
This Privacy Policy describes how Zavo Nexus Private Limited ("Zavo", "Bridge", "we", "us", "our"), the operator of the Bridge platform (website and mobile application, together the "Platform"), collects, uses, discloses, and protects personal data of users ("you") who access the Platform to discover and apply for financial products from Regulated Entities.
This Policy applies to the Platform-level data we collect from you at registration and while you browse and compare offers. Once you begin a KYC/loan application with a specific Regulated Entity such as Padmalaya, that Regulated Entity's own Privacy Policy separately governs the personal data it collects and processes as lender, in addition to this Policy.
This Policy is published in accordance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 ("DPDPA"), and the Reserve Bank of India (Digital Lending) Directions, 2025 ("DLD 2025").
When you register on the Platform, we collect your name, email address, mobile number, city, and the product you are interested in.
By registering, you consent to receiving transactional and service-related communications (such as OTPs, application status, and alerts) via SMS, email, WhatsApp, RCS, and calls from us and from the Regulated Entity to which your application is directed.
Promotional or marketing communications including offers from Zavo or from associate partners will be sent only where you have given separate, specific, opt-in consent for such communications, and such consent may be withdrawn at any time without affecting transactional communications. We do not send promotional communications to numbers registered on the DND/NDNC registry unless you have separately and explicitly opted in to receive commercial communications from a specific sender in accordance with TRAI's Telecom Commercial Communications Customer Preference Regulations, 2018.
You may stop transactional or promotional communications at any time by writing to info@bridgecapital.in with your registered mobile number, or through the preference settings within the Platform.
We do not share your personal data with third parties except as necessary to provide the services you have requested, or with your permission. We do not sell or rent your personally identifiable information to anyone other than as specifically set out in this Policy.
We process your personal data on the basis of your consent, for compliance with legal obligations, or for other legitimate and reasonable purposes connected with providing the Platform. Where processing is based on consent, you have the right to withdraw it at any time.
You have the right to:
If withdrawing consent means we can no longer provide you the Service, we will inform you of the consequences before processing your withdrawal request. Requests may be sent to info@bridgecapital.in and will be acknowledged within 48 hours and resolved within 30 days.
We take reasonable physical, technical, and managerial safeguards to protect your personal data from unauthorised access, alteration, disclosure, or destruction, and require third-party service providers to maintain equivalent security standards under contract.
The App requests only need-based device permissions. We do not access your contact list, call logs, non-transactional SMS inbox, or telephony functions. Camera and file/storage and other access is requested only on a one-time, purpose-limited basis for document capture during KYC, and only after your specific consent on the relevant screen.
We do not collect, process, or store biometric information (fingerprints, facial recognition data, voice patterns, or iris data) through the Platform, and no biometric authentication is used in onboarding or loan-processing journeys.
No method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security, though we take commercially reasonable measures including encryption in transit, TLS-secured API transmission, and access controls restricting internal visibility of your data.
We retain personal data only as long as necessary for the purpose for which it was collected, or as required by law. Indicatively: application and registration data not resulting in a disbursed loan is retained for 24 months from the date of last activity, unless needed longer for fraud investigation or legal proceedings; data relating to a disbursed loan is retained by the concerned Regulated Entity in line with its own retention schedule; and consent records are retained for the duration of the relationship plus five (5) years for audit purposes.
For any privacy-related query, complaint, or request to exercise your rights under Section 3, you may contact our designated Grievance Redressal Officer:
Name: Mr. Tanmay Kumar
Address: No. 5th Floor, Wing A, Statesman House 148, Barakhamba Road, Connaught Place, Delhi - 110001, India
Phone Number: +91 8287212984
Timings: 10:00AM to 7:00PM (Monday to Saturday - Excluding public holidays)
Email ID: grievance@bridgecapital.in
We will acknowledge your grievance within 48 hours and endeavour to resolve it within 30 days. Further details of our grievance mechanism are available on our Grievance Redressal page. If you remain dissatisfied, you may escalate to the RBI Complaint Management System at cms.rbi.org.in, or the RBI Sachet Portal at sachet.rbi.org.in, for complaints relating to unregulated or unauthorised financial activity.
We may amend this Policy from time to time. Material changes will be notified by posting the updated Policy on this page, and where applicable, through in-App notification or email.