Privacy Policy
This Privacy Policy describes how StageBridge ("we", "us") collects, uses, retains, and shares personal data of natural persons who interact with the Service. It is published in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("IT Rules 2021").
1. Our role
Where a Customer Institution uses the Service to verify a borrower's construction-stage photographs, the Customer Institution is the Data Fiduciary and StageBridge is the Data Processor for that personal data. For the Service's own users (operators, administrators, marketing site visitors), StageBridge is the Data Fiduciary.
2. What we collect
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email, phone, role, organisation | You / your Customer Institution |
| Verification data | Construction photographs, GPS coordinates at capture, device timestamp, EXIF metadata | Your phone (with permission) |
| Loan metadata | Loan number, sanctioned amount, property address | The Customer Institution |
| Usage data | Request URLs, response codes, IP, user agent, request IDs | Our servers |
| Cookies | Session cookies and a small number of preference cookies — see Cookie Policy | Your browser |
3. How we use it
The DPDP Act requires us to state a specific purpose. We use personal data only for these purposes:
- To verify your identity and authenticate access.
- To execute the verification workflow you initiated.
- To run AI analysis on submitted photographs.
- To enable the Customer Institution's operator to make a disbursement decision.
- To maintain an immutable audit trail required by NHB / RBI directives.
- To detect fraud across loans and across HFCs (cross-tenant duplicate-photo signal — see Section 6).
- To send transactional emails (verification status, decision, support replies).
- To respond to a regulatory or court order.
We do not sell personal data and do not run third-party advertising trackers. As a hard rule, we do not use any borrower's identifiable personal data to train, fine-tune, or evaluate a machine-learning model that is shared between Customer Institutions or made available to third parties. Any model work uses only de-identified images (see Section 8) or per-client isolated data under an explicit written carve-out.
4. Legal basis
- Consent — for the marketing contact form and optional features.
- Performance of contract — for the core verification workflow.
- Compliance with law — audit trail (NHB), data retention (PMLA, IT Act), grievance records (IT Rules 2021).
- Legitimate use under Section 7 of the DPDP Act for system security and fraud prevention.
At the point a construction photograph is captured or uploaded, the workflow presents a short notice — what is collected (photo, GPS, timestamp), why (stage verification for a loan disbursement), who it is shared with (the lender, and the AI vendor in the United States named in Section 8), and how long it is kept. Where StageBridge acts as Data Processor, the Customer Institution is responsible, as Data Fiduciary, for obtaining the borrower's consent; StageBridge provides the notice mechanism and processes only on the institution's instructions.
5. Retention
Verification photographs and audit trail: longer of (a) seven (7) years from the disbursement decision (NHB / PMLA), or (b) the period the Customer Institution instructs us in its DPA. Account credentials: while your account is active plus 90 days. Server access logs: 180 days. Aggregated and anonymised statistics: indefinitely.
6. Cross-tenant fraud signal
We compute a perceptual hash of each photograph and compare it against hashes from other verifications, including across Customer Institutions. We surface a single bit to the operator: "this photograph closely matches another on file." We never expose which other loan, HFC, or photograph the match relates to.
7. Where the data lives
Production data is stored in Indian-region infrastructure (Supabase Postgres + object storage in Mumbai). AI vendor calls go to the regions identified in the Compliance Disclosures; we send only the minimum payload needed.
8. Cross-border transfer & de-identification
Production data lives in India (Section 7). The one routine cross-border transfer of borrower data is to Anthropic PBC (United States), the AI vendor that produces the vision verdict on each photograph (a secondary vendor, Google Gemini in the United States, is used only in opt-in ensemble mode). We treat Anthropic-US as a disclosed cross-border sub-processor:
- It is named and located in the DPA (Annexure A) and consented to by the Customer Institution before any live data flows.
- Only the photograph bytes are sent, via a short-lived signed URL — no name, phone, loan number, or address is attached.
- The vendor does not retain the input beyond the request and does not train its models on it, per its commercial terms.
- The Customer Institution may disable any AI vendor for its organisation at any time; we then route only to the remaining vendor(s), or to manual review.
Under Section 16 of the DPDP Act the Central Government may restrict transfer to specified countries. If a notification affects a vendor we use, we will reconfigure the vendor list to comply and notify the affected institutions before the next transfer.
De-identification. If a photograph is ever used for anything beyond a single live verification (for example an internal evaluation set), it is first de-identified — faces blurred, EXIF GPS and device identifiers stripped, and no borrower name, loan number, or address associated with the image. De-identified images are never mixed across Customer Institutions.
9. Sharing
We share personal data only:
- with the Customer Institution that owns the loan;
- with the sub-processors listed in the DPA;
- with a regulator or court on a valid demand;
- with our advisors on a need-to-know basis under confidentiality.
10. Your rights
- Confirm whether we hold your data and obtain a summary.
- Correct, complete, update, or erase your data.
- Nominate another person to exercise your rights in case of incapacity.
- Withdraw consent.
- Lodge a grievance via Grievance Redressal; escalate to the Data Protection Board.
To exercise these rights, write to privacy@stagebridge.in from the email on your account. Erasure is implemented in the product: on a confirmed request we pseudonymise your identifying fields (name, phone, email) while retaining the pseudonymous loan-level and audit records that NHB / PMLA require us to keep, as permitted by Section 12(1) read with Section 17 of the DPDP Act. Every erasure is written to an append-only lifecycle log.
11. Children
The Service is not designed for, or directed at, persons under 18. We do not knowingly process personal data of children. Under Section 9 of the DPDP Act, we obtain verifiable parental consent where unavoidable.
12. Security
We follow "reasonable security practices and procedures" under Section 43A of the IT Act and Rule 8 of the SPDI Rules. Specifics: row-level security in the database keyed to each organisation; signed upload URLs scoped per photograph; HMAC-bound upload nonces; append-only audit log with hash-chained rows; constant-time secret comparisons. Documented in backend/SECURITY.md.
13. Breach notification
On becoming aware of a personal data breach we will notify (a) the Data Protection Board within 72 hours under Section 8(6) of the DPDP Act; (b) the National Housing Bank where the breach affects HFC customer data; and (c) you, without undue delay, where the breach is likely to cause significant harm.
14. Updates
Material changes are notified by email and an in-app banner at least 15 days before they take effect.
15. Contact
Privacy queries: privacy@stagebridge.in. Data Protection Officer: see Grievance Redressal.