We at DASPL i.e. Dreamplug Advisory Services Private Limited and the CRED Group Entities, (“the Company/DASPL/We/Us”) are committed to protecting the privacy and security of your personal information. Your privacy is important to us and maintaining your trust is paramount.
1. Information we collect
The following information is collected by or on behalf of DASPL.
1.1 Information You provide us
When you start using the CRED App and any of its products, we ask you to provide certain information as part of the registration process, and in the course of your interface with the CRED App and its products. We will collect this information through various means and in various places through the CRED App or its products, including account registration forms, contact us forms, when availing of any products of the CRED App, or when you otherwise interact with the CRED App, including at customer support.
At the time of registration for the CRED App, we ask for the following personal information: Name (First Name, Last Name); Mobile Number; Email ID; Date of Birth; PAN Card. At the time of registration for any of the products or services on the CRED App, we may additionally ask for your vehicle registration number and ownership details, identity proof documents.
Pursuant to the products and services availed by You from time to time (including the DASPL Services), we may explicitly seek additional information including address, payment or banking information, credit score, credit/debit card details, vehicle registration number and other vehicle information, driving license number, any other governmental identification numbers or documents, and any other information specific to the products / services being availed. You may choose to provide such information if you wish to use the DASPL Services or any other products or services provided by the CRED App.
We will also maintain a record of the information you provide to us when using customer support services.
From time to time, during your use of the CRED App or CRED Insurance, DASPL may require access to certain additional information such as SMS and contact details. Prior to accessing any such additional information, explicit consent shall be sought from you. Please note that even after consent has been provided by you, we only read transactional or promotional SMS and do not open, access or read any personal SMS.
Where you opt to provide device permissions such as contact list access, storage access including image and other media files, location and/or NFC access permission, CRED may collect data from the same, store it in compliance with privacy laws in India and utilize the same for providing various services. You retain the right to revoke the aforementioned access by updating access permissions within your device's s ettings.
Certain features may be restricted, unavailable or unusable if you choose not to provide certain information. For example: You may not be able to complete availing an insurance policy if you choose to not verify your KYC details.
1.2 Information created when You use CRED Insurance
We collect information relating to your use of CRED Insurance through the use of various technologies. This includes transaction details related to your use of our DASPL Services including the type of services you requested, the payment method, amount and other related transactional and financial information. Further, when you visit CRED Insurance, we may log certain information such as your IP address, browser type, mobile operating system, manufacturer and model of your mobile device, geolocation, preferred language, access time, and time spent. We will also collect information about the pages you view within the CRED App and other actions you take while visiting CRED Insurance.
We also maintain some records of users who contact us or CRED for support, for the purpose of responding to such queries and other related activities. However, we do not provide this information to any third party without your permission, or utilize the same for any purposes not set out hereunder.
1.3 Information We Collect from Third Parties
We may, on your consent, request certain third parties to provide information about you to further personalize your experience on CRED Insurance, and provide certain services that cannot be accessed by all users of CRED Insurance. We may also access details about vehicles registered by You (including corresponding challans) which are publicly available on the government Parivahan services or otherwise, via third party service providers. We may also require you to verify the above details when you access CRED Insurance or other products of the CRED App. You may also verify / confirm the data from the government Parivahan services. You understand that we may collect or update your personal information from government agencies, publicly available information, or controlled authorities such as KYC registration services.
In order to access CRED Insurance, you will be required to complete KYC processes, complete insurance application journey and share information required therein to avail the Insurance from the relevant Insurer. This may also be required to complete an on-boarding journey with our insurance partners, which may involve DASPL (directly or via CRED, the Insurers, and third party service providers) fetching your KYC data from one or more KYC registers.
If you choose to link and connect your email account and SMS with CRED, DASPL may access the same for purposes including collecting your insurance policy premium payments, expiry dates, renewal dates, RC and other vehicle details, and other financial or transactional information to be able to do the following
- Manage all your insurance related information at one place including reminding you of the expiry / renewal date in advance
- Curate offers and rewards customized for you;
- Provide an insight into your insurance details, insurance purchase patterns, and challans attached to your vehicles to ensure you are aware of your due dates for premium payments / renewals and expenses on challans, and so that you can make wiser decisions basis the same;
- Identify insurers / insurance service providers you transact with to fetch your insurance details; and
- Curate specific financial/insurance/other products for you based on your financial transactions, insurance, and past financial behaviour.\
DASPL’s access to the email account(s) is authorized through the email provider’s access mechanism. If you permit DASPL to track your accounts (via the CRED), the CRED website/App will securely store all details for each of your email accounts, including your sign-in user name and authorisation tokens for tracked accounts.
