Privacy Policy

Effective Date: April 27, 2026

Your privacy is important to us

YuVerse Private Limited ('YuVerse') is located at:
YuVerse Private Limited ('YuVerse')
12th Floor, Prestige Polygon No-471,
Anna Salai, Nandanam, Chennai - 600 035, Tamil Nadu, India

Introduction

It is YuVerse Private Limited ('YuVerse)'s policy to respect your privacy regarding any information the company may collect while operating our website or application. This Privacy Policy applies to YuVerse Private Limited ('YuVerse') (hereinafter, "us", "we", "company" or "YuVerse.ai"). We respect your privacy and are committed to protecting personally identifiable information you may provide us through the Website or Application. The company has adopted this privacy policy ("Privacy Policy") to explain what information may be collected on our Website or application, how we use this information, and under what circumstances we may disclose the information to third parties. This Privacy Policy applies only to information we collect through the Website or application and does not apply to our collection of information from other sources.

This Privacy Policy has been prepared in compliance with:

●Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
●The Digital Personal Data Protection Act, 2023.
●Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
●Guidelines on Digital Lending issued by the Reserve Bank of India (RBI), 2022;
●Other applicable acts, regulations, and rules requiring the publication of a privacy policy for handling or dealing in personal information, including sensitive personal data or information, as well as all applicable laws, regulations, and guidelines issued by applicable regulatory authorities, including but not limited to the RBI.

This Privacy Policy is a notice document that describes how we collect, use, store, and protect your Personal Data. It should be read alongside the YuVerse Terms of Use, which governs the general contractual relationship between you and the Company. Consent for specific data processing activities is obtained separately through informed affirmative action on the Platform and is not implied by, nor bundled with, your acceptance of the Terms of Use. Withholding consent for optional data processing activities will not affect your access to core Platform services, though certain features may be unavailable as a result.

1.Purpose

The Privacy Policy defines Company objectives and principles for securing and protecting personally identifiable information and other information. The Company, acting as a Data Fiduciary, collects and processes your Personal Data (PD) solely for the declared, specific, and legitimate purposes detailed below. In adherence to the Principle of Purpose Limitation (DPDPA Section 8), data collection is strictly limited to what is adequate, relevant, and necessary to achieve these stated purposes.

1.1Categories of personal data collected

We collect various categories of Personal Data (PD), including, but not limited to:

●Identity Data: Names, Date of Birth, Address, Phone Numbers, Email Addresses, login credentials.
●End user Official Identification & Financial Data (Sensitive Personal Data): Tax Identification Numbers (e.g., PAN), National Insurance Numbers, Financial Account Numbers, and official identification documentation (e.g., masked Aadhaar, Passport details), transaction data.
●Technical Data: Device IDs and IP addresses.
●Uploaded document content (KYC docs, financial statements, loan agreements)
●Conversational AI data (chat transcripts, voice inputs, derived sentiment)
●Cookie data (strictly necessary, functional, analytics, marketing)
●Contact/inquiry form data

The Company will follow a risk management approach to developing and implementing Information Security policies, standards, guidelines, and procedures. The Information Security Program is designed to protect information assets by developing Information Security policies to identify, classify, and define the acceptable use of company information assets.

1.2Lawful purposes for processing

Under the DPDPA, we process your personal data only through valid legal channels: Contractual Necessity for service delivery and loan processing, and Legal Obligation for mandatory KYC and financial reporting. While essential security, fraud prevention, and recruitment assessments are conducted under Legitimate Use, all non-essential activities—such as internal analytics and service improvements—rely on your Explicit Consent, which you may withdraw at any time.

2.Scope

This Privacy Policy applies to the Personally Identifiable Information (PII) of all natural persons who interact with, access, or use 'YuVerse' website or any digital services provided through it. This includes clients, prospective clients, general website visitors, and individuals providing data for specific services (e.g., job applications or inquiries) via the website.

3.Consent

We process your personal data only after obtaining your free, specific, informed, unconditional, and unambiguous consent through a clear affirmative action.

Notice: Before or at the time of collecting your data, we provide a notice (this Privacy Policy) detailing the specific items of data collected and the purpose for which they are processed.

Purpose Limitation: Your data will only be used for the purposes specified at the time of collection. If we wish to use your data for a new purpose, we will seek your fresh consent.

3.1Consent management and withdrawal

You have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal. If you choose to withdraw your consent, we may not be able to provide certain services to you.

Whenever the Company is processing personal data, it will take reasonable steps to keep personal data accurate for the purposes for which they were collected. It will provide data subjects with the ability to exercise the following rights under the conditions and within the limits set forth in the law.

(i)Direct withdrawal — If you wish to contact us regarding the use of your personal data or want to object in whole or in part to the processing of your personal data, please contact us at the below email address <DataPrivacy@go-yubi.com>.

(ii)Consent managers — You may also choose to manage your consent through a Consent Manager registered with the Data Protection Board of India. We will honor requests and withdrawals initiated through such authorized intermediaries.

(iii)Consequences of withdrawal — If you withdraw your consent, we will cease processing your data within a reasonable timeframe unless required by law. Please note that withdrawing consent for essential data may limit our ability to provide certain services to you.

4.Policy

4.1Objectives

●The Company adheres to legal, regulatory and customer privacy requirements.

(i)The Company collects personally identifiable information when voluntarily submitted by our online and onsite visitors. The information provided is used to fulfill specific requests unless given permission to use it in another manner.

(ii)This privacy policy sets out the rules that the company will follow when processing your personal information to preserve the right to protect your personal data, your privacy, and to ensure that your personal data is not misused. The company will follow this policy for the entire period during which it will process any of your personal information. Your personal data will be processed to provide the services as per the said agreement with the user / client.

●In connection with the services we provide, the Company may collect the following types of information:

(i)Personally identifiable information: Names, addresses, email addresses, phone numbers, driving license, KYC documents, Aadhaar number, PAN, tax identification, financial account, passport number, voter ID, national insurance numbers, and company information, job history, chat scripts, voice inputs, loan agreement and any other personally identifiable information that you share with us.

(ii)User communications: When a visitor sends an email or other communication to the Company, these communications may be retained in order to process inquiries, respond to requests, and improve overall services.

●The Company only collects and processes Personal Information (PI) when necessary for the provision of services to our clients, or when required by legal obligation. Prior to or at the time of data collection, the Company shall provide all involved individuals with a clear and concise Privacy Notice detailing:

(i)The specific purpose(s) for which the PI is collected.

(ii)The categories of PI being processed.

(iii)The lawful basis justifying the processing.

(iv)The types of third parties (including processors and sub-processors) with whom the information may be shared.

●As a general rule, the Company will not disclose personally identifiable information except when the Company is required or permitted per customer agreement, law (including pursuant to national security of law enforcement requirements) or otherwise, such as when the Company believes in good faith that the law requires disclosure or other circumstances outlined in this Privacy Policy require or permit disclosure.
●The Company may share information with governmental agencies or other companies assisting in fraud prevention or investigation. The Company may do so when:

(i)Permitted or required by law

(ii)Trying to protect against or prevent actual or potential fraud or unauthorized transactions

(iii)Investigating fraud which has already taken place

(iv)Permitted transfers of information, either to third parties or within the Company, include the transfer of information within the India region and shall not be moved out of one jurisdiction to another.

Current Status and Scope: The primary processing and storage of PI are conducted entirely within India only. The Company does not currently engage in cross-border transfers of PI outside the India. Should business necessity require the transfer of PI across international borders in the future, all such transfers will be carried out only after obtaining prior consent and when protected by robust, legally mandated safeguards.

