Legal — Privacy Policy

Privacy Policy

This Privacy Policy explains how VISTRONEX PRIVATE LIMITED collects, uses, stores, and protects your personal information when you use the RocketCash application and Platform.

DocumentPrivacy Policy of VISTRONEX PRIVATE LIMITED
Version1.0
Approved ByBoard of Directors
Approved On15th March 2026
SignatoryKulwinder Kaur (Director)

Overview

This Privacy Policy of VISTRONEX PRIVATE LIMITED (a company incorporated under the Companies Act, 2013, having its registered office at AltF G.B.P. 701-08 7F T-D, MG Rd Sikanderpur Sec-26, DLF QE, Gurgaon - 122002, Haryana — hereinafter “VISTRONEX”, “we”, “our” or “us”) is an electronic record in the form of an electronic contract formed under the Information Technology Act, 2000 and the rules made thereunder. The terms “you”, “customer”, “user”, “borrower” denote the person who avails the services of VISTRONEX using the Rocketcash mobile application or any other mode. This Privacy Policy does not require any physical, electronic, or digital signature.

This Privacy Policy is a legally binding document between you and VISTRONEX, and becomes effective upon your acceptance of it by availing our services. It describes the policies and procedures followed by VISTRONEX with respect to collection, use, disclosure and deletion of your information when you register for and use the Rocketcash Application and Services. This document is published in accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under the Information Technology Act, 2000.

By using the website/mobile application, you indicate that you understand, agree and consent to this Privacy Policy and provide your unconditional consent as provided under Section 43A and Section 72A of the Information Technology Act, 2000. If you do not agree with the terms of this Privacy Policy, please do not use our website/mobile application.

VISTRONEX complies with all regulations on the protection of Personal Information specified in laws applicable to financial service providers/digital lending apps, and recognises the importance of “Personal Information” including “Sensitive Personal Information” provided under lawful contract. We intend to take reasonable measures to keep such information confidential, and may share it with our affiliates and third parties under appropriate arrangements and applicable laws.

Your acknowledgment and consent

By visiting or using the Platform, you agree to be bound by the terms of this Privacy Policy and consent to the collection, usage, storage, sharing and handling of the personal/sensitive personal data submitted by you. This policy applies to information collected through our Platform(s) and through email, text and other electronic communications sent in connection with it (“User Information”). If you are using the application for availing loan services, please also read the Privacy Policy of VISTRONEX PRIVATE LIMITED, the LSP of SAVANTIKA VANIJYA PRIVATE LIMITED (a licensed NBFC duly registered with the Reserve Bank of India), available at rocketcash.in/privacy-policy.

A. Definitions

For the purpose of this Privacy Policy:

Account
means a unique account or identifier created for you to access our Service or parts of our Service.
Application
means the software program provided by the Company, downloaded by you on any electronic device, named Rocketcash.
Company
(referred to as “the Company”, “VISTRONEX”, “We”, “Us” or “Our”) refers to VISTRONEX PRIVATE LIMITED, Ahmedabad.
Country
refers to India.
State
refers to Gujarat, India.
Device
means any device that can access the Service, such as a computer, mobile phone or digital tablet.
Lending Partner
means banks, non-banking financial companies and other financial institutions regulated by the RBI, with whom VISTRONEX has an arrangement to facilitate Services through the Platform.
Loan
means various lending products offered by SAVANTIKA VANIJYA PRIVATE LIMITED or its Lending Partner through the Platform, on the terms and conditions agreed with you.
Loan Application
means the digital journey you complete while applying for a Loan on the Platform.
Personal Data
is any information that relates to an identified or identifiable individual.
Service
refers to the services provided by the Application.
Service Provider
means any natural or legal person who processes data on behalf of the Company – including third-party companies or individuals employed to facilitate, provide, or analyse use of the Service.
Usage Data
refers to data collected automatically, either generated through use of the Service or from the Service infrastructure itself (e.g. duration of a page visit).
You
means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

