Indiconnect’s Privacy Policy

1. INTRODUCTION:

Welcome to Indiconnect Paytech Pvt. Ltd.’s Privacy Policy. Indiconnect, having its registered office at Fl. No. 2, Pl. No. 61, Mangal Murti Apartment, Basayye Nagar, Aurangabad, MH 431001 and Corporate Office at Office No. 307, Tower 2, World Trade Center, Kharadi, Pune-411014, Maharashtra, India (“Indiconnect”, “We”, “Us”, “Our”), operates websites, mobile applications, APIs, and platforms (collectively referred to as the “Platform” or “Services”) and is engaged in the business of financial technology services, including but not limited to payment processing, API integrations, banking solutions, and allied services.

The term “User”, “You”, or “Your” means any individual, merchant, partner, or entity that accesses, uses, or interacts with our Platform.

At Indiconnect, we are committed to safeguarding your personal, financial, and transactional information in strict compliance with applicable laws and regulations.

This Privacy Policy outlines how we collect, process, store, use, disclose, and protect your information when you engage with our Services.

This document is an electronic record under:

1. Information Technology Act, 2000,
2. Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011,
3. Digital Personal Data Protection Act, 2023 (DPDPA),
4. RBI directions, UIDAI circulars, and CERT-In guidelines.

This electronic record is generated by a computer system and does not require physical or digital signatures.

By accessing or using our Services, you agree to this Privacy Policy and expressly consent to our collection, use, storage, processing, transfer, and disclosure of your personal and financial information as described herein.

2. BACKGROUND:

This Privacy Policy applies to all individuals and entities who:

1. Access or use our Services,
2. Provide personal, financial, or regulatory data during registration, KYC, or transactions,
3. Interact with us as merchants, partners, or affiliates.

Our Platform may include links to third-party websites or applications (“Third-Party Services”). Clicking on those links may allow third parties to collect data about you. We do not control and are not responsible for their privacy statements. You are encouraged to review the privacy policies of such third-party providers.

We are not responsible for privacy practices or failures of banks, NBFCs, UIDAI, or other third parties once data is lawfully shared with them.

3. YOUR INFORMATION BELONGS TO YOU:

We carefully assess the type of data we require to provide Services. We collect only what is strictly necessary and retain it only as long as required by law or business need. Where possible, we anonymize or delete data that is no longer relevant.

We firmly believe your information belongs to you, and our guiding principle is that data must be used for your benefit, in compliance with applicable regulations.

4. COLLECTION OF PERSONAL INFORMATION:

We may collect and process the following categories of data:

1. Information You Provide Directly
   1. Name, date of birth, gender, nationality;
   2. Contact information (email, phone, address, geolocation);
   3. KYC documents (Aadhaar (VID/masked), PAN, passport, driving license, voter ID);
   4. Bank account details, IFSC, UPI handles, masked card details;
   5. Authentication information: OTP, password, PIN, biometric identifiers (where permitted);
   6. Communications with our support team (emails, chats, calls).
2. Information Collected Automatically
1. Device identifiers (IMEI, UDID, MAC ID), IP address, operating system, browser type, version;
2. API calls, login timestamps, transaction logs;
3. Cookies, trackers, analytics, and log data.
3. Information from Third Parties
1. Data from regulated entities such as banks, NBFCs, UIDAI, or DigiLocker;
2. Verification results from KYC vendors, credit bureaus, or regulators;
3. Merchant/partner-provided data for lawful integration.
4. Sensitive Personal Data (SPDI)
1. Financial account information, payment credentials, transactional history,
2. Authentication credentials and biometric information (if applicable). We may also generate aggregated or anonymized data for analytics and risk monitoring.

5. HOW DO WE COLLECT PERSONAL DATA?

1. Direct Interactions – When you register, transact, integrate APIs, or contact support.
2. Automated Means – Through cookies, SDKs, trackers, analytics, and system logs.
3. Third Parties – Through regulated partners, government systems, and service providers.

6. WHAT IF YOU REFUSE TO SHARE YOUR INFORMATION?

Where information is legally required (e.g., for KYC or RBI-mandated reporting) and you fail to provide it, we may be unable to provide or continue Services. Your access may be limited, suspended, or terminated.

