Login
MTree Fintech Services Private Limited ("MTree" or "Company")

Effective Date: [27.01.2025]

MTree is dedicated to safeguarding your privacy. This Privacy Policy outlines how we collect, store, handle, and transfer information from our users. By accessing and using our website and mobile app ("Platform"), you agree to the practices described here. We might update this policy occasionally, and your continued use of the Platform implies acceptance of these changes.

1. Data Controllers

Your personal information will be stored on servers located in India by MTree Fintech Services Private Limited, including its representatives, affiliates, and business partners.

2. Information We Collect

To enhance your experience, we gather various types of information:

  • Personal Information: This includes your name, email address, date of birth, city of residence, and any documents you upload. This information helps us provide tailored services.
  • Device Information: We may access your camera, microphone, location, and other device features solely for onboarding or KYC requirements, with your explicit consent.
  • Third-Party Information: Occasionally, we might receive information about you from other sources to enhance our services.
3. Use of Cookies

We utilize cookies to personalize your experience:

  • Types of Cookies: We use session cookies (which expire when you close your browser) and persistent cookies (which stay on your device until you delete them). Cookies help minimize load times and save on server processing.
  • Managing Cookies: Most browsers allow you to control cookie settings. Disabling cookies might affect your ability to use some Platform features.
4. Your Consent

By using our Platform, you consent to the collection and use of your information as outlined in this policy, including any updates we may make from time to time.

For more details, please refer to our Full Privacy Policy on the MTree website.

4.1 MTree will collect user information and share it with other financial institutions to help you provide the required products.
a. Information collected by
  • Name
  • Access to location – to enable the user to use the website.
  • Biometric Access (face-scan, finger print scan) and screen-lock to enable user to access the website.
  • WhatsApp permission for sending notification, for sharing leads and product related information, messages, invite links etc.
  • Contacts - To enable website to add new user to the website.
  • Aadhar number - for KYC compliance.
  • PAN number - for KYC compliance.
  • Address as per Aadhar – for KYC compliance
  • Mobile No. – for communication purposes
  • Email ID - for communication purposes
  • Camera - To enable the advisor to take pictures for the purposes of the website
  • Photo Gallery – To enable the user to upload a profile photo
  • Educational Certificates – For verifying the user educational qualification.
  • Such other ancillary details connected to the aforesaid.
  • Pincode - To register end-customer details on the website before they can proceed to apply to the Products on the website
b. Purpose of collecting information

The generic statement of purpose is as mentioned below:

  • To enable user to use the website
  • To facilitate the request received from customers for various financial products.
  • To process the requests & share report on these requests.
  • To undertake research and analytics for offering or improving the products/services and their security and service quality;
  • To check and process user requirements or instructions or requests received from financial institution.
  • To share with user, updates on changes to the products/services and their terms and conditions.
  • To verify identity and to provide products to the user.
  • To facilitate the transactions or report on these transactions.
  • To carry credit checks, screenings or due diligence checks as lawfully required by the Company. Please note that we are fetching credit score from Experian.
5. How We Use Your Information

At Mtree Fintech Services Private Limited, we collect your information when you create an account, use our products or services, or visit our website. This includes details like your first name, last name, state and city of residence, email address, date of birth, and gender. During registration, we also ask for your contact number to send SMS notifications and alerts about our services. By registering, you authorize us, including our business partners and affiliates, to send texts and emails with your login details and other service information, even if you are registered under DND, DNC, or NCPR services. Your authorization remains valid until your account is deactivated or you withdraw your consent. With your permission, we may also access your camera, microphone, and location for service facilitation and KYC purposes, in compliance with applicable laws.

Purpose of Collecting Information:
  • Service Delivery: Facilitate and deliver services, process payments, and communicate with you about products, services, and promotional offers.
  • Support and Grievances: Respond to queries, requests, and resolve any issues related to our services.
  • Obligations: Fulfill our obligations related to any agreements with our business partners.
  • Promotions: Send information about special promotions, new features, and products/services from us or our partners.
  • Internal Analysis: Use your information for internal analysis, location-based services, personalized content, and improving our platform.
  • Fraud Prevention: Prevent or detect fraud or abuse of our website and enable third parties to carry out technical, logistical, or other functions on our behalf.
  • Communications: Send notices, updates, and recommend services that might interest you. We may also request your feedback and opinions.
  • File Storage: Obtain file storage permissions for uploading customer documents for processing applications by our partners.
  • Access Permissions: With your consent, access your camera, microphone, and location for service facilitation and logging in to our website.

