Privacy Policy

Introduction

AVEKA is committed to ensuring that personal information entrusted to it is collected, used, stored, disclosed, and otherwise processed in a lawful, fair, transparent, and secure manner.

AVEKA operates a technology-enabled financing facilitation platform designed to support students, educational institutions, and financing partners through structured financing workflows, including applicant onboarding, eligibility mapping, lender matching, application progression, approval tracking, sanction monitoring, and disbursement visibility.

Scope

This Privacy Policy applies to all personal information processed by AVEKA in connection with:

• Website access and digital interactions
• Student financing applications
• Educational institution onboarding
• Lender and financing partner engagements
• Customer support interactions
• Business communications
• Platform usage and related service delivery

This Policy applies irrespective of whether personal information is submitted directly by the user, generated through platform interaction, or received through financing ecosystem participants in connection with legitimate service functions.

Nature of AVEKA's data role

Data intermediary

AVEKA acts as a technology intermediary between applicants, educational institutions, and financing partners. Data collected through the platform is facilitated for the express purpose of processing financing inquiries and maintaining workflow visibility.

Not a lender

AVEKA does not independently undertake lending, underwriting, sanctioning, approval, or disbursement of financial products. All financing determinations are made exclusively by partner lenders and regulated financial institutions acting under their own regulatory obligations.

Applicable legal and regulatory framework

AVEKA processes personal information in accordance with applicable data protection and privacy obligations relevant to the jurisdiction of the user, the location of service delivery, and the financing relationship. Depending on context, this may include obligations under:

• Digital Personal Data Protection Act, 2023 (India)
• General Data Protection Regulation (EU/UK)
• Protection of Personal Information Act (South Africa)
• Nigeria Data Protection Regulation (NDPR)
• Data Protection Act (Kenya)
• Applicable data protection laws in other markets served by the platform
• Legal requirements governing international transfers and financial record retention

Where jurisdiction-specific rights or obligations apply, AVEKA shall give effect to such requirements to the extent legally applicable.

Categories of personal information processed

AVEKA processes only those categories of personal information that are reasonably necessary for financing facilitation, platform administration, compliance obligations, fraud prevention, and legitimate operational requirements. Such categories may include:

Personal identification

• Full name, date of birth, nationality, gender
• Government-issued identification (passport, national ID, PAN, Aadhaar, NIN, KRA PIN, as required)
• Email address, mobile number, residential address

Academic information

• Enrolled institution, course of study, admission status
• Academic transcripts and degree documentation
• Prior enrolment history
• Fee invoices and education cost documentation

Financial and supporting documentation

• Bank statements and income details submitted for credit assessment
• Sponsorship letter and guarantor details where required
• Employment records where required by financing partners
• Existing financial commitments and asset declarations

Technical data

• IP address, browser type, device identifiers
• Usage logs, timestamps, and platform interaction records
• Operating system information

AVEKA does not intentionally seek to collect special categories of sensitive personal data beyond what is strictly necessary for financing workflows, regulatory obligations, or applicant-submitted documentation required by financing partners.

How information is collected

• Directly from you through registration forms, document uploads, mock interview sessions, and platform interactions
• From educational institutions information shared by your university to verify enrolment, fee structures, and admission status
• From third-party KYC partners verified identity data from regulated verification providers, obtained with your consent
• From financing partners application-related data shared during the credit assessment and disbursement workflow
• Automatically from platform use technical data generated during your interaction with the website and platform

Purposes of processing

Personal information is processed solely for identified and legitimate purposes connected with AVEKA's services, including:

• Applicant registration and onboarding
• Financing pathway identification and lender matching
• Application workflow administration
• KYC and identity verification facilitation
• Mock interview session delivery and feedback generation
• Communication and user support
• Fraud detection and misuse prevention
• Operational analytics and service improvement
• Audit readiness and compliance administration
• Lawful record maintenance and regulatory reporting

Lawful basis for processing

Personal information is processed only where supported by a valid lawful basis under applicable law. Depending on context, processing may rely upon:

• Consent freely given and informed consent, particularly for KYC submissions and data sharing with partner lenders
• Contractual necessity processing necessary for pre-contractual or contractual performance
• Legal obligation compliance with applicable legal and regulatory requirements
• Legitimate interests business interests pursued in a proportionate manner that does not override individual rights

Where consent constitutes the legal basis, such consent may be withdrawn prospectively at any time by contacting tech@aveka.ai. Withdrawal shall not invalidate processing lawfully undertaken prior to withdrawal.

