Privacy Policy

How ValuEnable collects, uses, and protects your personal information — in plain, clear language.

Last Update: August 26, 2025

1. Introduction

This policy sets out the rules that must be followed in order to protect the privacy or personal identifiable information of ValuEnable, its customers, employees and, third parties or any other entities (if applicable) and to perform any action with regards to personal data, whether in whole or in part, such as collecting, recording, organizing, storing, modifying, using, disclosing, transferring, monitoring or deleting.

2. Scope

  • This policy applies to all personal information or as hereby defined as Personal Identifiable Information (PII) collected, processed or stored by ValuEnable through direct data collection from subjects and through information processing systems.
  • Any deviation to this policy shall be handled as per the information security exception handling process.
  • The IS team shall be consulted, wherever required, to ensure appropriate and effective implementation of these controls.
  • Any change to be initiated with regard to this Policy or its implementation shall be done in accordance with ValuEnable policies.

3. Responsibilities

It is the responsibility of the below teams/functions to implement and maintain the controls defined in this policy.

  • Board of Directors
  • Respective Department Heads
  • CISO
  • Legal & Compliance Team
  • All Employees

4. Policy Statements

Personally Identifiable Information

  • PII is any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, unique identification number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
  • PII may be divided into two categories: linked information and linkable information. Linked information is any piece of personal information that can be used to identify an individual and includes, but is not limited to, the following:
    • Full name
    • Home address
    • Email address
    • Unique identification number
    • Passport number
    • Driver’s license number
    • Credit card numbers
    • Date of birth
    • Telephone number
    • Log in details
    • Biometric information (Fingerprint)

    Linkable information, on the other hand, is information that on its own may not be able to identify a person, but when combined with another piece of information could identify, trace, or locate a person.

    Linkable information, on the other hand, is information that on its own may not be able to identify a person, but when combined with another piece of information could identify, trace, or locate a person.

Collection of Personal Data

  • ValuEnable shall define and describe what is considered Personally Identifiable Information.
  • ValuEnable shall collect the personal data of the ValuEnable customer/clients employees or any other entity only for its legitimate business purposes.
  • ValuEnable may collect the personal data of employees, customers or third parties as per the relevant business operation policies and procedures and will limit its collection, use, storage, processing, transfer and disclosure of personal data to a minimum that ValuEnable requires to carry its business specific purposes.
  • Any ValuEnable Policy, including but not limited to business operations policies, procedure, technical documents, system design documents, defining the collection of personal data at any level in ValuEnable shall adhere to the data privacy policy.
  • Personal data or Personal Identifying Information (PII) may only be collected, used, stored, processed, transferred or disclosed for reasonable, specific and lawful purposes or reasons.
  • Business departments shall be aware of the applicable data protection legislations or regulatory guidelines and comply with the same.
  • Respective business departments shall implement adequate procedures regarding obtaining, identification of personal data or Personal Identifying Information (PII). This will include procedures to collect data from customers through the ValuEnable branch operations and employees (including third party employees and trainees).
  • ValuEnable management shall be responsible to identify data which requires specific compliance requirements regarding protection and privacy.
  • In case when data is collected directly from data subjects, ValuEnable shall ensure that the privacy notice is conspicuous and uses clear language
  • ValuEnable shall communicate that they can contact the entity in case their PII needs any correction/ modification, through writing, by phone, by email, or by using the organisation's Website.
  • ValuEnable should verify the accuracy and completeness of PII that an individual updates by means of a self-declaration form or supporting evidence provided at the time of making those changes
  • To make our Platform and Services more useful to you, our servers (which may be hosted by a third-party service provider) collect information from you, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), and domain name.
  • We may use third party service providers to help us analyze certain online activities. For example, these service providers may help us analyze visitor activity on the Platform. We may permit these service providers to use cookies and other technologies to perform these services for us.
  • We use authorised third-party service providers to power payment transactions on our platform. Further, as per the applicable regulations, we use tokenisation services from certified third-party service providers to facilitate card transactions on our Platform. The third-party service providers use/process such information and further transfer your information to the card networks (such as Visa, Mastercard). Such third-party service providers have the necessary rights to use/process/transfer such information to provide tokenisation services in accordance with the applicable regulations. Such third-party service providers are PCI-DSS compliant. We do not store any information that is provided by you to facilitate such card transactions on our Platform.

