Privacy Policy

Privacy Policy

This Privacy Policy (“Policy”) is published by Mahan Industries Ltd., an RBI-registered Non-Banking Financial Company (NBFC) incorporated under the Companies Act, 1956, operating its digital lending platform under the brand name Credit Mines. This Policy governs the collection, use, storage, and disclosure of personal information and sensitive personal data of all users of the Credit Mines website, mobile application, and associated digital services (collectively, the “Platform”).

    This Policy has been prepared in compliance with:

    • Section 43A of the Information Technology Act, 2000 read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
    • The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021;
    • The Digital Personal Data Protection Act, 2023 (DPDPA) and corresponding rules as notified from time to time; and
    • The Reserve Bank of India Digital Lending Directions, 2025, and other applicable guidelines issued by the RBI from time to time.

    By visiting or using the Credit Mines Platform, you agree to the collection, use, and disclosure of your personal information in accordance with the terms of this Policy. If you do not agree with this Policy or any part of it, please do not use or access the Platform. For any queries relating to this Policy, please contact us at care@creditmines.com.

          DEFINITIONS

    For the purposes of this Policy, the following terms shall have the meanings set out below:

    1. “We”, “Our”, “Us” refer to Credit Mines, the digital lending platform of Mahan Industries Ltd.
    2. “Platform” refers to the Credit Mines website (www.creditmines.com), mobile application, and all associated digital interfaces and services.
    3. “User”, “You”, “Your” refers to any person who visits, accesses, or uses the Credit Mines Platform.
    4. “Personal Information” means any information that relates to a natural person which, either directly or indirectly, in combination with other information available or likely to be available, is capable of identifying such person.
    5. “Sensitive Personal Data or Information” (SPDI) means personal information such as financial details, passwords, health records, biometric data, and any other information prescribed under applicable law as sensitive.
    6. “Consent” means an explicit, freely given, specific, informed, and unambiguous indication of your agreement to the processing of your personal data for a defined purpose.
    7. “Lender” refers to Mahan Industries Ltd. acting in its capacity as an RBI-registered NBFC for the purpose of sanctioning and disbursing loan products to eligible users through the Credit Mines Platform. All lending activities are carried out directly by Mahan Industries Ltd.

    CONSENT

    By accessing, registering on, or using the Credit Mines Platform, you provide your explicit, freely given, specific, informed, and unambiguous consent to the collection, processing, storage, use, and disclosure of your personal information and sensitive personal data as described in this Policy. This consent is obtained and maintained in compliance with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the RBI Digital Lending Directions, 2025.

    Consent is obtained through clear and auditable means, including OTP-based confirmation, electronic forms, and in-application notifications, depending on the nature of the data being collected. We will never collect or use any personal data, financial data, or device-level data without your specific and explicit consent for that category of data.

    Your consent specifically includes:

    1. Collection of information required for credit assessment, KYC verification, and underwriting of loan products offered by Mahan Industries Ltd. through the Credit Mines Platform.
    2. One-time access to your device’s camera and microphone solely for the purpose of video KYC or e-KYC verification, as required under applicable RBI guidelines.
    3. Access to your credit bureau data, financial SMS metadata, and related information, only after your express and recorded consent for each such instance.
    4. Secure processing of your personal data by Credit Mines for the purpose of delivering the services you have requested or availed.

    You may withdraw your consent at any time by contacting our Grievance Officer at care@creditmines.com. However, please note that:

    • Withdrawal of consent shall not affect the lawfulness of any processing carried out prior to such withdrawal.
    • Withdrawal of consent for essential data such as KYC information or repayment details may affect your ability to access or continue using certain services and does not extinguish any obligations arising from an active loan account.
    • We shall have the right to continue processing your data to the extent required to service any active loan, comply with legal or regulatory obligations, or exercise or defend legal claims.

    In order to avail any services provided by Credit Mines, it is important that YOU READ, UNDERSTAND, ACKNOWLEDGE, AND UNCONDITIONALLY AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS POLICY. IF YOU DO NOT AGREE TO THIS POLICY OR ANY PART THEREOF, PLEASE DO NOT USE, ACCESS, DOWNLOAD, OR INSTALL THE PLATFORM OR ANY PART THEREOF.

    COLLECTION OF INFORMATION

    Credit Mines collects information from you solely for the purpose of delivering regulated digital lending services in accordance with applicable Indian law, including the RBI Digital Lending Directions, 2025, and the Information Technology Act, 2000. The categories of information collected are set out below.

