Privacy Policy

1. Introduction

AffluentPay Technologies Private Limited ("AffluentPay," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial services platform, including bill payments, bus booking, gift cards, and e-commerce marketplace services.

This Privacy Policy is designed to comply with:

• The Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• The Reserve Bank of India (RBI) guidelines on data protection and cybersecurity
• The Personal Data Protection Bill (when enacted)
• Payment and Settlement Systems Act, 2007
• Prevention of Money Laundering Act, 2002 (PMLA)

2. Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

Identity Information:

• Full name, date of birth, gender
• Government-issued identification numbers (Aadhaar, PAN, Voter ID, Passport, Driving License)
• Photographs and signature

Contact Information:

• Mobile number, email address
• Residential and correspondence addresses
• Emergency contact details

Financial Information:

• Bank account details, IFSC codes
• Credit/debit card information
• Transaction history and payment patterns
• Income and employment details
• Credit score and financial standing

Technical Information:

• Device information (IMEI, device ID, operating system)
• IP address, browser type, and version
• Location data (with consent)
• App usage patterns and preferences

2.2 Sensitive Personal Information

As defined under IT Rules 2011, we collect:

• Financial information and payment instrument details
• Biometric information (where applicable)
• Medical records (for insurance-related services)
• Sexual orientation (where relevant for certain services)

2.3 Information Collection Methods

• Direct collection during registration and service usage
• Automatic collection through cookies and tracking technologies
• Third-party sources (credit bureaus, KYC agencies, partners)
• Public records and databases

3. Purpose of Data Collection and Processing

We process your personal information for the following purposes:

3.1 Service Provision

• Account creation and management
• Processing transactions and payments
• Providing customer support
• Service personalization and improvement

3.2 Legal and Regulatory Compliance

• Know Your Customer (KYC) verification
• Anti-Money Laundering (AML) compliance
• Compliance with RBI guidelines
• Tax reporting and compliance
• Fraud prevention and detection

3.3 Business Operations

• Risk assessment and management
• Marketing and promotional activities (with consent)
• Analytics and business intelligence
• Product development and enhancement

4. Legal Basis for Processing

We process your personal information based on:

• Consent: For marketing communications and optional services
• Contract: For service delivery and transaction processing
• Legal Obligation: For KYC, AML, and regulatory compliance
• Legitimate Interest: For fraud prevention and business operations

5. Data Sharing and Disclosure

5.1 Authorized Sharing

We may share your information with:

Financial Partners:

• Banks and financial institutions
• Payment processors and gateways
• Credit bureaus and rating agencies
• Insurance companies

Service Providers:

• Technology service providers
• KYC and verification agencies
• Customer support providers
• Marketing and analytics partners

Regulatory Bodies:

• Reserve Bank of India (RBI)
• Income Tax Department
• Financial Intelligence Unit (FIU)
• Securities and Exchange Board of India (SEBI)
• Any other statutory or regulatory authority

5.2 Legal Disclosures

We may disclose information when required by:

• Court orders or legal processes
• Law enforcement agencies
• Regulatory investigations
• National security requirements

5.3 Data Localization

In compliance with RBI guidelines, all payment system data is stored within India. Critical personal financial data is not transferred outside India without explicit consent and regulatory approval.

6. Data Security Measures

6.1 Technical Safeguards

• End-to-end encryption for all transactions
• Multi-factor authentication
• Regular security assessments and penetration testing
• Secure data centers with ISO 27001 certification
• Regular backup and disaster recovery procedures

6.2 Administrative Safeguards

• Access controls and role-based permissions
• Regular employee training on data protection
• Confidentiality agreements with all personnel
• Incident response procedures
• Regular compliance audits

6.3 Physical Safeguards

• Secured office premises with access controls
• Surveillance systems and security personnel
• Secure disposal of physical documents
• Restricted access to server rooms and data centers

7. Data Retention

7.1 Retention Periods

• Transaction Records: 10 years (as per RBI guidelines)
• KYC Documents: 5 years after account closure
• Marketing Communications: Until consent is withdrawn
• Technical Logs: 6 months for security purposes

7.2 Deletion Procedures

Upon expiry of retention periods, we securely delete or anonymize your personal information using industry-standard methods.

8. Your Rights and Choices

8.1 Access Rights

You have the right to:

• Access your personal information
• Request corrections or updates
• Withdraw consent for marketing communications
• Request data portability (where applicable)

8.2 Complaint Mechanism

If you have concerns about our data practices:

1. Contact our Data Protection Officer
2. File a complaint with the Cyber Crime Cell
3. Approach the appropriate consumer forum

9. Cookies and Tracking Technologies

9.1 Cookie Usage

We use cookies for:

• Session management
• Security and fraud prevention
• Performance optimization
• Marketing and analytics

9.2 Cookie Controls

You can manage cookies through your browser settings. However, disabling cookies may affect service functionality.

10. Third-Party Links and Services

Our platform may contain links to third-party websites or services. We are not responsible for their privacy practices. Please review their privacy policies before providing any information.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors without parental consent.

12. International Data Transfers

Any international data transfers comply with:

• RBI guidelines on data localization
• Adequate safeguards and security measures
• Explicit consent where required
• Regulatory approvals where necessary

13. Updates to Privacy Policy

We may update this Privacy Policy to reflect:

• Changes in laws and regulations
• New service offerings
• Enhanced security measures
• Business requirements

Significant changes will be communicated through:

• Email notifications
• In-app notifications
• Website announcements

14. Grievance Redressal

14.2 External Remedies

• Banking Ombudsman
• Consumer Dispute Redressal Forums
• Cyber Crime Cells
• Appropriate High Courts

15. Compliance Certifications

AffluentPay maintains the following certifications:

• ISO 27001:2013 (Information Security Management)
• ISO 27018:2019 (Cloud Privacy)
• SOC 2 Type II
• PCI DSS Level 1

16. Contact Information