Last Updated: June 25, 2025

This Privacy Policy outlines how staging.ezee.ai Technologies Pvt. Ltd. (“staging.ezee.ai“, “we”, “our”, or “us”) collects, uses, stores, shares, and protects information when you (“you“, “your organization” or “Client”) access or use our Platform, which includes:

• Websites, subdomains, portals, APIs;

• Products: lend.ezee, collect.ezee, decision.ezee, identify.ezee, process.ezee;

• Services offered under master contracts, SLAs, or enterprise onboarding.

1. Scope of Policy

This Policy applies to:

• Clients (banks, NBFCs, financial institutions) and their users,

• Employees or contractors with administrative access,

• Website visitors, prospects, and integration partners,

• Any data processed through the staging.ezee.ai Platform and associated systems.

This Policy does not override any more restrictive or protective terms in your Data Processing Agreement (DPA) or Master Services Agreement (MSA)—which will govern in case of conflict.

2. Types of Data We Collect

We may collect the following categories of information:

A. Client-Side Business Data (Processed, not collected)

• Personally Identifiable Information (PII) of your end customers (borrowers, applicants, etc.)

• Financial data, KYC details, documents, and transaction records

• Loan origination workflows, decisions, audit trails

🔐 staging.ezee.ai processes this only as a data processor on your behalf. We do not access or use this data unless explicitly authorized.

B. User & Admin Metadata

• Name, designation, work email, phone number

• IP address, login logs, session timestamps

• Device/browser info, user permissions, activity logs

C. System & Integration Data

• API payloads, schema mappings, custom configurations

• Integration logs with 3rd-party tools (e.g., bureau, ERP, AA, KYC partners)

D. Marketing & Website Interactions

• Contact forms, demo requests, chat transcripts

• Cookies (functional/analytics – no retargeting)

• Newsletter or campaign subscription preferences

3. How We Use the Data

We process your data to:

• Deliver, configure, and support our Platform per your contractual scope

• Authenticate users, enforce permissions, and maintain logs

• Detect and respond to security incidents or SLA breaches

• Improve Platform performance and product functionality (aggregated, non-identifiable usage patterns only)

• Fulfill legal, regulatory, or audit obligations

• With consent, send platform updates, releases, and critical alerts

We do not sell, rent, or exploit your data for commercial gain.

4. Legal Basis for Processing

Where applicable, we process data based on:

• Contractual necessity (MSA/DPA/PO)

• Legitimate interest in operating a secure and compliant SaaS platform

• Regulatory obligation (e.g., fraud detection, compliance reporting)

• User consent (e.g., for newsletter signups, cookies)

We maintain records of processing in accordance with Article 30 of GDPR, RBI’s IT Framework, and other region-specific mandates.

5. Data Storage, Retention & Residency

• Data is hosted on region-specific cloud infrastructure (AWS, Azure, or equivalent)

• Data retention policies are defined in your MSA or DPA (typically 3–7 years)

• Client data is not moved cross-border without prior approval or regulatory coverage (e.g., SCCs, BCRs)

6. Subprocessors & Data Sharing

We use select pre-approved subprocessors to support platform functionality. All subprocessors are:

• Bound by confidentiality, data protection, and security obligations equal to our own;

• Reviewed under risk assessments and audit frameworks;

• Listed in your DPA or accessible upon request.

We may share information with:

• Regulatory bodies, courts, or law enforcement agencies under valid legal request

• Auditors or consultants under NDA, when engaged by the client or staging.ezee.ai

• Internal group companies or affiliates under strict BCR

7. International Data Transfers

If personal data is transferred across borders, we will:

• Follow regional adequacy laws (e.g., GDPR-approved countries)

• Use Standard Contractual Clauses (SCCs) and/or custom DPAs as needed

• Notify clients of any significant change to data hosting or processing geography

8. Your Rights

As a Client (and in some cases, as a user), you may:

• Request access to data logs or metadata

• Correct or update your administrative data

• Export or delete data (subject to regulatory retention requirements)

• Object to or restrict processing in certain cases

• Withdraw marketing communication consent

Your end customers’ rights (if applicable) will be facilitated via your authorized request and only where legally permitted.

9. Cookies & Analytics

Our website uses only strictly necessary and performance cookies. We do not use cookies for retargeting, advertising, or third-party selling.

We may use:

• Session-based cookies for login and security

• Google Analytics (anonymized IP only)

• In-product usage analytics (aggregated, role-based)

10. Information Security

staging.ezee.ai implements:

• End-to-end encryption, tokenization, multi-factor authentication

• Audit logging, data segmentation, and role-based access control

• Annual VAPT, SOC2 audits, and compliance with:

  • ISO/IEC 27001

  • SOC 2 Type II

  • NIST SP 800-53

  • GDPR, HIPAA, PCI-DSS (as applicable)

Any data breach, incident, or unauthorized access will trigger our Incident Response Policy, with notifications per local regulatory timelines.

11. Children’s Privacy

Our services are designed for institutional clients and are not intended for use by individuals under the age of 18.

12. Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be posted with a revised “Last Updated” date. For material changes, we will notify admin users or post in the platform dashboard.

13. Contact Us

For questions, requests, or regulatory correspondence, please contact:

Data Protection Officer (DPO)
staging.ezee.ai Technologies Pvt. Ltd.
Chennai, India – Head Office
51 Narasinga Colony, Maduvinkirai, Guindy
CHENNAI – 600032
Email: legal@staging.ezee.ai