Solapur Janata Sahakari Bank Ltd. | Mobile-Privacy-Policy

Privacy Policy for SJSBank Mobile Banking

Effective Date: 02 March 2026

Last Updated: 21 April 2026

Solapur Janata Sahakari Bank Ltd ("SJSB", "the Bank", "we", "our", or

"us") is committed to protecting the privacy and security of your

personal and financial information. This Privacy Policy applies

specifically to the SJSBank Mobile Banking application (the "App")

and explains how we collect, use, store, share, retain, and protect

your data.

By installing or using the App, you acknowledge that you have read

and understood this Privacy Policy.

--------------------------------------------------------------------

1. Information We Collect

--------------------------------------------------------------------

To provide secure and efficient banking services through the App, we

collect the following categories of data:

- Personal Identity Information: First name, last name, and profile

photograph (only if uploaded by you).

- Contact Information: Registered mobile number and email address as

recorded with the Bank.

- Financial Information: Customer ID, account numbers, account

balances, transaction history, and card-related information

displayed to you within the App.

- Authentication Data: Login credentials, One-Time Passwords (OTP)

processed in transit, and the Mobile Personal Identification

Number (MPIN) - stored securely on your device and never

transmitted to the Bank in plain text.

- Technical Data: Device model and operating system version, unique

device identifier, SIM subscription identifier and SIM serial

number (ICCID), network type, and IP address. This data is

required for secure device and SIM binding.

--------------------------------------------------------------------

2. App Permissions

--------------------------------------------------------------------

With your explicit consent, the App requests the following device

permissions:

- SMS - Outbound (SEND_SMS): Used solely to send a one-time

device-binding SMS from your device to the Bank during initial

setup, linking your device and SIM to your bank account. This is

a critical fraud-prevention mechanism and the SMS is not used for

marketing or any other purpose.

- SMS - Inbound (no permission required): The App uses Google's SMS

Retriever API to automatically read one-time passwords (OTPs)

sent to you by the Bank, so you do not need to type them

manually. The App does not read, store, or access any other SMS

on your device.

- Phone State (READ_PHONE_STATE, READ_PHONE_NUMBERS): Used to

identify the SIM subscription that is being bound to your account

during registration. The App does not access your call logs or

call history.

- Biometric (USE_BIOMETRIC, USE_FINGERPRINT): Used only to trigger

the operating system's biometric prompt for secure login. See

Section 3 for how biometric data is handled.

The App does NOT request access to your contacts, location, camera,

microphone, photo library, calendar, or call logs.

--------------------------------------------------------------------

3. Biometric Authentication

--------------------------------------------------------------------

If you choose to enable biometric login (fingerprint or face

recognition):

- The biometric template is created, stored, and verified

exclusively on your device using the operating system's secure

hardware (e.g., Trusted Execution Environment / Secure Enclave).

- The Bank NEVER receives, stores, or has access to your biometric

template or raw biometric data.

- You may disable biometric authentication at any time from the

App's Security Settings.

--------------------------------------------------------------------

4. How We Use Your Information

--------------------------------------------------------------------

We use your data strictly for:

- Processing fund transfers (NEFT, IMPS, RTGS, self-transfers, and

internal transfers) and other banking transactions you initiate

through the App.

- Maintaining your account and servicing requests such as cheque

book issuance and statement downloads.

- Authenticating your identity via Multi-Factor Authentication

(MFA), including OTP, MPIN, and optional biometric checks.

- Performing device and SIM binding to prevent unauthorized access.

- Detecting, preventing, and mitigating fraud, misuse, or security

incidents.

- Complying with Reserve Bank of India (RBI) regulations, Know Your

Customer (KYC) norms, Prevention of Money Laundering Act (PMLA)

2002 requirements, and other applicable laws.

- Responding to customer service requests and grievance redressal.

We do NOT use your personal data for advertising, marketing

profiling, or any purpose unrelated to banking services without your

explicit consent.

--------------------------------------------------------------------

5. Data Sharing and Disclosure

--------------------------------------------------------------------

SJSB does NOT sell, rent, or trade your personal data.

We share your information only in the following circumstances:

- With authorised payment and settlement partners (for example, the

National Payments Corporation of India (NPCI) for IMPS

transactions, and payment switch providers) strictly for

executing transactions you initiate.

- With regulatory, statutory, judicial, or law-enforcement

authorities when required by law, RBI mandate, or valid legal

process.

- With trusted service providers contractually bound to

confidentiality and data-protection obligations, for the sole

purpose of operating and securing the App.

- To protect the rights, security, and integrity of the Bank, its

customers, and its digital banking ecosystem.

