Introduction
This Citizen’s Charter of ScoremeAA outlines the Company’s commitment to ensuring
customer satisfaction by providing clear service standards, non-discrimination, accessibility,
and grievance redressal. It establishes the mutual responsibilities of both the Company and
its customers for a strong customer relationship.
Vision
"Safe and Secure Data Sharing"
ScoremeAA aims to facilitate the safe and secure sharing of data using the account aggregator
framework.
Mission – Scoreme Account Aggregator (AA) Responsibility
-
100% Data Ownership: Customers have complete control of their data, shared only
with consent.
-
Easy Consent Management: Manage consent easily with the ability to approve, reject,
pause, or revoke consent.
-
Top-Notch Security: Ensures high security with data encryption and protection.
-
Paperless Process: Hassle-free, digital data sharing without paperwork.
-
Real-Time Sharing: Instant data sharing for fast access.
-
User-Friendly: A simple and intuitive interface for all user levels.
Data Security Responsibilities
ScoremeAA adheres to the highest standards of data security to protect customer information
while facilitating data sharing through the Account Aggregator (AA) framework. The following
key responsibilities ensure that customer data is handled securely and in compliance with
RBI's Master Directions:
-
Compliance with Applicable :
All data sharing within ScoremeAA occurs strictly based on customer consent.
Customers retain full control over their data and can determine how and with whom
their financial information is shared. Consent workflows are designed in accordance
with AA Master Directions, ensuring transparency and ease of management.
-
Consent-Based Data Sharing:
ScoremeAA ensures that the account aggregator services are delivered in strict
compliance with applicable laws, including the AA Master Directions, as mandated by
the Reserve Bank of India (RBI). These directions outline how data can be shared,
ensuring that customer rights and data security are preserved.
-
No Financial Transactions:
ScoremeAA provides a platform solely for data sharing and does not facilitate or
support financial transactions. The company's role is limited to acting as an
intermediary between Financial Information Providers (FIPs) and Financial
Information Users (FIUs).
-
Restricted Use of Financial Information:
Financial information shared by customers are only used for the purposes expressly
agreed upon by them. ScoremeAA does not sell, disseminate, or use this information
in any manner that deviates from applicable laws or in ways that could harm
customers.
-
No Credential Storage:
To protect customer privacy, ScoremeAA does not request, collect, or store sensitive
credentials such as passwords, PINs, or private keys. These credentials are critical for
authenticating the user to the Financial Information Provider (FIP), and the company
ensures that these remain private and secure with the customer.
-
No Financial Data Storage:
ScoremeAA does not store any financial information of the user accessed through the
Financial Information Provider (FIP). Once data is shared and consented to by the
customer, the information is passed directly to the Financial Information User (FIU)
without ScoremeAA retaining it, ensuring data minimization and security.
Objective
The core objective of this Charter is to outline the services, responsibilities, and commitments
of ScoremeAA in its account aggregation business. It seeks to provide transparency regarding
the company's role, safeguard customer rights, and promote a healthy relationship between
the company and its customers.
By detailing the specific obligations of both parties, ScoremeAA ensures customers are well-
informed about the secure and consent-based nature of data sharing on its platform. It also
establishes clear boundaries for the company's services, focusing on protecting customer data
while simplifying financial data management.
Disclaimer and Application of Charter
This Charter serves as a guiding document for ScoremeAA’s service delivery, outlining the
principles the company adheres to in providing its account aggregation services. It is
important to note that:
-
Non-Justiciable Nature: The Citizen’s Charter is not legally enforceable and does not
create any legally binding rights or obligations. It is intended as a statement of service
standards and does not act as a legal contract between the customer and ScoremeAA.
-
Alignment with RBI’s Master Directions: The commitments made in this Charter are
subject to compliance with RBI’s Master Directions and other applicable guidelines.
Where any conflict arises between this Charter and the latest RBI instructions, the RBI’s
instructions is to take precedence.
Relevant Definitions
For clarity and consistent understanding, the following terms used in this Charter are defined
according to the RBI Master Directions:
-
Customer: A person who has entered into a formal arrangement with ScoremeAA to
avail of its account aggregation services.
-
Financial Information: As defined in Section 3(ix) of the Master Directions, this refers
to any information pertaining to a customer’s financial history, records, or
transactions.
-
Financial Information Provider (FIP): An entity that holds or maintains customer
financial information, as defined under Section 3(xi) of the Master Directions.
-
Financial Information User (FIU): An entity that receives or requests financial
information from an FIP, with the customer’s consent, as defined in Section 3(xii) of
the Master Directions.
