Why KredSetu may request permissions
Permissions are requested only where operationally necessary for onboarding, verification, fraud prevention, service delivery, support, security, or regulated lending workflows. The app asks for permission in context and uses the data only for the purpose explained below.
- INTERNET Used to connect securely to KredSetu services for login, OTP verification, loan application submission, status updates, support, and policy pages. Network requests, IP address, app/device technical metadata, and service responses are transmitted over HTTPS. This permission is required for app and WebView service operation.
- Camera Used to capture KYC documents, selfies, or other verification images when you choose to complete an identity or document verification step. KredSetu handles only images captured during the active verification flow and does not access the camera in the background. This permission is required only for identity or document verification.
- Advertising ID Used to measure install attribution, detect abuse or repeated fraudulent activity, and support anti-fraud device identification. It handles the Google Advertising ID and limited attribution signals, and is not used to access contacts, photos, or unrelated personal content. You may reset or delete the Advertising ID in Android settings.
- Approximate location Used one time in the foreground for fraud prevention, serviceability checks, lender compliance checks, and risk controls linked to the loan application journey. KredSetu handles approximate device location, such as city or area-level location, and does not use this permission for continuous background tracking. The app remains usable if you decline this permission.
- SMS Used with your consent to identify financial behaviour, verify declared financial transactions, assess cash-flow patterns, support credit-limit decisions, and help prevent fraudulent applications. KredSetu handles financial-related SMS data from the recent lending assessment period, including sender name or number, received time, and SMS content after keyword-based filtering for financial relevance.
SMS collection and filtering
When READ_SMS permission is requested, KredSetu collects and uploads only financial-related SMS data needed for lending assessment and fraud prevention. We apply keyword-based filtering before upload so that unrelated personal messages are ignored.
- We include SMS messages that contain financial keywords, such as bill, borrow, balance, bank, money, debit, wallet, pay, EMI, loan, credit, account, repayment, or similar financial terms.
- We exclude SMS messages from senders with 10 to 12 digit numeric-only phone numbers that are treated as personal mobile numbers.
- Financial SMS data may be used to analyse lending behaviour, bank transaction patterns, income or expense signals, repayment ability, credit risk, and fraud indicators.
Storage and security
Permission-related data is transmitted through HTTPS and protected with access controls. SMS data and verification data are used for the disclosed lending, security, support, and compliance purposes only. KredSetu does not sell SMS content or use it for unrelated marketing. Installed-app metadata, Advertising ID, and approximate location are used only for the limited purposes disclosed on this page.
What we do not request by default
KredSetu does not request permissions that are not relevant to the service flow, such as full contacts access, call logs, microphone, precise background location, or calendar access, unless a future product flow has a clear legal basis and an in-context purpose disclosure.
Consent and control
- Users can deny or revoke optional permissions from browser or device settings.
- Permissions should be requested contextually, not pre-emptively without purpose.
- Where denial prevents a critical verification step, the flow should clearly explain the impact.
- You may contact KredSetu support or the grievance team for permission or data-use questions.