CitoWealth collects personal information that you voluntarily provide when you use our platform to apply for loans, insurance products, or to request a callback from our team. We collect only the minimum information necessary to facilitate your application.

Personal Information

• Full name, date of birth, PAN number, Aadhaar number (for KYC purposes only)
• Mobile number, email address, residential and office address
• Employment type, monthly income, employer name
• Loan amount required, preferred tenure, existing EMIs
• CIBIL / credit score — fetched only with your prior explicit written/digital consent via consent checkbox or OTP verification on our application form

Insurance-Related Information

• Age, gender, medical history (as required by the IRDAI-regulated insurer for underwriting)
• Nominee details, existing policy details
• Vehicle registration number, model, year (for motor insurance applications)
• Sum assured preference, policy tenure (for term and health insurance)

Automatically Collected Information

• IP address, browser type, device type, operating system
• Pages visited, time spent on site, referral URL
• Cookies and similar tracking technologies (see Section 6)

Your information is used solely for loan and insurance facilitation, service improvement, and regulatory compliance. We process your data only on the following lawful bases: explicit consent, legitimate interest, and legal obligation. CitoWealth does not use your data for any purpose beyond what is stated below.

Primary Use — Loan Facilitation (DSA Role)

• To match your profile with suitable lenders — CitoWealth does not make lending decisions; all credit decisions are made exclusively by the partner lender
• To submit your loan application to one or more partner RBI-regulated institutions with your explicit prior consent
• To communicate indicative loan options (not offers or guarantees) based on your profile — final terms are set by the lender
• To facilitate creditworthiness assessment by partner lenders — CIBIL/bureau pull requires your separate explicit consent via checkbox or OTP

Primary Use — Insurance Facilitation (Referral Role)

• To share your application details with IRDAI-regulated partner insurers for policy quotation and issuance — with your explicit consent
• To provide indicative premium estimates — actual premium is determined solely by the partner insurer based on underwriting
• To assist with insurance renewal reminders on behalf of the partner insurer

Communication Consent — Including WhatsApp

Other Uses

• To send service-related notifications, document reminders, and application status updates
• To improve our website, services, and user experience through anonymised analytics
• To comply with RBI, IRDAI, FIU-IND, and other applicable regulatory requirements
• To prevent fraud, identity theft, money laundering, and other illegal activities

CitoWealth does not sell your personal data to any third party. Your data is shared only in the following circumstances:

With Partner Banks & NBFCs

Your loan application data is shared with partner RBI-regulated banks and NBFCs for the purpose of processing your loan application. Each partner institution has its own privacy policy governing how they handle your data.

With IRDAI-Regulated Insurers

Your insurance application data is shared with partner insurance companies for policy issuance and underwriting purposes, strictly as required to service your application.

With Service Providers

• Credit bureaus (CIBIL, Experian, Equifax) — for creditworthiness assessment with your explicit consent
• KYC verification services — for identity verification as required by RBI
• Cloud hosting and IT service providers — under strict data processing agreements
• Analytics providers — for website analytics (anonymised data only)

For Legal Compliance

We may disclose your information to government authorities, regulators (RBI, IRDAI, SEBI, FIU-IND), or courts if required by applicable law, court order, or in good faith belief that disclosure is necessary to protect the rights and safety of CitoWealth, its users, or the public.

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights regarding your personal data:

• Right to Access: Request a summary of personal data we hold about you and how it is being processed
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations
• Right to Withdraw Consent: Withdraw consent for processing at any time without affecting lawfulness of prior processing
• Right to Grievance Redressal: File a complaint with our Grievance Officer or the Data Protection Board of India
• Right to Nominate: Nominate an individual to exercise rights on your behalf in the event of death or incapacity

CitoWealth implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

• SSL/TLS encryption for all data transmitted between your browser and our servers
• Access controls ensuring only authorised personnel can access personal data
• Regular security audits and vulnerability assessments
• Employee training on data privacy and security protocols
• Incident response procedures for data breach notification

While we take all reasonable precautions, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and not share your login credentials with anyone.

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse site usage. By using our website, you consent to our use of cookies in accordance with this policy.

Types of Cookies We Use

• Essential Cookies: Required for core functionality such as session management and security. Cannot be disabled.
• Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics). Data collected is anonymised.
• Functional Cookies: Remember your preferences such as language and loan type selections.
• Marketing Cookies: Used to deliver relevant advertisements. Only deployed with your explicit consent.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

• Application Data: Retained as per applicable RBI, PMLA, and regulatory guidelines
• KYC Documents: Retained for 5 years from the closure of the account/application, as per PMLA 2002
• Website Analytics Data: Retained for 26 months in anonymised form
• Marketing Preferences: Retained until you withdraw consent or request erasure

Upon expiry of the retention period, personal data is securely deleted or anonymised in accordance with applicable law and our internal data governance policy.

For any queries, concerns, or requests related to this Privacy Policy or the processing of your personal data, please contact our designated Privacy Officer:

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India once it is constituted under the DPDP Act, 2023, or approach the relevant regulatory authority.