Devesh Sachdev joins Glaas as co-founder & MD, invests $5 Mn Read more →
Legal

Privacy Policy

Gromor Finance Private Limited  ·  Effective: 1 April 2026

This Privacy Policy ("Policy") describes how personal information is collected, processed, stored and disclosed in connection with the Glaas embedded credit platform ("Glaas Platform"). The Glaas Platform is operated and managed by Gromor Finance Private Limited, a company incorporated under the Companies Act, 2013 ("Gromor", "Company", "we", "our" or "us").

The Glaas Platform enables partner platforms and merchants to offer financial products through integrated digital workflows and APIs. All personal information collected through the Glaas Platform or through partner platforms integrated with Glaas is processed by Gromor Finance Private Limited in accordance with this Policy.

This Policy is framed in compliance with:

  • the Information Technology Act, 2000
  • the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • applicable CERT-In Cyber Security Directions
  • and other applicable laws governing digital transactions and data protection.

By accessing the Glaas Platform or submitting information through partner platforms integrated with Glaas, users consent to the collection and processing of their information in accordance with this Policy.

1. Definitions

1.1 Personal Information means any information relating to a natural person which, either directly or indirectly, is capable of identifying such person.

1.2 Sensitive Personal Data or Information (SPDI) shall have the meaning assigned under the SPDI Rules and includes financial information, passwords and other information specified under applicable law.

1.3 Glaas Platform means the embedded credit infrastructure platform operated by Gromor that enables partner platforms and merchants to offer credit products to their customers through integrated APIs and digital workflows.

1.4 Platform Partner / Merchant Partner means any business entity that integrates with the Glaas platform to offer financial products to its customers.

1.5 Processing means any operation performed on personal information including collection, storage, use, disclosure, transfer or deletion.

2. Applicability

2.1 This Policy applies to:

  • users accessing www.glaas.co
  • customers applying for financial products through the Glaas platform
  • users applying for loans through partner platforms integrated with Glaas
  • individuals interacting with the Company through electronic communications.

2.2 This Policy governs the collection, use, storage and disclosure of personal information obtained through: the Glaas Platform, partner platforms integrated with Glaas, electronic communications, and documentation submitted for credit evaluation.

3. Information Collected

The Company may collect the following categories of information.

3.1 Personal Identification Information

  • name
  • date of birth
  • gender
  • residential address
  • email address
  • mobile number
  • marital status
  • occupation or business information.

3.2 Financial Information

For the purpose of evaluating eligibility for financial products, the Company may collect:

  • bank account details
  • bank statements
  • income proof documents
  • salary slips
  • income tax returns
  • credit bureau reports
  • loan repayment history.

3.3 KYC Information

To comply with regulatory requirements, the Company may collect:

  • PAN card
  • Aadhaar details where permitted by law
  • passport
  • voter ID
  • driving licence
  • address proof documents.

3.4 Technical Information

When a user accesses the Company's websites or the Glaas platform, certain technical information may automatically be collected including: IP address, browser type, device type, operating system, internet service provider and referring URLs.

3.5 Information Collected Through Partner Platforms

Where users access financial products through partner platforms integrated with the Glaas platform, the Company may receive information from such partners including user identification information, transaction information, merchant account information, business profile information and customer application details. Such information is processed solely for the purpose of evaluating and servicing credit facilities.

4. Cookies and Tracking Technologies

4.1 The Company may use cookies and similar technologies on its websites and platforms.

4.2 Cookies may be used to analyse website traffic, improve platform functionality and remember user preferences.

4.3 Users may disable cookies through browser settings; however certain services may not function properly if cookies are disabled.

5. Purpose of Collection

Personal information may be collected and processed for the following purposes:

  • onboarding customers
  • processing loan applications
  • conducting credit assessment and underwriting
  • identity verification and KYC compliance
  • regulatory compliance and reporting
  • fraud detection and risk management
  • facilitating credit offerings through the Glaas embedded credit gateway
  • enabling partner platforms to offer financial products through integrated APIs
  • improving services and digital platform functionality.

6. Lawful Basis of Processing

The Company processes personal information only where there is a lawful basis to do so, including:

  • consent provided by the user
  • performance of contractual obligations
  • compliance with legal or regulatory obligations
  • legitimate business interests of the Company.

7. Data Minimisation

The Company collects only such information as is reasonably necessary for providing services, complying with regulatory requirements and conducting credit assessments.

8. Sharing of Information

Personal information may be shared with the following entities where necessary:

  • Gromor Finance Private Limited as the lending entity
  • partner platforms and merchant partners integrated with the Glaas Platform
  • lending partners and financial institutions
  • credit information companies including TransUnion CIBIL, Experian, CRIF High Mark and Equifax
  • payment service providers and banking partners
  • technology infrastructure providers and cloud hosting providers
  • auditors, consultants and legal advisors
  • regulatory authorities and law enforcement agencies where required by law.

The Company ensures that such entities are subject to appropriate confidentiality and data protection obligations. The Company does not sell personal information to third parties for marketing purposes.

9. Cross-Border Data Transfer

Personal information may be stored or processed on servers located outside India where such transfer is necessary for providing services. The Company ensures that appropriate contractual safeguards are implemented for such transfers.

10. Data Retention

The Company retains personal information only for the duration necessary for the purposes described in this Policy or as required by applicable law.

Information collected solely for credit assessment shall be retained only for the duration necessary to complete such assessment and shall thereafter be securely deleted, anonymized or archived unless retention is required under applicable law.

11. Data Security

The Company implements reasonable security practices in accordance with the SPDI Rules. Security safeguards include:

  • access control mechanisms
  • encryption of sensitive data
  • firewall protection
  • vulnerability assessments
  • periodic security audits.

The Company endeavours to align its information security practices with recognized standards such as ISO/IEC 27001 or equivalent frameworks.

12. Cyber Security and CERT-In Compliance

The Company complies with applicable CERT-In cyber security directions and maintains procedures for investigating and responding to cyber security incidents.

13. User Rights

Users may:

  • request access to personal information
  • request correction of inaccurate information
  • withdraw consent where permitted under applicable law.

14. Disclosure Required by Law

The Company may disclose personal information where required by law, court order, regulatory requirement or to prevent fraud or illegal activity.

15. Data Breach Representation

Based on internal records and available information, the Company represents that no material data breach involving personal information has been reported to date.

16. Third-Party Links

The Company's websites may contain links to third-party websites and the Company shall not be responsible for their privacy practices.

17. Future Digital Platforms

If the Company introduces additional digital platforms or applications in the future, such platforms shall also be governed by this Policy unless otherwise specified.

18. Policy Modifications

The Company reserves the right to modify this Policy from time to time. Updated versions shall be published on the Company's websites.

19. User Consent

By accessing the Company's websites, the Glaas platform, or applying for financial products through partner platforms, the user consents to the collection and processing of personal information in accordance with this Policy.

20. Limitation of Liability

While the Company implements reasonable security measures, transmission of information over the internet cannot be guaranteed to be completely secure and the Company shall not be liable for unauthorized disclosure caused by circumstances beyond its reasonable control.

21. Grievance Redressal

For privacy-related queries, complaints or to exercise your rights, contact the Grievance Officer between 10:00 AM and 6:00 PM on working days.

Grievance Officer
Rashi Kataria
Email: rashi.kataria@gromor.in

Gromor Finance Private Limited
B-202, 2nd Floor, SBI Pallavi CHSL
Veera Desai Road, Andheri (West)
Mumbai – 400058