●The Company takes reasonable steps to protect personally identifiable information. To prevent unauthorized access or disclosure of personally identifiable information, maintain data accuracy, and support the appropriate use and confidentiality of personally identifiable information, either for its own purposes or on behalf of our clients, the Company has put in place appropriate physical, technical, and managerial procedures to safeguard and secure the personally identifiable information and data the Company possesses.
●The Company complies with the Privacy regulations set forth by India's Digital Personal Data Protection Act 2023, Information Technology Act 2000, SPDI Rules and other applicable data protection laws regarding the collection, use, and retention of personal information. The Company utilizes a self-assessment approach to support compliance with this Privacy Policy.
●The Company periodically verifies that related policies are accurate, comprehensive for the information intended to be covered, prominently displayed, implemented, and are in conformity with the principles of this Privacy Policy.
●The Company encourages interested persons to raise any concerns with the Company. The Company will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Privacy Policy.
●If the Company, the Data Protection Authorities, or other qualified government agencies determine that the Company has not complied with this Privacy Policy, the Company shall take appropriate steps to address any adverse effects related to non-compliance and to promote future compliance.
●If the Company determines an employee is in violation of this Privacy Policy, that employee will be subject to the Company's disciplinary process.

5.Policy review and amendment commitment

This Privacy Policy is subject to change, mandated by our commitment to maintaining continuous compliance with all applicable laws and regulations, of India. This Policy shall be formally reviewed at least annually and updated immediately as necessary following any material changes to our data processing activities or regulatory requirements. Any revisions will be communicated by posting the updated Privacy Policy on our official website or application.

6.Client contractual obligations and priority

Information obtained from or relating to clients or former clients is subject to the terms of any specific privacy notice provided to that client, any governing contract or other agreement with the client, and all applicable enforcement laws. In case of conflict, the specific contractual terms related to data protection generally govern the relationship.

7.Organizational roles and accountability

In certain processing scenarios, we will be the Data Controller in respect of your relationship with us. The Data Controller is responsible for deciding how to hold and use Personal Data about you. In some cases, we may process your personal data ourselves and do not share it with any external third parties.

8.Layered transparency and specific notices

We are committed to providing the clearest possible transparency. We may provide supplemental privacy notices on specific occasions (e.g., when enrolling in a new service or using a new feature) when we are collecting or processing personal data about you. These supplemental notices should be read together with this overarching Privacy Policy to ensure you are fully aware of how and why we are using your Personal Data.

9.Regulatory cooperation and sensitive data commitment

The Company will cooperate with the appropriate regulatory authority (The Data Protection Board) to resolve any complaints regarding the handling of personal data that cannot be resolved directly between the Company and an individual. Furthermore, the Company does not process any data belonging to a Child (an individual under eighteen years of age) either directly or indirectly.

10.Notice of continued processing

Pursuant to the provisions governing data processing continuity, we continue to process the Personal Data that you provided to us before August 11, 2023. The processing is continued for the original, legitimate purposes for which the data was collected.

You, the Data Principal, have the right to object to and withdraw consent for the continued processing of your Personal Data for purposes that are not strictly necessary for our legal obligations or the performance of your active service contract.

Opt-Out Procedure: If you wish to object to the continued processing of your data for these supplementary purposes, you may please contact us at the below email address <support@go-yubi.com>.

11.Deletion of your personal data

We adhere strictly to the Section 8 and 12 of DPDP Act, 2023. The Company will retain your Personal Data only for the maximum duration necessary to fulfill the specific purposes for which it was collected, or as required by law.

●Retention necessity: We will retain and use your PI for the duration of the service contract and to the extent necessary thereafter to:

a.Comply with legal obligations: Fulfill mandatory regulatory, tax, or financial record-keeping requirements.

b.Resolve Disputes: Enforce our legal agreements and policies, or defend against legal claims.

●Right to correction and erasure:

a.Automated disposal: Once the requirement to process your PI ends (i.e., the retention period expires), the PI will be securely and automatically deleted or anonymized from all live and backup systems.

b.Data subject request: If you exercise your right to erasure / withdrawal before the mandatory retention period expires, the Company will delete your PI immediately, provided there is no overriding legal obligation or contractual necessity that requires continued retention.

c.Consequence of deletion: You acknowledge that the deletion of PI necessary for service provision (e.g., account credentials) may result in the inability to access or use those specific services, but the Company remains fully liable for any damages arising from negligence or unlawful processing.