4.1 Consent

  • ValuEnable shall not collect, use or disclose any personal data without the consent of the data owner except where there is deemed consent or where such collection, use or disclosure is required to meet the requirements of country specific laws and regulations, if any.
  • ValuEnable shall seek consent from a competent person before collecting, processing and disclosing PII concerning a child.
  • "Cookies" are pieces of information that a browser can record after visiting a website. We may use cookies for technical purposes such as to enable better navigation through our site, or to store user preferences for interacting with the site. If you turn off the option to have cookies stored on your browser, it will affect your experience on https://loan.valuenable.in/

4.2 Notification

Individuals shall be notified of the purposes for which ValuEnable intends to collect, use or disclose personal data before or when such data is collected. In the event that any intended use of personal data will go beyond the purposes notified during collection, ValuEnable employees will notify the relevant individual of the new purpose and seek that individual’s consent to use the data for such a purpose.

4.3 Protection of personal data

4. Policy Statements

Personally Identifiable Information

Aadhaar Regulations
Includes the Aadhaar (Targeted Delivery of Financial and other subsidies, Benefits and Services) Act 2016, Aadhaar (Amendment) Act 2019, Aadhaar (Authentication) Regulations 2016, Aadhaar (Data Security) Regulations 2016, and other applicable regulations issued by UIDAI from time to time.

Consent
Freely given, specific, and informed indication of the data subject's wishes by which they signify agreement to the processing of their personal data.

Data Controller
The person responsible for complying with data privacy requirements who has full authority to decide how and why personal data is processed.

Data Subject
A natural person who is the subject of data.

Insurance Data
Data related to life insurance policies issued by various insurance companies, including data of customers who hold insurance policies.

Personal Data or Information
Information relating to a natural person capable of identifying such person, either directly or indirectly.

Sensitive Personal Data or Information
Includes information relating to passwords, financial details, health conditions, sexual orientation, biometric information, etc.

The User
The individual using our Service.

Cookies
Small pieces of information that a browser can record after visiting a website. We may use cookies for technical purposes such as enabling better navigation through our site or storing user preferences. Turning off cookies will affect your experience on https://loan.valuenable.in/.

  • Board of Directors
  • Respective Department Heads
  • CISO
  • Legal & Compliance Team
  • All Employees

Purpose

The purpose of this Policy is to enable ValuEnable to:

  • Implement reasonable security practices and procedures to safeguard personal data and sensitive personal data.
  • Comply with applicable statutory provisions, rules, and regulations regarding data privacy and protection.
  • Enable the data subject and third parties to understand and comply with ValuEnable's data privacy policies

Transfer / Disclosure of Data or Information

  • Personal data, sensitive personal data, and other customer data will not be transferred or disclosed to any third party without implementing reasonable security practices and obtaining explicit consent from the data subject.
  • Information may be communicated to third parties only for purposes consistent with the original collection purpose or as authorised by law.
  • Disclosure of information to data subjects must be transparent, providing details about the purpose of collection, usage, and security practices.
  • We may be required from time to time to disclose any personal information collected by us to governmental or judicial bodies, agencies, or our regulators based on legal requirements under applicable cyber laws. We may also share your information with third-party group companies to enable service provision and/or carry out technical, logistical, and other functions on our behalf (e.g. sending emails or newsletters to users). For credit facilitation services, please refer to Section 4 above.

Data Subject's Rights

Data subjects are entitled to:

Access & Update

Access, update, or delete their personal information held by us.

Rectification

Rectify inaccurate or incomplete information in our records.

Data Removal

Request removal of their data from our systems.

Data Security

ValuEnable Pvt Ltd is committed to protecting the security and privacy of your personal information. We endeavour to have suitable technical, operational, and physical security controls and measures in place that are commensurate with the nature of our business.

Industry-Standard Technologies

We use a variety of industry-standard security technologies and procedures to help protect your personal information from unauthorised access, use, or disclosure.

Periodic Security Reviews

We periodically review our security controls and update them to maintain alignment with current best practices.

Breach Response

In the event of any breach of our security controls resulting in unauthorised access, we will endeavour to inform you of the extent of such breach, subject to applicable law and cooperation with relevant authorities.

Liability Limitation

Despite our efforts to protect your information, if unauthorised persons breach our security control measures and illegally use sensitive/personal data, ValuEnable Pvt Ltd, its affiliates, employees, and directors shall not be held responsible/liable.

Breach Notification

In the event of a data breach, ValuEnable will notify the affected data subjects and relevant authorities promptly, outlining the nature of the breach and the steps taken to mitigate its impact.

Data Minimization

We will collect only the data necessary for the specified purposes and ensure it is used solely for those purposes.

Data Retention & Deletion

It may be noted that we may retain your data for as long as required under applicable law and as necessary to efficiently provide our services. All information provided by you, except in cases of withdrawal of consent or termination, shall be retained for a duration of eight (8) years. We will act upon any deletion request received from you within a reasonable period, and in any case, no later than thirty (30) days from receipt of such a request.

We may retain certain data after account deletion for specific purposes, including but not limited to:

  • If there is an unresolved issue, claim, or dispute relating to your account.
  • Where retention is required under applicable law.
  • In aggregated and/or anonymized form.
  • Where necessary for legitimate business interests, such as fraud prevention, enhancing user safety, and ensuring security.
⚠️

If a user initiates a loan application but does not complete the process within thirty (30) days, all information related to that application will be deleted from our platform. For any data or consent (full or partial) that you wish to delete or revoke, you may send an email to support@valuenable.in as per our product offerings, stating the details of the data and/or consent and the scope/nature of the deletion or revocation desired. Please note that withdrawing consent or requesting deletion of certain data may result in your inability to use our services on the platform.

Data Destruction Practices

We apply industry-standard sanitization practices (aligned with authoritative media-sanitization guidelines) and maintain documentation of our processes for compliance and audit readiness. Structured data (such as SQL table rows) is securely erased at the record level using irreversible methods. Any residual data in logs or replicated storage is minimized and retained only for the period required under law or internal policy.

Amendments to Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Third-Party Service Providers

Below is the list of third-party service providers with which the Company shares customer data in order to provide the Service(s).

Name Link Data Shared Purpose
Digiotech Solutions Private Limited https://www.digio.in/ Email Id, Phone No. KYC
Privacy Policy Content Block — ValuEnable

Introduction

Welcome to ValuEnable. ValuEnable Private Limited ("us", "we", or "our") operates www.valuenable.in — a platform providing solutions to address customer retention issues faced by life insurance companies. Our services have been designed to benefit both the insurance company and policyholders alike.

This Privacy Policy governs your visit to www.valuenable.in and explains how we collect, safeguard, and disclose information that results from your use of our Service. By using our Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined here, terms carry the same meanings as in our Terms and Conditions. Our Terms and Conditions ("Terms") govern all use of our Service and together with this Privacy Policy constitute your agreement with us.

Scope

This policy applies to all Personal Identifiable Information (PII) collected, processed, or stored by ValuEnable — whether through direct data collection from subjects or through information processing systems. Any deviation from this policy shall be handled as per ValuEnable's information security exception handling process. The Information Security team shall be consulted wherever required to ensure appropriate and effective implementation of these controls.

Responsibilities

The following teams and functions are responsible for implementing and maintaining the controls defined in this policy:

  • Board of Directors
  • Respective Department Heads
  • Chief Information Security Officer (CISO)
  • Legal & Compliance Team
  • All Employees

Definitions

Aadhaar Regulations

Includes the Aadhaar (Targeted Delivery of Financial and other subsidies, Benefits and Services) Act 2016, Aadhaar (Amendment) Act 2019, Aadhaar (Authentication) Regulations 2016, Aadhaar (Data Security) Regulations 2016, and other applicable regulations issued by UIDAI from time to time.

