1. Introduction
This Privacy Policy describes how BSS Sonata Sakhi (the "App"),
operated by Sonata India (the "Company", "we", "us", or "our"),
collects, uses, protects, and shares information when you use our mobile application.
BSS Sonata Sakhi is a microfinance and rewards application designed for customers to manage their loans,
track EMI payments, earn rewards, and access financial services. By using the App, you agree to the
collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Personal Information
- Name – For account identification and verification
- Phone Number – For authentication, OTP verification, and communication
- Email Address – For account recovery and notifications
- MPIN (Mobile PIN) – Encrypted authentication credential
- Profile Photo – Optional personalization
2.2 Financial and Loan Information
- Loan Details – Disbursement ID, loan type, amount, tenure
- EMI Information – Schedules, paid amount, balances
- Payment Transactions – Transaction IDs and methods
- Center & Branch Information
2.3 Rewards and Gamification Data
- Reward points and history
- Tier and XP information
- Spin & Win history
- Referral data
- Milestone progress
2.4 Device and Usage Information
- Device model and OS version
- App usage statistics
- Network and security information
2.5 Media Files
- Photos or videos uploaded by the user
3. How We Use Your Information
- Account creation and authentication
- Loan and EMI management
- Payment processing through Razorpay
- Rewards, tier and referral programs
- Customer support
- App improvements and analytics
- Security and fraud prevention
- Legal and regulatory compliance
4. Rewards Program Data
- Early, on-time and recovery rewards
- Milestone and referral rewards
- Real-time tracking and conversion
- Tier multipliers
5. Data Sharing and Third Parties
- Razorpay – payment processing
- Airtel – SMS and OTP services
- Cloud and analytics providers
We do not sell your personal or financial data.
6. Data Security
- Encryption and secure storage
- HTTPS/TLS communication
- Access controls and monitoring
- MPIN lockout and rate limiting
7. User Rights
- Access and update your data
- Request correction or deletion
- Withdraw consent
8. Data Retention
Data is retained according to legal and regulatory requirements.
9. Children’s Privacy
This app is not intended for children under 13 years of age.
10. App Permissions
- Internet and network state
- Camera and media (optional)
11. Third-Party Services
- Razorpay
- Airtel SMS Gateway
12. Changes to This Policy
We may update this policy from time to time and notify users when required.
14. Governing Law
This policy is governed by the laws of India.
15. Consent
By using the app, you consent to this Privacy Policy.