EFILOS Logo
Back to site

Privacy Policy

Last updated: March 2026

1. Scope and role of this notice

This Privacy Policy explains how EFILOS Technologies Pvt Ltd and its affiliates, including the entities that provide SCREDIT, collect, use, disclose, and protect personal information when visitors use our website, customers use our services, and authorized users interact with the platform.

For customer content submitted into SCREDIT, the customer generally acts as the data controller and EFILOS acts as a processor or service provider. For website interactions, account administration, and our own business operations, EFILOS acts as the controller.

2. Information we collect

2.1 Account and profile information

  • Name, business email address, job title, company name, phone number, and account preferences.
  • Authentication details, login events, device metadata, and administrative activity tied to the account.

2.2 Customer and applicant data processed in SCREDIT

  • Credit applications, customer master data, financial statements, trade references, bank references, payment history, aging information, and collections notes.
  • Supporting documents uploaded by customers or end applicants, such as PDFs, statements, tax forms, credit applications, and supporting correspondence.

2.3 Technical and usage information

  • IP address, browser and device characteristics, operating system, session identifiers, diagnostic logs, and feature interaction telemetry.
  • Security logs, audit logs, and performance data needed to operate, secure, and improve the service.

3. How we use information

  • Provide, maintain, secure, and support the SCREDIT platform and related websites.
  • Authenticate users, enforce permissions, maintain audit trails, and detect or prevent fraud, abuse, and unauthorized access.
  • Enable workflows such as credit onboarding, risk review, collections activity, bureau integrations, and reporting.
  • Respond to customer requests, improve product quality, conduct analytics, and comply with legal obligations.

4. How we share information

We do not sell personal information. We may disclose information to service providers, subprocessors, integration partners authorized by the customer, corporate affiliates, advisors, or authorities where legally required.

  • Cloud hosting, infrastructure, observability, email delivery, support, and payment service providers.
  • Credit bureaus, trade reference services, banks, or external systems when requested or enabled by the customer.
  • Government, regulatory, judicial, or law enforcement bodies where we believe disclosure is required by law or necessary to protect rights, safety, or the integrity of the service.

6. Data retention

We retain personal information for as long as necessary to deliver the services, comply with law, resolve disputes, enforce agreements, and maintain security or audit records. Customer content is retained according to the applicable agreement, configured retention settings, and legal requirements.

7. Security

  • Encryption in transit using TLS and encryption at rest for supported storage layers.
  • Role-based access control, tenant isolation controls, logging, monitoring, and least-privilege administrative access.
  • Policies and procedures for vulnerability management, incident response, backup, and recovery.

8. International transfers

SCREDIT may process or store data in multiple jurisdictions depending on customer configuration, infrastructure design, and support operations. Where required, EFILOS uses appropriate safeguards for cross-border transfers.

9. Privacy rights and choices

  • Access, correct, update, or delete certain personal information subject to applicable law and contractual restrictions.
  • Object to or restrict certain processing where permitted by law.
  • Withdraw consent where processing is based on consent.
  • Submit privacy requests through the customer where EFILOS acts only as processor for customer-controlled content.

10. Children

SCREDIT and the EFILOS website are intended for business users and are not directed to children.

11. Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page and, where appropriate, communicated through the service or by direct notice.