Consent

Freely given, specific, and informed indication of the data subject's wishes by which they signify agreement to the processing of their personal data.

Data Controller

The person responsible for complying with data privacy requirements who has full authority to decide how and why personal data is processed.

Data Subject

A natural person who is the subject of data.

Insurance Data

Data related to life insurance policies issued by various insurance companies, including data of customers who hold insurance policies.

Personal Data or Information

Information relating to a natural person capable of identifying such person, either directly or indirectly. This includes — but is not limited to — full name, home address, email address, unique identification number, passport number, driver's licence number, credit card numbers, date of birth, telephone number, login details, and biometric information such as fingerprints.

Sensitive Personal Data or Information

Includes information relating to passwords, financial details, health conditions, sexual orientation, biometric information, etc.

The User

The individual using our Service.

Cookies

Small pieces of information that a browser can record after visiting a website. We may use cookies for technical purposes such as enabling better navigation through our site or storing user preferences. Turning off cookies will affect your experience on https://loan.valuenable.in/.

Purpose

The purpose of this Policy is to enable ValuEnable to:

  • Implement reasonable security practices and procedures to safeguard personal data and sensitive personal data.
  • Comply with applicable statutory provisions, rules, and regulations regarding data privacy and protection.
  • Enable the data subject and third parties to understand and comply with ValuEnable's data privacy policies.

Collection of Personal Data

ValuEnable shall collect personal data of its customers, clients, employees, or any other entity only for legitimate business purposes, and will limit its collection, use, storage, processing, transfer, and disclosure of personal data to the minimum required to carry out those purposes.

Personal data may only be collected, used, stored, processed, transferred, or disclosed for reasonable, specific, and lawful purposes. Individuals will be notified of the purposes for which ValuEnable intends to collect, use, or disclose their data before or at the time of collection. In the event that any intended use of personal data goes beyond the purposes notified during collection, ValuEnable will notify the relevant individual of the new purpose and seek their consent.

To make our Platform and Services more useful to you, our servers (which may be hosted by a third-party service provider) collect information including your browser type, operating system, Internet Protocol (IP) address, and domain name. We may permit authorised third-party analytics providers to use cookies and similar technologies to perform these services on our behalf.

We use authorised third-party service providers to power payment transactions on our platform. As per applicable regulations, we use tokenisation services from certified, PCI-DSS compliant third-party providers to facilitate card transactions. These providers may transfer your information to card networks (such as Visa and Mastercard) as required. We do not store any card transaction information on our Platform.

Consent

ValuEnable shall not collect, use, or disclose any personal data without the consent of the data owner, except where deemed consent applies or where such collection, use, or disclosure is required to meet applicable laws and regulations.

Where personal data relates to a child (a person under 18 years of age), ValuEnable shall seek consent from a competent person before collecting, processing, or disclosing such data.

Where the processing of personal data is based on consent, data subjects have the right to withdraw their consent at any time. Withdrawal of consent shall be as easy as giving consent initially. Please note that withdrawing consent may affect your ability to use certain features or services on our Platform.

Transfer / Disclosure of Data or Information

  • Personal data, sensitive personal data, and other customer data will not be transferred or disclosed to any third party without implementing reasonable security practices and obtaining explicit consent from the data subject.
  • Information may be communicated to third parties only for purposes consistent with the original collection purpose or as authorised by law.
  • Disclosure of information to data subjects must be transparent, providing details about the purpose of collection, usage, and security practices.
  • We may be required from time to time to disclose any personal information collected by us to governmental or judicial bodies, agencies, or our regulators based on legal requirements under applicable cyber laws. We may also share your information with third-party group companies to enable service provision and/or carry out technical, logistical, and other functions on our behalf (e.g. sending emails or newsletters to users).

