Vasool App Privacy Policy

1. Introduction

Vasool (“we”, “our”, or “the Platform”) is a multi-tenant microfinance loan management platform operated by Thukal. This Privacy Policy explains how data is collected, used, stored, and protected across the Platform. By using Vasool, you agree to the practices described in this policy.

Vasool provides software infrastructure to microfinance companies (“Tenants” or “Clients”). Each Tenant operates independently within their own isolated environment on the Platform.

2. Multi-Tenant Architecture & Data Ownership

Vasool operates on a multi-tenant architecture where each microfinance company (Tenant) is provisioned with a completely isolated data environment. This means:

  • Tenants own their data. All customer records, loan data, collection records, staff information, documents, and any other data entered into the Platform by a Tenant belongs exclusively to that Tenant.
  • Vasool does not own, sell, or share Tenant data. We act solely as a data processor providing the software infrastructure. We do not access, analyze, or monetize Tenant data for any purpose beyond providing the service.
  • Data isolation is enforced. Each Tenant’s data is logically and physically separated. No Tenant can access another Tenant’s data under any circumstances.
  • The Tenant’s server infrastructure is provided by the Client. Tenants may provide their own server infrastructure or use infrastructure provisioned on their behalf. In either case, the data resides on servers controlled by or designated by the Client.

3. Data Collected by Tenants

Each Tenant, through their use of the Platform, may collect and store the following types of data about their end customers and staff:

  • Personal information (name, phone number, address, profile photos)
  • Identity and KYC documents (Aadhaar, PAN, voter ID, etc.)
  • Loan and financial records (loan amounts, repayment schedules, payment history)
  • GPS location data (customer locations, staff tracking)
  • Staff information (employment details, expenses, attendance)
  • Guarantor/referee information (contact details, relationship to borrower)
  • Product and transaction photos

The Tenant is the data controller for all data they collect through the Platform. Each Tenant is responsible for obtaining proper consent from their customers and staff, and for complying with all applicable data protection laws in their jurisdiction.

4. Data We Collect as Platform Provider

As the Platform provider, Vasool may collect limited data for operational purposes:

  • Tenant account information: Company name, contact person, email, phone number for account management and billing.
  • Usage and diagnostic data: API request counts, error logs, performance metrics, and system health data for maintaining service quality.
  • Storage metrics: Per-tenant storage usage for enforcing configured storage limits.

We do not collect or access any end-customer data stored by Tenants unless explicitly requested by the Tenant for technical support purposes.

5. Data Storage & Security

  • Data is stored on servers provided by or designated by the Tenant (Client). Vasool does not centrally host Tenant data on shared infrastructure without the Tenant’s knowledge.
  • All data in transit is encrypted using TLS/SSL. Authentication is handled via JWT tokens with secure session management.
  • The Platform includes built-in security measures: rate limiting, bot and attack protection, audit logging, and entity-level change history tracking.
  • Role-based access control (RBAC) ensures that only authorized staff members can access specific data and features within a Tenant’s environment.
  • Biometric/fingerprint authentication is supported for mobile app access to prevent unauthorized use.

6. Data Sharing & Third Parties

Vasool does not share, sell, rent, or disclose Tenant data to any third parties. Specifically:

  • We do not share data between Tenants. Each Tenant’s data is completely isolated.
  • We do not use Tenant data for advertising, analytics, or any purpose other than providing the Platform service.
  • We do not provide data to government or law enforcement agencies unless required by law, in which case the relevant Tenant will be notified to the extent legally permissible.

Individual Tenants may have their own data sharing practices with their customers. Users should refer to their specific microfinance company’s privacy policy for details.

7. Data Retention & Deletion

  • Tenant data is retained for as long as the Tenant’s account is active and the service agreement is in effect.
  • Upon termination of service, Tenants may request a full export of their data. After the agreed retention period, all Tenant data is permanently deleted through our automated deprovisioning process.
  • Tenants can delete individual customer records, loan records, and other data at any time through the Platform’s interface.
  • Audit logs and change history are retained as part of the Tenant’s data and follow the same retention and deletion policies.

8. Tenant Responsibilities

Each Tenant using the Vasool Platform is responsible for:

  • Obtaining proper consent from their customers before collecting personal data, documents, photos, and location information.
  • Complying with all applicable local, state, and national data protection and privacy regulations.
  • Implementing appropriate internal policies for data access by their staff members using the RBAC features provided.
  • Ensuring the accuracy and lawfulness of data entered into the Platform.
  • Informing their customers about how their data is collected, used, and stored.

9. GPS & Location Data

The Platform includes GPS tracking features for staff location monitoring and customer location recording. This data is:

  • Collected only when the Tenant enables these features through their per-tenant feature toggles.
  • Stored within the Tenant’s isolated data environment and not shared with other Tenants or third parties.
  • Accessible only to authorized personnel within the Tenant’s organization based on their assigned roles.

10. Cookies & Mobile App

The Vasool web application may use essential cookies for session management and authentication. No third-party tracking cookies are used. The mobile application stores authentication tokens and user preferences locally on the device.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal and regulatory reasons. Tenants will be notified of any material changes via email or through the Platform. Continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: hello@thukal.in

Phone: +91 86809 01007