Privacy Policy

1. Who we are

This Privacy Policy describes how personal data is collected, used and protected in connection with the Sahakar Shakti website (sahakarshakti.com) and the Sahakar Shakti lending platform (the “Service”).

For the purposes of India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”), Frank Knowtech LLP is the Data Fiduciary for personal data processed through the Sahakar Shakti website and a Data Processor for personal data of borrowers, members, applicants and staff that is uploaded into the platform by a tenant institution (a cooperative bank, credit society, NBFC or similar). The tenant institution remains the Data Fiduciary for that data.

2. Scope of this policy

This policy applies to:

• Visitors to the Sahakar Shakti website and people who submit a demo request, contact form or other enquiry through the website.
• Authorised users (staff, partners and contractors) of institutions that have licensed the Sahakar Shakti platform.
• Borrowers, members, applicants and other end customers of those institutions, only to the limited extent that their personal data is processed within the platform on the tenant’s instructions.

This policy does not cover websites or services operated by other organisations that may be linked from sahakarshakti.com.

3. Personal data we collect

3.1 Information you provide directly

• Demo and contact requests: name, work email, mobile number (optional), organisation name, segment and any message you send through the contact form.
• Account information: for tenant users, full name, work email, role/position, branch or department, and login credentials (passwords are stored only in hashed form).
• Support communications: the contents of emails, chats or other communications you send to us.

3.2 Information collected automatically

• Technical data: IP address, device type, browser type, operating system, referrer URL and pages viewed.
• Usage data: actions taken within the platform (timestamp, screen, event), used for audit logs, security monitoring and product improvement.
• Cookies and similar technologies: we use a small number of essential cookies for session management and security. We do not use third-party advertising or behavioural tracking cookies.

3.3 Information processed on a tenant’s behalf

When a tenant institution uses the platform to run its lending operations, it may upload data about its borrowers, members, applicants, guarantors and other counterparties — for example KYC details, loan applications, repayment history, account statements and collections records. This data is processed strictly under the tenant’s instructions, within its own isolated tenant area, and is governed by the agreement between Frank Knowtech LLP and that tenant.

4. How we use personal data

We use personal data for the following purposes:

• To respond to demo requests, enquiries and support tickets.
• To provide, operate, secure and improve the Sahakar Shakti platform.
• To authenticate users, enforce role-based access and prevent fraud or misuse.
• To maintain audit logs and meet record-keeping obligations under applicable financial-sector regulations.
• To send service notices about outages, security incidents, policy changes or material product changes.
• To comply with law, regulatory directions, lawful demands from authorities and to enforce our terms.

5. Legal grounds for processing

Under the DPDP Act and other applicable laws, we rely on the following grounds:

• Consent — when you submit a demo or contact request, you consent to be contacted about the platform.
• Performance of contract — to deliver the Service to tenants that have signed a master services agreement with us.
• Legitimate use — for security monitoring, fraud prevention, fault diagnosis and internal record-keeping.
• Legal obligation — to comply with tax law, financial-sector regulation, court orders and lawful directions.

6. Sharing of personal data

We do not sell personal data. We share it only with:

• Authorised personnel within Frank Knowtech LLP, on a strict need-to-know basis.
• Tenant institutions, in respect of the personal data they themselves uploaded or that their users generated within the platform.
• Sub-processors we engage to operate the platform — for example cloud infrastructure providers, database providers, communication providers (SMS, email) and analytics vendors. Sub-processors are bound by written agreements that require equivalent confidentiality, security and data-protection standards. A current list is available on request.
• Statutory and regulatory authorities, courts and law enforcement, when required by law or to protect rights, property or safety.
• Professional advisors (auditors, lawyers, insurers) under confidentiality obligations.
• Successors, in the event of a merger, acquisition, reorganisation or sale of business, subject to the same protections set out here.

7. Storage and data localisation

Personal data processed through the Sahakar Shakti platform is stored on cloud infrastructure with data residency in India. We do not transfer personal data outside India except where (i) the tenant has expressly authorised such transfer, (ii) it is required to provide a specific feature the tenant has opted into, or (iii) it is required by law. Where transfer is permitted, we apply contractual safeguards consistent with the DPDP Act and the standards notified by the Central Government.

8. Security

We follow industry-standard practices to protect personal data, including:

• Encryption of data in transit (TLS) and at rest.
• Tenant isolation enforced at the database layer through row-level security and structural tenant_id scoping.
• Role-based access controls, the principle of least privilege and maker-checker controls on sensitive operations.
• An immutable audit trail of state-changing events.
• Regular vulnerability scans, dependency reviews and access reviews.
• Incident-response procedures and a documented business-continuity plan.

No system can be guaranteed fully secure. You are responsible for keeping your access credentials confidential and for promptly notifying us of any suspected unauthorised access.

9. Retention

Personal data is retained for as long as needed for the purposes set out in this policy and to meet legal, regulatory, accounting and reporting obligations. For tenant data, default retention periods follow applicable financial-sector requirements (including Reserve Bank of India guidance for the relevant institution type) and may be configured by the tenant within those minimums. Website enquiry data is retained for up to 36 months from the last interaction unless we are required to keep it for longer.

10. Your rights under the DPDP Act

Subject to applicable law, you have the right to:

• Obtain confirmation of whether your personal data is being processed and access a summary of it.
• Request correction, completion or updating of inaccurate or incomplete data.
• Request erasure of personal data that is no longer necessary for the purpose for which it was collected, subject to legal retention requirements.
• Withdraw consent, where processing is based on consent. Withdrawal does not affect the lawfulness of processing already carried out.
• Nominate another individual to exercise these rights in the event of your death or incapacity.
• Raise a grievance with us (see section 13).

If the data is processed by us on a tenant’s behalf, please contact the tenant institution directly — they are the Data Fiduciary for that data. We will support the tenant in responding within a reasonable time.

11. Children

The Service is not directed to children. We do not knowingly collect personal data of children below the age of 18 through the website. Where a tenant institution’s products serve minor account holders, processing is governed by the tenant’s own consent and verification procedures.

12. Cookies

The website uses a minimal set of essential cookies for session management, security and form integrity. We do not use third-party advertising trackers. You can disable cookies in your browser settings; some functions of the site (such as form submission) may not work as expected if you do.

13. Grievance officer and contact

If you have any question, request or grievance about this Privacy Policy or the way personal data is handled, please contact:

We will acknowledge complaints within a reasonable time and seek to resolve them within the timelines required by the DPDP Act and other applicable laws. If you are not satisfied with the resolution, you may approach the Data Protection Board of India.

14. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of the page reflects the latest revision. Material changes will be highlighted on the website and, where appropriate, notified to tenants through the platform.