Privacy Policy | Finhaat

This Privacy Policy describes how Finhaat Insurance Broking Private Limited (“Finhaat”, “we”, “us” or “our”), an IRDAI-registered insurance broker holding IRDAI registration number 820 for direct (life & general) insurance, collects, uses, stores, shares, and protects the data of users (“User”, “you”, “your”) who access or use our website, mobile application, platform, and related services.

Finhaat processes personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), applicable IRDAI regulations, and other relevant laws, and is committed to ensuring that such processing is undertaken in a lawful, transparent, and secure manner solely for legitimate insurance distribution, servicing, and compliance purposes.

Your privacy is important to us and we want you to feel secure visiting our website and mobile application – FINHAATPRO (“Platform”, “FINHAATPRO”). This Privacy Policy explains the type of data, Personal Data (defined hereinafter) and Sensitive Personal Data (defined hereinafter) which will be collected, processed and used during and following your visits to the Platform. Please read this Privacy Policy carefully.

In the process of you using the Platform or availing of the existing or future services or facilities provided through the Mobile App, you may be required to furnish information, including Personal Information and/or Sensitive Personal Information. You are requested to keep all such information updated so as to ensure that the services and facilities provided by us remain relevant to you.

By using any of the services, you represent that you have read and understood the terms and conditions of usage, which includes this Privacy Policy, and you agree to be bound by all its terms.

Personal Data Collected

Finhaat, through the Platform, may collect and process Personal Data strictly for lawful insurance broking, servicing, claims facilitation, and regulatory compliance purposes under the Digital Personal Data Protection Act, 2023 (“DPDP Act”), including:

Personal and identity information, including name, mobile number, email address, residential/correspondence address, date of birth, age, gender, and nationality (where required);
KYC and verification information, including PAN, Aadhaar, passport, driving licence, voter ID, photograph, signature, proof of identity, and proof of address documents;
Insurance proposal and policy-related information, including proposal form details, nominee information, family member details (where coverage extends), occupation, employer details, income category (where relevant), existing policy details, insurer information, sum insured, premium amount, tenure, and other policy issuance particulars;
Financial and transaction information, including bank account details (for premium payments/refunds), payment transaction records, policy purchase history, and related servicing information;
Health and medical information (where required for life/health insurance products), including medical declarations, pre-existing disease details, medical reports, test results, prescriptions, hospitalization and treatment records;
Claims-related information, including claim form details, incident or loss information, discharge summaries, death certificates (where applicable), and supporting documentation required by insurers, TPAs, or claim administrators;
Customer communication and support information, including service requests, complaints, call recordings (where notified), email/chat communications, feedback, and survey responses;
Technical and usage information, including IP address, device identifiers, browser type, operating system, app usage logs, cookie data, analytics, and security-related information;
Third-party and regulatory information, including data received from insurers, TPAs, authorized partners/distributors, group companies, or information required under applicable laws, IRDAI regulations, or lawful government directions;
Insurance risk and underwriting information, including nominee/appointee relationships, lifestyle disclosures, occupation risk details, financial underwriting inputs, and other declarations required by insurers for assessing eligibility and pricing;
Motor insurance–specific information, including vehicle registration number, chassis number, engine number, RC details, driving history, and inspection-related information;
Corporate or group insurance information (where applicable), including employer/entity details, employee/member data, group policy enrolment records, and beneficiary details;
Geolocation and address verification data, including location information used for verification, fraud detection, field inspection, or regulatory servicing requirements;
AML and compliance-related information, including details required under anti-money laundering guidelines, counter-terror financing checks, sanctions screening, and insurer-mandated compliance validations;
Audio-visual and e-mandate data, including video KYC records (where applicable), voice logs, e-signatures, e-mandate confirmations, and authentication trails;
Consent and authorization records, including consent logs, opt-in/opt-out records, communication preferences, and authorization given for sharing data with insurers, TPAs, or service providers;
Intermediary and PoSP-related information (where applicable), including PoSP onboarding details, training/certification status, licensing records, performance data, and regulatory documentation maintained as per IRDAI requirements;
Grievance and dispute-related information, including complaint details, escalation records, ombudsman references, and correspondence with insurers or regulators;
Fraud monitoring and security information, including suspicious transaction indicators, fraud investigation records, access logs, device risk signals, and cyber-security related identifiers;
Regulatory reporting and audit information, including records maintained for IRDAI inspections, statutory audits, insurer audits, and mandatory reporting obligations;
If you create an account on FinhaatPro, we may collect your username, password, and other demographic or profile information voluntarily provided by you for account creation and Platform access.

Finhaat collects only such Personal Data as is necessary for providing insurance broking services, fulfilling regulatory obligations under IRDAI norms, preventing fraud, and complying with applicable laws, and does not process Personal Data for unrelated or unlawful purposes.

How We Use Personal Data

Personal Data is processed only for lawful, specific, and necessary purposes connected with insurance broking, servicing, claims support, and compliance obligations.

