Consent Architecture

Last updated: April 2026

A plain-language explanation of every consent we ask you for, what it unlocks, and how to withdraw it.

1. Mobile + OTP consent

Used to verify it's really you and to send transactional messages. Withdrawable by deleting your account.

2. PAN verification consent

One-time pull from NSDL/Income Tax via Karza/Signzy. Stored encrypted, used for bureau and CKYC.

3. Aadhaar eKYC consent

Offline KYC via DigiLocker or paperless eKYC via Hyperverge. Aadhaar number is masked after verification — only last 4 digits stored.

4. Account Aggregator consent

Time-bound, purpose-bound consent to fetch your bank statements via an RBI-licensed AA. You see exactly what data is shared, with whom, and for how long. Revocable at any time on the AA app.

5. Bureau consent

Soft pull during eligibility (no score impact). Hard pull only at final loan acceptance.

6. Marketing consent

Separate, opt-in only. You can opt out anytime from your dashboard.

Prototype notice: These legal templates are placeholder drafts for the v1 prototype. Replace with counsel-reviewed text before any production use.