Data Subject's Rights

Data subjects are entitled to the following rights:

Access & Update Access, update, or delete their personal information held by us.
Rectification Rectify inaccurate or incomplete information in our records.
Data Removal Request removal of their data from our systems under applicable circumstances.
Restrict Processing Request restriction of processing under specific conditions — for example, when the accuracy of the data is contested or the processing is unlawful.
Data Portability Receive their personal data in a structured, commonly used, and machine-readable format, and request its transfer to another organisation where processing is based on consent or contract.
Right to Object Object to the processing of their personal data, including profiling or direct marketing. ValuEnable will stop processing unless it can demonstrate compelling legitimate grounds that override the data subject's interests.
Automated Decisions Not be subject to decisions based solely on automated processing — including profiling — that produce legal or similarly significant effects, except where permitted by applicable law or explicit consent.
Withdraw Consent Withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at support@valuenable.in. We will respond within a reasonable period and in any case no later than 30 days from receipt of your request.

Data Security

ValuEnable Pvt Ltd is committed to protecting the security and privacy of your personal information. We endeavour to have suitable technical, operational, and physical security controls and measures in place that are commensurate with the nature of our business. Our security controls are periodically reviewed as part of our Information Security Management System (ISMS) under ISO 27001.

Industry-Standard Technologies We use a variety of industry-standard security technologies and procedures to help protect your personal information from unauthorised access, use, or disclosure.
Periodic Security Reviews We periodically review our security controls and update them to maintain alignment with current best practices.
Breach Response In the event of any breach of our security controls resulting in unauthorised access, we will endeavour to inform you of the extent of such breach, subject to applicable law and cooperation with relevant authorities.
Liability Limitation Despite our efforts to protect your information, if unauthorised persons breach our security control measures and illegally use sensitive/personal data, ValuEnable Pvt Ltd, its affiliates, employees, and directors shall not be held responsible/liable.

Data Protection Officer (DPO)

ValuEnable has appointed a Data Protection Officer (DPO) responsible for monitoring compliance with privacy obligations, acting as a contact point for clients and regulatory authorities, and ensuring staff awareness of and adherence to this policy.

Gaurav Pant — Data Protection Officer Email: gaurav@valuenable.in
Phone: +91 98334 63186

Communications Privacy

Monitoring of electronic communications (telephone calls, emails, and internet access) for business or security purposes shall be carried out in compliance with applicable regulations and only with appropriate internal approvals.

ValuEnable employees are prohibited from eavesdropping on, storing, monitoring, or intercepting any communications or information within ValuEnable systems without authorisation. Any such retained data may be accessed only by approved personnel during and after an investigation, as per applicable ValuEnable policies or as directed by applicable law.

ValuEnable has established a process for receiving and responding to complaints, concerns, or questions from individuals about our privacy practices. Any privacy incident or data breach shall be handled in accordance with our Privacy Incident Response Plan and Incident Management Policy.

Breach Notification

In the event of a data breach, ValuEnable will notify the affected data subjects and relevant authorities promptly, outlining the nature of the breach and the steps taken to mitigate its impact, as required by applicable law.

Privacy by Design & Default

ValuEnable designs its information systems to support privacy by automating privacy controls wherever possible. All transfers of PII between processes are carried out over secure channels.

Where there is a choice in how personal data is collected or processed, each option is disabled by default and enabled only by the primary PII principal. We provide clear and effective notice regarding our data collection activities, the authority under which data is collected, the choices available to individuals, and how individuals may access and correct their PII.

Privacy Impact Assessments

ValuEnable conducts Privacy Impact Assessments (PIAs) for information systems, programmes, or other activities that pose a privacy risk, in accordance with applicable law and internal policies. Risk assessments and PIAs pertaining to data privacy are conducted periodically and reviewed at least once annually. ValuEnable also conducts periodic self-assessments and due diligence of third parties to demonstrate compliance with privacy requirements.

Data Minimization

We collect only the data necessary for the specified purposes and ensure it is used solely for those purposes. Personal data shall be accurate, and where necessary, kept up to date. Inaccurate data shall be corrected or erased without delay.

Cross-Border Data Transfers

Personal data (including PII sent during online transactions) shall be transferred across borders only in accordance with the applicable legislation of the countries involved. Where a country does not have a privacy law in place, best practices shall be applied before any transfer of personal information.

In the event that data belonging to EU citizens is shared with any third party, ValuEnable shall confirm that the third party complies with the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act 2023 (DPDP Act).

