Privacy Policy

1. Introduction

VaultPay Solutions Private Limited ("VaultPay," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our payment gateway services, BBPS utility bill payment services, POS systems, payout APIs, QR code payment solutions, and related fintech services (collectively, the "Services").

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Identity Information: Full name, date of birth, gender, photograph, and government-issued identification documents (Aadhaar, PAN, Passport, Driving License, Voter ID).
• Contact Information: Email address, phone number, residential address, billing address, and shipping address.
• Business Information: Company name, business registration details, GST number, business type, industry, and authorized signatory details.
• Financial Information: Bank account details, IFSC code, UPI ID, credit/debit card information, transaction history, payment patterns, and wallet information.
• Account Credentials: Username, password, security questions, and API keys.
• KYC Information: Documents required for Know Your Customer (KYC) verification as mandated by RBI and regulatory authorities.

2.2 Technical Information

• Device Information: IP address, device type, operating system, browser type, device identifiers, and mobile network information.
• Usage Data: Pages visited, time spent on pages, clickstream data, search queries, and interaction with our Services.
• Location Data: Approximate location based on IP address and precise location if you grant permission.
• Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to enhance user experience and collect usage data.

2.3 Transaction Information

• Payment method, transaction amount, date and time of transaction, merchant details, biller information, settlement details, refund and chargeback information.
• BBPS transaction records including utility bill details, consumer numbers, and payment confirmations.
• POS terminal transaction logs, QR code payment records, and payout disbursement details.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

• Processing payment transactions, BBPS bill payments, payouts, and refunds.
• Facilitating communication between merchants, customers, and billers.
• Providing access to merchant dashboards, analytics, and reporting tools.
• Managing API credentials and integration .

3.2 Security and Fraud Prevention

• Verifying user identity through KYC and authentication processes.
• Detecting, preventing, and investigating fraudulent transactions and security breaches.
• Implementing risk management and anti-money laundering (AML) measures.
• Monitoring suspicious activities and ensuring PCI-DSS compliance.

3.3 Customer

• Responding to inquiries, complaints, and requests.
• Providing technical assistance and troubleshooting.
• Resolving disputes, chargebacks, and refund claims.

3.4 Marketing and Communication

• Sending promotional offers, service updates, newsletters, and notifications (with your consent).
• Conducting market research, surveys, and feedback collection.
• Personalizing user experience based on preferences and behavior.

3.5 Legal and Regulatory Compliance

• Complying with RBI guidelines, NPCI regulations, and other applicable laws.
• Responding to legal requests, court orders, and government authorities.
• Maintaining records for audit, compliance, and regulatory reporting.

4. Information Sharing and Disclosure

We may share your information with the following parties:

4.1 Service Providers and Partners

• Banking Partners: Yes Bank, Axis Bank, HDFC Bank, AU Small Finance Bank for payment processing and settlement.
• Payment Network Providers: NPCI, Visa, Mastercard, RuPay for transaction routing.
• Technology Partners: Pine Labs for POS terminal services, cloud service providers for hosting.
• BBPS Operating Units: Bharat Bill Payment System operators for utility bill payments.
• Third-Party Service Providers: KYC verification agencies, fraud detection systems, analytics providers, and customer platforms.

4.2 Legal and Regulatory Authorities

• Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), and other regulatory bodies.
• Law enforcement agencies, courts, and government authorities when legally required.
• Tax authorities and auditors for compliance purposes.

4.3 Business Transfers

In the event of a merger, acquisition, asset sale, or bankruptcy, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control.

4.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot be used to identify you personally for business intelligence, market research, and analytics purposes.

5. Data Security

We implement industry-leading security measures to protect your information:

• Encryption: All data transmitted between your device and our servers is encrypted using 256-bit SSL/TLS encryption.
• PCI-DSS Compliance: We adhere to Payment Card Industry Data Security Standards for handling card information.
• Two-Factor Authentication: Multi-factor authentication (2FA) for account access and sensitive operations.
• Access Controls: Role-based access control (RBAC), IP whitelisting, and strict authorization protocols.
• Data Segregation: Customer data is segregated and stored in secure, encrypted databases.
• Regular Audits: Periodic security audits, penetration testing, and vulnerability assessments.
• Incident Response: Dedicated security team for monitoring, detecting, and responding to security incidents.

While we take reasonable measures to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

• Transaction Records: Retained for a minimum of 7 years as per RBI and tax regulations.
• KYC Documents: Retained for a minimum of 5 years after account closure or service termination.
• Account Information: Retained until account deletion request or regulatory retention period expires.
• Communication Records: tickets, emails, and chat logs retained for 3-5 years.

After the retention period, we will securely delete or anonymize your information in accordance with our data retention policy.

7. Your Rights and Choices

You have the following rights regarding your personal information:

7.1 Access and Correction

You can access, update, or correct your personal information through your merchant dashboard or by contacting our team.

7.2 Data Portability

You have the right to request a copy of your personal information in a structured, machine-readable format.

7.3 Deletion

You may request deletion of your account and personal information, subject to legal and regulatory retention requirements. Please note that certain information cannot be deleted due to compliance obligations.

7.4 Marketing Opt-Out

You can opt out of receiving promotional emails by clicking the "unsubscribe" link in our emails or by contacting us. Transactional and service-related communications cannot be opted out.

7.5 Cookie Management

You can manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of our Services.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication, security, and core functionality.
• Performance Cookies: Collect information about how you use our Services to improve performance.
• Functional Cookies: Remember your preferences and settings.
• Analytics Cookies: Google Analytics, Mixpanel, and similar tools for usage analytics.
• Advertising Cookies: Deliver personalized advertisements (with your consent).

You can control cookie settings through your browser. For more information, please refer to our Cookie Policy.

9. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

10. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information.

11. International Data Transfers

Your information is primarily stored and processed in India. If we transfer your data outside India, we ensure appropriate safeguards are in place, including standard contractual clauses, data protection agreements, and compliance with applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of our Services after such changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Consent

By using our Services, you consent to the collection, use, storage, and disclosure of your information as described in this Privacy Policy. You may withdraw your consent at any time by contacting us, subject to legal and contractual restrictions.