Finhaat may use Personal Data for the following purposes:

Account creation and platform access, including user registration, authentication, login management, and profile administration;
Insurance solicitation and distribution, including assisting Users in identifying, comparing, and purchasing suitable insurance products from insurers;
Proposal processing and policy issuance, including submission of proposal forms, underwriting support, verification of disclosures, and issuance of insurance policies;
KYC, verification, and regulatory compliance, including identity verification, documentation checks, and compliance with IRDAI and insurer requirements;
Policy servicing and administration, including renewals, endorsements, updates, premium reminders, and customer support services;
Claims facilitation and assistance, including claim intimation, coordination with insurers/TPAs, collection of supporting documents, and servicing through the claim lifecycle;
Customer communication, including service-related updates, new products, policy information, transaction confirmations, regulatory notices, responding to queries, grievances, and promotions;
Fraud prevention and security monitoring, including detecting suspicious activity, preventing unauthorized access, ensuring cybersecurity, and protecting Users and the Platform;
Internal analytics and service improvement, including usage analysis, research, troubleshooting, product enhancement, and improving user experience, subject to appropriate safeguards;
Legal and contractual enforcement, including exercising legal rights, resolving disputes, responding to lawful requests, and enforcing Platform terms;
Regulatory reporting and audits, including maintaining records required for IRDAI inspections, statutory audits, insurer audits, and lawful government directions;
Consent management, including maintaining records of consents, withdrawals, opt-in/opt-out preferences, and communication choices.

Finhaat may use limited Personal Data such as your name and contact details to send communications regarding insurance products, service updates, offers, and educational information that may be relevant to you, subject to your consent and communication preferences under the DPDP Act.

Users may opt out of receiving promotional communications at any time through the unsubscribe mechanism provided in such messages or by contacting Finhaat’s grievance/support channel. Service-related and regulatory communications may, however, continue as necessary for policy servicing and compliance purposes.

Finhaat processes Personal Data only to the extent necessary for the above purposes and does not use such data for unrelated activities unless required by law or with the User’s explicit consent, as applicable under the DPDP Act.

Minors and Eligibility

The services offered through the Platform are intended for use by individuals who are 18 years of age or older. Finhaat does not knowingly collect or process Personal Data of individuals under the age of 18, except where such processing is necessary for providing insurance coverage to a minor and is undertaken in accordance with applicable law and the DPDP Act.

Finhaat shall not send marketing or promotional communications to individuals under the age of 18.

By accessing or using FinhaatPro, you represent and warrant that:

You are at least 18 years of age and legally competent to enter into a binding agreement;
You have not been previously suspended, barred, or removed from using the Platform;
You will provide accurate and truthful information and will not impersonate any person or entity or misrepresent your identity, age, or affiliation.

If Finhaat becomes aware that Personal Data of a minor has been collected without lawful basis or required consent, Finhaat shall take appropriate steps to delete such data or restrict processing in accordance with the DPDP Act.

Sharing and Disclosure of Personal Data

Finhaat does not sell or rent Personal Data of Users. Personal Data is shared only to the extent necessary for providing insurance broking services and fulfilling the purposes disclosed in this Privacy Policy.

Personal Data may be shared in the following limited circumstances:

With Insurance Companies and Related Entities: including insurers, TPAs, claim administrators, or entities involved in policy issuance, servicing, renewal, or claims processing;
With Service Providers Acting as Data Processors: trusted third-party vendors engaged under written DPDP-compliant agreements for technology, verification, communication, or analytics services;
With Group Companies or Affiliates (Limited Purpose): strictly for operational support, fraud prevention, customer servicing, or jointly offered services, where lawful and necessary;
For Legal and Regulatory Requirements: where disclosure is required under applicable law, IRDAI regulations, lawful government directions, court orders, or regulatory processes;
Business Protection and Fraud Prevention: where reasonably necessary to detect, prevent, investigate, or address fraud, cybersecurity incidents, identity theft, or misuse of the Platform;
Marketing Communications: Finhaat does not share Personal Data with third parties for their independent marketing purposes. Promotional communications are sent only in accordance with DPDP Act requirements and user preferences.

Cookies

Cookies are small text files that are stored on your device by your browser or application when you visit or use the FinhaatPro Platform. Cookies help us recognize your device, remember your preferences, enhance security, and improve your overall user experience.

Finhaat may use both session-based cookies (which expire when you close your browser) and persistent cookies (which remain stored until deleted) for purposes such as enabling platform functionality and secure login, remembering user preferences, improving performance and analytics, and preventing fraud or unauthorized access.

You may choose to disable or manage cookies through your browser or device settings. However, disabling cookies may affect the availability or functionality of certain features of the FinhaatPro Platform.

Finhaat does not permit third parties to place cookies for their independent advertising purposes without appropriate lawful basis and user consent, where required under applicable law.

Confidentiality & Protection of Your Information

Finhaat adopts reasonable data collection, storage, processing, and security practices, including access controls, encryption measures (where applicable), continuous monitoring, and secure systems, to safeguard Personal Data stored on the Platform.

While Finhaat implements robust security measures, Users acknowledge that no system or method of transmission over the internet is completely secure. In the event of any Personal Data breach, Finhaat shall take appropriate steps in accordance with applicable law, including the DPDP Act, to mitigate risks and comply with reporting or notification obligations.

