Privacy Policy

Last Updated: 23 Nov 2025

This Privacy Policy explains in detail how EMIKeyLock (“EMIKeyLock”, “we”, “us” or “our”) collects, receives, uses, stores, shares, protects, and otherwise processes your personal data when you use:

Our mobile applications (for customers, retailers, distributors, admins),
Our web-based admin, distributor and partner dashboards,
Our APIs and backend services, and
Our public website and any related online services.

This Privacy Policy is drafted with specific reference to applicable Indian laws, including but not limited to:

Digital Personal Data Protection Act (DPDP Act) and any related rules, notifications and amendments;
Information Technology Act (“IT Act”);
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules (“IT Rules”);
Relevant rules, circulars, and directions issued by CERT-In and other competent authorities from time to time; and
Other applicable Indian laws, regulations and guidelines relating to privacy, data protection, cyber security and consumer protection.

By accessing or using EMIKeyLock, installing our apps, registering as a retailer/distributor/admin, or by otherwise providing your personal data to us, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

Important: This Privacy Policy is for informational purposes and does not constitute legal advice. You are encouraged to review this document carefully and seek independent legal advice if required.

1. Scope and Applicability

This Privacy Policy applies to all users and stakeholders interacting with EMIKeyLock, including:

Customers – individuals whose mobile devices are financed, tracked, and potentially locked/unlocked using EMIKeyLock based on EMI repayment status.
Retailers – shops, vendors, and channel partners who sell devices on EMI or finance and use EMIKeyLock retailer tools.
Distributors / Channel Partners – entities managing multiple retailers and supervising EMI operations.
Finance Companies / NBFCs / Lenders – entities providing credit, loans or EMI financing integrated with EMIKeyLock.
Administrators – users who manage system configuration, policies, and reporting through admin dashboards.
Website Visitors – any person who visits, browses or interacts with our website or public resources.

This Privacy Policy applies regardless of whether you access EMIKeyLock via mobile application, browser, integrated partner system, or any other interface provided by us. It governs personal data processed by us in our capacity as a Data Fiduciary and/or Data Processor, as those terms are used under applicable laws.

2. Key Definitions

For the purpose of this Privacy Policy:

“Personal Data” means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act.
“Processing” means a wholly or partly automated operation or set of operations performed on digital personal data including collection, recording, organization, structuring, storage, adaptation, retrieval, use, alignment, combination, indexing, disclosure, or erasure.
“Data Principal” refers to the individual to whom the personal data relates (for example, a customer or retailer as a natural person).
“Data Fiduciary” refers to the person who alone or in conjunction with others determines the purpose and means of processing of personal data.
“Data Processor” refers to any person who processes personal data on behalf of a Data Fiduciary.
“Sensitive Personal Data or Information (SPDI)” has the meaning assigned by IT Rules 2011 and may include financial information, passwords, etc.
“You” / “User” refers to any natural person using our services, including customers, retailers, distributors, lenders, and visitors.

Where EMIKeyLock operates as a neutral technology platform for lenders, NBFCs and retailers, such entities may act as independent Data Fiduciaries and EMIKeyLock may act as their Data Processor, subject to applicable agreements.

3. Categories of Personal Data We Collect

3.1 Customer-Related Data

When a device is sold or financed on EMI through EMIKeyLock integrated partners, we may collect and process information such as:

Customer full name;
Mobile number(s) used on the financed device;
Email address (if provided);
Customer ID/reference number provided by retailer/lender;
Residential or billing address (if shared by retailer/lender);
Device identifiers such as IMEI, serial number, and model information;
EMI schedule details (tenure, due dates, installment amount);
Payment status flags (paid / unpaid / overdue / closed) – generally non-banking and non-account-specific summary;
Status of the device (locked/unlocked/in warning mode);
Logs of lock/unlock actions performed through EMIKeyLock for that device.

We generally do not directly collect bank account numbers, credit card numbers, UPI IDs, or net banking passwords. Any financial transaction for EMI payment is handled by relevant third-party payment gateways or lenders, subject to their own privacy policies.

3.2 Retailer, Distributor and Admin User Data

For retailer, distributor and admin accounts, we may collect:

Full name of the authorised user/contact person;
Business name, GST number (if provided), and business address;
Registered mobile number and email address;
Login credentials (username, hashed password);
Role and access level (retailer, distributor, admin, support etc.);
Activity logs (logins, device registration, lock/unlock actions, changes in EMI status);
IP address and device/browser details used to access the dashboards.

