Indiconnect’s Privacy Policy

Simplifying Payment Collections for Your Business.

Last Updated: 11/06/2026
  1. INTRODUCTION:
  2. Welcome to Indiconnect Paytech Pvt. Ltd.'s Privacy Policy. Indiconnect, having its registered office at Fl. No. 2, Pl. No. 61, Mangal Murti Apartment, Basayye Nagar, Sambhajinagar (Aurangabad), MH 431001 and Corporate Office at Office No. 412, 4th Floor, Tower 2, World Trade Center, Kharadi, Pune-411014, Maharashtra, India ("Indiconnect", "We", "Us", "Our"), operates websites, mobile applications, APIs, and platforms, integrations and technology infrastructure (collectively referred to as the "Platform" or "Services") and is engaged in the business of financial technology services, including but not limited to payment processing, API integrations, merchant solutions, digital onboarding facilitation, banking solutions, verification services and allied technology services.

    For the purpose of this policy, the terms "User", "You", or "Your" means and include any individual, merchant, customer, partner, institution, service provider, developer, or entity accessing, browsing, registering with, integrating with, or otherwise using the Platform or Services in any manner whatsoever.

    Indiconnect acts primarily as a technology service provider and infrastructure facilitator unless expressly stated otherwise. Certain financial, banking, payment, settlement, verification, or regulated services made accessible through the Platform may be offered, operated, processed, or fulfilled by regulated partner banks, financial institutions, payment system providers, regulated entities, or authorized third-party service providers in accordance with applicable laws and regulatory requirements. Indiconnect does not independently operate as a bank or accept public deposits unless specifically authorized under applicable law.

    At Indiconnect, we are committed to safeguarding your personal, financial, and transactional information in strict compliance with applicable laws and regulations.

    This Privacy Policy outlines how we collect, receive, process, store, use, share, transfer, retain, secure, disclose, and protect your information when you engage with our Services.

    This document is an electronic record under:

    1. Information Technology Act, 2000,
    2. Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011,
    3. Digital Personal Data Protection Act, 2023 (DPDPA),
    4. RBI directions, UIDAI circulars, and CERT-In guidelines.
    5. NPCI framework requirements; and
    6. Other applicable laws, regulations, governmental notifications, and industry standards governing privacy, cybersecurity, payment systems, data protection, and financial technology services.

    This electronic record is generated by a computer system and does not require physical, electronic, or digital signatures for validity or enforceability.

    By accessing, browsing, registering with or using the Platform or Services, you agree to this Privacy Policy and expressly consent to our collection, use, storage, processing, transfer, and disclosure of your personal and financial information as described herein.

    Such consent may be obtained through electronic means including but not limited to website access, click-wrap acceptance, API integrations, SDK permissions, digital onboarding flows, electronic communications, OTP verification, account registration, or continued use of the Services.

    You further acknowledge and agree that electronic records, audit trails, system logs, API logs, authentication records, timestamps, device identifiers, IP logs, and other digital evidence maintained by Indiconnect may be relied upon as valid and admissible evidence in any legal, regulatory, or administrative proceedings, subject to applicable law.

  1. BACKGROUND:

This Privacy Policy applies to all individuals and entities who are individuals, merchants, partners, developers, affiliates, customers, and entities who access, use, integrate with, or interact with the Platform or Services, including during onboarding, KYC verification, payment processing, API integration, transactions, support interactions, or allied financial technology services.

Our Platform may include links, APIs, SDKs, or access to third-party websites, applications, banking systems, payment networks, or services ("Third-Party Services"). Such Third-Party Services operate independently and may collect or process information in accordance with their own terms and privacy practices. Clicking on those links may allow third parties to collect data about you. Indiconnect does not own, control or assume responsibility for the privacy, security, availability, or compliance practices of such third parties. Users are advised to review the privacy policies and terms of such third-party providers.

Indiconnect may share information with banks, financial institutions, payment system providers, regulators, service providers, and authorized partners for service delivery, regulatory compliance, fraud prevention, risk management, and legal obligations. Indiconnect shall not be responsible for the independent acts, omissions, security practices, or operational failures of such third parties or infrastructure not directly controlled by Indiconnect.

  1. YOUR INFORMATION BELONGS TO YOU:

We carefully assess the type of information required to provide and improve our Services. We collect only such information as is necessary for lawful business, operational, regulatory, security and compliance purposes and retain it only as long as required by law, regulatory requirements or legitimate business need. Where appropriate, information may be anonymized, archived or securely deleted.

We firmly believe your information should be handled responsibly, transparently and in accordance with applicable data protection, cybersecurity, and financial regulatory requirements.