Our Services
ScoremeAA offers a platform where customers can aggregate and manage their financial
data. The key services include:
-
Data Aggregation Dashboard:
Customers can access a unified dashboard that provides a holistic view of all their
financial data in one place. This simplifies financial management and allows users to
stay informed about their financial standing across various institutions.
-
Real-Time Data Sharing:
The platform facilitates real-time data sharing between Financial Information
Providers (FIPs) and Financial Information Users (FIUs), ensuring that information is
always up-to-date and accurate. Data sharing is done strictly based on customer
consent.
-
Consent-Based Access:
The entire data-sharing process is driven by customer consent. Users can provide
explicit consent for each instance of data sharing and can also view, manage, and
revoke consents at any time, ensuring full control over their financial information.
-
Consent Management and Revocability:
Customers have access to records of all consents they provide and can revoke those
consents at any time. Revocations are applied immediately, ensuring that no data is
shared post-revocation. Consent records are retained for a period of three years from
the date of expiry, allowing customers to track their data sharing history, until the
account has been deleted by the customer.
Data Security
ScoremeAA has implemented robust IT security frameworks to ensure that data flows
securely between Financial Information Providers (FIPs), the ScoremeAA system, and
Financial Information Users (FIUs). The key measures include:
-
Security Safeguards:
ScoremeAA deploys advanced security mechanisms to safeguard against unauthorized
access, alteration, destruction, or disclosure of financial data. This includes encryption
of data during transit and at rest, ensuring that customer information is always
protected.
-
Disaster Risk Management (DRM) and Business Continuity:
Adequate provisions have been made to address any potential system failures or
breaches. ScoremeAA has established a Disaster Recovery Plan (DRP) and a Business
Continuity Plan (BCP) to ensure uninterrupted services in case of unforeseen events.
-
Information System Audits:
Regular audits are conducted by CISA-certified external auditors to review and assess
the security of ScoremeAA’s internal systems. These audits occur at least once every
two years. Audit reports are submitted to the Regional Office of the Department of
Supervision of RBI within one month of their completion.
Our Key Commitments and Responsibilities
ScoremeAA makes the following commitments to its customers:
-
Compliance with AA Master Directions:
ScoremeAA’s services are provided in compliance with RBI’s AA Master Directions,
ensuring full legal and regulatory compliance in all data-sharing activities.
-
Secure Consent-Based Sharing:
The company does not support unauthorized transactions. Data is to be only shared
with FIUs based on customer consent.
-
No Sale or Misuse of Data:
ScoremeAA assures that customer financial information is not to be sold,
disseminated, or used for any purpose other than what has been consented to by the
customer. No deviations from applicable laws shall be tolerated, and customer privacy
is to be respected at all times.
-
No Credential or Financial Data Storage:
The company does not store customer credentials (e.g., passwords, PINs) or financial
data obtained from FIPs, further ensuring data security and privacy.
Rights of customers
Customers using ScoremeAA services have the following rights:
-
Consent for Data Sharing:
Customers must provide explicit consent for any sharing of financial data, including the
purpose and duration for which the information is to be shared.
-
Full Consent Control:
Customers have the right to approve, reject, pause, or revoke consent at any time.
Additionally, they can track their consent history for full transparency.
-
Access to Consent Records:
Customers can access a record of consents provided, including any revocations, for a
period of three years from the expiry of the consent, ensuring transparency and
control.
Customer Obligations
Customers are required to carefully read and understand all the terms and conditions
associated with the services provided by ScoremeAA. This includes being aware of any
potential fees or liabilities that may apply.
Process & Availability of Citizen Charter
The Citizen's Charter is publicly available on the company’s website. Customers can request a
copy by contacting ScoremeAA.
Grievance Policy and Mechanism
ScoremeAA has established a comprehensive Grievance Redressal Policy to address customer
complaints and grievances in a timely and efficient manner. If customers have any concerns
or suggestions, they can reach out via the following contact:
-
Email: grievances@scoremeaa.com
All grievances are to be handled with the highest priority, ensuring quick resolution to
enhance customer satisfaction.
Policy Governance
Below are the details of the roles and responsibilities related to the governance of this policy:
-
Responsible Sumeet Aggarwal
Violations of this policy has to lead to disciplinary action, which could include termination of
employment in severe cases, as per the Code of Conduct.
Policy Review & Revision
This Citizen's Charter is to be reviewed and updated annually or as required by ScoremeAA’s
Board of Directors to ensure it remains effective and aligned with the company’s mission and
regulatory obligations.