12.Disclosure of your personal data

a.Business transactions - If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

b.Law enforcement: Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

c.Other legal requirements: The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

(i)Comply with a legal obligation

(ii)Protect and defend the rights or property of the Company

(iii)Prevent or investigate possible wrongdoing in connection with the Service

(iv)Protect against legal liability

13.Security of your personal data

The security and confidentiality of your Personal Data are paramount to us. We recognize and uphold our mandatory obligation under Section 8 of the Digital Personal Data Protection Act, 2023 (DPDPA), to implement and maintain reasonable security safeguards to prevent unauthorized processing, accidental loss, destruction, or disclosure of your data.

While we strive to use state-of-the-art, commercially acceptable means to protect your personal data, it is crucial to remember that no method of transmission over the Internet or method of electronic storage is 100% secure. But since the company is ISO 27001 Certified company hence it makes sure to comply with all applicable clauses of the standard w.r.t the security of the data of the user.

As part of the Company's commitment to accountability and "Privacy by Design," we shall conduct formal Data Protection Impact Assessments (DPIAs) on an ongoing basis for all processing activities that may pose a high risk to your privacy.

14.Data localization and sovereignty

In compliance with applicable sectoral regulations (including RBI/SEBI mandates) and the DPDPA, all Sensitive Personal Data, including but not limited to payment credentials, KYC identifiers, and transaction logs, are stored and processed exclusively on servers located within India.

We do not transfer or store your financial identifiers outside the territory of India. Any processing performed by our global service providers is conducted via secure remote access where the data remains resident within Indian borders, or is otherwise conducted in strict adherence to the localization requirements of the Reserve Bank of India (RBI).

We warrant that no data shall be transferred to any territory restricted by the Central Government of India, and that all international processors (if required in future) will be bound by Data Processing Addendums (DPAs) that mirror our statutory obligations.

15.Notification to the data principal (You)

We will notify you, the Data Principal, of the Personal Data Breach if it is likely to result in significant harm to you, as determined by the Company following an internal assessment and in line with the standards prescribed by the DPBI.

This notification will be provided by <support@go-yubi.com> as soon as possible, and no later than 72 hours after the breach is discovered.

15a.Content of the notification

Any notification provided to you will, to the extent permitted by law and investigation, include:

●A clear description of the nature of the breach.
●The categories and approximate number of Data Principals and Personal Data records concerned.
●The likely consequences of the breach.
●The measures taken or proposed to be taken by the Company to address the breach and mitigate its possible adverse effects.
●The contact details of our Grievance Officer or DPO for further information.

16.Prohibited use and enforcement

Any unauthorized use of this website or breach of these Terms may constitute a security violation. Yuverse reserves the right to take necessary legal action, including but not limited to, terminating your access to our services and pursuing civil or criminal penalties.

17.Standards of handling data breach

Security Incidents (SI) involve wrongful handling or disclosure of information and can give rise to Data Breaches where personal data is involved. Although this policy concentrates on privacy policy, the policy equally applies to SIs, including containment, investigation, improvements and lessons learned. Any individual who suspects that a theft, breach or exposure of protected data has occurred must immediately provide a description of what occurred via email to <support@go-yubi.com>. The company adhered to the IRP (Incident Response Plan) process while handling the security breach.

18.Your rights

In accordance with the DPDP Act 2023, you have the following rights regarding your digital personal data:

(i)Right to access/Right to information about personal data: You may request a summary of the personal data we process, the identities of any third parties with whom we have shared your data, and any other information as permitted by law.

(ii)Right to correction and erasure: You have the right to correct inaccurate data, complete incomplete data, or update outdated information. You may also request the erasure of your personal data when the purpose for its collection has been served or when you withdraw your consent.

(iii)Right to grievance redressal: You have the right to register a grievance with us regarding any act or omission by us regarding your data.

(iv)Right to nominate: You may nominate any other individual to exercise your rights under this Act in the event of your death or incapacity.

You may exercise this right by filling out the Nomination Form Link or by emailing our Data Privacy Team with the subject line "Data Principal Nomination."

We will require basic identity verification for both you and your nominee to ensure the security of your data.

(v)Right to opt-out of automated decision-making: While YuVerse may use automated systems to improve service efficiency, we respect your right to human intervention.

●Use of automated systems

To provide efficient services and a streamlined recruitment experience, YuVerse may utilize automated processing (including profiling and algorithmic assessment) in the following contexts:

For Service Users: To assess creditworthiness, determine risk profiles, or detect fraudulent activity related to our financial products.

For Candidates (Hiring): To assist in initial candidate screening, such as matching resumes to job descriptions, evaluating assessment test scores, or filtering based on core eligibility criteria.

Your Right: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

Exercise of Right: If you believe an automated decision has unfairly impacted your access to our services, you may request a manual review by contacting <Privacy@go-yubi.com>. We will provide a rationale for the decision and allow you to contest the outcome.

You can exercise your rights by submitting a request to YuVerse's Data Privacy Team by writing to <Privacy@go-yubi.com>. Upon receiving your request, YuVerse shall acknowledge your request within 3 working days, conduct a verification check to validate your identity, and accordingly process the request. We will respond to all legitimate requests within 30 days of receiving them. In adherence to data quality best practices, any substantiated errors or inaccuracies in Personal Data shall be remediated or corrected within seven (7) business days following successful notification and verification.

19.Document management

Technological advances and changes in the business requirements will necessitate periodic revisions to documents. Therefore, this document may be updated to reflect changes or define new or improved requirements as and when required and in compliance with the Information Security Program Charter.

20.Third parties who can collect your information

We may share your personal information (including Personal Information and Sensitive Personal Information) collected for the following purposes:

Legal Purposes: We may share Your information with law enforcement and other government agencies, courts and other bodies on their legal requests to comply with the law and aid to the ongoing and impending legal proceedings. We may also use your information when it is necessary to investigate, prevent, or take action regarding possible illegal activities or comply with legal processes or comply with any law in force or address threats to the physical safety of any person or safeguard our rights and the rights of users, or the public at large.

Additionally, we may share your information collected on the Platform with:

●Our employees, agents, and professional advisors working with us for the purposes described in this Privacy Policy; and
●The associated service providers that provide us services pertaining to protecting and securing our systems, and provide Us other services requiring the processing of information and data collected so as to host your information or data for the proper functioning of the Platform.

21.Contact information

If you have any questions about our Privacy Policy, please contact us via email on —

Data Privacy Team (India)

Contact: Data Privacy Team

Email: <Privacy@go-yubi.com>

Board Number: 044-4091 2303

Postal Address: 12th Floor, Prestige Polygon No-471, Anna Salai, Nandanam, Chennai - 600 035 Tamil Nadu, India.

21.Grievance redressal Mechanism

In case of any grievance, customers can intimate and record their complaints/ grievances for a resolution via:

●Email to <grievance.redressal@go-yubi.com>; (or) <Privacy@go-yubi.com>
●Send a formal written complaint to the below mentioned address:

Address: 12th Floor, Prestige Polygon No-471, Anna Salai, Nandanam, Chennai - 600 035 Tamil Nadu, India.

22.Escalation and Regulatory Oversight

If you are not satisfied with the resolution provided by our Grievance/Data Protection Officer, or if your grievance remains unresolved, you have the right to escalate the matter to the Data Protection Board of India (DPBI), by writing to <mljoffice@gov.in> which is the regulatory authority established under the DPDPA. We maintain this mechanism in accordance with our duty of Accountability under Section 8 and the right to Grievance Redressal under Section 14 of the DPDPA.