Privacy Policy

1. Introduction

Rediff Pay ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our UPI (Unified Payments Interface) application ("App"). By using our App, you agree to the terms outlined in this Privacy Policy. We collect, process, and store your data in compliance with the Digital Personal Data Protection (DPDP) Act, 2023 and the Information Technology (IT) Act, 2000, along with applicable rules and regulations.

2. Information We Collect

We collect the following types of information with your explicit consent:

• (a) Personal Information: Name, mobile number, email address, PAN, Aadhaar (if required), and bank account details.
• (b) Transaction Data: UPI IDs, transaction history, payment details, and merchant details.
• (c) Device & Usage Data: IP address, device type, operating system, app version, and browsing behavior.
• (d) Location Data: We may collect your location if required for UPI transactions or regulatory compliance.
• (e) Behavioral & Analytical Data: User interaction data, preferences, and engagement with features.

3. How We Use Your Information

We use your information for the following purposes, with your consent where required:

• Transaction Processing: To process UPI payments, refunds, and transfers efficiently.
• Identity Verification & Compliance: To authenticate users and comply with regulatory requirements, including KYC (Know Your Customer) norms.
• Fraud Prevention & Security: To enhance security, prevent unauthorized access, detect fraudulent transactions, and protect users from cyber threats.
• Customer Support & Assistance: To resolve complaints, provide technical support, and ensure smooth app operation.
• Service Improvements: To analyze user feedback, improve app features, and enhance the user experience. Legal & Regulatory Obligations: To comply with applicable laws, cooperate with law enforcement, and fulfill financial reporting obligations.
• Marketing & Notifications: To send promotional content, feature updates, and transaction-related notifications (with user consent).

4. Data Sharing & Disclosure

We do not sell or rent your personal data. However, we may share your information with:

• Regulatory Bodies: RBI, NPCI, law enforcement agencies, or other authorities as required by law.
• Banking Partners & Third Parties: Banks, payment service providers, and financial institutions for transaction processing.
• Service Providers: Cloud hosting, analytics, cybersecurity, and fraud prevention partners.
• Business Partners & Affiliates: With user consent, for providing value-added services, loyalty programs, or co-branded offers.

Your data is shared only after obtaining necessary consent, except where required by law.

5. Data Security

We implement industry-standard security measures, including encryption, secure servers, and access controls, to protect your data. Our security measures include:

• End-to-End Encryption: Transactions and sensitive data are encrypted using secure cryptographic protocols.
• Two-Factor Authentication (2FA): Additional security layers for authentication.
• Regular Security Audits: Periodic vulnerability assessments and compliance checks.
• Data Anonymization & Masking: Protecting personal identifiers in stored data.

However, no method of transmission over the internet is 100% secure, and users should take precautions, such as using strong passwords and securing their devices.

6. Your Rights & Choices

Under the DPDP Act and IT Act, you have the following rights regarding your data:

• Right to Access & Correction: You can request access to or corrections in your personal data.
• Right to Withdraw Consent: You may withdraw consent for non-essential data processing at any time through the app settings.
• Right to Erasure: You can request account deletion, subject to regulatory requirements and retention obligations.
• Right to Data Portability: You may request a copy of your data in a structured format.
• Right to Restrict Processing: You can limit data usage for specific purposes.

7. Data Retention

We retain your data for the following durations:

• Transaction Records: As mandated by regulatory bodies, typically for a period of 5-7 years.
• User Profile Data: Retained until the user requests deletion or as per legal obligations.
• Behavioral & Analytical Data: Retained for improving services, with anonymization applied where feasible.

8. Third-Party Links & Services

Our App may contain links to third-party websites or services. We are not responsible for their privacy practices, and users should review their respective privacy policies. Third-party services used in our App may include:

• Payment gateways
• External financial institutions
• Analytics & advertising platforms (with user consent)

9. Children's Privacy

Our services are not intended for users under 18 years of age. We do not knowingly collect data from minors. If we become aware of such data collection, we will take steps to delete the information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. In case of significant changes, we will notify you through our App, email, or other appropriate channels. Continued use of the App after policy changes constitutes acceptance.

11. Grievance Redressal & Contact Information

For any privacy-related concerns, users can contact our Grievance Officer as per the DPDP Act requirements:

Designation: Grievance Officer

Email id: grievanceofficer@rediff-inc.com

We are committed to resolving user concerns promptly and in compliance with applicable laws and regulations.

We follow the data localization rules and guidelines as per the Reserve Bank of India(RBI) and all the payment related data is stored in India.

We are in compliance of ISO 27001:2013 standards.