Disclosure within the financing ecosystem

Personal information may be disclosed only to the extent reasonably necessary to facilitate legitimate financing workflows or associated compliance requirements. Recipients may include:

• Financing partners, banks, and regulated lending institutions
• Non-banking financial companies (NBFCs)
• Educational institutions and university partners
• KYC and identity verification providers
• Technology service and hosting providers
• Communication and analytics vendors
• Affiliated operational entities
• Regulatory authorities and law enforcement, where required by law

Any disclosure is undertaken under confidentiality obligations, contractual restrictions, and purpose limitations appropriate to the nature of the data shared. AVEKA does not sell personal information, nor does it authorise unrelated third parties to use personal information for independent commercial exploitation.

For a full breakdown of recipient categories and data sharing bases, see the Partner Directory.

International processing and cross-border transfers

Given the cross-border nature of educational financing and institutional engagement, personal information may be processed, accessed, or stored across multiple jurisdictions where operational infrastructure, financing relationships, or service support functions exist, including India, the United Arab Emirates, South Africa, and other jurisdictions connected to applicants, financing institutions, or authorised service providers.

Where personal information is transferred internationally, AVEKA adopts reasonable legal, contractual, and technical safeguards designed to preserve equivalent standards of protection, including Standard Contractual Clauses where applicable.

Data retention

Personal information is retained only for so long as reasonably necessary to fulfil the purposes for which it was collected, including financing lifecycle administration, contractual performance, legal and regulatory obligations (which may require retention of up to 7 years in some financial contexts), audit requirements, dispute management, and fraud prevention review.

Mock interview session data is retained for 12 months from the session date, after which it is permanently deleted unless earlier deletion has been requested.

Upon expiry of applicable retention requirements, personal information is securely deleted, anonymised, or archived in accordance with legitimate business needs and legal obligations.

Individual rights

Subject to applicable law, individuals may exercise rights relating to their personal information, including:

• Access request a copy of personal data held about you
• Correction request correction of inaccurate or incomplete data
• Deletion request deletion where no longer legally required to retain
• Restriction request restriction of certain processing activities
• Objection object to certain categories of processing
• Portability request data in a portable, machine-readable format where applicable
• Withdrawal of consent withdraw consent where consent is relied upon as the lawful basis
• Human review of AI request human review of any AI-assisted outcome that has materially affected you

Requests may be submitted to tech@aveka.ai. AVEKA may require reasonable identity verification before acting on requests. We will acknowledge within 7 days and resolve within 30 days.

For the plain-English version of your rights, see the Student Data & Consent Notice.

Cookies and digital technologies

AVEKA uses cookies and similar digital technologies to support essential website functionality, security, analytics, service performance monitoring, and user experience optimisation. Non-essential technologies are deployed only where required consent has been obtained.

For full details of the cookies used, their purpose, duration, and your control options, see the Cookie Policy.

Security and integrity measures

AVEKA maintains technical, organisational, and administrative safeguards reasonably designed to protect personal information against unauthorised access, unlawful disclosure, misuse, accidental destruction, or alteration. Measures include encryption in transit (TLS) and at rest, role-based access controls, multi-tenant data isolation, and periodic security reviews. Security measures are periodically reviewed in light of operational developments and evolving threat environments.

Incident response and breach management

Where a personal data incident occurs, AVEKA will assess the nature, scope, and potential impact of the incident and take appropriate containment, remediation, and notification measures where required under applicable law. Affected individuals will be notified within the timeframes prescribed by applicable data protection legislation.

To report a security concern: tech@aveka.ai

Children and age-sensitive processing

AVEKA's services are intended primarily for individuals who are legally capable of entering financing-related engagements, or applicants acting through lawful guardians where permitted. AVEKA does not knowingly process children's personal information contrary to applicable legal requirements. If you believe a minor's data has been submitted without appropriate authorisation, contact tech@aveka.ai immediately.

Third-party service providers

AVEKA may engage trusted third-party service providers to support operational, technical, communication, analytics, and hosting functions. All third-party providers operate under appropriate confidentiality obligations and data processing agreements. AVEKA does not permit third-party providers to use personal data for their own independent purposes beyond the scope of services provided to AVEKA.

The categories of third-party providers and the data shared with each are detailed in the Partner Directory.

Policy review and amendments

This Privacy Policy is reviewed at minimum annually and updated whenever material changes are made to data processing practices. Where changes are material, AVEKA will provide reasonable notice, including via the website and, where required, by direct communication to affected users. The effective date at the top of this page reflects the most recent version.

Contact and grievance redressal