Privacy Policy

Effective date: March 20, 2026

This Privacy Policy explains how GFin, the mobile banking application of Gerab Financials Limited (“GFL”, “we”, “us”, or “our”), collects, uses, stores, and shares information when you use the app.

By using the app, you agree to this Privacy Policy.

1. Who We Are

GFin is a mobile banking application provided for customers of Gerab Financials Limited.

Organization: Gerab Financials Limited
Simtokha, Namgyal Khangzang
P.O. Box 1444
Thimphu, Bhutan

Website: https://www.gfl.bt/
Email: kencho.tshering@gfl.bt

2. Information We Collect

Depending on how you use the app, we may collect and process the following categories of information:

A. Account and Identity Information

  • Full name
  • CID or other customer identification details
  • Date of birth
  • Gender
  • Nationality
  • Mobile number
  • Email address
  • Address and profile details
  • Customer profile, KYC status, and onboarding details

This information may be provided directly by you, retrieved from connected identity verification flows such as Bhutan NDI, or returned by our banking backend when your account is created or accessed.

B. Banking and Transaction Information

  • Account numbers and account details
  • Account balances
  • Transfer, payment, deposit, withdrawal, and loan-related information
  • Mini statements, statements, transaction history, and transaction references
  • Beneficiary information you add in the app
  • Notification preferences

C. Device and Technical Information

  • App version and build number
  • Device identifier
  • Device model, manufacturer, operating system version, and platform
  • Login timestamps and device verification information
  • Network and app diagnostic information reasonably required to operate the service

D. Locally Stored Information

The app may store certain information on your device, including:

  • Last used customer identifier or display name
  • App state and preferences
  • Notification-related preferences
  • Biometric login settings
  • Credentials saved by you for biometric-assisted login, if you enable that feature

E. Information Collected Through Permissions

The app may request access to the following device features:

  • Camera: to scan QR codes, capture KYC or identity images, and support related onboarding or banking flows
  • Photos / media: to choose images from the gallery and save QR code images to your device
  • Contacts: to let you pick a phone number from your contacts for supported flows such as recharge or similar convenience features
  • Location: to support location-enabled transaction or service flows if you choose to allow it
  • Biometrics: to allow login or re-authentication using fingerprint, face authentication, or similar device-supported biometric methods
  • Notifications: to deliver push notifications about account activity, alerts, and service messages

Biometric matching is handled by your device operating system. We do not receive or store your fingerprint, face template, or other raw biometric template from your device.

3. How We Use Information

We use information to:

  • create, verify, and manage your customer account
  • authenticate you and keep your account secure
  • process banking transactions and service requests
  • provide statements, balances, transaction history, and account services
  • support KYC, identity verification, fraud prevention, and compliance obligations
  • register your device and manage secure session controls
  • send push notifications and service communications
  • improve app reliability, security, and performance
  • respond to support requests and resolve issues

We process information where necessary to:

  • provide the banking services you request
  • comply with legal and regulatory obligations
  • protect the security and integrity of customer accounts, systems, and transactions
  • support our legitimate operational interests in maintaining and improving the app
  • act on your consent where a permission or optional feature depends on your approval

5. When We Share Information

We may share information:

  • with GFL systems, staff, and authorized service providers who support app operation, security, notifications, hosting, analytics, identity verification, or customer support
  • with banking, payment, compliance, audit, law enforcement, or regulatory authorities where required by law or valid legal process
  • with connected identity verification or notification infrastructure needed to complete services you use
  • as part of a business restructuring, merger, transfer, or legal reorganization involving GFL, subject to applicable law

We do not sell your personal information.

6. Third-Party Services and Infrastructure

The app may rely on third-party or connected services, including:

  • Firebase services for push notifications
  • Bhutan NDI or related identity verification flows
  • mobile operating system services for biometrics, notifications, and permission handling

Your use of those services may also be subject to the privacy terms of the relevant provider.

7. Data Retention

We retain information for as long as reasonably necessary to:

  • provide the app and requested banking services
  • maintain security, audit, and operational records
  • comply with legal, regulatory, tax, risk-management, and recordkeeping obligations
  • resolve disputes and enforce agreements

Retention periods may vary depending on the type of data and legal requirements.

8. Security

We use reasonable administrative, technical, and organizational measures to protect information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

You are responsible for keeping your device, login credentials, PIN, password, and any biometric-enabled access under your control.

9. Your Choices

You may:

  • decline optional permissions, although some features may not work properly
  • disable biometric login in the app
  • control notification permissions in your device settings
  • contact GFL to request updates or assistance regarding your account information, subject to applicable law and verification requirements

If you uninstall the app, some information already held in GFL systems may still be retained where required for banking, security, or legal purposes.

10. Children

The app is not intended for use by persons who are not legally eligible to use the underlying banking services. If you believe information has been provided unlawfully or in error, contact GFL.

11. International and Cross-System Processing

Information may be processed through systems, service providers, or infrastructure used to operate the app and related banking services. Where applicable, GFL will take reasonable steps to ensure appropriate protection of personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will become effective when published or otherwise communicated through the app, website, or other official channels.

13. Contact Us

If you have questions about this Privacy Policy or your information, contact:

Gerab Financials Limited
Simtokha, Namgyal Khangzang
P.O. Box 1444
Thimphu, Bhutan
Website: https://www.gfl.bt/
Email: kencho.tshering@gfl.bt

Close Search Window