Namaste! I'm SetuYour loan saathi — here to help
Home Data Breach Policy
Legal & compliance

Data Breach Policy

Last updated: June 2026 – MyCashBridge – Lending Service Provider (LSP)

We take the security of your personal data seriously. This policy explains how we detect, contain, investigate and respond to a personal data breach, and how and when we notify those affected and the authorities.

A "personal data breach" means any unauthorised processing, accidental disclosure, acquisition, sharing, alteration, loss of access to, or destruction of personal data that compromises its confidentiality, integrity or availability.

1. Detection

We monitor our systems continuously using access logs, alerts and periodic reviews. Employees, partners and users can report a suspected incident immediately to our security and grievance contacts. Every report is logged with a timestamp and triaged without delay.

2. Internal assessment

On detection, our response team assesses the nature, scope and severity of the incident – what data is involved, how many individuals may be affected, and the likely impact – to decide the appropriate response and escalation level.

3. Containment and mitigation

We act quickly to contain the breach and limit its impact – for example by isolating affected systems, revoking compromised credentials, blocking unauthorised access and applying emergency safeguards to prevent further exposure.

4. Investigation

We conduct a structured investigation to establish the root cause, the timeline of events and the categories of data and individuals affected, preserving relevant evidence and logs for review.

5. Corrective measures

We remediate the underlying vulnerability – patching systems, strengthening access controls, correcting misconfigurations and recovering data from secure backups where required – and document the actions taken.

6. Notification

Where a breach is likely to result in risk or harm, we notify affected users and the relevant authorities – including the Data Protection Board of India – within the timelines and in the manner required under the Digital Personal Data Protection Act, 2023 and other applicable laws. Notifications describe the nature of the breach, the likely consequences and the steps users can take to protect themselves.

7. Preventive improvements

After every incident we review what happened and improve our controls, processes and training to reduce the likelihood and impact of future breaches. Lessons learned feed back into our security and privacy programme.

Report a suspected incident

If you believe your data may have been compromised, contact our Grievance Officer immediately: Jyotsana Bora · grievance@mycashbridge.com · +91 87965 08140. We acknowledge reports within 48 hours.

Information security Raise a grievance