in ,

FYI: CreditVidya app was collecting user data via Sai Baba, Ilaiyaraaja Hits and other musical apps

CreditVidya, the Hyderabad-based fintech startup has been found collecting user data via apps including Sai Baba app, Ilaiyaraaja Hits app and several music apps created by a services company (Winjit).

The data, scooped up from users (without any consent), was used to power CreditVidya’s self-learning algorithms that help lending companies determine the credit-worthiness of loan applicants. [via]

CreditVidya has raised funding from Kalaari Capital, Matrix Partners and Bharat Innovation Fund.

An instance of growth-hacking crossing ethical lines?


Notes from CreditVidya

CreditVidya has successfully leveraged alternative data, derived from applicants’ smartphones, to help lenders underwrite this huge segment of the population that was previously invisible to them. Our biggest strength is our ability to successfully demonstrate the impact of alternative data – based risk assessment to the formal lending ecosystem. This will allow affordable small-ticket loans to be profitable for the first time in India – our chance to solve for financial inclusion through technology.


Coming to the issue in hand, we initially had our SDKs in multiple apps. The purpose of this was to acquire user data for the sole purpose of credit risk assessment. We have always complied with legal requirements, and disagree with the allegation that CreditVidya collected customer data without consent: We are in 100% compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Whether the rules governing data security are adequate is a separate issue.

That said, we are a part of an evolving big data ecosystem and over time, we have learnt several things along the way, which have helped us leverage technology in a way that is responsible and transparent. We believe that a strong consent-driven architecture and adherence to the highest security protocols can further strengthen financial inclusion. We matured as a company and took a progressive view on customer consent. Specifically, we invested in two areas:

a) Transparent consent architecture: We ensured that the consent to accessing data was made specific to the use-case. Furthermore, CreditVidya now only works with partners who clearly demonstrate that they have a functionality in their app through which customers can apply for a loan. Because of this, all Winjit app data (mentioned in the article) stopped as of March 2018.

b) ISO 27001 certification: We introduced processes and systems in place to adhere to the highest standards of security globally.


Building alternative ecosystems involves periods of uncertainty. The alternative lending ecosystem is no exception. We firmly believe that data empowerment is key to bridging the gap in financial inclusion in India. We have also increased our commitment to transparency and data security. At CreditVidya, we never stop learning. We’re always open to further improvement and bringing in best practices.