Login

Privacy Policy

Paykar India Privacy Policy

Operated by Ingeven Payment Private Limited
Website Address: www.paykarindia.com
Effective Date: [01-08-2025]
Last Updated: [01-08-2025]

1. Introduction & Purpose

Welcome to Paykar India (“Paykar”, “we”, “us”, or “our”), a digital financial services brand owned and operated by Ingeven Payment Private Limited. This Privacy Policy explains how we collect, use, disclose, and protect your information when you:

  • Visit or interact with our website: www.paykarindia.com
  • Use our mobile or web-based platforms to access services such as AEPS (Aadhaar Enabled Payment System), DMT (Domestic Money Transfer), Mobile/DTH Recharge, Bill Payments, Micro ATM, PAN processing, and more.
  • Are an agent, partner, distributor, or merchant working with our platform.

Protecting your privacy is core to our mission of providing secure and trustworthy fintech services across India. We comply with all relevant Indian data protection laws—including the Information Technology Act, 2000, RBI/NPCI/UIDA guidelines, and upcoming regulations such as the Digital Personal Data Protection Act, 2023.

By accessing or using the www.paykarindia.com website or any of our services, you explicitly consent to the collection and processing of your personal data in accordance with this policy.

2. Definitions

  • Personal Data / Personal Identifiable Information (PII): Any information that can identify you directly or indirectly (e.g. name, Aadhaar, PAN, bank account, phone number, email).
  • Sensitive Personal Data (SPDI): Financial details, biometric data, passwords, government-issued identification numbers, and other regulated information.
  • Non‑Personal Data: Aggregated or anonymized data that cannot be linked back to an individual.
  • Controller / Platform: Ingeven Payment Private Limited, operating the brand Paykar India.
  • Services: The digital products offered under Paykar India—AEPS, recharge, bill pay, DMT, Micro ATM, PAN, etc.
  • User / You / Your: Any individual, agent, merchant, partner, or visitor interacting with our services.

3. Information We Collect

A. Personal & Sensitive Data

We collect the following when you register, onboard as an agent, or perform transactions:

  • Full name, date of birth, gender
  • Aadhaar number and biometric fingerprint (for AEPS)
  • PAN number, bank account and IFSC, UPI ID
  • Mobile number, email address, and photo for KYC
  • Government ID documents (e.g. Aadhaar, voter ID, driver license)
  • Transaction history across AEPS, DMT, recharges, bill payments
  • Wallet balances, commissions and adjustment records
  • Login credentials (username/password, device ID, IP address)
  • GPS/location data (when you use our apps or perform device-based services)

B. Technical & Usage Information

Automatically collected when you use our website or mobile app:

  • IP address, browser type, device model, OS
  • App usage logs, page views, click paths
  • Session duration, referral and exit URLs
  • Cookies and identifiers (e.g. tracking, preference cookies)

C. Third‑Party Data

When legally required or with your consent, we may collect:

  • Credit bureau data for fraud risk assessment
  • Verification responses from KYC partners
  • Third-party analytics data (anonymized for insights)

4. How We Use Your Information

We use collected data for legitimate and lawful purposes aligned with the performance of services, compliance, and improvement:

  • Onboarding & KYC: Verifying identity and enabling registration as agent, merchant, or end user.
  • Service Delivery: Processing AEPS withdrawals, money transfers, recharges, bill payments, PAN processing.
  • Commission Management: Tracking agent performance, settlement of commissions, and incentive payouts.
  • Security & Fraud Prevention: Transaction monitoring, anti-fraud alerts, anomaly detection.
  • Communications: Sending SMS/email alerts for transactions, system updates, or support requests.
  • Customer Support & Grievance Redressal: Managing disputes, refund requests, and technical support tickets.
  • Regulatory Compliance: Maintaining records to comply with RBI, UIDAI, NPCI, SEBI, and Income Tax Department requirements.
  • Product Improvement: Analyzing usage patterns, improving user interface, optimizing services.
  • Marketing & Promotions (with consent): Promotional messages, newsletters or offers sent only after user opt‑in.

5. Legal Basis for Processing

A. Contractual Obligation

We process user data to perform services you’ve requested (e.g. money transfer, recharge).

B. Compliance with Legal Obligations

Certain data (e.g. KYC data, transaction logs) are retained to comply with Indian law and regulatory requirements.

C. Consent

We obtain explicit consent before collecting or processing biometric information and for marketing/advertising communications.

D. Legitimate Interests

We may process data to prevent fraud, manage risk, analyze service usage, and conduct internal audits—ensuring we safeguard users and the platform’s integrity.

6. Data Sharing and Disclosure

Paykar India shares your data only when necessary and under tightly controlled circumstances:

A. Regulatory Authorities

  • UIDAI for Aadhaar verification
  • RBI and NPCI for transaction monitoring
  • SEBI, IRDAI, and Income Tax Department as mandated
  • Courts or government agencies under lawful process

B. Payment & Banking Partners

  • Partner banks and NBFCs for settlements
  • Utility billers, telecom and DTH companies for payment processing
  • PAN service providers (e.g. NSDL)

C. Technology and Service Providers

  • Cloud and hosting providers located in India
  • SMS/Email/Notification vendors
  • API/KYC technology service providers

D. Internal Personnel

  • Authorized employees and admins on a strict need‑to‑know basis
  • Access controls and audit logs ensure data access transparency

E. Marketing Agencies (Only with consent)

  • We may share anonymized or pseudonymized data for promotional analytics, but no PII is sold or disclosed without consent.