    A.     Personal and Identity Information

    We collect information that you provide when registering on or using the Platform, including:

    • Full name, date of birth, gender, and photograph;
    • Email address, mobile number, and residential address including postal code;
    • PAN card, Aadhaar card (masked where applicable), and other KYC documents as required under RBI guidelines;
    • Employment details and income information
    • Bank account number, IFSC code for the purpose of disbursement and repayment of loans.

    B.     Financial and Credit Information

    For the purpose of credit assessment and loan underwriting, we collect:

    • Credit bureau reports and credit scores from authorized credit information companies such as CIBIL, Experian, CRIF High Mark, and Equifax, with your express consent;
    • Financial SMS metadata, limited to verification and credit evaluation purposes. We do not read or store personal messages or OTPs sent by third parties.

    C.      Device and Technical Information

    When you access the Platform, we collect:

    • Device model, operating system version, and available storage information, collected solely for fraud detection and secure authentication. We do not collect permanently identifiable information such as IMEI numbers;
    • IP address, browser type, referring or exit URLs, and log data generated when you access the Platform, used for platform analytics and security;
    • Metadata relating to installed applications on your device, including application name, package name, install and update time, version name, and version code. This information may be collected even when the application is not actively in use, and is used solely for fraud detection, credit underwriting, and provision of appropriate credit offers;
    • Phone state information, limited to verifying the active SIM and network status at the time of onboarding and loan disbursement, to ensure the transaction corresponds to the rightful user.

    D.     Location Information

    We collect your device location information on a one-time basis for the following purposes:

    • To verify serviceability of loan applications;
    • To assist with address verification and KYC compliance;
    • To improve credit risk assessment and fraud prevention.

    Location data is collected only with your explicit prior consent and is not collected in the background when the application is not in active use.

    E.      Camera and Microphone Access

    We request one-time access to your device camera to capture KYC documents and selfies as required for identity verification. Microphone access is requested solely to enable two-way communication for video KYC purposes. Your audio during video KYC sessions may be recorded for regulatory compliance.

    F.      Cookies and Log Files

    The Platform uses cookies to recognize returning users, maintain session integrity, personalize your experience, and analyze platform performance. All information collected through cookies is stored securely and treated as confidential. You may decline cookies through your browser settings, though this may affect certain features of the Platform.

    Certain pages of the Platform may contain web beacons used in conjunction with cookies to compile aggregated usage statistics. These are also used in email communications to assess the effectiveness of customer communications.

    Credit Mines does not track users across third-party websites and does not permit third-party behavioral advertising tools on the Credit Mines Platform.

    G.     Information We Do Not Collect

    Credit Mines does not collect or store biometric data. We do not access your contact lists or call logs. We do not read personal messages or OTPs other than OTPs sent by Credit Mines itself for Platform-related purposes.

     PURPOSE OF COLLECTION

         We use the information collected from you only for the following purposes:

    1. To establish your identity and complete KYC verification as required under applicable law;
    2. To assess your creditworthiness and process your loan application, including credit underwriting, risk assessment, and determination of loan eligibility;
    3. To disburse loan amounts and facilitate repayment through the appropriate payment channels;
    4. To operate, maintain, improve, and personalize the Credit Mines Platform;
    5. To communicate with you regarding your account, loan status, repayment schedules, and service updates;
    6. To send promotional communications and offers where you have provided your consent, which may be withdrawn at any time;
    7. To detect, prevent, and investigate fraud, cybercrime, and unauthorized activity;
    8. To comply with legal, regulatory, and statutory obligations under applicable law;
    9. To resolve disputes, address complaints, and enforce contractual obligations;
    10. To carry out data analytics for the purposes of improving our services, understanding user behavior, and developing new products and features.
    11. Credit Mines does not use personal data for purposes unrelated to the original consent, unless required by applicable law or with your renewed and explicit consent. Credit Mines does not sell, lease, or trade your personal data under any circumstances.

    DISCLOSURE AND SHARING OF INFORMATION

    Credit Mines shares your personal information only on a need-basis, strictly for the purposes described in this Policy, and under appropriate confidentiality obligations. We do not share your personal data with unrelated third parties for commercial purposes.

