← Back to Home

Privacy Policy

Our Commitment to Your Privacy

At Saro Loan (“we,” “our,” or “us”), we recognize that your personal and financial information is sensitive and deserves the highest level of protection. We believe that transparency is the foundation of trust; therefore, this Privacy Policy serves as a comprehensive guide to our data practices. It details the specific methodologies we employ to collect, utilize, process, store, safeguard, and ultimately dispose of your personal data when you interact with the Saro Loan mobile application and our suite of associated financial services.

User Acknowledgment and Consent

By proceeding to install, register for, or utilize the Saro Loan application, you formally acknowledge that you have meticulously read and fully understood the terms set forth in this Privacy Policy. Furthermore, you expressly consent to the data processing practices described herein. We encourage you to review this policy periodically, as your continued use of our services constitutes an ongoing agreement to our commitment to data integrity and regulatory compliance.

Comprehensive Data Collection & Governance Standards

At Saro Loan, we operate under a rigorous data governance framework anchored by the core principles of purpose limitation, data minimization, and proportionality. We believe that your information should only be handled with the highest degree of integrity. Consequently, our data collection practices are strictly confined to information that is fundamentally essential for the provision of our financial services. We collect personal data exclusively when it is necessary to achieve the following critical objectives:

• Credit Eligibility & Financial Assessment: To accurately determine your eligibility for credit-specific products and to tailor our financial offerings to your unique economic profile.
• Comprehensive Risk Evaluation: To conduct sophisticated creditworthiness assessments and multi-dimensional risk analysis, ensuring responsible lending practices for both the user and the platform.
• Identity Authentication (KYC): To fulfill "Know Your Customer" (KYC) mandates, verifying your legal identity through official documentation to maintain a secure and transparent financial ecosystem.
• Fraud Mitigation & Asset Protection: To proactively detect, investigate, and prevent fraudulent activities, system misuse, and unauthorized access, thereby safeguarding your account and our community.
• System Integrity & Operational Stability: To monitor and enhance the technical performance, security protocols, and overall stability of the Saro Loan platform.
• Regulatory Compliance & Legal Obligations: To ensure full adherence to all applicable local and international laws, anti-money laundering (AML) regulations, and mandatory reporting requirements.

We maintain a strict prohibition against the collection of any data that is irrelevant to, or exceeds the scope of, the specific financial services provided by the Saro Loan application.

Specific Data Access & Permissions

SMS Data Permission

With your explicit, one-time consent, Saro Loan may access financial-related SMS messages on your device.

• Purpose & Usage: We analyze transaction alerts, salary credits, and repayment notifications to evaluate your income patterns and creditworthiness. This data is also integrated into our automated risk management system to strengthen fraud prevention by detecting suspicious financial activity in real-time.
• Strict Limitations: We strictly do not access, read, or store personal or non-financial messages.
• Data Lifecycle: All SMS data is encrypted during transmission. Once the credit evaluation and identity verification processes are concluded, this data is automatically purged from our temporary systems. No SMS information is shared with third-party entities.

Approximate Location Data

To ensure our services comply with regional financial regulations, we require access to your device's approximate location.

• Purpose & Usage: This information allows us to verify that Saro Loan services are supported in your current jurisdiction. It also enables us to calculate localized loan limits and provide financial products or promotions specifically tailored to your regional profile.
• Security & Retention: Your location data is transmitted via secure, encrypted channels. We do not share this information with third parties, and it is permanently deleted immediately after the regional eligibility assessment is complete.

Camera Access

The app will request access to your device’s camera only during specific identity verification stages.

• Purpose & Usage: We utilize camera access to capture high-quality images of your identity documents and to perform facial recognition (liveness checks). This "Know Your Customer" (KYC) process is essential for preventing identity theft, verifying your application's authenticity, and ensuring regulatory compliance.
• Data Lifecycle: Images and facial data are encrypted for security. Unless required by specific legal retention mandates, these files are deleted from our active verification servers within 5 working days of successful processing. We do not share these files with any external parties.