--------------------------------------------------------------------

6. Data Security

--------------------------------------------------------------------

We implement industry-standard security measures, including:

- Encryption in Transit: All communication between the App and the

Bank's servers uses TLS with strong cipher suites.

- Encryption at Rest: Sensitive application data on your device is

stored in the operating system's secure storage (Keystore /

Keychain).

- Secure Session Handling: Automatic logout after a period of

inactivity.

- Access Control: No Bank staff can access your password, MPIN, or

biometric data.

- Screen-Capture Prevention: Sensitive screens within the App

prevent screenshots and screen recording.

Despite these safeguards, no method of transmission or storage is

completely infallible. You are responsible for safeguarding your

--------------------------------------------------------------------

7. Account Deletion and Data Erasure

--------------------------------------------------------------------

You have the right to request deletion of your personal data at any

time. You can submit a request through either of the following

channels:

Web: Visit https://sjsb.bank.in/account-deletion-request and

submit a request with your Customer ID and registered mobile

number.

Email: Write to pno@sjsbbank.in with your Customer ID and deletion

request.

What is deleted on request:

- Profile information stored in the App

- Device and SIM binding data

- Authentication tokens and session data

- Cached app data and preferences

App-side data is removed within 30 days of your request. Account

closure is processed in line with the Bank's standard

account-closure timelines.

What is retained (as mandated by law):

- KYC documents, transaction records, audit trails, and

Anti-Money-Laundering logs are retained for 5 to 10 years post

account closure, as required by the RBI Record Retention Policy,

the Prevention of Money Laundering Act 2002, the Banking

Regulation Act 1949, and related regulations.

- This retained data is used exclusively for regulatory, legal,

statutory audit, and fraud-investigation purposes, and is NOT

used for any commercial activity.

--------------------------------------------------------------------

8. User Rights

--------------------------------------------------------------------

You have the right to:

- Access the personal data held about you by contacting your home

branch or the Nodal Officer.

- Correct your contact and profile details by visiting your home

branch.

- Revoke sensitive app permissions at any time through your device

settings. Note that revoking certain permissions (for example,

SMS) may disable secure login.

- Withdraw consent to biometric authentication from the App's

Security Settings.

- Request deletion as described in Section 7.

- Raise a grievance as described in Section 10.

--------------------------------------------------------------------

9. Children's Privacy

--------------------------------------------------------------------

The App is intended for individuals aged 18 years or older. The Bank

does not knowingly collect personal data from minors through the

App. If you believe a minor has provided us with personal data

through the App, please contact the Nodal Officer so we can take

appropriate action.

--------------------------------------------------------------------

10. Grievance Redressal

--------------------------------------------------------------------

For any privacy-related concerns, data requests, or complaints

regarding the App, please contact our Nodal Officer:

Nodal Officer

Solapur Janata Sahakari Bank Ltd

Gaganbharari Shivsmarak Sankul, Gold Finch Peth,

Solapur - 413007, Maharashtra, India.

Email: pno@sjsbbank.in

We will acknowledge your request promptly and respond within the

timelines prescribed under applicable law.

--------------------------------------------------------------------

11. Third-Party Services

--------------------------------------------------------------------

The App may integrate with trusted third-party payment and

settlement networks (such as NPCI for IMPS) strictly to process your

instructions. These third parties are governed by their own privacy

policies and regulatory obligations. The App does not currently use

third-party advertising, marketing, or analytics SDKs that share

data off-device. Any future introduction of such services will be

disclosed in this Policy.

--------------------------------------------------------------------

12. Changes to This Policy

--------------------------------------------------------------------

We may update this Privacy Policy from time to time to reflect

changes in our practices, the App's functionality, or applicable

law. The "Last Updated" date at the top of this page indicates the

date of the most recent revision. Material changes will be notified

to you through the App and/or the Bank's website. Your continued

use of the App after such changes constitutes acceptance of the

revised Policy.

--------------------------------------------------------------------

13. App Identification

--------------------------------------------------------------------

- Application Name: SJSBank Mobile Banking

- Package Name (Android): com.sjsb.bank

- Developer / Legal Entity: Solapur Janata Sahakari Bank Ltd (SJSB)

- Regulator: Reserve Bank of India (RBI)

--------------------------------------------------------------------

14. Governing Law and Jurisdiction

--------------------------------------------------------------------

This Privacy Policy is governed by and construed in accordance with

the laws of the Republic of India. Any disputes arising out of or in

connection with this Policy shall be subject to the exclusive

jurisdiction of the courts at Solapur, Maharashtra.

--------------------------------------------------------------------