Privacy Policy
RupeeFlow Finance Private Limited
Effective Date: October 27, 2025 | Last Updated: October 27, 2025
We are committed to protecting your privacy and security. This policy explains how we collect, use, disclose, and protect your information when you use RupeeFlow's payment services.
This Privacy Policy explains how RupeeFlow collects, uses, and protects your personal information. Click on each section to expand and read the details.
Rupeeflow Finance Private Limited ("Rupeeflow", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use our payment services including Cross-Border UPI Gateway, Offline-First UPI for Bharat, Green Payment Gateway (Eco-Pay), and Smart Wallet for Gig Workers.
This Privacy Policy is published in compliance with:
• Information Technology Act, 2000
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Reserve Bank of India (RBI) Guidelines on Digital Payments
• Payment and Settlement Systems Act, 2007
• Prevention of Money Laundering Act (PMLA), 2002
By accessing or using our services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.
2.1 Personal Information
We collect the following personal information:
• Full name, date of birth, gender
• Email address and phone number
• Residential and business addresses
• Government-issued identification documents (PAN card, Aadhaar, Passport, Voter ID, Driving License)
• Photographs and biometric information (with consent)
• Employment details, occupation, annual income
• Bank account details, UPI IDs, payment card information
• GST registration number and business registration documents (for merchants)
2.2 Transaction Information
• Payment transaction details including amount, currency, date, time
• Merchant details, invoice information, purchase descriptions
• Cross-border transaction data including foreign exchange rates
• Carbon footprint calculations and eco-rewards data
• Provident fund contributions and billing records (for gig workers)
• Wallet balance, transaction history, and fund transfers
2.3 Technical Information
• Device information (model, operating system, unique device identifiers)
• IP address, browser type, language preferences
• GPS location data (with permission) for fraud prevention and service optimization
• Cookies, web beacons, and similar tracking technologies
• Log files including access times, pages viewed, and app usage patterns
• Network information and connectivity status (for offline payments)
2.4 Information from Third Parties
• Credit bureau reports and credit scores (with consent)
• Bank account verification data from NPCI and banking partners
• Social media profile information (if you connect accounts)
• Merchant transaction data and customer reviews
• Fraud detection data from security partners
We use your information for the following purposes:
3.1 Service Delivery
• Processing payment transactions and fund transfers
• Enabling cross-border payments and currency conversion
• Facilitating offline UPI payments via SMS, NFC, and Bluetooth
• Managing Smart Wallet balances and generating invoices
• Tracking carbon footprint and awarding eco-rewards
• Auto-generating PFRC documentation for gig workers
3.2 Compliance and Security
• Verifying your identity through KYC procedures
• Preventing fraud, money laundering, and unauthorized transactions
• Complying with RBI regulations, PMLA, FEMA, and tax laws
• Conducting risk assessments and transaction monitoring
• Responding to legal requests from law enforcement and regulatory authorities
3.3 Customer Support
• Resolving technical issues and transaction disputes
• Responding to inquiries and providing customer assistance
• Investigating complaints and fraudulent activities
• Sending service-related communications and updates
3.4 Product Improvement
• Analyzing usage patterns to enhance user experience
• Developing new features and payment solutions
• Conducting research and data analytics
• Testing system performance and reliability
3.5 Marketing and Communications
• Sending promotional offers, newsletters, and product updates (with opt-in consent)
• Personalizing recommendations based on transaction history
• Conducting surveys and gathering feedback
• Informing you about new partnerships and sustainability initiatives
We may share your information with the following parties:
4.1 Service Providers and Partners
• Banking partners and payment networks (NPCI, Visa, Mastercard, SWIFT)
• Cloud service providers and data hosting platforms
• Payment gateways and card processors
• Customer support and call center services
• Fraud detection and cybersecurity firms
• Environmental organizations for tree planting initiatives
4.2 Regulatory and Legal Authorities
• Reserve Bank of India (RBI)
• Financial Intelligence Unit (FIU-IND)
• Income Tax Department and GST authorities
• Law enforcement agencies upon valid legal requests
• Courts and arbitration tribunals in legal proceedings
4.3 Business Transfers
• In case of merger, acquisition, sale of assets, or corporate restructuring, your information may be transferred to the successor entity with proper notice
4.4 With Your Consent
• With third parties for specific purposes when you provide explicit consent
• With merchants for transaction processing and order fulfillment
We retain your information for the following periods:
• Transaction Records: Minimum 7 years as required by RBI and PMLA regulations
• KYC Documents: 7 years from account closure or end of business relationship
• Customer Support Records: 5 years from last interaction
• Marketing Consent Records: Until you withdraw consent or 3 years of inactivity
• Technical Logs: 90 days unless required for fraud investigation
After the retention period, we securely delete or anonymize your information in accordance with applicable laws.
We implement industry-standard security measures to protect your information:
6.1 Technical Safeguards
• 256-bit SSL/TLS encryption for data transmission
• AES-256 encryption for data storage
• Tokenization of sensitive payment information
• Multi-factor authentication (MFA) for account access
• Secure APIs with OAuth 2.0 authentication
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
6.2 Organizational Safeguards
• Access controls and role-based permissions
• Employee training on data protection and confidentiality
• Background verification of employees handling sensitive data
• Non-disclosure agreements with vendors and partners
• Incident response and data breach notification procedures
• Annual third-party security certifications (ISO 27001, PCI-DSS)
6.3 Physical Safeguards
• Secure data centers with 24/7 monitoring
• Biometric access controls and CCTV surveillance
• Disaster recovery and business continuity plans
• Redundant backups in geographically distributed locations
Under applicable Indian laws, you have the following rights:
7.1 Access and Correction
• Request access to your personal information we hold
• Update or correct inaccurate information through your account settings or by contacting us
7.2 Data Portability
• Request a copy of your information in a structured, machine-readable format
• Transfer your data to another service provider (subject to technical feasibility)
7.3 Deletion and Erasure
• Request deletion of your information after account closure (subject to legal retention requirements)
• Right to be forgotten once regulatory obligations are fulfilled
7.4 Withdrawal of Consent
• Withdraw consent for marketing communications at any time
• Unsubscribe from promotional emails via the unsubscribe link
• Disable location access, cookies, and tracking through device settings
7.5 Objection and Restriction
• Object to processing of your information for certain purposes
• Request restriction on processing during dispute resolution
To exercise these rights, contact our Data Protection Officer at privacy@rupeeflow.in
We use cookies, web beacons, and similar technologies to enhance user experience. See our detailed Cookie Policy for more information.
Types of Cookies We Use:
• Essential Cookies: Required for core functionality
• Performance Cookies: Analyze usage patterns and improve services
• Functional Cookies: Remember your preferences and settings
• Advertising Cookies: Deliver personalized marketing content (with consent)
You can manage cookie preferences through your browser settings, but disabling certain cookies may affect service functionality.
Our platform may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before sharing any information.
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately for deletion.
For cross-border payment services, your information may be transferred to and processed in countries outside India including the United States, European Union, and Singapore. We ensure adequate safeguards through:
• Standard Contractual Clauses (SCCs)
• Data Processing Agreements with international partners
• Compliance with GDPR and other applicable international laws
In the event of a data breach that compromises your personal information, we will:
• Notify you within 72 hours of discovery via email or SMS
• Inform relevant regulatory authorities (CERT-In, RBI, FIU-IND)
• Provide details of the breach, impact assessment, and remedial actions
• Offer credit monitoring or identity protection services if applicable
For privacy-related concerns, complaints, or inquiries:
Data Protection Officer:
Name: [DPO Name]
Email: privacy@rupeeflow.in
Phone: 1800-XXX-XXXX
Address: [Complete Address]
We will acknowledge your complaint within 24 hours and resolve it within 30 working days.
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. We will notify you of material changes via email, in-app notification, or prominent website notice at least 15 days before the changes take effect.
Your continued use of our services after the updated Privacy Policy becomes effective constitutes acceptance of the changes.
By using Rupeeflow services, you:
• Acknowledge that you have read and understood this Privacy Policy
• Consent to the collection, use, and disclosure of your information as described
• Agree to receive service-related communications
• Understand your rights and how to exercise them
Rupeeflow Finance Private Limited
Registered Office: [Complete Address]
Email: privacy@rupeeflow.in | support@rupeeflow.in
Customer Care: 1800-XXX-XXXX (Toll-Free)
Website: www.rupeeflow.in
For regulatory complaints:
• Reserve Bank of India: www.rbi.org.in
• NPCI Ombudsman: ombudsman@npci.org.in
This Privacy Policy is effective as of October 27, 2025.
For the latest version, visit: www.rupeeflow.in/privacy-policy
Have questions about your privacy and data protection?
Contact Support