Last Updated On: April 16, 2025
Loan Provider Details
YASH FINCAP LIMITED is a Non-Banking Financial Company (NBFC) approved by the Reserve Bank of India (RBI). Below are the specifics about the loan provider:
Organization Name: YASH FINCAP LIMITED
CIN Number: U65910GJ1993PLC019246
Certificate of Registration Number: 14·05267
Email:
Address: 111 Mangal Murti, 1st Floor Nr Shiv Cinema Ashram Road Ahmedabad, Gujarat, 380006 India
In accordance with the provisions outlined in the Personal Data Protection Law and its corresponding regulations, Credit Wave (hereinafter referred to as the "Controller") hereby informs you of the following:
Any personal information you share with us, either directly or indirectly, will be treated as confidential and handled in compliance with the prevailing legal framework, including applicable national and international standards concerning personal data protection. As a "User" of our services, you acknowledge that the data we may collect includes but is not limited to:
1. Full name
2. Residential address
3. Email address
4. Contact number
5. Permanent Account Number (PAN)
6. Aadhaar Number
7. Marital status
8. Identification and communication details
9. Geolocation data
10. Social media account information, if explicitly authorized by the Data Subject
11. Employment details
12. Living conditions
13. Facial biometric information for identity verification through facial recognition technology
14. Facial image or video for verifying the authenticity of the user
15. Image of Aadhaar card
16. Image of the PAN card
Credit Wave does not collect personal reference data that may be provided by Users when applying for any service or product. Explicit consent for processing personal data will be obtained through our website https://api.creditwave.vip and the IT application we provide (the "App"), as well as through other electronic, telephone, video, or digital communication channels (the "Electronic Means"). This consent may be automatically and simultaneously recorded when Users interact with these platforms. The purpose of this data collection is to deliver the services and/or products offered by Credit Wave (the "Services") and to fulfill the objectives outlined in this Privacy Policy. Credit Wave ensures that all personal data provided by Users will be handled in accordance with this Privacy Policy.
All entities involved in processing this data are equally bound by confidentiality obligations and must comply with legal restrictions imposed by relevant data protection laws in the jurisdiction where the data is collected, stored, processed, or transmitted. Personal information will not be used or processed for any purposes other than those explicitly stated in this Privacy Policy.
Dear User,
All relevant entities involved in processing your data are required to adhere to strict confidentiality obligations and comply with the legal restrictions imposed by applicable data protection laws in the jurisdiction where the data is collected, stored, processed, or transmitted.
As part of our service operations, we may require access to certain device permissions, including: Camera, Image Information, Files, APP Use Information, Device Information, SMS, Call Logs, Mobile Phone Code (IMEi), Calendar, APP Installed, View Wi-Fi Connections, Google Advertising ID (GAID).
These permissions enable us to enhance your experience and provide seamless access to the features of our services, always in accordance with our Privacy Policy. Personal information will only be used for the purposes explicitly stated in this Privacy Policy and will not be processed for any other reason.
Camera
In certain cases, such as when applying for a loan, we may need access to your device's camera for real-time detection. This is essential to verify your identity, ensuring that you are the legitimate applicant and enhancing the security of your account. By granting this permission, you allow us to capture live images for identity authentication. We are committed to safeguarding your privacy. Any images collected during the live detection process will be securely encrypted and stored, used strictly for verification purposes. We will not share your images with any third party without your explicit consent.
Please be aware that enabling camera access is required for live detection. Without this permission, you may not be able to complete certain processes, such as loan applications. However, the camera will only be activated with your clear consent, and you can revoke this permission at any time through your device settings. Any transmitted information will be encrypted and uploaded to https://api.creditwave.vip.
Image Information
During the loan application process, we collect photos taken by users, as well as images that customers intentionally select and upload for KYC verification and anti-fraud checks. We do not access or retrieve any other photos from your device's gallery. We are committed to protecting your data through encryption, ensuring its security. All collected information will be securely encrypted and uploaded to https://api.creditwave.vip.
Files
We require permission to access your files to upload and store the documents you choose to submit for your loan application. The Platform will only access the files you select for upload and will not access or modify any other documents on your device. These selected documents will be used solely for processing your loan application and will be securely encrypted before being uploaded to https://api.creditwave.vip to protect your privacy.
APP Use Information
To help prevent fraud while using the app, we collect APP Use Information (which includes package_name, interval_type, start time, end_time, launch_count, last_time_used, total_time_used). This data is securely transmitted, synced, and stored in an encrypted format before being uploaded to https://api.creditwave.vip.
Device Information
We gather an array of information related to your device, encompassing the brand, model, OS version, network conditions, WiFi status, device health metrics, memory specifications, mobile device identifiers (like mobile ID or other distinctive IDs), user account details, and specifics about application software installed. Such data is pivotal for facilitating automatic updates, enhancing security protocols, and protecting your account against unauthorized usage. Moreover, it allows us to scrutinize your device's performance patterns and user identity, yielding insights that contribute to service enhancements and personalized user experiences. Our tracking also extends to device characteristics such as screen dimensions, resolution, mobile carrier specifics, and network proximity indicators to uphold privacy standards and deter fraudulent behaviors. This collected data undergoes secure encryption before being sent to https://api.creditwave.vip for subsequent processing.
SMS
To ensure accurate identity verification and streamline the loan application process, we might require access to your SMS messages. This permission is specifically aimed at reading the verification codes dispatched to you or any SMS communications pertaining to bank transactions associated with the loan. This enables us to authenticate your identity and carry out necessary credit assessments. We guarantee the utilization of advanced encryption methods to safeguard your information, ensuring that no SMS content unrelated to the loan process is accessed and that your SMS data is not shared with third parties. The pertinent data may be securely uploaded to our servers located at https://api.creditwave.vip, and it will solely be used for purposes of credit analysis and identity verification.
Call Logs
Credit Wave needs access to your call logs when you utilize the voice text message feature for registration or login purposes. This access is intended to confirm that the SIM card receiving the voice verification code is inserted in your device, aiding in fraud prevention. Be assured that all collected data will be encrypted and securely uploaded to https://api.creditwave.vip. Credit Wave is dedicated to safeguarding your privacy and will not share your data with any other parties or third parties.
Mobile Phone Code (IMEi)
We utilize your mobile phone's IMEI code to ensure the device used throughout the loan application process remains consistent, aiding in fraud prevention. Your mobile phone number is not automatically collected for completing the application login page, nor do we store any data pertaining to applicants who are not granted a loan. This information is securely uploaded in an encrypted format to our server located at https://api.creditwave.vip. The data collected is employed to assess and analyze your behavior and risk profile across multiple loans, to evaluate the potential for legal action if necessary, and to strengthen our measures against fraudulent activities.
Calendar
Credit Wave gathers data about calendar events to enhance risk analysis and refine the credit approval process. Upon your authorization, we will access your calendar exclusively to add or modify events pertinent to your loan repayment due dates, ensuring not to access or modify any other events you have scheduled. All your information is encrypted and securely stored at https://api.creditwave.vip. We are dedicated to protecting your data and assure that we will neither sell nor trade your personal information, nor disclose it to any third parties.
APP Installed
To protect your funds and prevent fraudulent activities, we collect details about the apps installed on your device. This includes information such as the Credit Wave, installation time, update time, version name, whether the app is a system-built application and more. This data is uploaded to our server to help identify potential fraud and ensure the security of lending transactions. All collected data, along with personal information, is strictly encrypted and securely uploaded to our server at https://api.creditwave.vip. We assure you that this information will not be utilized for any other purposes without your explicit permission.