Storage and Retention of Personal Data

Finhaat retains Personal Data only for as long as is necessary to fulfil the purposes for which it was collected, including insurance broking services, policy servicing, claims facilitation, dispute resolution, fraud prevention, and compliance with applicable laws and IRDAI regulatory requirements.

Personal Data may be retained for longer periods where required under:

IRDAI regulations and insurer record-keeping obligations;
Statutory audit and compliance requirements;
Legal proceedings, investigations, or regulatory directions.

Upon expiry of the retention period, Finhaat shall take reasonable steps to securely delete, anonymize, or otherwise restrict further processing of such Personal Data, unless continued retention is legally required.

Deletion, Updating & Modification of Data

You shall have the right to:

Request access to information about the Personal Data processed by Finhaat;
Request correction, completion, or updating of inaccurate or misleading Personal Data;
Request deletion of Personal Data that is no longer necessary for the stated purposes, subject to applicable legal and regulatory retention obligations;
Withdraw consent where processing is based on consent.

Finhaat may decline or limit deletion requests where retention is required for compliance with IRDAI regulations, insurer requirements, lawful government directions, fraud prevention, or establishment or defence of legal claims.

Where Finhaat processes Personal Data based on your consent, you may withdraw such consent at any time by submitting a request through the contact details provided in this Privacy Policy.

Users acknowledge that withdrawal of consent may affect Finhaat’s ability to provide certain services, including issuance, servicing, renewals, or claims assistance, where processing of Personal Data is required for contractual or regulatory purposes.

You can contact us at compliance@finhaatinsurance.com in relation to your rights under this clause.

Grievance Redressal

Finhaat Insurance Broking Private Limited (the “Company”) is committed to addressing complaints and grievances of Users and customers through a structured and transparent grievance redressal mechanism.

This mechanism aims to minimize customer complaints through proper service delivery, timely review, and identification of shortcomings, if any. The grievance redressal framework is designed to ensure fair, just, and permissible resolution within the applicable regulatory framework.

The grievance redressal system is available at all regional and branch offices of the Company, and concerned employees are trained on complaint handling procedures.

Complaint Redressal Process

Step 1: Channel for Communication

Email: complaints@finhaatinsurance.com
Letter: Grievance Officer, Finhaat Insurance Broking Private Limited, Address

Step 2: Process for Addressing Queries

Electronic grievances will be acknowledged within 24 working hours;
Physical letters by courier will be responded to within 14 days of receipt;
Walk-in and contact-center grievances will be acknowledged immediately and logged.

Step 3: Resolution of Grievances

Finhaat endeavors to resolve all grievances to the satisfaction of its customers. As per IRDAI regulations, a grievance shall be considered resolved when:

The Company has fully acceded to the request of the complainant; or
The complainant has indicated acceptance of the Company’s response in writing; or
The complainant has not responded within 8 weeks of the Company’s written response.

Disclaimer

Finhaat acts solely as an IRDAI-registered insurance broker and facilitates the distribution and servicing of insurance products offered by insurers. Policy issuance, underwriting decisions, and claim approvals are the responsibility of the respective insurance companies, subject to applicable law.

Finhaat processes Personal Data only to the extent necessary to discharge its intermediary obligations and to assist Users in obtaining and servicing insurance coverage.

I hereby authorize and give consent to Finhaat Insurance Broking Private Limited to send me, either through itself or through any third-party service provider, from time to time, information, alerts, SMS, messages, calls, commercial communications, and service-related updates on the telephone numbers provided by me, whether or not such numbers are registered with the National Do Not Call Registry or the National Customer Preference Register.

I further confirm that I shall not hold the Company or its authorized third-party service providers liable or initiate any complaint under the Telecom Commercial Communications Customer Preference (TRAI) Regulations, 2010, or any amendments thereof, in relation to such communications, as may be applicable from time to time.

Policy Acceptance and Acknowledgment

By using or continuing to use the FinhaatPro Platform, including registration, account creation, or accessing any services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

You further acknowledge and consent to the collection, use, storage, sharing, and processing of your Personal Data as described herein, in accordance with applicable law, including the Digital Personal Data Protection Act, 2023 and applicable IRDAI regulations.

Finhaat reserves the right to update or amend this Privacy Policy at any time. Any material changes shall be communicated through the FinhaatPro Platform or through other appropriate means. Your continued use of the Platform after such updates constitutes acceptance of the revised Privacy Policy.

If you have any questions, concerns, or complaints regarding this Privacy Policy or Finhaat’s handling of Personal Data, you may contact us through the grievance or support channels provided herein.

Finhaat is committed to ensuring the protection of your Personal Data and shall take all reasonable measures to maintain confidentiality, integrity, and security while processing such information in compliance with the DPDP Act, IRDAI regulations, and other applicable laws.

By providing your specific consent and submitting your Personal Data, you acknowledge that you have read and understood this Privacy Policy and hereby expressly grant your free, specific, informed, unconditional, and unambiguous consent to Finhaat for the collection, receipt, usage, possession, storage, handling, processing, and disclosure of your Personal Data for the purposes stated herein.