Privacy Policy | Nucleus Software

Last update on – April 15, 2026.

Introduction

Nucleus Software Exports Limited, its subsidiaries, collectively called “Nucleus Group” (“Nucleus”, “NSEL”, “we”, “us” or “our”) respect your privacy and is committed to protecting the personal information that we process.

This Privacy Notice explains how we collect, use, disclose, transfer and otherwise process personal information relating to individuals, as well as the rights and choices that may be available under applicable data protection laws.

This Privacy Notice applies to individuals who interact with Nucleus including in a business or professional capacity or otherwise, customers and end-users of our products, website(s) visitors, prospective customers, business partners, vendors, and individuals applying for employment opportunities with us(“Interaction”). It applies where Nucleus determines the purposes and means of processing personal information.

Such Interactions may include, without limitation, use of our products and services, visits to our website(s), communications in connection with business development activities, participation in events or webinars hosted by us, engagement with our partners and service providers, and submission of applications for employment.

This Privacy Notice covers personal information that:

you provide directly to us;
we collect automatically through your use of our products, services or website(s); and
we obtain from third-party sources, in accordance with applicable law.

We encourage you to read this Privacy Notice carefully, together with any supplemental privacy information that we may provide at the time of collection or processing, as such information may contain additional details relevant to specific engagements. Please note that our website(s) may include links to website(s) of third parties whose privacy practices differ from those of Nucleus; if you provide personal data to any of those website(s), your data is governed by their privacy statements.

Personal Information We Collect

For the purposes of this Privacy Notice, “personal information” means any information relating to an identified or identifiable individual, including information that can reasonably be linked to you, directly or indirectly.

The types of personal information we collect depend on the nature of your Interaction with us.

Information you provide to us

We collect personal information that you voluntarily provide when you interact with us, including in the following circumstances:

Use of our products and services: Name, Email address, Telephone number, Organisation name, Job title;
Submission of forms through our website(s): Name, Email address, Telephone number, Job title, Company name, Location, and any additional information you choose to include in the forms such as contact forms, download assets forms, request demo forms, inquiries, or feedback submissions;
Business enquiries and partnership discussions: Professional and contact information provided in connection with business enquiries, product demonstrations, partnership discussions, collaborations, or similar professional engagements;
Registration for webinars or events (online or in-person): Name, Email address, Telephone number, Job title, Company name, Location and Audio, video, and photographic recordings, including your image and voice, where events are recorded or live-streamed;
Visit to our offices or premises: Name, Organisation name, Designation, Information required for visitor logs or security purposes, CCTV footage or other security recordings;
Participation in audio or video communications with us: Contact and professional details, Audio and/or video recordings where calls are recorded in accordance with applicable law; and
Applications for employment opportunities: Name, contact details (including email, telephone number and mailing address), Curriculum vitae / resume, educational qualifications, Employment history, Professional credentials, Background verification information, where permitted by applicable law, which may include criminal history data.

Information Collected Automatically

When you access or use our website(s), products or digital services, certain information may be collected automatically through technological means.

This may include:

Device and technical information, such as IP address, device identifiers, browser type, device type, operating system and similar technical data.
Usage information, including pages visited, features accessed, time spent, navigation paths, clickstream data and interaction patterns.
Approximate location information derived from your IP address.
Diagnostic and performance data, including error logs, system activity and fraud prevention information.

We may use cookies, pixels, web beacons, session replay tools and similar tracking technologies to collect such information. Some of these technologies may be provided by third-party service providers who may process information on our behalf or in accordance with their own privacy practices.

Further details are available in our Cookie Policy.

Information obtained from third-parties

We may receive personal information about you from third-party sources, including:

Business partners: Referral partners, resellers, integration partners and other collaborators may share professional contact information and related details;
Event partners and organisers: Where we co-host or sponsor events, organisers may share registration information, photographs, recordings and other details you have provided to them or authorised them to share;
Business intelligence and lead generation platforms: We may obtain professional contact information from reputable B2B databases and sales intelligence providers;
Service providers: Where you choose to authenticate or interact with us using third-party services (such as single sign-on providers), those providers may share information you authorise them to disclose; and
Publicly available sources: We may collect professional information made available through public sources, including company website(s)s, professional networking platforms and other publicly accessible channels.