You can choose to enable us to access one or more of your email accounts by explicitly consenting to each single account separately. Please note that your consent to any of the above is purely voluntary. You can de-link the access to your email any time you wish.
We only read emails related to your insurance products such as policy issuance confirmation, policy documents and other policy details, expiry / renewal dates and reminders, biller details etc. and do not open, read or access any personal e-mails. For the sake of clarity, DASPL employs automated processes for accessing and analysing information provided by you; where we may need to use our algorithm to access a password-protected document utilizing information provided by you. For further information on how we process email and the security protocol we follow click here.
We may receive additional information about you, such as information to help detect fraud and safety issues, from third party service providers and/or partners, and combine it with information we have about you. We may receive information about you and your activities through partnerships, or about your experiences and interactions from our partner ad networks.
2. How We Use the Information we collect
We may use, store and process the information provided by you to (1) improve the services offered through CRED Insurance, (2) create and maintain a trusted and safe environment on CRED Insurance (such as complying with our legal obligations and compliance with our policies) and (3) provide, personalise, measure and improve our products and services.
The information collected through different channels such as contact list access, vehicle details, insurance details, storage access including image and other media files, location and/or NFC access, allows us to collect statistics about our website/app usage and effectiveness, personalise the experience for the users of the CRED App / website, as well as to customize our interactions with you and to enhance the scope of the services provided. The following paragraphs describe in more detail how we use your personal information.2.1 Providing, understanding and improving service offered through the CRED Insurance
Any information provided by you in the CRED App will be used for enabling you to use CRED Insurance and authenticating and processing your transaction(s) or for any other purposes for which you have granted access to such information to us, based on your interaction with the CRED App.
To conduct identity verification, recommend suitable Insurance Product(s), to complete a financial transaction such as collection of premium for the Insurance Product you choose, to remind you to renew any insurance policy or make any payments, or to conduct any other activities in connection with any insurance products availed by you, we may share certain personal and financial information (such as your full name, phone number, email ID, age, gender, location, device information, IP address, KYC data, identity proof or address proof, bank account information, credit card details or other payment mode details) provided by you with authorised third-parties, for instance, the Insurers, our business partners, third party service providers, financial teams/institutions, or postal/ government or regulatory authorities connected with or involved in fulfilment of the said process, if any. This does not include any information collected from e-mails. We may also contact you as part of our customer satisfaction surveys or for market and product research purposes.
We may use the information collected to perform internal operations necessary to provide our services, including to troubleshoot software bugs and operational problems, to conduct data analysis, testing and research and to monitor and analyse usage and activity trends. We process this personal information for these purposes given our legitimate interest in improving the CRED App and its services.
In order to expand the scope of our services, we may from time to time, seek additional information from you. Any such collection of additional information and documents shall be subject to an explicit & purpose specific consent sought from all Users.
CRED Insurance will securely store account details for each of your credit card, bank accounts, and other payment mode details including your sign-in user name and authorisation tokens for tracked accounts. This information will be used to enable CRED Insurance to enable automatic access to analyze, extract, and store information securely from such accounts for use on CRED Insurance.
2.1 Safety, security and resolution of issues
We may use your personal information, created as part of your use of the CRED App, to ensure that your access and use of the DASPL Services is in compliance with our legal obligations (such as anti-money laundering regulations). We may share such information, with our Insurers, advisors, third party service partners and providers for a seamless experience for you.
We may use the information to create and maintain a safe environment and use the same to detect and prevent fraud, spam, abuse, security incidents and other harmful activity.
We use the information we collect (including recordings of customer support calls) to assist you when you contact our customer support services to investigate and resolve your queries, monitor and improve our customer support responses. Certain online transactions may involve us calling you. This may also involve online chats. Please be aware that it is our general practice to monitor and in some cases record such interactions for staff training or quality assurance purposes or to retain evidence of a particular transaction or interaction.
We intend to protect your personal information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative, and technical safeguards to help us protect your personal information from unauthorised access, use, and disclosure. For example, we encrypt all sensitive personal information such as credit card information when we transmit such information over the internet. We also require that our commercial partners and vendors protect such information from unauthorised access, use, and disclosure.
