Privacy Policy

Last Updated: December 10, 2025

---

1. Introduction

Welcome to Paysaral ("Company", "We", "Our", "Us"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact us at privacy@paysaral.com.

This Privacy Policy describes how we collect, use, store, and protect your information when you use our website, mobile application, and services including AEPS (Aadhaar Enabled Payment System), DMT (Domestic Money Transfer), Bill Payments, and Recharges.

2. Information We Collect

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

• Personal Identity Information (PII): Name, email address, phone number, postal address, PAN card number, Aadhaar number (masked/encrypted as per UIDAI norms), date of birth, and shop images for merchant onboarding.
• Financial Information: Bank account details, UPI IDs, and transaction history for settlement purposes.
• Device & Location Data: We collect IP address, device ID, device make/model, and Geo-location (Latitude/Longitude). Note: Geo-location is mandatory for AEPS transactions as per NPCI guidelines to prevent fraud.
• Biometric Data: We do NOT store your biometric data (fingerprints). Biometric data is captured by certified scanners and sent directly to UIDAI/NPCI for authentication securely.

3. How We Use Your Information

We use personal information collected via our Services for a variety of business purposes described below:

• To facilitate account creation and logon process.
• To perform KYC (Know Your Customer) verification as mandated by RBI.
• To process financial transactions (Money Transfer, AEPS Cash Withdrawal).
• To send administrative information to you, such as transaction alerts, OTPs, and policy changes.
• To prevent fraud, money laundering, and unauthorized access.

4. Sharing of Information

We strictly do not sell, trade, or rent your personal identification information to others. However, we may share generic aggregated demographic information or specific data with our partners for the following reasons:

• Banking Partners & NPCI: To process AEPS, DMT, and UPI transactions, data is shared with sponsor banks and the National Payments Corporation of India.
• Service Providers: We may share data with third-party vendors for utility bill payments (Bharat Bill Pay), SMS gateways, and server hosting services.
• Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

5. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. This includes 256-bit SSL encryption, firewalls, and secure server access controls. However, please also remember that no method of transmission over the internet or method of electronic storage is 100% secure.

6. Data Retention

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). For KYC and transaction logs, data is retained for a minimum of 5-10 years as per PMLA (Prevention of Money Laundering Act) guidelines.

7. Grievance Redressal

In accordance with the Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are provided below:

8. Changes to This Policy

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible.