Your privacy and trust are important to us. This Privacy Policy explains how Sunny Rupee (operated by NBFC Nishtha Leasing Pvt Ltd) collects, uses, safeguards, and manages your information while you use our mobile application. When we say “we,” “our,” or “us,” we refer to Sunny Rupee and its operating entity.
All information transmitted through the app is encrypted in transit and at rest and is uploaded only to https://api.sunnyrupee.com. Data is securely removed once the intended purpose has been achieved, unless the law requires otherwise.
1. Acceptance of Terms
By downloading or using Sunny Rupee (operated by NBFC Nishtha Leasing Pvt Ltd), you agree to this Privacy Policy. If you do not agree, please uninstall or stop using the app immediately.
2. Permission-Based Information We Collect
We only request access to information that is required to verify identity, evaluate credit eligibility, and ensure secure functioning of the app.
2.1 Personal Identification Information
We collect data such as your full name, gender, date of birth, address, email, and phone number. PAN or Aadhaar details may also be requested for identity authentication.
This data is used for account setup, fraud prevention, and compliance checks.
It is encrypted and transmitted only to https://api.sunnyrupee.com. Once your loan is successfully disbursed, your personal information and transaction records will be kept for at least 5 years, as required by the Reserve Bank of India (RBI), for RBI anti-money laundering investigations and regulatory audits.
2.2 Financial SMS Messages
With your permission, we access only SMS messages related to financial activity (bank deposits/withdrawals, salary credits, repayment confirmations, and overdue reminders) received within the last 180 days.
We do not read personal messages such as private conversations or OTPs unrelated to financial assessment.
These SMS insights support credit evaluation and risk control and are erased after a lending decision is completed.
It is encrypted, transmitted only to https://api.sunnyrupee.com, and deleted once on boarding or credit assessment ends—unless regulations require longer storage.
2.3 Device Information
We collect limited technical identifiers such as device model, operating system version, network type, IMEI, and advertising ID.
This information helps ensure security, detect fraud, prevent duplicate accounts, and optimize app performance.
It is encrypted, transmitted only to https://api.sunnyrupee.com, and deleted once onboarding or credit assessment ends—unless regulations require longer storage.
2.4 Camera Access
We access your camera only when you choose to take photos of ID documents or selfies for KYC verification.
Images are used exclusively for identity validation and deleted after verification or credit decision.
It is encrypted, transmitted only to https://api.sunnyrupee.com, and deleted once on boarding or credit assessment ends—unless regulations require longer storage.
2.5 Installed App
We will collect information about the applications installed on your device, including the app’s package name, version information, and installation and update dates. The purpose of collecting this information is to assess your financial behavior, verify the integrity of your device, and prevent fraud.
It is encrypted, transmitted only to https://api.sunnyrupee.com, and deleted once on boarding or credit assessment ends—unless regulations require longer storage.
2.6 User Behavior Data
We may gather anonymized interaction data, including but not limited to:
User tap and touch interactions
App usage time and session length
In-app navigation and flow behavior
Purpose:
This data is used to identify abnormal usage patterns, enhance user experience design, and improve overall system stability and performance.
It is encrypted, transmitted only to https://api.sunnyrupee.com, and deleted once on boarding or credit assessment ends—unless regulations require longer storage.
We do not collect contact lists, call logs, calendar data, or any information outside of the items listed above.
3. How We Use Your Data
Your data is processed strictly for purposes such as:
Identity verification and account creation
Determining creditworthiness and product matching
Preventing fraudulent or risky transactions
Improving user experience and resolving technical issues
Meeting regulatory and compliance requirements
Data will never be used for unauthorized or hidden purposes.
4. Data Sharing Policy
We may share your data only in the following cases:
With licensed financial institution Nishtha Leasing Private Limited (NBFC) and service partners for credit checks, loan disbursements, or repayments;
With government or enforcement authorities when legally required
With auditors or legal advisors under binding confidentiality
We do not sell, rent, or market your information to third parties.
5. Security Controls
We maintain strong security protections, including:
End-to-end encrypted data transfer using TLS/SSL
Role-based access control for internal data visibility
Continuous security monitoring and automated threat detection
Periodic audits following industry standards
We continuously update safeguards to keep your data protected.
6. Your Rights and Choices
You may:
View or update your personal details inside the app
Request deletion of data through the “Delete My Data” option (subject to legal retention rules)
Withdraw your permission by uninstalling the app (future data will no longer be collected)
We will support requests in accordance with legal requirements.
7. Data Retention
We retain data only as long as needed:
Information for active users is kept during the service relationship and the additional period legally required for compliance
Information for rejected or incomplete applications is deleted within 90 days
Records required for disputes or audits remain until mandatory regulatory timelines expire and are then destroyed
Once a retention period ends, information is permanently removed.
8.India NBFC Customer Consent Framework
Our App follow the Account Aggregator (AA) framework,which is a new type of RBI-regulated Non-Banking Financial Company (NBFC) that acts as a neutral and “data-blind” intermediary . only job of AA framework is to facilitate the flow of information. It cannot see, store, or use your data; It simply carry it from one place to another based on your explicit command .
Our App AA framework has four key participants:
You (The Customer/Data Principal): You are the owner of your data and are in the driver’s seat .