Some features of our website or services will require you to provide personally identifiable information.

6. Disclosure to Third Parties

We do not sell, rent, or disclose your information for commercial purposes in ways that contradict our commitments. However, we may share your information with third parties, including our business partners (Banks/NBFCs), CICs, service providers, and affiliates, for the purposes outlined in this policy.

These third parties must handle your information with the same level of care and confidentiality as we do. Any access or processing of your information by these third parties is subject to contractual terms, applicable laws, our instructions, and your consent.

In the event of a sale, merger, reorganization, or consolidation of our business, your information may be transferred to the successor entity.

We may anonymize or aggregate personal information and disclose it in a non-identifiable manner. Access to your account information is strictly controlled and used only for the purposes set out in this policy.

We may share your information without prior written consent with government agencies as mandated by law for identity verification, prevention, detection, investigation, prosecution, and punishment of offenses, or for compliance with legal obligations.

For products or services offered by third parties, such as loans, credit cards, or mutual funds, their use of your information is governed by their privacy policies. We encourage you to review these policies before applying for their products or services.

When investing in our mutual fund product through our mobile app, you agree to the following disclosure: "Mtree Fintech's use and transfer of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Our app helps track the performance of mutual fund investments from multiple channels/platforms, providing a comprehensive dashboard for informed financial decisions."

7. Data Storage

Mtree Fintech Services Private Limited stores your personal information on servers located within India. We retain customer information to meet service requirements, unless consent is withdrawn by you. Data retention complies with this policy and applicable Indian laws and regulations.

In specific scenarios, we may retain your information longer:

  1. For legal investigations or requirements by courts/tribunals/forums/commissions.
  2. To enhance or improve our products and services.
  3. As required by contractual agreements with business partners.

We may also retain your credit report and score from credit bureaus for:

  1. Six months.
  2. Until the information is no longer needed for its original purpose.
  3. Until you withdraw consent. For more details, refer to Credit Report Terms of Use.

Provisions in line with RBI’s Digital Lending Guidelines: Information collected for digital lending services is retained for eight years from the last instance of customer access to our services. Basic identification details may be retained to comply with legal and compliance requirements.

8. Your Control Over Your Personal Information

We use your information to provide beneficial products, services, and experiences. You can control how your non-personal information is collected and used online.

You can choose what personal and sensitive information (e.g., financial information) you provide to us and restrict its disclosure to third parties. However, this may affect your access to certain products/services. If mandatory information is not provided, we may be unable to deliver subscribed services.

You can opt-out of receiving marketing materials via email/SMS by adjusting your preferences in your account settings or using the 'opt-out' or unsubscribe link in our emails. You can also write to us at care@mtreefintech.com. Processing your request may take up to 10 days. We will continue to send notifications regarding your services with us.

Review and correct or amend your information by logging into your account on our website. Mtree Fintech Services is not responsible for the authenticity of any information provided by you or third parties.

9. Revocation of Consent and Deletion of Data

If you believe retention of your personal information is unnecessary, or if you request its deletion, we will destroy or delete such information. You can withdraw consent to collect and use your data by writing to us at consentrevocation@mtreefintech.com. After verifying your request, it will be processed within 45 days. However, if you have availed services, we may not delete your data due to legal requirements. Retained information will be protected according to cybersecurity norms.

Withdrawing consent may result in the termination of services. No refunds will be provided for any fees paid, and the company will not be liable for this in any manner.

10. Log Files

We use log files like most standard websites. Information may include IP addresses, browser type, ISP, referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user movement, and gather demographic information for aggregate use. This information may be combined with other data we collect to improve services, marketing, analytics, and site functionality.

