Privacy Policy

1. Scope of this policy

This Privacy Policy explains how the KBA Gender-Disaggregated MSME Credit Analysis Dashboard handles information across the Public, Data, Admin, and Bank portals.

It applies to visitors, authorized users, and participating institutions that access this platform.

2. Information we process

We process only the information needed to operate the platform, secure access, and improve service quality.

• Account and access data: user name, email, organization, role, and authentication/session records.
• Operational usage data: page navigation, selected filters, export actions, and feature interactions for product support and troubleshooting.
• Feedback data: comments, contact details you provide, and page context submitted through platform feedback forms.
• Data submission metadata: reporting month/year, submission status, and upload job details for the Data portal.
• Analytical dataset inputs: anonymized or de-identified CRB-derived records used to generate aggregated dashboard metrics.

3. How we use information

Information is processed to deliver dashboard functionality, enforce role-based access, support secure operations, and maintain reliable analytics for decision-making.

• Authenticate users and enforce portal permissions.
• Generate and deliver analytics, maps, and downloadable reports.
• Monitor reliability, investigate incidents, and prevent unauthorized access.
• Respond to user feedback and platform support requests.
• Improve dashboard usability, tutorials, and data quality workflows.

4. CRB data handling and privacy safeguards

This platform is designed around privacy-preserving analytics. Public-facing views show aggregated insights and are not intended to identify individual borrowers.

Data access is restricted by portal role, and institution-specific views are limited to authorized users or designated administrators.

5. Data sharing and disclosure

We do not sell personal data. Information may be shared only when necessary for platform operation, legal compliance, or authorized program delivery.

• With authorized implementation partners operating this platform under confidentiality obligations.
• With regulated institutions or administrators where role-based access explicitly permits it.
• When required by law, regulation, court order, or lawful regulatory request.

6. Data retention

We retain data for only as long as required for security, auditability, analytics continuity, legal obligations, and program reporting needs.

Retention periods may vary by data category, portal function, and applicable law.

7. Security controls

The platform uses layered technical and organizational controls, including access controls, role segregation, transport security, and operational monitoring.

No internet service can be guaranteed to be completely risk-free, but we continuously improve safeguards in line with risk and compliance requirements.

8. Your choices and rights

Where applicable, you may request access, correction, or deletion of your personal account information, subject to legal and operational constraints.

To request assistance, contact the team using the details below.

9. Policy updates

This policy may be updated to reflect legal requirements, platform changes, or operational improvements. Updates take effect when published on this page.