View Wi-Fi Connections
Credit Wave gathers your device's IP address, network type, and Wi-Fi address to aid in the detection and prevention of fraudulent activities. This information is utilized to evaluate potential risks and identify any unusual behavior, thereby enhancing the security of your account. All collected data is securely encrypted and transmitted to https://api.creditwave.vip for further processing.
Google Advertising ID (GAID)
Credit Wave seeks permission to collect your Google Advertising ID (GAID) in order to assess ad performance and improve your advertising experience. This information is securely encrypted and uploaded to https://api.creditwave.vip. Should you prefer not to share this data, you have the option to disable the "Personalized Ads" feature in your device settings. Turning off this feature will prevent the collection of your GAID.
Updates to the Privacy Policy
The Controller retains the right to revise this Privacy Policy periodically to align with evolving data protection practices, legislative changes, internal policy modifications, or new service requirements.
Any amendments to the Privacy Policy will be published on our official website, where the Owner can review them at https://api.creditwave.vip.
Intended Use of Personal Data
Credit Wave collects and processes personal data for the following purposes:
I. Essential Purposes
a. Fulfill contractual obligations arising from service requests and agreements.
b. Verify and authenticate the user's identity, as well as validate the accuracy of the information provided, including personal details, references, guarantors, or co-applicants, as applicable to the contracted service.
c. Administer, operate, and monitor the services requested or availed through Credit Wave.
d. Assess the user's creditworthiness by analyzing their financial and personal information, including risk evaluation, repayment capacity, transaction status, and other assessments required by applicable financial regulations.
e. Establish and formally recognize the contractual relationship between the user and Credit Wave.
f. Store user data in our records and maintain documentation, either directly or through authorized third-party service providers.
g. Process user requests submitted through digital platforms, customer support channels, or telephonic communication.
h. Create and manage user profiles within the App, including credit eligibility verification and financial background assessments.
i. Conduct credit checks and obtain credit reports from relevant financial institutions or credit bureaus.
j. Offer service enhancements, upgrades, or extensions to existing financial products.
k. Notify users about Credit Wave updates, policy changes, and service modifications.
l. Conduct data analysis, market research, and service quality assessments to improve the user experience on our digital platforms.
m. Send service-related communications through digital channels, including transaction updates, notifications, and service advisories.
n. Manage collection and recovery processes for overdue payments.
o. Carry out customer satisfaction and quality assurance surveys to improve service standards.
p. Provide users with financial services and products as per their requests.
q. Inform users about modifications, enhancements, or newly available services that may be relevant to their existing relationship with Credit Wave.
II. Non-Essential Purposes
a. Send promotional offers, discounts, or marketing-related content regarding financial products, services, and exclusive events that may be of interest to the user.
b. Distribute newsletters, updates, and promotional materials, including benefits and special offers from business affiliates and partners.
Users may opt out of non-essential data processing by sending an email request to . If no such request is received, it will be understood that the user consents to the use of their data for the aforementioned purposes.
Personal Data We Collect
We may collect and process various categories of personal data, including but not limited to:
1. Identification, contact, and employment-related details.
2. Financial and asset-related information.
For the purposes outlined in this Privacy Policy, we may collect and process the following personal data from you:
1. Taxpayer identification number.
2. Residential and/or business address.
3. Financial and asset-related details.
4. Full name.
5. Residential address.
6. Date of birth.
7. Mobile phone number.
8. Unique Identification Number (Aadhaar/PAN, as applicable).
9. Marital status.
10. Number of dependents.
11. Copy of a government-issued identification document.
12. Contact details of personal references.
13. Bank account information.
Credit Wave may collect personal data through its mobile application, website, or telephone communications.
We will request the above-mentioned data when you:
- Register within the Credit Wave mobile application to apply for a loan.
- Contact Credit Wave via phone for inquiries or support.
Sharing of Personal Data
Credit Wave may share your personal data under the following circumstances:
- With its parent company, subsidiaries, affiliates, or other entities under the same corporate umbrella.
- With government authorities, regulators, or law enforcement agencies as required under applicable Indian laws and regulations.
- With third-party service providers responsible for loan processing, repayment collection, and related financial services.
- In the event of business restructuring, such as mergers, acquisitions, or similar corporate changes.
- With financial institutions or third parties involved in credit portfolio transfers, endorsements, or other financial transactions.
- With business partners for the promotion and distribution of financial products and services beneficial to users.
- In any other cases permitted under the applicable legal framework, including relevant provisions of India's data protection and financial laws.
Credit Wave is committed to handling your personal data with confidentiality and security, ensuring compliance with all applicable Indian regulations regarding data protection and financial privacy.
Methods and Procedures for Exercising Rights of Access, Correction, Deletion, and Objection ("ARCO Rights") and Withdrawing Consent
Given that the Owner has the right to the protection of Personal Data, including ARCO Rights, as well as the ability to object or revoke consent in accordance with applicable law, they may exercise these rights personally or through a legal representative. To do so, they must submit a request to the following email address of the Responsible Party, attaching a copy of a valid official identification or, if applicable, the legal representative's identification and the power of attorney proving authorization to act on their behalf. The request should include: i) full name; ii) current address; iii) contact phone number; iv) email address; v) Customer ID and associated product details; vi) a clear statement regarding the specific ARCO Right being exercised or the revocation of consent; and vii) a brief explanation of the reasons for the request.
Upon receiving the request, Credit Wave will issue a resolution within 20 (twenty) days. If the request is approved, implementation will occur within 15 (fifteen) business days from the date the decision is communicated. If the request is incomplete or lacks necessary identification documents, the Responsible Party will request the missing information within 5 (five) business days. If the Owner does not respond within this period, the request will be considered as not submitted. If a request involves correction of Personal Data, the Responsible Party will have 10 (ten) business days from the date of receipt to evaluate and make necessary corrections. The Owner is responsible for keeping their Personal Data updated and ensuring its accuracy, truthfulness, and authenticity. If an access request is made under ARCO Rights, Credit Wave will provide the information via email or a simple document copy. The Owner can only withdraw consent for data processing following these procedures and in accordance with applicable law. Credit Wave may deny ARCO Rights requests where permitted by law and regulations.
If any modification or deletion does not affect compliance with existing legal obligations between the Owner and the Responsible Party, the Owner may withdraw consent for processing their Personal Data without retroactive effect. The procedure for revoking consent follows the same steps as the exercise of ARCO Rights.
Options to Limit the Use or Sharing of Personal Data
The Owner may restrict the use or disclosure of their Personal Data by following the procedures outlined in the section "Means and Procedure to Exercise ARCO Rights and Revocation of Consent". The request should include at least:
1) The Responsible Party's processing of data as outlined in this agreement;
2) Permission to share personal information with the Owner; and
3) Authorization for the Owner to use personal data for agreed services, including big data credit validation services.
Accessibility of the Privacy Policy
The Privacy Policy is available for consultation at any time via our official website https://api.creditwave.vip and within the application, even after it has been accepted.
Cookies and Digital Security Framework
The Controller collects data via its website through cookies, which are small text files stored on the hard drive of the Owner's device upon accessing the Controller's online platform. These files may include details such as the Owner's unique identifier or browsing preferences, enabling the tracking of user behavior online to enhance service efficiency and improve the browsing experience. Cookies do not have access to or retrieve any information from the Owner's device storage beyond what is expressly permitted. If the Owner prefers to manage cookie settings, this can be configured through browser preferences. Additionally, the Controller's digital platforms may provide links to external third-party websites, over which the Controller holds no ownership, liability, or control.
User Consent
By using our digital services and engaging with the functionalities provided, the Owner explicitly acknowledges and agrees to the stipulations outlined in this Privacy Policy and commits to its terms and conditions. For any inquiries related to notifications, please contact .