11. Data Security

Mtree Fintech Services is an ISO/IEC 27001:2013 certified organization, ensuring compliance with information security standards. We employ technical and organizational measures to protect your data. Despite multiple security measures, we cannot guarantee absolute security due to the nature of the internet and electronic storage.

Maintain the confidentiality and security of your login credentials. Do not share them with third parties. During any security breach, relevant stakeholders and authorities will be informed as required by law.

12. Third-Party Advertisers and Links to Other Websites

We may use third-party advertising companies to serve ads on our website. These companies may use non-personally identifiable information about your visits to provide relevant advertisements. We use third-party service providers to serve ads across the internet and sometimes on our website. They may collect anonymous information about your visits and interactions with our services for targeted advertising.

Links to other websites related to our partners may be present on our site. Personal information provided to these sites is not our responsibility. Read the privacy policies of these websites when you visit them. Mtree Fintech Services holds no responsibility for the content of third-party privacy policies.

13. Changes to This Privacy Policy

Mtree Fintech Services reserves the right to change this policy at its sole discretion. We may update it to reflect changes in our information practices. Periodically review the policy to stay informed about any changes. The effective date allows you to determine when the policy was last updated.

Direct Selling Agents (DSA) Policy
1. Objective:

The objective of this policy is to outline the responsibilities and code of conduct for Direct Selling Agents (DSAs) of Mtree Fintech Services Private Limited, emphasizing the importance of maintaining the privacy and confidentiality of customer data.

2. Scope:

This policy applies to all DSAs engaged by Mtree Fintech Services Private Limited for the purpose of promoting and selling the company’s financial products and services.

3. Responsibilities of DSAs:
3.1. Customer Privacy:
  • DSAs must ensure the highest standards of customer privacy and data protection at all times.
  • DSAs are prohibited from sharing, disclosing, or using customer information for any purpose other than the intended business transactions with Mtree Fintech Services.
  • Any breach of customer data privacy will result in immediate termination of the DSA agreement and may involve legal consequences.
3.2. Data Security:
  • DSAs must adhere to all data security protocols established by Mtree Fintech Services.
  • All customer information must be stored securely and transmitted using secure channels as provided by the company.
  • DSAs should report any suspicious activities or security breaches immediately to the Mtree Fintech Services' compliance team.
4. Code of Conduct:
4.1. Professional Behavior:
  • DSAs must conduct themselves in a professional and ethical manner while interacting with customers and representing Mtree Fintech Services.
  • DSAs should provide accurate and honest information about the company’s products and services without making false claims or promises.
4.2. Compliance with Laws and Regulations:
  • DSAs must comply with all applicable laws, regulations, and guidelines related to financial services and data protection.
  • DSAs should stay informed about any changes in regulations and ensure their practices remain compliant.
5. Customer Communication:
5.1. Clear and Transparent Communication:
  • DSAs must communicate clearly and transparently with customers about the terms and conditions of financial products and services.
  • All communication should be conducted in a respectful and courteous manner.
5.2. Consent and Opt-Out Options:
  • DSAs must obtain explicit consent from customers before collecting any personal or sensitive information.
  • Customers should be informed of their right to opt-out of marketing communications and how they can exercise this right.
6. Training and Awareness:
6.1. Mandatory Training:
  • DSAs are required to undergo mandatory training sessions on data privacy, security practices, and ethical conduct.
  • Regular refresher training sessions will be conducted to ensure DSAs are up-to-date with the latest policies and regulations.
6.2. Awareness Programs:
  • Mtree Fintech Services will organize awareness programs to educate DSAs about the importance of data privacy and security.
  • DSAs are encouraged to actively participate in these programs and provide feedback for continuous improvement.
7. Monitoring and Compliance:
7.1. Regular Audits:
  • Mtree Fintech Services will conduct regular audits to ensure compliance with this policy and identify any potential breaches.
  • DSAs are expected to cooperate with audit processes and provide necessary information when required.
7.2. Disciplinary Actions:
  • Non-compliance with this policy will result in disciplinary actions, including but not limited to termination of the DSA agreement.
  • Serious breaches may result in legal action and reporting to relevant authorities.