Privacy Policy

Last updated: June 8, 2026 · Effective: June 8, 2026

The short version: We collect only what we need. We protect everything with enterprise-grade AES-256 encryption. We never sell your data — ever. We share with partners only as needed to provide you financial services, and only with your consent.

1. Who We Are

Nishwik Global Fintech Private Limited ("Nishwik", "we", "our", "us") is a technology company registered in India. We operate the Nishwik app, web platform, and partner dashboards ("Platform"). We are not an NBFC or bank — we partner with RBI-registered NBFCs and scheduled commercial banks to provide financial products.

2. Data We Collect

2.1 Information You Provide

2.2 Information Automatically Collected

3. How We Use Your Data

4. Data Sharing

We share your data with:

We never sell your personal data. We do not share your data with advertisers, data brokers, or third-party marketing platforms. Period.

5. Data Security

All data is encrypted using AES-256 encryption at rest and TLS 1.3 in transit. We maintain strict access controls, conduct regular security audits, and are pursuing ISO 27001 certification. Our security team reviews access logs continuously.

6. Your Rights

To exercise any of these rights, contact us at privacy@nishwik.com. We respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active and for up to 8 years after account closure, as required by applicable Indian financial regulations. Anonymised, aggregated data may be retained indefinitely for analytics purposes.

7B. Your Rights Under DPDP Act 2023

As a Data Principal under India's Digital Personal Data Protection (DPDP) Act, 2023, you have the right to:

To exercise any right, email: privacy@nishwik.com. We will respond within 72 hours.

8. Cookies and Tracking

Our web platform uses strictly necessary cookies for functionality and optional analytics cookies (with your consent). We do not use advertising or tracking cookies. You can manage cookie preferences in your browser settings.

9. Children's Privacy

Our Platform is not intended for individuals under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us immediately at privacy@nishwik.com.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. Continued use of the Platform after that date constitutes acceptance of the updated policy.

11. Contact & Grievance Officer

For privacy-related queries or complaints:

12. Data Deletion — Request Your Data to Be Erased

Your right under DPDP Act 2023 (Section 13): You have the right to request erasure of your personal data held by Nishwik. We will process verified requests within 30 days and confirm deletion in writing.

Under the Digital Personal Data Protection (DPDP) Act, 2023 and our obligations as a Data Fiduciary, Nishwik provides a clear, accessible process to request deletion of your personal data from our systems.

12.1 What Data Can Be Deleted

You may request deletion of:

12.2 Data That Cannot Be Deleted (Legal Retention Obligations)

Certain data must be retained under applicable Indian law and cannot be erased even upon request. We will inform you of the exact category and retention period when processing your request.

12.3 How to Submit a Deletion Request

📧 Option 1 — Email (Recommended, fastest)

Send an email to privacy@nishwik.com with subject line:

Data Deletion Request — [Your Registered Mobile Number]

Include in your email:

📬 Option 2 — Written Request (Postal)

Nishwik Global Fintech Private Limited

Attn: Data Protection Officer

CIN: U62091MH2025PTC448673

Please include your full name, registered contact details, a self-attested copy of valid government-issued photo ID, and a clear description of the data you wish deleted.

12.4 Online Request Form

You can also submit your request directly using the form below. We will contact you on your registered mobile/email to verify your identity before processing.

🔒 Your identity will be verified before any data is deleted. Response within 30 days per DPDP Act 2023.

12.5 What Happens After You Submit

12.6 Withdrawing Consent for Marketing Communications

To withdraw consent for marketing emails or SMS without deleting your account: click "Unsubscribe" in any Nishwik email, or write to privacy@nishwik.com with subject "Withdraw Marketing Consent — [Your Mobile Number]". We will process this within 5 business days.

12.7 Escalation and Complaints

If your deletion request is not handled correctly or within the required timeline: