LevelUp Your Credit Journey. Unlock Rewards at Every Step.
#LevelUp Your
Credit Score
© 2025 Sixdis Technologies Private Limited
This policy covers how Sixdis Technologies Private Limited, a company with its registered office at L2-106, WeWork, Vaishnavi Signature, Marathahalli-Sarjapur Outer Ring Road, Bellandur, Bangalore, Karnataka 560103 treats personal information that we collect / receive / retain.
This Privacy Policy document (“Privacy Policy”) is published in accordance with the provisions of Rule 4 (1) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 which requires the publishing of a privacy policy for handling of or dealing in personal information including sensitive personal data or information.
By visiting the website, www.oolka.in (“Website”) or the Oolka mobile and/or web application (the “App”) (collectively, the “Platform”) and availing the services provided by us (“Services”) you agree to be bound by the terms and conditions of this Privacy Policy.
By mere access to the Platform or any part thereof, you signify your assent to this Privacy Policy and consent to the processing of your personally identifiable information (Personal Information, Sensitive Personal Data or Information) to Sixdis Technologies Private Limited (“we” or “our” or “us” or “Oolka”). This Privacy Policy is incorporated into and subject to the Terms of Use of the Platform.
For the purpose of this Privacy Policy, the users of the Services may be customer/consumers/ buyers/ consumers, or any other persons using Services or accessing our Platform (“user” or “you” or “your”).
If you do not agree to this Policy or any part thereof, please do not use/ access/ download or install the Platform or any part thereof.
Oolka's privacy policy is governed by one fundamental principle - maintain your trust and confidence when handling your personal information
You always have the ability to make choices about what personal information you provide to us and how such information is used - all our forms / registrations will have an explicit opt out clause. However, please note we may not be able to provide you our services if you do not provide us with the requested information.
We protect your personal information by maintaining physical, electronic, and procedural safeguards as per Indian law.
We train our employees in the proper handling of personal information. When we use other companies to provide services for us, we require them to protect the confidentiality of personal information we receive from you.
Our privacy policy describes how we handle your information when you visit our website, use our mobile application, and receive emails / SMSs from Oolka.
This policy does not cover information you may choose to provide to third party websites we advertise or to social media sites where we have a profile. These will be governed by the privacy policies on those sites.
We collect two types of online information: non-personal and personal.
This information helps us provide an online experience that matches your device and to manage our online advertising.
When you visit digital properties, we own / control (e.g. our website, mobile app etc.), we typically collect the IP address of the device you use to connect to the Internet, information such as what browser, browser version, operating system you have, the website you came from or the advertisement you viewed or clicked on.
When you browse the Oolka website, view our emails/SMS, the mobile site/app, Oolka or the companies we work with, use cookies and/or pixel tags to collect information and store your online preferences. Cookies are widely used, and most browsers are set up to accept them automatically. If you would prefer, you can choose to not accept cookies. It's important to note that cookies and pixel tags do not capture any information that can personally identify you.
We may also supplement the information we collect with information we receive from other companies. For example, we may use marketing segments developed by us or other companies to customize certain services
In addition to the information described in the previous section, we may also gather personal information that you explicitly provide and share with us - such as your name, address, phone number, and email address. Additionally we ask for permission to access your messages (SMS data), storage and phone/device state and collect information about other applications that you have installed on your device. Collecting this personal information enables us to offer you a digital experience that will help us to deliver our services to you. For example, we collect personal information when you:
We collect information on our owned properties (Oolka website, mobile app etc.), credit bureaus, your SMS and Gmail via OAuth API and other third parties. There are certain industry standard technologies we use to collect usage information. In the future, other new technology and methods for collecting Usage Information may develop.
An embedded script is programming code that is designed to collect information about your interactions with the Services, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third-party service provider, is active only while you are connected to the Services and is deactivated or deleted thereafter.
Oolka’s use of Gmail data complies with Google’s Limited Use Policy. Oolka only accesses Gmail content related to financial transactions, does not allow human access, and does not transfer this data to any third party.
When you connect your Google Account to Oolka, we request access to specific Gmail data necessary to operate our dispute management features. We access only the minimum data required.
| Data Accessed | Purpose |
|---|---|
| Email sender address | To identify emails from credit bureaus and lenders |
| Email subject line | To filter and categorise credit-related correspondence |
| Email body content | To read lender and bureau responses relevant to your active disputes |
| Email attachments (PDF) | To extract credit report data for dispute identification and tracking |
| Email thread metadata | To track dispute conversations chronologically (Thread ID, Message ID, In-Reply-To headers) |
| Email labels / read status | To mark dispute emails as read and apply organisational labels within Gmail |
Oolka does not access, read, process, or store any of the following:
All Gmail data accessed by Oolka is used exclusively to provide the following user-facing features within the Oolka application:
We will never use Gmail data obtained through Google APIs for any of the following purposes:
Oolka stores only the minimum Gmail-derived data necessary to operate dispute tracking features:
We implement the following technical and organisational security measures to protect your data:
Oolka does not sell, rent, or trade your Google user data. We may share data in the following limited circumstances only:
We may share data with third-party vendors who help us operate Oolka’s infrastructure (e.g., cloud hosting, email delivery). These vendors:
We may disclose data if required to do so by applicable law, court order, or regulatory authority, provided we notify you to the extent permitted by law.
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity only with your explicit prior consent, and only for purposes consistent with this policy.
We will never transfer Google user data to any third party for targeted advertising, data brokerage, creditworthiness determination, or lending purposes.
Oolka’s systems process your Gmail data automatically. We do not allow any Oolka employee, contractor, or agent to read your emails, except in the following strictly limited circumstances:
In all cases, such access is logged, audited, and limited to the minimum data necessary. We will notify you of any such access unless prohibited by law.
We retain Gmail-derived data for the following periods:
| Data Type | Retention Period |
|---|---|
| Active dispute data (thread IDs, metadata, extracted details) | Duration of the dispute + 12 months for audit trail |
| Sent email records | 24 months from date of sending |
| Resolved dispute data | 12 months post-resolution, then deleted or anonymised |
| OAuth tokens | Until you revoke access or delete your account |
You may request deletion of your data at any time by:
Upon receiving a verified deletion request, we will purge all Gmail-derived personal data within 30 days. Anonymised aggregate data (e.g., dispute outcome statistics with no personal identifiers) may be retained for service improvement purposes.
As a user of Oolka and a data subject under applicable Indian data protection law, you have the following rights:
To exercise any of these rights, contact us at legal@oolka.in. We will respond within 30 days.
Oolka uses the following Google OAuth 2.0 scope: gmail.modify
You may revoke any or all of these permissions at any time via your Google Account permissions page. Revoking permissions will disable the corresponding features in Oolka but will not affect your stored dispute data.
You can control whether to accept cookies or not. If you decide to not accept cookies, some features and services on our site may not work properly because we may not be able to recognize and associate you. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests. If you would prefer not to accept cookies, you can:
Like most advertisers, we place advertisements where we think they will be most relevant to customers. We believe that online behavioral advertising helps to provide you with more relevant advertising based upon the websites you visit. We place advertisements by developing and using our own customer segmentation methodologies that may combine online and offline information about our current and prospective customers. In addition, we may use marketing segments provided by online publishers and network advertising companies.
We contract with third-party advertising networks, publishers, and other entities to advertise our products and services on websites not affiliated with us. Network advertising companies that provide these services have their own privacy policies and are not subject to our Online Privacy Statement. Many of these companies provide ways to avoid targeted advertising provided by, or through them. Some of these ads are online behavioral advertising - which serve advertisements that are more likely to be of interest to you using non-personal behavioral information. Such ads may contain cookies that allow monitoring of websites (including our own websites that are part of our own Services) and your response to our advertisements. Cookies placed by these companies do not collect Personal Information. We limit companies that place our ads from using information for any purpose other than to assist us in our advertising efforts.
Although there is no standard for how Do Not Track consumer browser settings should work on commercial websites, the industry has self-regulatory initiatives designed to provide consumers a choice in the types of ads they may see online and to conveniently opt-out from online behavioral ads served by some or all of the companies participating in these programs. Many of our advertising vendors and companies participate in these programs. Using the choice mechanisms these programs make available may help you see advertising that is relevant to you or help you avoid seeing interest-based advertising generally. In order for behavioral advertising opt-outs to work on your device, your browser must be set to accept cookies. If you delete cookies, buy a new Device, access our Services from a different device, login under a different screen name, or change web browsers, you will need to opt-out again. If your browser has scripting disabled, you do not need to opt out, as online behavioral advertising technology does not work when scripting is disabled. Please check your browser's security settings to validate whether scripting is active or disabled.
We may supplement the information we collect about you with outside records from third parties in order to enhance our ability to serve you, to tailor our content to you and to offer you opportunities to purchase products or services that are of interest to you, after seeking your consent. We may combine the information we receive from those sources with information we collect through the Services. In those cases, we will apply this Privacy Policy to any Personal Information received, unless we have disclosed otherwise.
Our Web site includes Social Media Features, such as the Facebook Like button and Widgets, the Share this button or interactive mini programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.
Oolka may post links to third party websites that are not subject to this privacy policy. We do not exercise control over the external sites. We are not responsible for the privacy practices employed by any of these third parties. We encourage you to note when you leave our digital properties, that you read the privacy statements of all third-party web sites or applications before submitting any Personal Information to third parties.
We collect your personal information, including financial information, from the registration or other completed forms / questionnaires that you provide to us. We will also receive your personal information, including financial information, from documents that you may provide to us and/or from documents like the credit report that you authorise us to obtain on your behalf from Credit Information Companies. You will therefore know when we collect any personal information about you. We will collect your profile information based on your consent from digital and social media properties including but not limited to Facebook, Linkedin, Google etc. In addition, we also get access to personal information like phone messages (SMS), phone/device state and phone storage based on your consent from your mobile device when you use our Android application.
We use the information about you that we collect for the following purposes:
It's important to note that the information we use about you helps us provide you with products, services and experiences that benefit you. You have the ability to control how your non-personal information is collected and used online.
You also have the ability to choose what personal information, including what sensitive personal information (i.e. your financial information) you provide to us. However, if you choose not to provide all of the information and data that is requested of you, we may not be able to provide you with the Services that you have subscribed to. You may, at any time while availing of our Services or otherwise, withdraw the consent given earlier to Oolka to collect and use your sensitive personal data or information by writing to Oolka at legal@oolka.in . However, in the case of you withdrawing such consent, Oolka shall have the option to stop providing you the Services for which the information was sought. You will not be eligible for a refund of any fees paid in such an event.
When you provide your contact details, we will use it to send you general notices or important news about your account, request your feedback or opinions and provide updates on special deals and offers that might interest you.
We believe you should be able to choose what kinds of information you receive via email/SMS. If you do not want to receive marketing materials by email/SMS, just indicate your preference on the contact information for your account or the 'opt-out' link provided in our marketing emails. Please keep in mind that we will continue to notify you by email /SMS/via phone calls regarding your services with us.
You can review the information that you have provided to us by logging into your account at the Oolka website and correct or amend any personal information or sensitive personal data or information to ensure that the information or data you provided us is accurate and/or not deficient. Oolka is not responsible for the authenticity of any personal information or sensitive personal data, or information supplied to it by you or any third party.
We do not sell or rent your Personal Information to third parties for any purpose. We only share Personal Information when we have your express consent, or as otherwise provided for in this policy.
We may share with third parties certain pieces of aggregated, non-Personal Information, such as the number of users who clicked on a particular advertisement. Such information does not identify you individually.
We may use third party vendors to perform certain aspects of the Services on our or your behalf, such as hosting the Services, designing and/or operating the Services' features, tracking the Services analytics, or performing other administrative services. We may provide these vendors with access to user information, including Personal Information, to carry out the services they are performing for you or for us. However, we restrict the use of this information by such third-party vendors in our agreement with them and require them to use the information only to provide their services to us.
Certain aspects of the Services may be provided to you in association with third parties such as our advertisers, business partners, or sponsors, and may require you to disclose Personal Information to them. Such Co-Branded Services will identify the third party. If you elect to register for products and/or services through the Co-Branded Services, you may be providing your information to both us and the third party. Any such information provided to the third party is subject to that third party's privacy policies. Further, if you sign-in to a Co-Branded Service with a username and password obtained through the Services, your Personal Information may be disclosed to the identified third parties for that Co-Branded Service and will be subject to their posted privacy policies.
We may access, use, preserve, transfer and disclose your information (including Personal Information, including disclosure to third parties:
to satisfy any applicable law, regulation, subpoenas, governmental requests or legal process if in our good faith opinion such is required or permitted by law;
to protect and/or defend the Terms of Use for any of our Services or other policies applicable to any of our Services, including investigation of potential violations thereof;
to protect the safety, rights, property or security of the Services or any third party; and/or
to detect, prevent or otherwise address fraud, security or technical issues. Further, we may use IP addresses or other Device Identifiers, to identify users, and may do so in cooperation with third parties such as copyright owners, internet service providers, wireless service providers and/or law enforcement agencies, including disclosing such information to third parties, all at our discretion. Such disclosures may be carried out without notice to you.
We may share your information, including your Personal Information, and Usage Information with our parent, subsidiaries, and affiliates for internal reasons. We also reserve the right to disclose and transfer all such information:
to a subsequent owner, co-owner or operator of the Services or applicable database; or
in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our membership interests and/or assets or other corporate change, including, during the course of any due diligence process.
The Services may permit you to submit ideas, questions, comments, suggestions, or other content, including Personal Information that is publicly viewable (such as on public portions of your user profile) (collectively, "User Content"). We or others may reproduce, publish, distribute, or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed). Others may have access to this User Content and may have the ability to share it with third parties across the Internet. Please think carefully before deciding what information you share, including Personal Information, in connection with your User Content.
Note that Oolka does not control who will have access to the information that you choose to make public and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. This Privacy Policy does not apply to any information that you disclose publicly or share with others, whether through the Services or otherwise. We are not responsible for the accuracy, use or misuse of any content or information that you disclose or receive through the Services.
Oolka maintains physical, electronic, and procedural safeguards that comply with regulations to protect Personal Information that we collect about you. We enable our servers with Secure Socket Layer (SSL) technology to establish a secure connection between your computer and our servers, creating a private session. We employ firewalls and other security technologies to protect our servers from external attack and securely store your Personal Information. We control access to this information via secure web pages, and limit access to only those employees or third parties on a need-to-know basis.
We test our systems regularly to ensure that our security mechanisms are up to date. We incorporate commercially reasonable safeguards to help protect and secure your Personal Information and Credit Report Information. However, no data transmission over the Internet, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure the security of any information you transmit to us you provide us with your information at your own risk
From time to time, we may change this Online Privacy Statement. The effective date of this statement, as indicated below, shows the last time this statement was revised or materially changed. Checking the effective date below allows you to determine whether there have been changes since the last time you reviewed the statement.
Oolka will not retain your sensitive personal information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force
If you have any concern or grievance or want to address any discrepancy with respect to the processing of any of the information/data you provided to Oolka, please contact our Grievance Officer by email addressed to legal@oolka.in and we will study the matter and take such action as we deem appropriate under the circumstances in accordance with law.
Oolka identifies UPI-enabled payment applications available on your device only at the time you initiate a payment.
This is done using Android’s secure intent resolution mechanism, which allows us to identify applications capable of handling UPI payment requests (for example, your bank’s mobile app or another UPI Payment Service Provider app).
We do not access apps unrelated to UPI payment functionality.
We use this information for the following purposes, and only these purposes:
Faster, smoother UPI payments. When you initiate a payment, Oolka shows you the UPI apps you already have installed so you can select your preferred handler in one tap, without typing UPI IDs or switching between apps manually.
Transaction security and fraud prevention. We verify that the application handling a payment intent is a legitimate UPI handler registered with NPCI, which helps protect you from malicious applications that may attempt to impersonate payment apps or intercept transaction flows. This use is consistent with the security-based use of installed-app information permitted for regulated financial-transaction apps.
Detection is performed on-device and limited to what is necessary to enable UPI payment functionality (data minimisation).
Detection happens on your device at the moment you initiate a payment.
The list of detected UPI handler apps is used locally to populate the payment selection screen.
Only a hashed identifier of the handler you actually choose for a given transaction may be transmitted to Oolka's servers, solely for transaction routing, fraud monitoring, and dispute resolution as required under applicable NPCI and RBI guidelines.
We do not use installed-app information to:
Build advertising profiles or target advertisements
Sell, license, or share the data with third parties for commercial or marketing purposes
Make decisions about your eligibility for credit, loans, or any other financial product
At first use: Before we check your device for UPI handler apps for the first time, you will see a clear in-app prompt explaining this collection. You may decline. If you decline, Oolka will continue to function and you can complete payments by entering UPI handler details manually.
Deletion: You can request deletion of any server-stored handler selection data linked to your account by emailing legal@oolka.com. We will action verified requests within 30 days.
| Data | Where stored | Retention |
|---|---|---|
| Detected UPI handler list | On your device, in active session memory | Not retained beyond the session |
| Hashed identifier of chosen handlers | Oolka servers | 90 days, then deleted, except where longer retention is required by NPCI/RBI for dispute or audit purposes |
Performance of contract — providing the UPI payment service you have requested.
Compliance with regulatory obligations — handler verification consistent with NPCI procedural guidelines and RBI's Master Directions on Digital Payment Security Controls.
Legitimate interests — limited to fraud prevention, narrowly scoped and balanced against your privacy interests.
The following SDKs integrated into Oolka may, in the course of their own operation, request or receive limited information related to installed payment applications. Each is configured to limit such access to its declared purpose, and we do not direct any SDK to collect installed-app data beyond what is necessary for the function described:
Oolka uses Android’s secure intent resolution mechanism to identify compatible UPI applications at runtime.
We do not access, store, or transmit a complete list of installed applications, and we do not use broad package visibility permissions (such as QUERY_ALL_PACKAGES).
Any detection is performed in-session and is limited to what is necessary to enable the requested payment.
By clicking “Accept”, you (“User”) hereby provide your explicit consent and authorise Oolka Financial Services Private Limited (formerly Sixdis Technologies Private Limited) (“Oolka”, “we”, “us”) to act as your authorised representative for the purposes set out below.
You expressly authorise Oolka to:
Obtain your credit information from one or more credit information companies, as may be engaged by Oolka from time to time, including but not limited to TransUnion CIBIL Limited, Experian Credit Information Company of India Private Limited, Equifax Credit Information Services Private Limited, and CRIF High Mark Credit Information Services Private Limited.
Credit Information will be accessed only from those credit information companies with whom Oolka has an active integration or arrangement at the relevant time.
Access such information on your behalf using authorised APIs, systems, or integrations.
Your Credit Information will be accessed and used solely for:
Providing you with credit score insights and monitoring
Identifying overdue, delinquent, or incorrect credit records
Enabling credit improvement and advisory services
Facilitating your access to relevant financial products (including credit cards, loans, insurance, or other financial offerings)
Any other service explicitly requested by you on the Oolka platform
Oolka shall not use your Credit Information for any purpose other than the above without your explicit consent.
This consent is voluntary, informed, and explicit
It shall remain valid for a period of up to six (6) months from the date of acceptance, unless withdrawn earlier by you
You may withdraw your consent at any time by contacting us at our designated support channels
Oolka agrees that:
Your Credit Information will be:
Used strictly for the End Use Purpose
Processed in accordance with applicable laws, including the Credit Information Companies (Regulation) Act, 2005 (“CICRA”), RBI guidelines, and applicable data protection laws
Oolka shall not:
Sell, rent, trade, or commercially exploit your Credit Information
Share your Credit Information with unauthorised third parties
Credit Information may be shared only:
With you
With regulated partners (e.g., lenders, financial institutions) only where required to deliver services requested by you
Your Credit Information will be retained only for as long as necessary to fulfil the End Use Purpose
In any case, such data shall not be retained beyond six (6) months, unless required by law
Upon completion of the purpose or withdrawal of consent, the data will be securely deleted or anonymised
You acknowledge that:
You have the right to:
Access your Credit Information
Seek correction of inaccuracies through the relevant credit bureau
Withdraw consent at any time
Withdrawal of consent may impact Oolka’s ability to provide certain services
This consent is provided in accordance with:
The Information Technology Act, 2000
CICRA and associated rules/regulations
Applicable RBI guidelines
You confirm that:
The information provided by you is accurate
You are authorising Oolka to act on your behalf for accessing your Credit Information
This consent shall be governed by the laws of India.
Effective Date- This Privacy Statement was last modified 5 May 2026.
#LevelUp Your
Credit Score
© 2025 Sixdis Technologies Private Limited