3.3 Device & Technical Data

On customer devices where EMIKeyLock is installed and activated, we may collect:

Device identifiers (IMEI, serial number, Android/iOS version, brand, model);
Device admin/Device Owner status to enforce lock policies;
Network information (basic connectivity state, Wi-Fi/Cellular availability – not browsing content);
Hardware and OS parameters necessary to verify device integrity (e.g., root detection, bootloader unlock attempts, factory reset attempts);
Application status of EMIKeyLock (running, disabled, uninstalled attempts);
Time-stamped logs of enforcement actions, warnings, and system messages.

3.4 Website and Analytics Data

When you browse our website, we may collect:

IP address and approximate location derived from it;
Browser type, version, operating system;
Pages visited, time spent on each page, and referring URLs;
Cookie identifiers, session identifiers, and similar tracking technologies;
Crash logs, performance metrics and security-related logs.

3.5 Voluntary Data Shared by You

You may voluntarily share additional information with us through:

Support tickets and emails;
Feedback forms and surveys;
WhatsApp or other communication channels (if used for official support);
Demo or enquiry forms filled on our website.

We treat such information as personal data to the extent it identifies or relates to you.

4. Lawful Basis for Processing and Legal Compliance

EMIKeyLock processes personal data strictly in compliance with Indian laws and for lawful purposes. Our primary legal bases for processing include:

Consent: In many scenarios, consent is obtained by retailers/finance partners at the time of device sale or EMI onboarding. By activating EMIKeyLock or continuing to use a device with EMIKeyLock installed, you acknowledge that your data may be processed to enforce EMI-related lock policies.
Contractual Necessity: Processing is often necessary to perform obligations under the EMI agreement, loan contract, or related service arrangement between you and the retailer/finance company.
Legitimate Interests: We have a legitimate interest in preventing fraud, securing financed devices, ensuring repayment discipline, ensuring the safety of our platform, and offering uninterrupted services to our business partners and customers.
Legal Obligation: We may process and share data as required to comply with Indian laws, court orders, law enforcement requests, or regulatory directions.

We strive to ensure that any processing adheres to the principles of necessity, proportionality, purpose limitation, and data minimization as envisaged by the DPDP Act and related rules.

5. Purpose of Data Collection and Use

5.1 Core Functional Purposes

We process personal data for the following core purposes essential to the functioning of EMIKeyLock:

To enable registration and activation of devices under EMIKeyLock protection;
To verify device ownership and association with a specific EMI account or loan record;
To monitor EMI status (paid/unpaid/overdue) as reflected by the retailer or finance partner;
To trigger, execute and manage device lock/unlock actions based on EMI status and configured policies;
To generate reminders, warnings, or informational messages on the device regarding EMI dues or lock status;
To maintain logs of actions taken on each device for security, audit and dispute resolution purposes.

5.2 Security and Fraud Prevention Purposes

To detect and prevent tampering, rooting, factory reset attempts, or unauthorized uninstallation of EMIKeyLock;
To identify and respond to suspicious behavior, unusual access patterns, or abuse of the platform;
To protect our infrastructure, servers, and network from malware, hacking attempts, and other cyber threats;
To implement security policies mandated by applicable law and our internal risk frameworks.

5.3 Improvement and Analytics

To analyze performance and usage patterns of our apps and dashboards;
To improve user experience, reliability, and usability of EMIKeyLock;
To create anonymized or aggregated statistics for internal reporting, forecasting and product development;
To test new features, interfaces, or policies on a controlled basis.

5.4 Communication and Support

To send service-related notifications, alerts, and reminders (for example, EMI due date reminders, lock warnings);
To provide customer support to customers, retailers and partners;
To respond to inquiries, requests, grievances, or disputes;
To send important updates regarding policy changes, security notices, or system maintenance.

5.5 Legal, Regulatory and Compliance Purposes

To comply with requirements under the DPDP Act, IT Act, IT Rules 2011, and other applicable laws;
To cooperate with lawful investigations or information requests from law enforcement or regulatory authorities;
To establish, exercise, or defend legal claims or protect our legal rights.

6. Consent Management and Choice

Where required by applicable law, we or our partners seek your consent before or at the time of data collection. This may occur:

During the device purchase or EMI enrollment process at the retailer shop;
Within the EMIKeyLock mobile application during installation or first-time setup;
Through online forms or digital agreements where EMIKeyLock is integrated with a lender/partner system.