Financial Information Provider (FIP): NBFC (Nishtha Leasing Pvt Ltd) is the institution that holds your data.
Financial Information User (FIU): VALENDRIX FINTECH PRIVATE LIMITED is the institution that requests your data to provide you a loan service from NBFC (Nishtha Leasing Pvt Ltd).
Account Aggregator (AA): The licensed NBFC (Nishtha Leasing Pvt Ltd) that securely carries your data between the FIP and the FIU, based on your consent .
Users can approve the request by specifying exact details on a digital interface in our App provided by AA . You can choose to share only the specific information needed.You see exactly which institution is requesting the data and for what purpose.Users can decide the duration of data access.Users can use their ability to revoke data,users can cancel their consent at any time, instantly cutting off their data access via our customer service.Once users give consent, a tamper-proof digital consent artefact is created. This serves as a digital record of your permission, creating an audit trail and ensuring accountability for everyone involved.
9.Types of Audits and Rights
Following the NBFC Framework,there will be audits for lending services from our App.
Statutory Audit: The Cornerstone of Compliance
NBFC (Nishtha Leasing Pvt Ltd) must undergo a statutory audit annually. The auditor, a Chartered Accountant firm appointed by the company’s Board, verifies the financial statements and ensures compliance with the RBI Act and Companies Act . The RBI has prescribed strict eligibility criteria for these auditors based on the NBFC’s asset size, including minimum partners, experience, and professional qualifications .
Fraud-Related Audit: NBFC (Nishtha Leasing Pvt Ltd) has right to investigate borrowers from our App.
Right to Audit Borrowers: If NBFC (Nishtha Leasing Pvt Ltd) suspects fraud in a loan account, it is now mandatory to refer the matter to an internal or external auditor for investigation. Critically, NBFC (Nishtha Leasing Pvt Ltd) is required to incorporate specific clauses in their loan agreements that grant them this right to conduct audits at the lender’s behest .
Audit of Third-Party Service Providers: The RBI has widened its supervisory gaze to include Loan Service Providers (LSPs) —VALENDRIX FINTECH PRIVATE LIMITED that partner with NBFC (Nishtha Leasing Pvt Ltd) for customer acquisition, underwriting, and loan management .
10.Data Localization & Protection Statement
10.1. Sovereign Data Storage
NBFC (Nishtha Leasing Pvt Ltd) hereby declares and ensures that all customer data, financial information, transaction records, and personal identifiers processed by the company are stored and maintained exclusively on servers and cloud infrastructure physically located within the geographical boundaries of India . We do not store, replicate, or backup such data in any jurisdiction outside India unless explicitly mandated or permitted by a specific exemption from the Reserve Bank of India (RBI) .
10.2. Regulatory Compliance & Cross-Border Transfer
In compliance with the RBI Master Directions and the Digital Personal Data Protection Act (DPDPA), 2023, cross-border transfer of sensitive financial data is strictly prohibited . Where access to data is required by the company or its service providers for operational support, such access is restricted to remote viewing only, ensuring that the data remains domiciled in India and does not leave Indian territory . No foreign replication of core banking, payment, or KYC data is permitted .
10.3. Third-Party Vendor (LSP) Accountability
The company remains fully responsible for the confidentiality, integrity, and availability of customer data, even when services are outsourced to Loan Service Providers (LSPs), NBFC (Nishtha Leasing Pvt Ltd) fintech partner VALENDRIX FINTECH PRIVATE LIMITED, or IT vendors . All vendors and data processors are bound by strict contractual obligations mandating:
India-only storage of data .
Implementation of need-to-know access controls and non-co-mingling of data in multi-tenant environments .
Granting of audit and inspection rights to the NBFC (Nishtha Leasing Pvt Ltd) and the RBI to verify compliance .
Immediate incident reporting and cooperation during regulatory inspections .
10.4. Customer Consent & Data Usage
We adhere to the principles of granular consent and purpose limitation as outlined in the RBI Digital Lending Guidelines and the DPDPA . Customer data is:
Collected only with explicit, informed, and separate consent (not bundled with other terms) .
Used strictly for the purpose for which consent was granted (e.g., credit assessment, loan servicing) .
Subject to the customer’s right to access, correct, and withdraw consent, leading to the secure deletion of data where applicable and permissible by law .
10.5. Data Security & Sovereignty Infrastructure
To ensure compliance, the company utilizes, where applicable, secure domestic infrastructure such as the Indian Financial Services (IFS) Cloud or other RBI-compliant local data centers . We implement robust security safeguards including encryption, multi-factor authentication, and real-time fraud monitoring to protect data in transit and at rest, in alignment with RBI’s cybersecurity frameworks .
11. Children’s Privacy
Sunny Rupee is intended only for individuals 18 years or older.
If we become aware that data was collected from a minor, it will be deleted immediately.
12. Updates to This Policy
We may revise this Privacy Policy over time due to updates in technology, law, or business operations. Users will be informed through an in-app notification or email. Continued use of the app indicates acceptance of the updated terms.
13.Customer Service
If you have any questions, please contact our grievance redressal officer. Grievance Officer:SATYPRIYA ; Email:grievances@nishthaleasing.in ; Phone: 0180 20542967