On this page
1. About this policy
This Privacy Policy explains how Value Garage Private Limited (“we”, “us”, “MaxiMoney”), a company incorporated under the Companies Act, 2013, with its registered office in Delhi, India, collects, uses, stores and shares your information when you use MaxiMoney's website (maximoney.in), web app (credit.maximoney.in) or mobile apps (together, the “Service”).
We comply with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (the “DPDP Act”).
2. Information we collect
2.1 Information you give us
- Identity: your mobile number, full name, PAN, date of birth, gender, residential address, and email address.
- Consent records: the date, time, IP address and exact text of every consent you grant (e.g. to fetch your credit bureau report).
- Payment information: a tokenised UPI mandate (we never see your bank password, UPI PIN, or card details — those stay with Razorpay).
- Support messages: anything you write to us by email, WhatsApp or in-app chat.
2.2 Information we fetch on your behalf (with your explicit consent)
- Credit Bureau Report from Experian, fetched through our licensed bureau-data partner (Gridlines), containing your credit score, open and closed loan accounts, credit card limits, repayment history, days-past-due (DPD), and bureau-reported addresses.
- PAN verification against the Income Tax Department's database (name, DOB, status).
2.3 Information we observe automatically
- Device type, operating system version, app version, browser type, IP address.
- Pages visited, features used, timestamps, error logs.
- Marketing-attribution identifiers (e.g. UTM parameters, Meta click ID) where you arrive via an ad.
3. How we use your information
| Purpose | Legal basis |
|---|---|
| Create & secure your account | Performance of contract |
| Fetch and display your credit report | Your explicit consent (revocable any time) |
| Identify EMI savings opportunities (balance transfer, rate negotiation) | Performance of contract |
| Process your subscription via UPI Autopay | Performance of contract |
| Send transactional messages (OTP, payment receipts, plan notifications) | Legitimate interest & consent |
| Refresh your credit profile monthly | Your explicit consent at sign-up |
| Send marketing messages about MaxiMoney features | Consent (opt-out anytime) |
| Measure marketing campaign effectiveness | Legitimate interest |
| Investigate fraud and abuse, comply with law | Legal obligation |
4. Who we share information with
We never sell your personal data. We share it only with the parties below, only to the extent necessary, and only after binding them to confidentiality and data-protection obligations equivalent to ours.
- Credit-bureau partner (Gridlines & Experian): your PAN, name, DOB, address and mobile number — to fetch your bureau report on your consent.
- Payment partner (Razorpay): your mobile number, name, email and the UPI mandate metadata — to process your subscription.
- Messaging partners (Fast2SMS for SMS, Zircle / Meta WhatsApp Cloud API for WhatsApp): your mobile number and OTP/notification text only.
- Banks & NBFCs you instruct us to negotiate with: the specific loan-account details you ask us to act on, along with your contact details, to obtain a competing offer or rate reduction.
- Cloud infrastructure (Supabase, AWS Mumbai): all data, encrypted at rest and in transit, stored within India.
- Analytics & advertising (Meta / Facebook Pixel + Conversions API): hashed phone number and event-level signals (sign-up, payment) to measure and optimise marketing — never your bureau, PAN, or financial data.
- Law-enforcement, regulators or courts: only on a valid legal request (subpoena, court order, FIR, etc.).
5. Where it's stored and for how long
All data resides in our Supabase Postgres instance in Mumbai (AWS ap-south-1). Encrypted backups are also retained within India.
| Data | Retention |
|---|---|
| Account profile (name, phone, email, PAN) | For as long as your account is active, plus 7 years after closure (for tax/audit compliance) |
| Credit bureau reports | Most-recent report retained for the life of the account; historical reports archived 12 months |
| Payment records | 10 years (tax/RBI requirement) |
| Consent records | For the life of the account, plus 5 years |
| Support conversations | 3 years |
| Marketing attribution & analytics | 2 years, aggregated thereafter |
6. How we secure your information
- TLS 1.2+ in transit; AES-256 at rest.
- Database-level row-level security (RLS) — every table requires a valid logged-in session to read your data.
- Phone-OTP login (no passwords stored client-side).
- Two-factor authentication for every internal admin login (email + mandatory SMS OTP).
- Production access is restricted to a small list of named employees; every admin action is audit-logged.
- We never receive or store your UPI PIN, bank password, OTP for banking transactions, or full card numbers.
While we follow industry-standard security practices, no online service is 100% impenetrable. If you suspect a breach of your account, write to nevaid@maximoney.in immediately.
7. Your rights
Under the DPDP Act, you have the right to:
- Access a copy of the personal data we hold about you;
- Correct inaccurate or outdated data;
- Withdraw consent for further bureau pulls or marketing messages, at any time;
- Delete your account and the data we hold (subject to legal retention obligations such as tax records);
- Nominate an individual to exercise your rights in case of death or incapacity;
- Grievance redressal — see Section 11.
To exercise any of these rights, email nevaid@maximoney.in from the email address on your account. We aim to respond within 7 working days and complete the request within 30 days.
8. Cookies & analytics
The website uses only first-party functional cookies (to keep you signed in) and the Meta Pixel for marketing-conversion measurement. We do not set advertising cookies that personalise content. You may block cookies in your browser; some features (e.g. staying signed in) will then not work.
9. Children
MaxiMoney is intended for users aged 18 and above. We do not knowingly collect data from children. If you believe we have inadvertently collected data from someone under 18, write to nevaid@maximoney.in and we will delete it.
10. Changes to this policy
We may update this policy from time to time. When we do, we will (a) revise the “Last updated” date at the top, (b) post the new policy on this page, and (c) where the change materially affects you, notify you in-app or by email. Continuing to use the Service after an update means you accept the revised policy.
11. Contact & Grievance Officer
For any questions about this Privacy Policy or to exercise your rights:
Registered office — Value Garage Private Limited, Delhi, India.