You may have the following choices:

Withdraw Consent: Subject to your EMI or loan agreement, you may seek to withdraw consent for certain processing. However, withdrawal of consent may impact the feasibility of continuing EMI-based services or unlock privileges.
Control over Notifications: You may control some forms of non-essential notifications where applicable (for example, marketing communications, if any are ever used).
Opt-out of Non-essential Cookies: On our website, you can control certain cookie settings through your browser or any tools we provide.

Please note that even if you withdraw consent for some processing, we may still process data where necessary for legal obligations, fraud prevention, security or other legitimate purposes as allowed under applicable laws.

7. Cookies, Web Beacons and Tracking Technologies

Our website and online dashboards may use cookies and similar technologies to enhance user experience and for security, analytics and performance.

7.1 Types of Cookies Used

Strictly Necessary Cookies: Essential for secure login, session management, and basic site functioning. These cannot usually be disabled without affecting core functionality.
Performance and Analytics Cookies: Help us understand usage patterns, page performance, and system health, usually with aggregated or pseudonymized data.
Preference Cookies: May store your language or display preferences.

7.2 Managing Cookies

You can configure your browser to accept or reject cookies, or to notify you when a cookie is being set. Turning off certain cookies may limit some functionalities of our website or dashboards.

8. Data Sharing and Disclosure

EMIKeyLock does not sell, trade, or rent your personal data to third parties for their standalone marketing or commercial use. However, we may share your data with:

8.1 Retailers, Distributors and Lenders

To ensure proper mapping of devices with the correct customer and EMI account;
To allow them to view EMI and device status in line with their contract with you;
To enable them to take lawful actions under your EMI or loan agreement (such as marking EMI as paid/unpaid, closing the loan, or requesting device unlock).

8.2 Service Providers and Technical Partners

Cloud hosting providers (data centers, infrastructure providers);
SMS/Email service providers for sending OTPs, alerts and reminders;
Customer support tools (ticketing, chat services) if integrated;
Security and monitoring service providers.

Such partners are engaged under appropriate contracts and are required to follow confidentiality and data protection obligations consistent with applicable laws.

8.3 Legal and Regulatory Authorities

We may disclose personal data:

When required by law, regulation, legal process, or enforceable government request;
To comply with orders of courts or authorities having jurisdiction;
To investigate, prevent, or take action regarding suspected illegal activities, fraud, threats to safety, or violations of our policies.

8.4 Business Transfers

In the event of a merger, acquisition, restructuring, sale of assets, or similar corporate event, personal data may be transferred to the successor entity subject to equivalent privacy protections.

9. Data Storage, Retention and Deletion

9.1 Data Storage Location

As far as practicable, EMIKeyLock endeavors to store and process personal data on servers located within India, consistent with applicable laws, regulatory expectations, and business needs.

9.2 Retention Periods

We retain personal data for no longer than is necessary for the purposes for which it is processed. Retention periods may be determined based on:

Duration of the EMI or loan tenure plus a reasonable period for disputes and audits;
Statutory or regulatory retention requirements under Indian law;
Limitation periods under applicable civil and criminal laws;
Our internal policies for risk management, fraud prevention, and security.

After the applicable retention period, data may be securely deleted, anonymized, or archived as permitted by law and internal policies.

9.3 Data Deletion and Anonymization

Upon completion of EMI or closure of account, certain data may be anonymized for analytics or statistical purposes. Anonymized data does not identify you and is not treated as personal data.

10. Data Security Measures

EMIKeyLock is committed to implementing reasonable security practices and procedures as required under the IT Act, IT Rules 2011, DPDP Act and relevant Indian standards, to protect your personal data against unauthorized access, use, alteration, disclosure or destruction.

10.1 Technical Security Measures

Use of HTTPS/TLS for secure data transmission;
Use of strong encryption protocols (for example AES-256) for sensitive data at rest, where applicable;
Secure authentication mechanisms, including hashed passwords and access tokens;
Role-based access controls to restrict access to authorized personnel only;
Regular security patches, updates and hardening of servers and applications;
Security logging and monitoring for anomaly detection.

10.2 Organizational and Procedural Measures

Internal policies governing data access, confidentiality, and data handling;
Employee and contractor confidentiality agreements where applicable;
Access grants strictly on “need-to-know” basis;
Periodic review of access rights and permissions;
Awareness efforts regarding data protection and information security.

10.3 Incident and Breach Management

In the event of a data breach or security incident that is likely to cause harm, EMIKeyLock will:

Take immediate steps to contain and investigate the incident;
Notify affected users and relevant authorities as may be required by law or regulation;
Implement remedial measures to prevent recurrence;
Maintain records related to the incident as per legal requirements.