Information Usage and Sharing with Third Parties

Personal information you submit to us is used either to respond to your requests or to aid us in serving you better. We use such information in the following ways:

  • To identify you as a user in our system.
  • To provide improved administration of our Platform and Services.
  • To provide the Services you request.
  • To improve the quality of your experience when you interact with our Platform and Services.
  • To send you e-mail and other notifications.
  • To send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes.
  • To protect our services and our users.
  • For market and customer analysis, market research, and statistics.
  • To prevent and detect fraud or abuse of our services, as well as to prevent, detect, and investigate any potential unlawful or prohibited activities.

Demographic information, financial information (such as bank account details), investment information (such as holdings), personal information (such as phone number and email), and other information (such as PAN/Aadhaar) will be utilised for and shared with regulated entities including Investment Advisors, Research Analysts, Brokers, NBFCs, Banks, and Credit Bureaus for various regulatory purposes (KYC, AML, etc.) and business purposes (credit facilitation, tracking services, etc.).

Specifically, in the case of credit facilitation services, the following data is shared with authorised third parties:

  • PAN, mobile number, and email ID — shared with SEBI-registered RTAs and Depositories for investment holdings verification.
  • KYC documents and bank account details — shared with Digio (a RBI-regulated entity) for OCR processing and mandate setup.
  • Email ID — shared with Amazon Web Services for communication.
  • Phone number — shared with our SMS service provider for SMS communication.

Data Retention & Deletion

We may retain your data for as long as required under applicable law and as necessary to efficiently provide our services. All information provided by you, except in cases of withdrawal of consent or termination, shall be retained for a duration of eight (8) years. We will act upon any deletion request received from you within a reasonable period, and in any case no later than thirty (30) days from receipt of such a request.

We may retain certain data after account deletion for specific purposes, including but not limited to:

  • If there is an unresolved issue, claim, or dispute relating to your account.
  • Where retention is required under applicable law.
  • In aggregated and/or anonymised form.
  • Where necessary for legitimate business interests, such as fraud prevention, enhancing user safety, and ensuring security.
⚠️ If a user initiates a loan application but does not complete the process within thirty (30) days, all information related to that application will be deleted from our platform. For any data or consent (full or partial) that you wish to delete or revoke, you may send an email to support@valuenable.in, policyloans@valuenable.in, or las@valuenable.in (as per the relevant product), stating the details of the data and/or consent and the scope/nature of the deletion or revocation desired. Please note that withdrawing consent or requesting deletion of certain data may result in your inability to use our services on the platform.

Data Destruction Practices

Sensitive information stored on electronic media is securely sanitised using industry-recognised methods that render the data irrecoverable, including overwrite, block erase, degaussing (for magnetic media), and cryptographic erase. All versions, copies, and temporary files of sensitive information are promptly deleted. Where required, ValuEnable engages approved and certified providers for secure physical media disposal. Logs track and verify that deletion processes have occurred, and an official record of information deletion is maintained for audit readiness.

For cloud services, ValuEnable verifies that the deletion method provided by the cloud service provider is acceptable and requests deletion of information as needed. Third-party agreements include requirements for the secure deletion of ValuEnable information upon termination of services.

Amendments to Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Third-Party Service Providers

Below is the list of third-party service providers with which ValuEnable shares customer data in order to provide its Services.

Name Link Data Shared Purpose
Digiotech Solutions Private Limited www.digio.in KYC documents, bank account details for mandate setup, selfie/live photograph for identity verification KYC verification, identity authentication, liveness check, and mandate setup (RBI-regulated entity)
SEBI-registered RTAs & Depositories PAN, mobile number, email ID Investment holdings verification
Amazon Web Services aws.amazon.com Email ID Communication infrastructure
SMS Service Provider Phone number SMS communication
PCI-DSS Certified Payment Tokenisation Providers Card transaction data (tokenised; not stored by ValuEnable) Payment tokenisation & card network transfers (Visa, Mastercard)
About Two Cta Image

Want To Discuss About Your Next Project?

Donec tempus in velit nec laoreet. Phasellus laoreet sem. Nunc tincidunt lorem lgular.