    Your information may be shared with the following categories of entities:

    1. Credit Information Companies regulated under the Credit Information Companies (Regulation) Act, 2005, including CIBIL, Experian, CRIF High Mark, and Equifax, for the purpose of credit assessment;
    2. Third-party service providers such as e-KYC vendors, e-sign service providers, account aggregators, and payment gateways, engaged strictly for the purpose of delivering the services you have requested;
    3. Government authorities, regulatory bodies, judicial authorities, and law enforcement agencies, where disclosure is required by applicable law, court order, or regulatory direction;
    4. Technology and device intelligence partners engaged by Credit Mines for identity verification, fraud detection, and credit underwriting, subject to appropriate data processing agreements and confidentiality obligations.
    5. All third parties with whom your information is shared are contractually required to use such information exclusively for the purpose for which it was disclosed, and to implement appropriate security measures to protect your personal data.
    6. Disclosure of personal information may also be made in the following limited circumstances:
    7. When required by a court order, statutory authority, government body, or law enforcement agency;
    8. To protect the rights, property, or security of Credit Mines or Mahan Industries Ltd.;
    9. In connection with any merger, acquisition, corporate restructuring, or amalgamation involving Mahan Industries Ltd., provided that the receiving entity shall be bound by this Policy with respect to your information.

    DATA SECURITY

    Credit Mines is committed to protecting the security and confidentiality of your personal information. We have implemented appropriate technical, administrative, and organizational measures to safeguard your data against unauthorized access, use, disclosure, alteration, or destruction.

    Our security practices include:

    1. Encryption of all data transmitted over the internet using Secure Socket Layer (SSL) or equivalent protocols;
    2. Role-based access controls, ensuring that access to personal data is restricted to authorized personnel on a strict need-to-know basis;
    3. Regular vulnerability assessments, firewall protection, anti-malware controls, intrusion detection and prevention systems;
    4. OTP-based authentication to protect your account from unauthorized access;
    5. Application-level encryption and key management for stored data;
    6. Separation of environments and segregation of duties, with documented, role-based access controls enforced across all systems.

    All data and information collected from you is stored on servers located in India, in compliance with applicable data localization requirements under the RBI Digital Lending Directions, 2025, and other applicable law.

    Users are responsible for maintaining the security of their own account credentials and authentication mechanisms. Credit Mines shall not be liable for unauthorized use of a user’s account arising from the user’s failure to safeguard their own credentials.

    In the event of a security breach involving your personal data, Credit Mines will take all necessary steps to prevent further misuse and mitigate any risk of harm. Credit Mines will make reasonable efforts to notify you electronically so that you may take appropriate action to protect your interests, in accordance with applicable law.

    DATA RETENTION AND DELETION

    Credit Mines retains your personal information only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law and regulatory obligations.

    Specifically:

    1. If you have registered on the Platform but have not availed any loan or service, your profile data will be retained for a period of six years from the last date of submission of information or last activity, whichever is later;
    2. If you have availed any loan or service through the Credit Mines Platform, your data will be retained for a period of ten years from the last date of the service availed or last activity, whichever is later;
    3. Data may be retained for longer periods where required by law, for the resolution of disputes, enforcement of contracts, detection or prevention of fraud, or compliance with regulatory obligations.

    Personal data may also be retained temporarily in backup systems for disaster recovery or system restoration purposes. Access to such backup data will be restricted, and deletion will be scheduled in accordance with Credit Mines’ internal data retention protocols.

    You may submit a written request for deletion of your personal data by contacting our Grievance Officer at care@creditmines.com. Please note that deletion requests will be processed only after all active services, transactions, and loan accounts have been closed. Upon receipt of a valid deletion request, we will purge or anonymize your data within thirty days of receipt, subject to any retention obligations under applicable law.

    YOUR RIGHTS

    You have the following rights in relation to your personal data collected and processed by Credit Mines:

    A.     Right to Access and Rectification

    You have the right to access the personal information held about you and to request correction of any inaccurate, incomplete, or outdated information. In case of modification of personal information, you may be required to submit supporting documents for verification purposes.

    B.     Right to Withdraw Consent

    You may withdraw your consent for the collection, use, or disclosure of your personal data at any time by writing to our Grievance Officer at gro@creditmines.com. Upon receipt of a valid withdrawal request, Credit Mines will cease processing your data for the relevant purposes, except where continued processing is required by law, regulatory obligation, or for the servicing of an active loan.

    C.      Right to Deletion

    You may request deletion of your personal data, subject to the conditions set out in Section 7 of this Policy. Requests for deletion will not be processed while any service, loan, or transaction account remains active.