  1. COLLECTION OF PERSONAL INFORMATION:

We may collect and process the following categories of data:

  1. Information You Provide Directly
    1. Name, date of birth, gender, nationality;
    2. Contact information (email, phone, address, geolocation);
    3. KYC and verification documents (Aadhaar (VID/masked), PAN, passport, driving license, voter ID or other officially valid documents);
    4. Bank account details, IFSC, UPI handles, masked card details;
    5. Authentication information: OTP, password, PIN, biometric identifiers (where permitted);
    6. Communications, queries, feedback or interactions with our support team (emails, chats, calls or other channels).
  2. Information Collected Automatically
    1. Device identifiers (IMEI, UDID, MAC ID), IP address, operating system, browser type, version and network details;
    2. API calls, login timestamps, transaction logs and usage logs;
    3. Cookies, trackers, analytics, and log data.
  3. Information from Third Parties
    1. Information from regulated entities including banks, NBFCs, payment system providers, UIDAI-authorized entities, DigiLocker, or governmental platforms;
    2. Verification results and compliance-related information from KYC vendors, credit bureaus, fraud monitoring agencies or regulators;
    3. Merchant, partner or integration-related information lawfully shared for operational, onboarding, compliance, fraud prevention, or service purposes.
  4. Sensitive Personal Data (SPDI)
    1. Financial account information, payment credentials, transactional history,
    2. Authentication credentials and biometric information (if applicable).

We may also generate, process, or use aggregated, anonymized, de-identified, statistical, analytical, or risk-monitoring data for lawful business, security, fraud prevention, analytics, operational improvement, and regulatory compliance purposes.

  1. HOW DO WE COLLECT PERSONAL DATA?
  1. Direct Interactions – When you register, transact, complete KYC, integrate APIs, use our Services or contact support.
  2. Automated Means – Through cookies, SDKs, trackers, analytics tools, device information and system logs.
  3. Third Parties – Through regulated partners, banks, NBFCs, payment system providers, government systems, KYC agencies and authorised service providers.
  1. WHAT IF YOU REFUSE TO SHARE YOUR INFORMATION?

Where information is legally required under applicable law (e.g., for KYC or RBI-mandated reporting) and you choose not to provide such information, we may be unable to provide or continue or enable certain Services. In such cases, Your access to the Platform or Services may be restricted, limited, suspended, declined or terminated in accordance with applicable laws and internal risk and compliance policies.

  1. HOW DO WE USE YOUR PERSONAL INFORMATION?

We process your personal data strictly for lawful, operational, security, regulatory and necessary business purposes, including:

  1. To provide, maintain, operate and improve the Services, including payment initiation, settlement, reconciliation, onboarding and API integrations;
  2. To conduct KYC, AML, CDD checks, fraud prevention, sanctions screening, risk assessment, and compliance checks as required by RBI, FIU-IND, and other regulators;
  3. To detect, prevent, mitigate and investigate fraud, unauthorised access, suspicious activity, or cybersecurity threats or technical issues;
  4. To comply with legal, contractual, audit, reporting, and enforcement regulatory obligations;
  5. To personalize user experience and enhance platform performance, analytics, monitoring, governance and internal business operations;
  6. To communicate transactional updates, alerts, security notifications, service-related information and support responses;
  7. For audit, analytics, reporting, and governance;
  8. For limited marketing and promotional communication, only with your consent.

We may disclose data without prior consent if required by:

  1. Law, regulators, or judicial authorities,
  2. Fraud prevention, security incidents, investigations, security purposes or risk mitigation,
  3. Corporate restructuring events such as mergers, acquisitions, business transfers or restructuring activities.

You are solely responsible for safeguarding login credentials, OTPs, and device access. Indiconnect shall not be responsible for losses arising from negligence, phishing, social engineering, unauthorized access, credential compromise, or misuse attributable to the User.

  1. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION:

Subject to law, you may exercise the following rights:

  1. Access: Request a copy of personal data we hold.
  2. Correction: Rectify inaccurate or incomplete data.
  3. Erasure: Request deletion (subject to regulatory retention).
  4. Restriction: Limit processing in certain circumstances.
  5. Objection: Opt-out of marketing or profiling.
  6. Portability: Request structured data transfer where applicable.
  7. Withdraw Consent: At any time, without affecting past lawful use.

Indiconnect may retain certain information where required under applicable laws, regulatory directions, contractual obligations, fraud prevention requirements, dispute resolution, or legitimate business purposes.

You may also lodge complaints or grievances with the designated Grievance Officer, the Data Protection Board of India (once constituted), or any other competent regulatory or statutory authority, where applicable.