We blend security at multiple steps within our products in the CRED App with state of the art technology to ensure our systems maintain strong security measures. The overall data and privacy security design allows us to defend our systems ranging from low hanging issue up to sophisticated attacks. You can read more about CRED’s security on the CRED App (including our DASPL Services) here
We are committed to protecting your data. If you are a security enthusiast or a researcher and you have found a possible security vulnerability on our products, we encourage you to report the issue to us responsibly. You could submit a bug report to us at email@example.com with detailed steps required to reproduce the vulnerability. We shall put best of our efforts to investigate and fix the legitimate issues in a reasonable time frame, meanwhile, requesting you not to publicly disclose it.
2.2 Sharing and Disclosure of data with Third Parties
As required by law, at times we might be required to disclose your personal information including personal, transactional and financial information to Insurers, relevant regulatory, governmental, judicial, or quasi-judicial authorities and also to our advisors such as law firms and audit firms while responding to request from the regulatory authorities. In some cases, when we believe that such disclosure is necessary to protect our rights, or the rights of others, or to comply with a judicial proceeding, court order, or legal process served on our website/app we would share such information pursuant to a lawful request from law enforcement agencies.
Subject to explicit and prior consent from you, we may use information created by your use of CRED Insurance, not including information collected from other sources such as e-mails etc. for marketing purposes. This consent is purely voluntary and you may at any time choose not to receive marketing materials from us by following the unsubscribe instructions included in each e-mail you may receive, by indicating so when we call you, or by contacting us directly. Further, if you want to remove your
contact information from all our lists and newsletters, please click on the unsubscribe button on the emailers or send an email request to firstname.lastname@example.org.
Subject to explicit and prior consent from you, we may disclose certain information that is created by your use of CRED Insurance to CRED’s subsidiaries, affiliate entities and partners that are not acting as our suppliers or business partners. For the sake of clarity, we do not sell or lease such information.
We may display targeted or non-targeted third party online advertisements on the CRED App. We may also advertise our activities on or provide links to other websites/apps. We may collaborate with other website/app operators as well as network advertisers to do so. We request you to read and understand such concerned third party privacy policies to understand their practices relating to advertising, including what type of information they may collect about your internet usage. No personally identifiable information is shared with any third party online advertiser or website or app as part of any such activity. DASPL does not provide any information relating to your usage to such website operators or network advertisers.During your use of CRED Insurance, you may come across links to third party websites/apps that are not affiliated with CRED / DASPL. DASPL and other CRED Group Entities are not responsible for the privacy practices or the content of those other websites, or for any acts/ omissions by such third parties in the course of your transaction with them.
3. Retention of Information and Data Storage
As a part of the application process for any Insurance Product, DASPL may share the data previously provided by you with the Insurer(s). You may also have to provide additional information as a part of the application process. Any information provided specifically for the purpose of accessing Insurance Products or generated upon successfully receiving the insurance policy and other services from the Insurers, will be retained to the extent required by DASPL to carry out its obligations as a corporate agent as set out in its contracts with the Insurer(s).
In respect of the information specifically provided as a part of the application process for Insurance Products, DASPL & the Insurers shall collectively decide and abide by the mutual understanding arrived at on matters regarding the storage of customer data including the type of data that can be stored, the length of time for which data can be stored, restrictions on the use of data, data destruction protocol, standards for handling security breach etc.
All data shall be stored in servers located within India.
We use data collection devices such as “cookies”, etc. on certain parts of CRED Insurance to help analyse the DASPL Services, user interaction with CRED Insurance, measure promotional effectiveness, and promote trust and safety. For the sake of clarity, “cookies” are small files placed on your device hard-drive/storage that assist us in providing the services offered through CRED Insurance. Please be informed that we offer certain features via CRED Insurance that are only available through the use of a “cookie
6. Privacy Questions and Access
Before we are able to provide you with any information or correct any inaccuracies, however, we may ask you to verify your identity and to provide other details to ascertain your identity and to help us to respond to your request. We will contact you within 30 days of your request.
We have implemented required systems, policies, and procedures in order to maintain industry standard best practices and applicable controls.
DASPL’s use of information received from Google APIs will adhere to Google API Services User Data Policy including the Limited Use requirements.
8. Grievance Redressal Officer