    D.     Right to Object to Marketing

    You may withdraw your consent for receiving promotional communications at any time by writing to us at care@creditmines.com or using the opt-out option available on the Platform. Withdrawal of marketing consent does not affect our ability to communicate with you regarding your account, loan status, or legal obligations.

    E.      Privacy Controls

    You may modify device permissions granted to the Credit Mines application at any time through your device settings. Please note that restricting certain permissions may affect your ability to use specific features of the Platform or avail certain services.

    F.      Right to Report a Security Incident

    You have the right to report any suspected unauthorized use of your personal information by contacting our Grievance Officer within ten days of becoming aware of the proposed use.

     LINKS TO THIRD-PARTY WEBSITES

    The Credit Mines Platform may contain hyperlinks to third-party websites or applications that are not operated or controlled by Credit Mines or Mahan Industries Ltd. These links are provided solely for user convenience. Credit Mines does not monitor, endorse, or control the privacy practices, security, content, or terms of use of such third-party platforms.

    If you submit personal information to any third-party website accessed through the Credit Mines Platform, such information will be governed by the privacy policy of that third-party website. Credit Mines expressly disclaims all liability in connection with your use of third-party websites or your reliance on information found on such websites. You are strongly advised to review the privacy policies of any third-party platform before submitting personal or financial information.

    CHILDREN’S PRIVACY

    The Credit Mines Platform is not directed at individuals below the age of eighteen years. Credit Mines does not knowingly collect personal information from minors. As part of its loan eligibility and KYC process, Credit Mines requires documentary age verification at the time of onboarding.

    If a parent or guardian believes that their child has provided personal information on the Platform, they are requested to contact us immediately at care@creditmines.com. Credit Mines will take prompt action to delete or anonymize any such information from its systems.

    By accessing or using the Credit Mines Platform, you represent and warrant that you are at least eighteen years of age and are legally eligible to enter into binding contracts under applicable Indian law.

    CHANGES TO THIS POLICY

    Credit Mines reserves the right to amend or update this Policy at any time to reflect changes in applicable law, regulatory requirements, or business practices. Any amendments will be published on the Credit Mines Platform and will take effect immediately upon posting, unless stated otherwise. We encourage you to review this Policy periodically to remain informed of any updates.

    Continued use of the Credit Mines Platform following any revision to this Policy shall constitute your acceptance of the revised Policy.

    This Policy shall be reviewed by the management of Mahan Industries Ltd as and when needed. Any modifications required by changes in applicable law or regulatory requirements shall be submitted for approval by the Board of Directors of Mahan Industries Ltd. and placed before the Board at the immediately following meeting after such changes are notified.

    GENERAL PROVISIONS

    This Policy is governed by and shall be interpreted in accordance with the laws of the Republic of India. Any dispute arising from or related to this Policy shall be subject to the exclusive jurisdiction of the courts located in Ahmedabad, Gujarat

    If any provision of this Policy is found to be invalid or unenforceable under applicable law, such provision shall be severed, and the remainder of the Policy shall continue in full force and effect. In case of any ambiguity or conflict in interpretation, the English language version of this Policy shall prevail. Section headings are for ease of reference only and do not affect the interpretation of the provisions.

    Nothing on the Credit Mines Platform constitutes financial, legal, tax, or professional advice. Users should independently verify all information and consult appropriate professional advisors where necessary. Credit Mines (Mahan Industries Ltd.) shall not be liable for any direct, indirect, incidental, consequential, or punitive damages, including loss of profits, loss of data, or loss of business opportunity, arising out of or in connection with your access to or use of the Platform or your reliance on any material provided therein. Credit Mines does not guarantee that access to the Platform will be uninterrupted, error-free, or free from viruses or other harmful components. Users are responsible for implementing adequate safeguards on their own systems before downloading any material from the Platform.

    Grievance Redressal

    Credit Mines has appointed a Grievance Officer in accordance with applicable law to address complaints and queries relating to the processing of personal data and any disputes arising out of this Policy.

    Grievance Officer: Credit Mines (Mahan Industries Ltd.)

    Email: care@creditmines.com

    Website: www.creditmines.com

    Working Hours: Monday to Friday, 10:00 AM to 7:00 PM (IST)

    We will endeavor to acknowledge and respond to all grievances within 48 to 72 hours of receipt. If you are not satisfied with the resolution provided, you may escalate the matter to the appropriate regulatory authority.

    You may also contact our Grievance Officer to exercise any of your data rights, including the right to access, correct, update, or request deletion of your personal data, subject to the terms of this Policy and applicable statutory obligations.