  1. HOW WE PROTECT YOUR INFORMATION:

Indiconnect implements robust technical, organizational, administrative, and procedural safeguards to protect personal and financial information, including:

  1. Encryption: AES-256 for data at rest, SSL/TLS encryption during transmission;
  2. Tokenization: protection of payment and card-related credentials;
  3. Access Controls: Role-based access restrictions, authentication control and multi-factor authentication;
  4. Audit & Monitoring: Regular VAPT assessments, cybersecurity monitoring, audit logging and log retention as per CERT-In;
  5. Data Localization: Storage of regulated financial and payment-related data strictly within India in compliance with RBI's mandate;
  6. Incident Response: CERT-In aligned breach detection and 6-hour reporting protocol.

While Indiconnect undertakes reasonable security measures to protect information, no method of transmission, storage, or electronic processing is completely secure. Accordingly, Indiconnect does not guarantee absolute security and shall not be liable for breaches, interruptions, unauthorized access, or losses arising from force majeure events, third-party failures, user negligence, cyberattacks, malware, phishing, or circumstances beyond its reasonable control.

  1. WHAT CHOICES DO YOU HAVE?
  1. You may refuse cookies or opt out of promotional communication.
  2. You may request deletion of your account, subject to statutory requirements.
  3. Some features may be limited if you refuse mandatory data.
  1. COOKIES:

Our Platform uses cookies, SDKs, pixels, analytics tools and similar technologies for:

  1. Session authentication,
  2. Risk and fraud detection,
  3. Analytics and performance improvement,
  4. Personalization and user experiment enhancement.

You may disable cookies or modify cookie preferences through your browser or device settings; however, certain features or functionalities of the Services may be affected or unavailable as a result.

  1. ARE CHILDREN ALLOWED TO USE INDICONNECT SERVICES?

The Services are intended only for individuals who are legally competent to contract under applicable laws and are at least 18 years of age. Indiconnect does not knowingly collect personal information from minors without lawful authorization or parental/guardian consent, where required. If any such information is identified, reasonable steps may be taken to delete or restrict such data in accordance with applicable law.

  1. HOW LONG DO WE RETAIN YOUR INFORMATION?

We retain data:

  1. For as long as necessary to provide and operate the Services;
  2. As mandated under RBI and financial record-keeping norms (5–8 years);
  3. For fraud detection, audits, dispute resolution, risk management, cybersecurity monitoring, enforcement, legitimate business purpose and legal obligations.

Once information is no longer required, it may be securely deleted, anonymized, archived, or disposed of in accordance with applicable legal and regulatory requirements. Certain information may continue to be retained notwithstanding account closure or deletion requests where required under applicable law or regulatory mandates.

  1. CHANGES OR UPDATES TO THE PRIVACY POLICY:

Indiconnect may revise or update this Privacy Policy from time to time to reflect changes in applicable laws, regulatory requirements, technology, business operations, security practices, or Services. Updated versions shall be published on the Platform and may, where appropriate, be notified through electronic communication or other reasonable means. Continued access or use of the Services after such updates shall constitute acceptance of the revised Privacy Policy.

  1. ADVERTISING:
  1. We do not sell user data for profit.
  2. Promotional communications are sent only with explicit consent.
  3. Third-party advertisers may collect limited interaction data if you engage with their content. Indiconnect is not responsible for their privacy practices.
  1. GOVERNING LAW AND JURISDICTION:

This Privacy Policy shall be governed by the laws of India. Disputes arising hereunder shall be subject to the exclusive jurisdiction of the courts in Pune, Maharashtra.

  1. CHANGES OR UPDATES TO THE PRIVACY POLICY:

Indiconnect reserves the right to modify, amend, update, or revise this Privacy Policy at any time to reflect changes in applicable laws, regulatory requirements, business operations, technology, security practices, industry standards, or the Services offered by Indiconnect. Any updated version of this Privacy Policy shall be effective immediately upon publication on the Platform unless otherwise specified.

Users are encouraged to periodically review this Privacy Policy to remain informed about how information is collected, processed, used, and protected. Continued access to or use of the Platform or Services after publication of any revised Privacy Policy shall constitute acknowledgment and acceptance of such changes.

GRIEVANCE OFFICER
Email: grievance@indiconnect.in
Address: Corporate Office at Office No. 412, 4th Floor, Tower 2, World Trade Center, Kharadi, Pune-411014, Maharashtra, India

HOW CAN YOU REACH US?

For queries, requests, or complaints regarding personal data, please contact:

Indiconnect Paytech Pvt. Ltd.
Corporate Office at Office No. 412, 4th Floor, Tower 2, World Trade Center, Kharadi, Pune-411014, Maharashtra, India
Email: support@indiconnect.in