Privacy & your data

We treat your data as something to protect, not to exploit. We are the Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP), and we collect as little as possible.

What we collect

• To open a locker: only your email (one-time passcode) — no name, no Aadhaar.
• You appear under an auto-generated code-name, never your real name.
• What you log (incidents, the loan account number you choose to add, chatbot messages) is encrypted, and your email is stored only as a hash.

How we protect it

• Two planes. Your private data is strictly separated from public content and is locked to you with database row-level security — no other user, and no public page, can read it.
• Encryption of personal data, evidence, and chatbot transcripts at rest.
• No public exposure of your identity. Only anonymised aggregates ever inform public statistics, and only after moderation.
• Admin access is least-privilege and audit-logged.

Your rights

You can request access to, correction of, or erasure of your data. From your locker you can ask us to erase everything. Chatbot transcripts are kept for a short period and are never used to train models without your explicit consent.

Grievance Officer

If you have a concern about your data, contact our Grievance Officer at grievance@loantrap.org. For a data access or erasure request, write to privacy@loantrap.org. We will respond within the timelines required by the DPDP Act. We also maintain a documented breach-notification process.

General information; not legal advice.