We may combine information collected directly from you, automatically through your use of our services, and from third-party sources, to the extent permitted under applicable law.

Children’s Personal Information

Our website(s) and portals are not intended for use by individuals under the age of 18 years, or under the age considered as a minor under the laws applicable in your jurisdiction. If you are under 18, you must not register with, access, or use our website(s) or services.

We do not knowingly collect personal information from children or minors. You should not provide any personal information about a child to us without the consent of their parent or legal guardian.

If you are a parent or legal guardian and believe that your child has submitted personal information to us without your consent, please contact us using the details provided in the Contact Us section below, and we will take steps to remove such information.

Legal Bases for Processing Personal Information

The legal basis on which we process your personal information depends on the context and purpose of the processing. In general, we rely on one or more of the following legal bases, as permitted under applicable law:

Performance of a contract or taking steps prior to entering into a contract with you;
Compliance with legal obligations to which Nucleus is subject;
Legitimate interests pursued by Nucleus or by a third party; and
Consent or other lawful bases as required or permitted under applicable law.

Where we rely on legitimate interests, these may include, among others:

Providing, operating, improving, and developing our products, services, and website(s);
Processing registrations and completing transactions;
Managing and administering our organisation and corporate affairs;
Ensuring compliance with legal and regulatory obligations;
Maintaining security and protecting the rights of Nucleus and others;
Conducting sales, marketing, and business development activities;
Performing research, analytics, and business planning;
Facilitating recruitment and any other human resources activities; and
Supporting other legitimate initiatives.

We carefully balance our legitimate interests against your rights and freedoms when relying on this basis for processing personal information.

Purposes of Processing

We process personal information for legitimate business, contractual, legal and operational purposes, depending on the nature of your interaction with us. The purposes for which we may process personal information include the following:

Provision and Improvement of Products and Services:

To provide, operate, maintain and enhance our products, services and website(s). This includes:

Delivering and administering products and services.
Managing user accounts.
Ensuring system availability, security, integrity and performance.
Monitoring, troubleshooting and debugging.
Preventing misuse or violations of applicable terms.
Processing payments and maintaining necessary customer due diligence records.
Responding to enquiries and support requests.
Supporting product implementation and integrations.
Analysing usage patterns to improve functionality, user experience and service offerings.
Developing new products, services and features.

Event Registrations and Transactions

To manage registrations and participation in events, webinars, surveys, promotional programs or similar initiatives, including:

Confirming registrations.
Communicating relevant event details.
Processing related payments.
Enabling access to event materials or downloadable content.
Administering specific transactions initiated by you.

Business Administration and Operations

To manage and administer our organisation, including

Accounting, taxation and auditing activities.
Recordkeeping and internal reporting.
Business analytics, forecasting and strategic planning.
Corporate governance and investor or board reporting.

Corporate Transactions

To evaluate, negotiate or execute corporate transactions, including mergers, acquisitions, restructuring, divestitures, financing transactions or similar proceedings, including situations involving insolvency or liquidation.

Legal and Regulatory Compliance

To comply with applicable laws and regulatory requirements, including:

Responding to lawful requests from courts, regulators and authorities.
Enforcing our contractual rights.
Establishing, exercising or defending legal claims.
Preventing unlawful activities and mitigating potential liabilities.

Security and Protection of Rights

To safeguard our business, systems, premises and stakeholders, including:

Managing physical and digital access controls.
Maintaining visitor logs and CCTV systems.
Detecting and preventing fraud, misuse, unauthorised access or security incidents.
Investigating suspected violations of law or policy.
Protecting the rights, property and safety of Nucleus and others.

Marketing and Business Development

To promote Nucleus, our products, services, initiatives and corporate values, and to engage with customers and prospective customers, including:

Sending marketing communications, newsletters and product updates;
Conducting promotional campaigns and outreach initiatives;
Personalising communications and content, where permitted by law;
Publishing testimonials, case studies or feedback (with appropriate authorisation);
Hosting and promoting events and webinars;
Analysing engagement and marketing effectiveness.

Where required by applicable law, we will obtain your consent before sending certain marketing communications, and you may opt out at any time.

Research and Feedback

To conduct surveys, gather feedback, perform analytics and better understand user preferences in order to improve our offerings and business strategy.

Recruitment Activities

To assess and process applications for employment opportunities, manage interview processes, retain records for future opportunities (where permitted), and communicate regarding recruitment matters.

Corporate Social Responsibility and Other Initiatives

To administer corporate social responsibility programs, community initiatives, responsible disclosure programs, bug bounty initiatives and other company-sponsored activities.

Aggregated and De-Identified Information

We may generate aggregated or de-identified information from personal information for lawful business purposes. Such information does not identify individuals and is not treated as personal information under this Privacy Notice.

Use of Artificial Intelligence and Automated Tools

We may use artificial intelligence, machine learning or other automated tools, including those provided by third-party service providers or developed internally, to support the purposes described above.

Where such technologies involve the processing of personal information, we implement appropriate safeguards consistent with this Privacy Notice and applicable law.

Security of Personal Information

We implement appropriate technical, organisational and administrative safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

Access to personal information is restricted to employees, contractors, service providers and other authorised parties who require such access for legitimate business purposes. Such individuals are required to process personal information in accordance with our instructions and are subject to confidentiality and security obligations.

We maintain incident response procedures to address suspected personal data breaches. Where required under applicable law, we will notify affected individuals and/or relevant regulatory authorities in accordance with our legal obligations.

While we take reasonable measures to safeguard personal information, no system can be guaranteed to be completely secure.

Retention and Deletion of Personal Information

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying legal, regulatory, accounting or reporting obligations, resolving disputes, and enforcing our agreements.

In determining appropriate retention periods, we consider factors such as:

The nature, scope and sensitivity of the personal information;
The potential risk of harm from unauthorised use or disclosure;
The purposes for which we process the information and whether those purposes can be achieved through other means; and
Applicable legal and regulatory requirements.

For example, we may retain certain information for the duration of an account relationship, to comply with tax and financial recordkeeping obligations, to administer contractual commitments, or to protect and defend our legal rights.

At the end of the applicable retention period, personal information is securely deleted or anonymised, unless retention is required or permitted by law. In certain circumstances, deletion may not be immediately feasible, such as where data is stored in secure backup systems or archival media. In such cases, we implement appropriate safeguards to restrict access and prevent further processing until deletion can occur.

Where personal information is anonymised so that it can no longer be associated with an identifiable individual, we may use such information for lawful business purposes.

Data Sharing and Disclosure

We may share personal information with third parties where necessary for the purposes described in this Privacy Notice under section titled “Purposes of Processing”, subject to appropriate safeguards and organisational measures.

Affiliates and Group Companies

We may share personal information with our subsidiaries, branch offices, parent entity and other affiliated companies within the Nucleus group for legitimate business purposes, including:

Supporting the provision of products and services;
Internal reporting and corporate governance;
System administration, hosting and technical support;
Business restructuring or reorganisation activities;
Carrying out the purposes described under the section “Purposes of Processing.”

All group entities are required to handle personal information in accordance with applicable data protection laws and internal security standards.

Service providers and Business Partners

We engage trusted third-party service providers and partners to support our operations. These may include providers of:

IT infrastructure, cloud hosting and system maintenance;
Website(s) analytics and performance monitoring;
Marketing automation and communication services;
Data enrichment and business intelligence services;
Fraud detection and security services;
Payment processing;
Event management and collaboration platforms;
Accounting, auditing and reporting services; and
Advertising and related services, where applicable.

These service providers process personal information on our behalf and are contractually required to:

Implement appropriate security measures;
Process personal information only for specified purposes; and
Comply with applicable data protection laws.

We do not permit our service providers to use personal information for their own independent purposes unless they act as separate data controllers and provide appropriate notice.

Professional Advisers

We may disclose personal information to auditors, accountants, legal counsel and other professional advisers where necessary for compliance, risk management, corporate governance or the establishment, exercise or defence of legal claims.