7. Data Retention Policy

Retention durations are tied to legal requirements and business needs:

  • KYC & AEPS documentation: Minimum 5 years after account deactivation
  • DMT and Recharge Records: Retained for at least 7 years for audit and compliance
  • PAN Applications: Retained as per NSDL or government norms
  • Grievance / Support Logs: Retained up to 5 years
  • App/Web Logs: Retained 6 months to 2 years for analytics
  • Custom Retention Requests: You may request data deletion subject to compliance allowances

After the retention period, data is securely deleted or anonymized.

8. Data Security Measures

We prioritize data protection through robust technical and organizational procedures, including:

  • Encryption: TLS/SSL for data in transit; AES‑256 for data at rest
  • Authentication: Multi‑factor authentication (MFA) for sensitive dashboards
  • Access Control: Role-based permissions with audit trails
  • Penetration Testing: Regular VAPT and security audits by certified vendors
  • Firewall & Network Security: Layered firewalls, intrusion detection systems
  • Secure API Usage: Token-based authentication and secure gateways
  • Physical Security: Secure data center facilities with restricted access
  • Employee Training & NDA: Mandatory security and confidentiality training

We also have incident response protocols to detect, contain, and address breaches promptly.

9. Your Rights as a Data Subject

You have the following rights regarding your data handled by Paykar India:

  1. Right to Access: Request a copy of your personal data stored with us.
  2. Right to Rectify: Ask for corrections if information is inaccurate or incomplete.
  3. Right to Erasure (“Right to be Forgotten”): Request deletion, subject to legal and regulatory constraints.
  4. Right to Restrict Processing: Limit the use of your data under specific conditions.
  5. Right to Object: Object to direct marketing or processing based on legitimate interests.
  6. Right to Data Portability: Receive your data in a structured format or request transfer to another provider.
  7. Right to Withdraw Consent: Withdraw consent at any time for processing based on prior consent.

To exercise any right, you may email privacy@paykarindia.com. We aim to respond within 30 days, as mandated by law.

10. Cookies, Web Beacons & Tracking Technologies

A. Types Used

  • Essential Cookies: Required for login sessions, authentication, and security
  • Performance Cookies: Anonymous tracking to understand usage patterns and site analytics
  • Preference Cookies: Stored user preferences like language, layout
  • Targeting Cookies (only with consent): For delivering promotional messages or ads

B. User Control

You can manage or disable cookies through your browser settings. Disabling certain cookies may impact site functionality or user experience.

C. Third‑Party Tracking

We may use third-party analytics tools (e.g. Google Analytics) which may place their own cookies; these operate under their respective privacy policies.

11. Children’s Privacy

Our services are intended for users aged 18 years and above. We do not knowingly collect personal information from individuals under 18. If you believe your child may have provided us with data, please contact us at privacy@paykarindia.com and we will take steps to delete that data.

12. Data Breach Notification Policy

In the event of a breach involving your personal data:

  • We will notify affected individuals within 72 hours from discovery, wherever feasible.
  • The notice will include the nature of the breach, types of data exposed, and mitigation steps taken.
  • We will cooperate with regulatory authorities and conduct forensic investigations.
  • Preventative measures will be implemented to avoid recurrence.

13. Third‑Party Websites

Our platform may contain links to third-party websites or services. Once redirected, those sites are governed by their own privacy practices. We hold no responsibility for their data collection methods or content.

14. Grievance and Redressal Officer

As per Indian legal requirements (IT Act, 2011 Rules), we have designated a Grievance Officer:

Grievance Officer: Mr. [Insert Name]
Email: grievance@paykarindia.com
Phone: [Insert Contact Number]
Address: Ingeven Payment Private Limited, [Insert Office Address], India

Complaints will be acknowledged within 2 working days and resolved within 21 working days.

15. Policy Updates

We may update this Privacy Policy periodically due to:

  • Regulatory or legal changes
  • New product or service features
  • Security enhancements

When significant changes occur, we will notify you via email, in-app notifications, or our website banner. Please review this page regularly to stay informed of changes.

16. International Data Transfers

All data is processed and stored only within India. No personal data is transferred outside Indian borders except if required by law, with proper safeguarding and user consent.

17. Governing Law and Jurisdiction

This Privacy Policy and its handling of personal data is governed by the laws of the Republic of India, including but not limited to:

  • Information Technology Act, 2000
  • Aadhaar (Targeted Delivery of Financial and Other Subsidies) Act, 2016
  • NPCI, RBI, and UIDAI guidelines and circulars
  • Digital Personal Data Protection Act, 2023 (as applicable)

All disputes arising from or related to this policy or our services shall be subject to the courts in Patna, Bihar, India.

18. Contact for Privacy Queries

If you have any questions, data access requests, complaints, or need assistance regarding this Privacy Policy or your data, please contact:

📧 privacy@paykarindia.com
📞 [Insert Phone Number]
🌐 www.paykarindia.com
📍 Registered Office: Ingeven Payment Private Limited, [Insert Registered Address]

Thank you for trusting Paykar India. We are committed to keeping your data safe, secure, and handled with integrity.