11. Your Rights as a Data Principal

Subject to applicable law, you may have the following rights in relation to your personal data:

Right to Access: You may request information about the categories of personal data processed about you and obtain a copy where feasible.
Right to Correction: You may request correction or updating of inaccurate or incomplete personal data.
Right to Deletion/Erasure: You may request deletion of your personal data, subject to the necessity for legal or contractual obligations, including EMI enforcement and archival requirements.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw such consent, subject to the consequences explained by us or our partners.
Right to Grievance Redressal: You may raise a grievance or complaint with our Grievance Officer / Data Protection Officer.

Your rights may be exercised by contacting us using the details provided in the Contact Us section below. We may request reasonable information to verify your identity before acting on your request.

12. Children’s Privacy

EMIKeyLock is not intended for use by children under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided personal data to us without appropriate consent, please contact us so we can take appropriate steps (such as deletion or obtaining verified consent).

13. Third-Party Links and Services

Our website, apps, or dashboards may contain links to third-party websites or services, including payment gateways, telecom operators, or partner platforms. These third parties operate under their own privacy policies and terms.

EMIKeyLock does not control and is not responsible for the privacy practices of such third parties. You are encouraged to review their privacy policies before interacting with them or providing any personal data.

14. International Transfers (If Any)

Our intention is to store and process data within India to the extent possible. If at any time, due to technical or contractual requirements, personal data is required to be processed or stored in another jurisdiction, we will ensure that:

Such transfers comply with applicable legal requirements; and
Appropriate safeguards are in place to protect your personal data.

15. Data Accuracy and Responsibility

We rely on retailers, lenders and users to provide accurate and up-to-date information. You are responsible for ensuring that:

The information you provide is true, accurate, and complete;
You inform us or the relevant retailer/lender promptly about any changes to your details (such as updated mobile number or address).

EMIKeyLock is not responsible for issues arising from inaccurate, incomplete or outdated information provided by you or by partners.

16. Grievance Officer and Data Protection Officer (DPO)

In accordance with applicable laws, we have designated a Grievance Officer / Data Protection Officer for handling questions, concerns, and grievances related to privacy and data protection.

Grievance Officer / Data Protection Officer (DPO)
Name: [Insert Name]
Email: [Insert DPO Email]
Phone: [Insert DPO/Support Number]
Address: [Insert Full Office Address with City, State, PIN, Country]

We will use reasonable efforts to respond to your queries or grievances within timelines prescribed under applicable law or within a reasonable period.

17. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in legal requirements, technology, our services, or internal practices.

Updated policies will be posted on our website and/or app with a revised “Last Updated” date;
Where required by law, we may also notify you through in-app notifications, emails, or other appropriate means;
Continued use of EMIKeyLock after such changes constitutes your acceptance of the updated policy.

You are encouraged to review this Privacy Policy periodically to stay informed of how we protect your data.

18. Limitation of Liability

While EMIKeyLock takes reasonable efforts to secure and protect your personal data, no system can be guaranteed as completely secure. To the maximum extent permitted by law:

EMIKeyLock shall not be liable for any indirect, incidental, consequential or punitive damages arising out of any unauthorized access, misuse or alteration of your data that is beyond our reasonable control;
EMIKeyLock shall not be liable for acts or omissions of third-party service providers, retailers, distributors or lenders acting as independent Data Fiduciaries, except to the extent explicitly assumed under written contracts.

19. Governing Law and Dispute Resolution

This Privacy Policy and any dispute arising from or related to it shall be governed by and construed in accordance with the laws of India, without regard to conflict of law principles.

Subject to applicable laws:

The courts having jurisdiction over [Insert City/State, e.g., Jaipur, Rajasthan, India] shall have exclusive jurisdiction in all matters arising out of or in connection with this Privacy Policy;
Parties may attempt amicable resolution through negotiation or mediation before initiating formal legal proceedings.

20. Contact Us

If you have any questions, concerns or requests related to this Privacy Policy, or if you wish to exercise your rights as a Data Principal, you may contact us at:

EMIKeyLock – Privacy & Data Protection
Email: [Insert Official Support/Privacy Email]
Phone: [Insert Support Phone Number]
Website: [Insert Official Website URL]
Address: [Insert Full Postal Address]

We appreciate your trust in EMIKeyLock and remain committed to protecting your privacy and personal data in accordance with applicable Indian laws and best industry practices.