Corporate Transactions and Financial Counterparties

Personal information may be disclosed in connection with actual or potential mergers, acquisitions, restructurings, divestitures, financing arrangements or other corporate transactions. This may include sharing information with:

Investors and potential investors;
Buyers or successors;
Financial institutions;
Insurers; and
Other relevant counterparties.

Such disclosures will be subject to appropriate confidentiality arrangements.

Legal and Regulatory Authorities

We may disclose personal information to courts, regulators, law enforcement authorities or other governmental bodies where required by law, regulation, legal process or enforceable governmental request, or where necessary to protect the rights, intellectual property or safety of Nucleus, our stakeholders or others.

Third parties at Your Decision

We may share personal information with other parties where you have instructed us to do so or provided your consent.

Cross-Border Data Transfers

Given the global nature of our operations, personal information may be transferred to, stored in or accessed from countries outside your country of residence, including jurisdictions where Nucleus or its service providers operate.

Where personal information is transferred internationally, we implement appropriate safeguards in accordance with applicable data protection laws. Depending on the jurisdiction, such safeguards may include:

Standard contractual clauses approved by relevant regulatory authorities;
Intra-group data transfer agreements;
Reliance on “Adequacy” status issued by competent authorities; or
Other lawful transfer mechanisms recognised under applicable law(s).

We take reasonable steps to ensure that personal information transferred across borders remains protected in accordance with this Privacy Notice.

Your Privacy Rights

Depending on your location and the data protection laws applicable to you, you may have certain rights in relation to your personal information, subject to conditions, limitations and exceptions.

We describe these rights in general terms below. When you submit a request, we will assess it in accordance with applicable legal requirements and inform you if any limitation or exemption applies.

Right of Access

You may have the right to request confirmation of whether we process personal information about you. And, where we do process your personal information, you have the right to obtain access, or a copy of, such personal information.

Right to Rectification

You may have the right to request correction or completion of inaccurate personal information or incomplete information that we hold about you, respectively. We encourage you to keep your information up to date and inform us of any changes required.

Right to Erasure

In certain circumstances, you may request that we delete your personal information. We are obliged to execute the request subject to applicable laws and regulatory requirements.

Right to Restrict or Object to Processing

You may have the right, in certain circumstances, to request restriction of processing or object to specific types of processing based on legitimate interests of Nucleus.

Right to Data Portability

Where applicable, you may have the right to receive your personal information that was provided to us in a structured, commonly used and machine-readable format, or request to transmit to another controller where technically feasible.

Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing, you may withdraw that consent any time. Withdrawal will not affect the lawfulness of processing executed prior to the withdrawal request.

Right to Lodge a Complaint

You may have the right to lodge a complaint with a competent data protection authority or supervisory authority in your jurisdiction if you believe your rights have been violated.

Exercising Your Rights

To exercise any applicable rights, please contact us using the details provided in the “Contact Us” section below. Your request should specify:

The right you wish to exercise;
The personal information to which your request relates;
Your jurisdiction of residence; and
Any additional details that may help us process your request.

We may request additional information to verify your identity before responding to your request. We will respond within the timeframe required under applicable law.

Changes to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, legal/ regulatory requirements or business operations.

The updated version will be posted on our website(s) with a revised “Last Updated” date. Where required under applicable law, we will take appropriate steps to notify you of any material changes.

We encourage you to read this Privacy Notice periodically to remain informed about how we protect your personal information.

Contact Details

If You have any questions regarding this Privacy Notice, or Nucleus’ privacy practices, you may contact us at:

Email: DPO@nucleussoftware.com

Postal Address: Nucleus Software Exports Limited, A-39, Sector-62, Noida, Uttar Pradesh – 201307, India.

Our Platforms

Compare Versions

FinnOne Neo® CAS

FinnOne Neo® LMS

FinnOne Neo® Collections

FinnAxia® FSCM

FinnAxia® Global Receivables

Our Products

Corporate Lending

Retail Lending

Islamic Finance

Automotive Lending

Integrated Transaction Banking Suite – FinnAxia®

FinnOne Neo® mFin

Payse®

Explore more

Privacy Notice