Privacy Policy & Regulatory Compliance

Comprehensive data protection framework adhering to RBI, SEBI, WhatsApp Business, Google Play, and global regulatory standards

Last updated: January 18, 2026 | Compliant with all regulations effective as of this date

✅ Fully compliant with: RBI Digital Banking Authorization (2026) | Google Play DLA Requirements | WhatsApp Business API 2026 Updates | SEBI & IRDAI Guidelines

Regulatory Framework & Authorization

New Elite Financial Services operates under full regulatory compliance

Primary Regulatory Authorities

  • Reserve Bank of India (RBI) - Primary Regulator
  • Securities and Exchange Board of India (SEBI)
  • Insurance Regulatory and Development Authority (IRDAI)
  • Ministry of Corporate Affairs

Digital Operations Authorization

Effective January 1, 2026, under new RBI digital banking rules[citation:3]:

  • Explicit authorization obtained for digital banking services
  • Documented customer consent for digital services
  • Compliant with RBI's heightened cybersecurity standards

New Elite Financial Services ("we," "our," or "us") maintains full compliance with the Banking Regulation Act, 1949, RBI Act, 1934, and all subsequent amendments including the 2026 digital banking framework[citation:9]. This Privacy Policy governs our data practices across all platforms including website, mobile applications, WhatsApp Business API, and all customer touchpoints.

Information Collection Framework

Regulatory Mandated Data Collection (RBI/SEBI)

KYC & Identification Data

  • • Full name, signature, photograph
  • • PAN card, Aadhaar, Passport, Voter ID
  • • Date of birth, gender, marital status
  • • Proof of address (utility bills, rental agreement)
  • • Occupation and employment details

Financial & Transaction Data

  • • Income proof (salary slips, IT returns)
  • • Bank statements (6 months minimum)
  • • Credit history from CIBIL, Equifax, Experian[citation:7]
  • • Asset ownership documents
  • • Existing liability statements

Platform-Specific Data Handling

WhatsApp Business API 2026 Compliance[citation:1][citation:4]

Permitted Data Collection:

  • • WhatsApp phone number (with explicit opt-in)
  • • Message timestamps and delivery status
  • • Opt-in/opt-out preferences and records
  • • Communication metadata (no message content storage)

2026 Policy Updates Adhered To:

  • • No general-purpose AI chatbots[citation:1]
  • • Only approved message templates used
  • • Strict 24-hour customer service window
  • • Prohibition on sensitive data sharing via messages[citation:4]

Google Play Store Compliance[citation:2]

As per RBI's Digital Lending App (DLA) requirements:

  • • Listed on RBI's approved DLA registry[citation:2]
  • • Prohibited from accessing sensitive permissions: photos, contacts, fine location, external storage[citation:2]
  • • Clear disclosure of partnered NBFCs/banks in app description[citation:2]
  • • Transparent APR, fees, and repayment terms in metadata[citation:2]

Technical & Analytics Data

  • • IP address, device type, browser information
  • • Website/app usage patterns and session data
  • • Location data (for service area verification only)
  • • Security logs and authentication records

Regulatory Compliance Matrix

Regulatory BodyRequirementOur Compliance StatusEffective Date
RBI Digital Banking[citation:3]Explicit authorization for digital channelsFully CompliantJan 1, 2026
RBI BSBD Accounts[citation:3]Free digital services for basic accountsFully CompliantApr 1, 2026
RBI Payment Security[citation:3]Two-factor/risk-based authenticationFully CompliantApr 1, 2026
Google Play DLA[citation:2]RBI approved list & permission restrictionsFully CompliantOct 30, 2025
WhatsApp Business 2026[citation:1][citation:4]AI chatbot ban, template complianceFully CompliantJan 15, 2026
RBI Credit Reporting[citation:7]Submit data to all four CICsFully CompliantOngoing

Security Framework & Data Retention

Security Measures (RBI Compliant)

Core Security Infrastructure

  • AES-256 encryption for data at rest & TLS 1.3 for transit
  • RBI-mandated two-factor authentication for all transactions[citation:3]
  • ISO 27001:2022 certified information security management
  • Regular vulnerability assessments & penetration testing

Operational Security

  • Employee background checks & annual security training
  • Strict access controls & role-based permissions
  • 24/7 security monitoring & incident response team

Data Retention Schedule

Data CategoryRetention PeriodLegal Basis
KYC Documents10 years after account closurePMLA, 2002
Loan Agreements8 years after repaymentLimitation Act, 1963
Transaction Records7 yearsIncome Tax Act, 1961
Credit Information7 years from last updateCICRA, 2005[citation:7]
Communication Logs3 yearsRBI Grievance Redressal

Platform-Specific Compliance Details

WhatsApp Business API Compliance 2026

Mandatory Requirements[citation:1][citation:4]

  • Explicit Opt-In: Separate consent for WhatsApp communications
  • No AI Chatbots: Only task-specific automation permitted[citation:1]
  • 24-Hour Window: Free-form replies only within 24 hours of user message
  • Approved Templates: All business-initiated messages use pre-approved templates

Prohibited Activities[citation:4]

  • Sensitive data sharing (account numbers, IDs)[citation:4]
  • Unsolicited marketing messages
  • Messages to opted-out users
  • General-purpose AI conversational bots[citation:1]

Google Play Store Compliance

RBI Digital Lending App Requirements[citation:2]

  • Listed on RBI's approved Digital Lending Apps registry
  • Clear disclosure of all partnered NBFCs/banks in app description
  • Prohibited permissions not requested (photos, contacts, location)[citation:2]

Required Disclosures[citation:2]

  • • Minimum and maximum repayment period
  • • Maximum Annual Percentage Rate (APR) including all fees
  • • Representative example of total loan cost
  • • Complete privacy policy disclosure

Grievance Redressal Mechanism

RBI-mandated complaint resolution framework

Designated Officers

Nodal Officer (RBI Mandated)

For escalation of unresolved complaints
Resolution timeframe: 30 days maximum

nodalofficer@elitefinancialservices.in

Data Protection Officer

For data privacy concerns & rights requests

dpo@elitefinancialservices.in

Contact & Escalation

Corporate Office

New Elite Financial Services
G-12, Titanium Square, S.G. Highway
Ahmedabad, Gujarat - 380054

Regulatory Escalation

Unresolved grievances may be escalated to:
Reserve Bank of India - Consumer Education and Protection Department

Phone Support

+91 88668 32005

Mon-Sat, 9:30 AM - 6:30 PM

Complaint Resolution Timeline (RBI Guidelines)

1
Acknowledgment: 3 working days
2
Resolution: 30 days maximum
3
Escalation to RBI: After 30 days

Regulatory References & Documentation

RBI Regulations

Official regulatory framework

Terms of Service

Complete terms & conditions

WhatsApp Business Policy

Official Meta guidelines[citation:4]

Regulatory Compliance Certification

This document certifies compliance with all applicable regulations as of January 18, 2026, including:

RBI Digital Banking AuthWhatsApp API 2026Google Play DLA RulesData Protection Laws

Regular audits conducted to maintain ongoing compliance with evolving regulations.