriate safeguards including:

  • Encryption of sensitive data
  • Role-based access control
  • Audit logs
  • Network security controls
  • Vendor risk assessments
  • Incident response procedures

Our information security framework aligns with recognized standards such as ISO 27001 principles and RBI IT Framework guidance for NBFCs.

12. Data Retention

We retain customer information only for as long as required for:

  • Regulatory record retention
  • KYC obligations
  • Audit requirements
  • Legal enforcement
  • Dispute resolution

After retention periods expire, data is securely archived or destroyed.

13. Customer Rights

Customers may request:

  • Correction of inaccurate data
  • Update of contact details
  • Review of certain records

Requests are subject to legal and regulatory retention limits.

14. Digital Lending & Third-Party Compliance

Where digital onboarding or third-party service providers are used:

  • Data collection is limited to necessary fields
  • Explicit consent is obtained
  • Third parties are contractually bound
  • No unauthorized data harvesting is permitted

15. Policy Updates

This Privacy Policy may be updated periodically due to regulatory, operational, or technology changes. Updated versions will be posted on the website.

16. Contact and Grievance — Privacy Matters

For privacy concerns or data requests, contact:

Grievance Officer
Magnet Financial Services Private Limited

Registered Address: 1801 Wadhwa The Gateway, Mulund – Goregaon Link Road, Hira Nagar, Near Nahur Station, Mulund (West) – Mumbai Maharashtra – 400080

Email: grievanceofficer@magnetfinserv.com
Phone: 022 69038383

If unresolved, customers may escalate as per the Company’s Grievance Redressal Policy and RBI Ombudsman framework.