7. HOW DO WE USE YOUR PERSONAL INFORMATION?

We process your personal data strictly for lawful and necessary purposes, including:

1. To provide and operate Services, including payment initiation, settlement, and reconciliation;
2. To conduct KYC, AML, and CDD checks as required by RBI, FIU-IND, and other regulators;
3. To detect, prevent, and investigate fraud, suspicious activity, or cybersecurity threats;
4. To comply with legal and regulatory obligations;
5. To personalize user experience and enhance platform performance;
6. To communicate transactional updates, alerts, and Service changes;
7. For audit, analytics, reporting, and governance;
8. For limited marketing and promotional communication, only with your consent.

We may disclose data without prior consent if required by:

1. Law, regulators, or judicial authorities,
2. Fraud prevention, security incidents, or risk mitigation,
3. Corporate restructuring such as mergers or acquisitions.

You are solely responsible for safeguarding login credentials, OTPs, and device access. Loss from negligence or phishing is not attributable to Indiconnect.

8. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION:

Subject to law, you may exercise the following rights:

1. Access: Request a copy of personal data we hold.
2. Correction: Rectify inaccurate or incomplete data.
3. Erasure: Request deletion (subject to regulatory retention).
4. Restriction: Limit processing in certain circumstances.
5. Objection: Opt-out of marketing or profiling.
6. Portability: Request structured data transfer where applicable.
7. Withdraw Consent: At any time, without affecting past lawful use.

You may also lodge a complaint with the Data Protection Board of India (once constituted) or other regulators.

9. HOW WE PROTECT YOUR INFORMATION:

Indiconnect implements robust technical, organizational, and procedural safeguards, including:

1. Encryption : AES-256 at rest, SSL/TLS during transmission;
2. Tokenization: For card/payment credentials;
3. Access Controls: Role-based and multi-factor authentication;
4. Audit & Monitoring: Regular VAPT, cybersecurity audits, log retention as per CERT-In;
5. Data Localization: Storage of regulated financial data strictly within India in compliance with RBI’s mandate;
6. Incident Response: CERT-In aligned breach detection and 6-hour reporting protocol.

We work tirelessly to secure your data but disclaim liability for breaches caused by force majeure, third-party negligence, or sophisticated attacks outside our control.

10. WHAT CHOICES DO YOU HAVE?

1. You may refuse cookies or opt out of promotional communication.
2. You may request deletion of your account, subject to statutory requirements.
3. Some features may be limited if you refuse mandatory data.

11. COOKIES:

Our Platform uses cookies, SDKs, and similar technologies for:

1. Session authentication,
2. Risk and fraud detection,
3. Analytics and performance improvement,
4. Personalization.

You may disable cookies in browser/device settings, though certain Services may be affected.

12. ARE CHILDREN ALLOWED TO USE INDICONNECT SERVICES?

Users must be at least 18 years of age. If we discover personal data of minors collected without consent, it will be deleted. Parents/guardians bear responsibility for minors’ use of Services.

13. HOW LONG DO WE RETAIN YOUR INFORMATION?

We retain data:

1. For as long as necessary to provide Services;
2. As mandated under RBI and financial record-keeping norms (5–8 years);
3. For fraud detection, audits, and legal obligations.

Once no longer required, data is securely deleted or anonymized.

Even after a deletion request, certain data may be retained as per RBI and regulatory mandates.

14. CHANGES OR UPDATES TO THE PRIVACY POLICY:

We may revise this Policy periodically to reflect regulatory, technological, or operational changes. Updates will be published on our website and, where material, notified to you by email or other means. Continued use after changes signifies acceptance.

15. ADVERTISING:

1. We do not sell user data for profit.
2. Promotional communications are sent only with explicit consent.
3. Third-party advertisers may collect limited interaction data if you engage with their content. Indiconnect is not responsible for their privacy practices.

16. GOVERNING LAW AND JURISDICTION:

This Privacy Policy shall be governed by the laws of India. Disputes arising hereunder shall be subject to the exclusive jurisdiction of the courts in Pune, Maharashtra.

GRIEVANCE OFFICER
Email: grievance@indiconnect.in
Address: Corporate Office at Office No. 307, Tower 2, World Trade Center, Kharadi, Pune-411014, Maharashtra, India 

HOW CAN YOU REACH US?

For queries, requests, or complaints regarding personal data, please contact:

Indiconnect Paytech Pvt. Ltd.
Corporate Office at Office No. 307, Tower 2, World Trade Center, Kharadi, Pune-411014, Maharashtra, India
Attention to:
Email: support@indiconnect.in