Freebird Loan Management

Built in India · Available worldwide

Compliance Statement

Last Updated: September 03, 2025 · This Compliance Statement outlines Freebird Loan Management's commitment to regulatory compliance, data protection laws, and financial industry standards.

Contents

1. Compliance Overview

Freebird Loan Management is committed to maintaining the highest standards of compliance with applicable laws, regulations, and industry standards. As a financial technology company handling sensitive loan data, we understand the critical importance of regulatory compliance and data protection.

🏛️ Our Compliance Commitment: We maintain comprehensive compliance programs that meet or exceed regulatory requirements across all jurisdictions where we operate. Our compliance framework is regularly updated to reflect changes in laws and regulations.

Key Compliance Areas

Data Protection

GDPR, CCPA, and other privacy regulations

Active

Financial Services

Banking and lending regulations

Active

Security Standards

ISO 27001, SOC 2, PCI DSS

Certified

International Trade

Cross-border data transfer regulations

Active

2. Data Protection Compliance

GDPR (General Data Protection Regulation)

We are fully compliant with the EU's General Data Protection Regulation, including:

  • Lawful Basis: Clear legal basis for all data processing activities
  • Data Subject Rights: Full support for access, rectification, erasure, and portability rights
  • Privacy by Design: Data protection considerations built into all systems and processes
  • Data Protection Impact Assessments: Regular DPIAs for high-risk processing activities
  • Data Breach Notification: 72-hour notification procedures for data breaches

CCPA (California Consumer Privacy Act)

We comply with California's privacy law, providing:

  • Consumer Rights: Right to know, delete, and opt-out of sale of personal information
  • Transparency: Clear disclosure of data collection and use practices
  • Non-Discrimination: Equal service regardless of privacy choices
  • Authorized Agent: Support for authorized agents acting on behalf of consumers

Other Privacy Laws

  • PIPEDA (Canada): Personal Information Protection and Electronic Documents Act
  • LGPD (Brazil): Lei Geral de Proteção de Dados Pessoais
  • PDPA (Singapore): Personal Data Protection Act
  • Privacy Act (Australia): Australian Privacy Principles

3. Financial Regulations

Banking Regulations

  • Basel III: International banking supervision standards
  • Dodd-Frank Act: US financial reform and consumer protection
  • MiFID II: EU Markets in Financial Instruments Directive
  • PSD2: EU Payment Services Directive

Anti-Money Laundering (AML)

  • Customer Due Diligence: Comprehensive KYC procedures
  • Transaction Monitoring: Real-time monitoring for suspicious activities
  • Sanctions Screening: Regular screening against sanctions lists
  • Reporting Requirements: Compliance with suspicious activity reporting

Know Your Customer (KYC)

  • Identity Verification: Multi-factor identity verification processes
  • Document Verification: Automated and manual document verification
  • Risk Assessment: Customer risk profiling and monitoring
  • Ongoing Monitoring: Continuous monitoring of customer activities

4. International Standards

ISO Standards

  • ISO 27001: Information Security Management System
  • ISO 27017: Cloud security controls
  • ISO 27018: Cloud privacy protection
  • ISO 22301: Business continuity management

Cloud Security Standards

  • Cloud Security Alliance (CSA): Security guidance for cloud computing
  • FedRAMP: US government cloud security standards
  • Cloud Controls Matrix: Comprehensive cloud security controls

International Data Transfer

  • Standard Contractual Clauses (SCCs): EU-approved data transfer mechanisms
  • Adequacy Decisions: Compliance with adequacy decisions for data transfers
  • Binding Corporate Rules: Internal data protection policies for international transfers

5. Industry Standards

Payment Card Industry (PCI DSS)

  • Level 1 Compliance: Highest level of PCI DSS compliance
  • Secure Payment Processing: Encrypted payment data handling
  • Regular Assessments: Annual PCI DSS assessments and quarterly scans
  • Tokenization: Payment data tokenization for enhanced security

Financial Industry Standards

  • FFIEC Guidelines: Federal Financial Institutions Examination Council standards
  • NIST Cybersecurity Framework: US National Institute of Standards and Technology
  • COBIT: Control Objectives for Information and Related Technologies
  • ITIL: Information Technology Infrastructure Library best practices

Software Development Standards

  • OWASP Top 10: Web application security risks
  • Secure SDLC: Security integrated into software development lifecycle
  • Code Review Standards: Regular security code reviews
  • Penetration Testing: Regular security testing and vulnerability assessments

6. Audit & Monitoring Process

Internal Audits

  • Quarterly Reviews: Regular internal compliance assessments
  • Risk Assessments: Annual risk assessment and mitigation planning
  • Policy Reviews: Regular review and updates of compliance policies
  • Training Programs: Ongoing compliance training for all employees

External Audits

  • Third-Party Audits: Annual independent compliance audits
  • Certification Maintenance: Regular renewal of security certifications
  • Regulatory Examinations: Cooperation with regulatory examinations
  • Penetration Testing: Annual third-party penetration testing

Continuous Monitoring

  • Real-Time Monitoring: 24/7 security and compliance monitoring
  • Automated Alerts: Automated compliance violation detection
  • Regular Reporting: Monthly compliance status reports
  • Incident Response: Rapid response to compliance incidents

7. Compliance Team

Compliance Leadership

  • Chief Compliance Officer: Overall compliance program oversight
  • Data Protection Officer: GDPR and privacy law compliance
  • Security Officer: Information security and risk management
  • Legal Counsel: Regulatory and legal compliance support

Compliance Responsibilities

  • Policy Development: Creating and maintaining compliance policies
  • Training & Awareness: Employee compliance training programs
  • Monitoring & Testing: Regular compliance monitoring and testing
  • Incident Response: Managing compliance incidents and violations

👥 Our Team: Our compliance team consists of certified professionals with extensive experience in financial services, data protection, and regulatory compliance. We maintain ongoing education and certification to stay current with evolving regulations.

8. Compliance Updates

Regulatory Change Management

  • Monitoring: Continuous monitoring of regulatory changes
  • Impact Assessment: Assessment of regulatory changes on our operations
  • Implementation: Timely implementation of required changes
  • Communication: Regular communication of compliance updates to stakeholders

Policy Updates

  • Regular Reviews: Annual review of all compliance policies
  • Regulatory Alignment: Updates to align with new regulations
  • Stakeholder Input: Input from legal, security, and business teams
  • Version Control: Proper version control and change tracking

📢 Stay Informed: We regularly update our compliance practices to reflect changes in laws and regulations. Significant changes will be communicated through our website and direct notifications to affected users.

9. Contact Us

If you have any questions about our compliance practices or need to report a compliance concern, please contact us:

Compliance Team

Email: compliance@usefreebird.com
Response Time: Within 48 hours
Business Hours: Monday-Friday, 9 AM - 6 PM IST

Data Protection Officer

Email: dpo@usefreebird.com
Purpose: GDPR and privacy-related inquiries

Legal Team

Email: legal@usefreebird.com
Purpose: Legal and regulatory compliance questions

Owner: Chandra Hassan
Email: chandu@usefreebird.com
Built in India · Available worldwide