How We’re Keeping Your Data Safe

Illustration by Pratik Bhide for 1 Finance Magazine

There’s growing discourse around data privacy and security across the world — and for good reason. Knowing who has access to your information and what they do with it is fundamental to building trust. This is where transparency and clear communication are non-negotiable. At 1 Finance, we recognise and understand the hesitations and apprehensions around sharing sensitive financial information. We’re also deeply aware of the fact that for you to feel comfortable doing this, we need to hold up our end of the deal — by creating systems and processes that ensure confidentiality and prioritise safety. Here’s how we go about this.

To start with, we don’t collect any data without our users’ consent. While some of this information — like your email address and phone number — is fairly standard, other aspects of our services require that we get to know you better. For instance, we ask your PAN and date of birth, which helps us verify your PAN and demographic details from government databases, and to check if you are an existing client of our parent company, the Marwadi Chandarana Group — all details that allow us to serve you better. Then, we ask you to go through and sign off on a Registered Investment Advisor agreement, which outlines the information we will collect, how we will use it and who it may be shared with. 

In order to advise on your finances, we collect information like your Consolidated Account Statement, credit report, investment details and insurance manually — and are working to automate this process by integrating third parties into our data-collection process. For example, we plan to involve government-authorised Account Aggregators to access financial data like account balances, transaction histories, credit scores, and investment portfolios from various financial institutions. Rest assured, this is a safe and secure process — users can hand-pick the information that they are okay with sharing, and withhold the information they want to keep to themselves. This data helps us with tasks like calculating the user’s net worth, creating an income–expense report, and so on.

What members share with us is stored in a permanent, identifiable format on a cloud server. This information would include details like names, email addresses, membership IDs and other information that’s part of user profiles or account databases. Access to this data is, of course, exclusive, and subject to stringent security measures — from encryption, firewalls, and privacy protections to access controls, multi-factor authentication, clear and transparent privacy policies, and regular security assessments. We only store data that is indispensable for providing our services to you.

Besides collecting and storing data, what’s equally important for you to know is how we use this information. Well, we use it for operational purposes and legal compliance, to deliver our offerings efficiently, and to enhance your experience. We use it to create and manage your account, verify your identity, process payments and communicate with you. It is also vital for facilitating our advisory services, personalising your experience and our recommendations, and providing customer support. From time to time, we also use it to study user behaviour and enhance or develop products and features that will help you.

It makes sense, then, that the people who have access to this data include our engineering and development team, data analytics team, customer support team, marketing and sales teams. People will only be able to access the data that they need in order to perform their duties. While conversations between a member and their qualified financial advisor may be recorded for quality control or training purposes — and saved securely on our servers, with encryption and restricted access — these sessions are confidential and only shared with those who need to know about them.

We regularly review these safety and privacy measures to assess and update company policies, and stay prepared for new threats or vulnerabilities. If a user chooses to delete their profile — and we sincerely hope we don’t give anyone a reason to do so — their data will be permanently deleted after a 30-day period during which we may be required to retain some of it.

At the end of the day, we’d like you to know that we have your back — your data is absolutely essential for us to be of service to you and to put you on track for a more secure financial future. It helps us understand you, see where you might need some help, and together work out solutions that are easy for you to implement. The way we collect, use, and store your data is secure — it’s well-intentioned, and as with everything else we do at 1 Finance, it’s free of vested interests.