B. Type of Personal Information Collected and Purpose of Collection

While using our Service, we may ask you to provide certain personally identifiable information that can be used to contact or identify you. Personal Information will not be used for purposes other than providing services; prior approval will be sought if the purpose changes. This may include, but is not limited to:

Identity and profile-related data
First and last name, phone number, date of birth, country of origin, username or similar identifiers, password, gender, title, background, feedback, etc.
User correspondence details
Email address, phone number registered with us, and residential address.
Location data
Approximate/coarse location of your device, used for serviceability, fraud prevention and onboarding in case of a Loan Application.
KYC data
Identification documents issued by the government or other authorities – one of the Officially Valid Documents specified in RBI-KYC directions (Driving License, Voter’s ID, NREGA Job Card, Passport, Aadhaar card, PAN). VISTRONEX may request one-time camera access for KYC/onboarding.
Transaction data
Details of transactions occurring through the Platform or in connection with the Services, including services sought/availed and confirmations thereof.
SMS
We and our authorized service provider access SMSs with alphabetic or less-than-10-character numeric sender names only, solely to verify your financial position and assess credit risk to enable a loan — even when you are not actively using the app (subject to your permission).
Financial data
Past credit history, income details, loans issued or applied for through the Platform, payments/repayments, bank account details and statements (only in case of a loan application).
Marketing and communications data
Your preferences for receiving marketing messages from us and third parties, and your communication preferences.
Usage & device data
IP address, browser type/version, pages visited, time/date of visit, time spent, device identifiers, mobile OS, installed applications, crash logs and other diagnostic/performance data.
Media & document data
Rocketcash does not access device storage/media directly; however, you may be asked to select and upload specific images/documents for KYC, underwriting, or complaint resolution.
Miscellaneous data
Last 4 digits of credit/debit card numbers, WiFi connection information, publicly available information about you, and installed application/package names (for fraud prevention).

We may also receive Personal Information about you from third parties such as social media services, commercially available sources, and business partners. Where applicable, SAVANTIKA VANIJYA PRIVATE LIMITED shall share relevant data with VISTRONEX/other Lending Partners and their lending service providers in the event of a Loan Application, in accordance with this policy and the privacy policy of the relevant Lending Partner. You can disable these permissions at any time in your device settings, though we recommend keeping them enabled for uninterrupted service.

C. Term of Retaining and Use of Personal Information

Retention

We retain your Personal Data only for as long as necessary for the purposes set out in this Policy, including to comply with legal obligations, resolve disputes, and enforce our agreements. Usage Data is generally retained for a shorter period, except where used to strengthen security, improve functionality, or where we are legally obligated to retain it longer. We preserve records pertaining to borrower identification and addresses for at least five years after the business relationship ends. You may write to us to request removal of your data, subject to applicable retention requirements.

Use of your personal data

  • To provide and maintain our Service, including monitoring usage.
  • To manage your Account and registration as a user.
  • For the performance of a contract: development, compliance and undertaking of the purchase contract for services purchased through the Service.
  • To contact you by email, phone, SMS, or push notification regarding updates, informative communications, promotions, marketing, or security updates.
  • To provide news, special offers and information about goods/services similar to those you have purchased or enquired about.
  • To manage and attend to your requests.
  • For business transfers: in connection with a merger, divestiture, restructuring, reorganization, dissolution, or sale/transfer of assets.
  • To improve our site based on feedback received.
  • To send payment due-date reminders or notify you of a breach of contract for any service granted by VISTRONEX.
  • For other purposes: data analysis, usage trends, fraud detection/prevention, and evaluating promotional campaigns.
  • Otherwise, with your consent.

D. Storage and Transfer of Your Personal Data

Your information is processed at the Company’s operating offices and other locations where parties involved in processing are located, in accordance with applicable law. Data is processed and stored on servers located in India. Third parties with whom data is shared must comply with RBI cybersecurity standards; the application gives you the option to restrict sharing of data with third parties.

Except as otherwise provided in this Policy, VISTRONEX will disclose your Personal Information to third parties only in the following limited circumstances:

  • With Service Providers — to monitor/analyse use of the Service, to contact you, or to facilitate Services via third-party service providers, partners, banks and financial institutions.
  • With business partners — trusted partners working under confidentiality/non-disclosure agreements (marketing, delivery, promotions, analytics, payment processing, support).
  • For payment processing — via card processing companies, payment gateways, or pre-paid card providers.
  • With government and law enforcement agencies — pursuant to applicable laws, for investigation of offences, fraud, or threats to safety.
  • For business transfers — in connection with a merger, asset sale, financing, or acquisition.
  • With Affiliates — who will be required to honour this Privacy Policy.
  • With other Users — where you choose to share information in public areas of the Platform.
  • With the Lender/Lending Partner/Lending Service Provider — in case of a Loan Application, subject to the respective parties’ privacy policies; you retain the option to revoke or withdraw this sharing at any time.
  • With your consent — for any other purpose.

Information freely available or accessible in the public domain, or furnished under the Right to Information Act, 2005, is not regarded as sensitive personal data or information for the purposes of this Policy. You may withdraw your consent at any time via the “Contact Us” section, though this may limit our ability to continue serving you, and we will retain information required for regulatory or legal compliance.

E. Security of Personal Data

VISTRONEX has adopted measures including internal reviews of data collection, storage and processing practices, appropriate encryption, and physical security to guard against unauthorized access. We have implemented technical controls (firewall, encryption, password, WAF, SOC, anti-virus) and management controls (access management, log review, NDAs).

  • VISTRONEX does not store full card details (number, CVV, validity) on its servers — only the last 4 digits, per RBI card tokenization guidelines.
  • To comply with UIDAI guidelines, only the Aadhaar Reference number is stored on our servers.
  • Information may be shared with third parties under strict confidentiality/NDA, though VISTRONEX is not liable for a security breach at the third party’s end.
  • VISTRONEX has designed and implemented an Incident Management Policy to be followed in the event of any security incident.

F. Children\u2019s Privacy

Our Service does not address anyone under the age of 18, and we do not knowingly collect personally identifiable information from anyone under 18. If you are a parent or guardian aware that your child has provided us with Personal Data, please contact us. If we become aware of having collected such data without parental consent, we take steps to remove it. Where consent is required as a legal basis for processing and your country requires parental consent, we may require it before collecting and using that information.

G. Method of Disposal of Personal Information

Procedure of disposal

Your Personal Data is disposed of promptly once the purpose of collection has been fulfilled, unless otherwise required by law. You have the right to delete, or request our assistance in deleting, the Personal Data we hold about you. You may update, amend, or delete certain information via your Account settings, or by contacting us. Information required for regulatory compliance, or verified through government bodies during KYC, may not be directly editable \u2014 updating such information requires a re-KYC. You may revoke previously granted permissions at any time.

Method of disposal

Personal information printed on paper is shredded or incinerated. Personal information in digital format is deleted using technology that prevents recovery of deleted records.

H. Administrator in Charge of Management of Personal Information

VISTRONEX has designated an administrator in charge of the management of Users’ personal information, who may be contacted as follows:

Address604, Silicon Tower, Off CG Road, Law Garden, Ahmedabad, Gujarat - 380006

I. Cookies

A “cookie” is a small piece of information stored by a web server on a web browser, later read back from that browser. The App may use cookies and tracking technology depending on the features offered. No personal information/data is collected via cookies and other tracking technology; however, if you have previously provided personally identifiable information, cookies may be tied to it. Aggregate cookie and tracking information may be shared with third parties.

K. Third Party Sites

Payment gateways used for transactions are managed and controlled by third parties; some of your information may be saved on these third-party sites. VISTRONEX is not responsible for any loss or damage relating to information held by such sites, though these gateways are digitally encrypted to provide a high degree of privacy and security.

Our Services may link to third-party websites outside our control. VISTRONEX, its group companies, affiliates, directors and employees accept no liability for any loss or damage (direct, indirect, special, incidental, consequential, punitive, or exemplary) arising from your use of, or inability to use, any linked application or site, including from any defect, error, omission, or interruption. This Privacy Policy does not cover third-party sites — please read their specific privacy policies.

L. Governing Law or Dispute Resolution

This Policy is governed by and construed in accordance with Indian law. The courts at Ahmedabad (Gujarat) shall have exclusive jurisdiction in relation to any disputes arising out of or in connection with this Policy.

Any dispute between VISTRONEX and a User in connection with the validity, interpretation, implementation, or alleged breach of any provision of this Policy shall be referred to and finally resolved by arbitration under the Indian Arbitration and Conciliation Act, 1996. There shall be one (1) arbitrator and the seat of arbitration shall be Ahmedabad, India.

M. Right of Users

Users have the right, at any time, to know whether their personal information has been stored, and may consult VISTRONEX to learn its contents and origin, verify its accuracy, or request that it be supplemented, cancelled, updated, corrected, anonymised, or blocked. Requests should be sent to the administrator identified in Section H above.

This Application does not support “Do Not Track” requests. To determine whether any third-party service we use honours such requests, please read their respective privacy policies.

N. Amendments to the Privacy Policy

We may amend, alter, modify or update this Privacy Policy from time to time. Changes will be conveyed by posting a notice on the website and Application, with a link to the updated policy. Use of information collected is subject to the Policy in effect at the time it is used. Continued use of the Website(s)/Application(s) after changes have been posted constitutes acceptance of those changes.

Disclaimer, Force Majeure and Indemnity

Everything on this site, and the content, services and materials in the Site, are provided “as is” and on an “as available” basis, without representations or warranties of any kind, express, implied or statutory. VISTRONEX disclaims all warranties to the maximum extent permissible under applicable law, including implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement, and does not warrant that the Site or Services will be continuously available, uninterrupted, or error-free, or that defects will be corrected. You assume the entire cost of any necessary servicing, repair, or correction. Where applicable law does not permit exclusion of implied warranties, the above exclusion may not apply to you.

Neither VISTRONEX nor its affiliates, nor their officers, employees or agents, shall be liable to you or anyone else for any loss, damage or expense arising out of access to or use of the Site/Services or any linked site, including loss of revenue, profits, business or data, or indirect, incidental or consequential loss.

You agree to indemnify, save and hold VISTRONEX, its affiliates, contractors, employees, officers, directors, agents, third-party associates, licensors and partners harmless from any claims, demands, losses, damages, liabilities, costs and expenses (including legal fees) arising out of or related to your use or misuse of the Services or Site, any violation of this Privacy Policy, any breach of your representations or warranties, or your infringement of any third party’s rights, or any material posted/transmitted by you that is threatening, libelous, obscene, harassing or offensive.

VISTRONEX reserves the right, at your expense, to assume exclusive defence and control of any matter subject to your indemnification obligation, and you agree to cooperate with our defence and settlement of such claims. VISTRONEX is not responsible for any loss or damage arising from a Force Majeure Event — an event beyond our reasonable control, including sabotage, fire, flood, explosion, acts of God, civil commotion, strikes, riots, insurrection, war, acts of government, computer hacking, unauthorized system access, breach of security/encryption, or power/electricity failure. No internet transmission can be said to be fully secure; VISTRONEX cannot guarantee the security of all information you provide, and you provide it at your own discretion.

O. Grievance Redressal

In accordance with the Information Technology Act, 2000 and rules made thereunder, if you wish to make a complaint regarding any violation of this Privacy Policy, or any other matter concerning you, you may contact the Grievance Redressal Officer as detailed in our Customer Grievance Redressal Policy, available on our website. Your complaint will be addressed in accordance with the Company’s Grievance Redressal Mechanism.