Device & App Interaction Data

We automatically collect technical and behavioral metadata to maintain a secure and optimized user environment.

• Technical Information: This includes your device model, operating system version, unique device identifiers, language settings, screen resolution, and network connection details. We use this to ensure app compatibility and prevent unauthorized account registrations from suspicious hardware.
• Interaction Analytics: We gather anonymous data regarding your app usage, such as page navigation patterns, session durations, and feature engagement.
• Security & Optimization: This data is primarily used to detect fraudulent bot activity, enhance app performance, and refine the user experience. All technical data is encrypted, securely transmitted, and systematically deleted once the security analysis and verification checks are finalized.

Purposes of Data Processing

Saro Loan processes the information collected through the application for the following essential business and legal purposes:

• Credit Evaluation: To perform comprehensive assessments of your eligibility for our credit-related products and services.
• KYC & Regulatory Compliance: To execute mandatory "Know Your Customer" (KYC) identity verification and ensure full adherence to financial anti-money laundering (AML) regulations.
• Risk & Fraud Mitigation: To proactively identify, prevent, and remediate fraudulent activities, unauthorized access, or potential security breaches.
• Operational Excellence: To diagnose technical issues, enhance the reliability of the mobile application, and refine the overall user experience.
• Service Communications: To deliver critical administrative notifications, transaction updates, and essential service-related alerts.

Data Retention, Archiving, and Deletion

We adhere to a strict data retention policy, ensuring that personal information is stored only as long as necessary to fulfill the purposes outlined in this policy or to comply with statutory requirements:

• Evaluation Data: Information used strictly for credit assessment is systematically purged once the evaluation process is finalized.
• Account Information: Active account data is maintained for the duration of our service relationship. Upon the fulfillment of all contractual obligations or following a prolonged period of account inactivity, this data will be securely removed.
• Legal & Statutory Exceptions: Notwithstanding the above, certain records may be retained in an archived format if required by prevailing laws, for audit purposes, or for the resolution of legal disputes.
• Deletion Requests: Users may exercise their "Right to be Forgotten" by requesting data deletion directly through the application interface or our official website.

Information Security Infrastructure

Saro Loan employs a multi-layered security architecture to safeguard your data against unauthorized access, disclosure, or loss. Our defense-in-depth strategy includes:

• Advanced Encryption: Implementation of industry-standard encryption protocols for data at rest and in transit (e.g., SSL/TLS).
• Network Protection: Utilization of robust firewalls and intrusion detection systems.
• Access Governance: Strict internal access controls that limit data visibility only to authorized personnel on a "need-to-know" basis.

Disclosure and Third-Party Sharing

We maintain a strict policy against the sale, rental, or unauthorized trading of your personal information. Disclosure is strictly limited to the following circumstances:

• Essential Service Providers: Trusted partners who assist in processing your service requests, such as payment gateways or credit reporting agencies, all of whom are bound by stringent confidentiality agreements.
• Legal & Regulatory Mandates: Disclosure to government, judicial, or regulatory authorities when compelled by law, subpoena, or official investigation.
• Authorized Sub-processors: Third-party technical providers who maintain our infrastructure and are contractually obligated to uphold our high security and privacy standards.

Individual User Rights

In accordance with data protection principles, you are entitled to the following rights regarding your personal information:

• Right of Access: The right to request a copy of the personal data we hold about you.
• Right to Rectification: The right to request the correction of inaccurate or incomplete personal information.
• Right to Erasure: The right to request the permanent deletion of your data, subject to legal retention requirements.
• Revocation of Consent: The right to withdraw previously granted permissions (such as camera or SMS access) at any time through device settings or app controls.
• Grievance Redressal: The right to raise concerns or lodge formal complaints regarding our data handling practices.

Note: All requests are subject to identity verification to ensure the security of your account.

Governance and Contact Information

For any inquiries, requests for data access, or concerns regarding this Privacy Policy, please contact our Data Protection Officer at: