Privacy Policy

1. Introduction

Welcome to PezaPay ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal information with transparency and care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment gateway services, including our website, Pay-In API, Payout API, merchant dashboard, payment links, hosted pages, and any other related services (collectively, the "Services").

By using PezaPay's Services, you consent to the data practices described in this Privacy Policy. If you do not agree with any part of this policy, please do not use our Services.

2. Information We Collect

We collect information to provide, improve, and secure our payment processing services. The types of information we collect include:

2.1 Information You Provide Directly

• Account Information: When you register for a PezaPay merchant account, we collect your full name, business name, email address, phone number, and business type.
• Payment & Transaction Data: We collect transaction details including payment amounts, UPI transaction IDs, customer UPI IDs (partial or hashed), timestamps, and settlement records.
• KYC/Verification Documents (if applicable): For high-volume merchants or as required by law, we may collect business registration certificates, PAN cards, GST numbers, or director identification details.
• Communications: When you contact our support team, we retain email correspondence, chat logs, and call recordings for quality assurance and training.

2.2 Information Collected Automatically

• Device & Usage Data: IP address, browser type, operating system, device identifiers, referring URLs, pages visited, and timestamps.
• API Usage Logs: API call metadata including request timestamps, endpoint access patterns, and error logs to ensure service reliability and security.
• Cookies & Similar Technologies: We use cookies to authenticate users, remember preferences, and analyze site traffic. See Section 6 for details.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Process Payments: To facilitate UPI payment collections, settlements, and payouts to your beneficiaries.
• Operate & Improve Services: To maintain, optimize, and enhance our payment infrastructure, API performance, and dashboard functionality.
• Prevent Fraud & Ensure Security: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
• Compliance with Laws: To comply with applicable anti-money laundering (AML), counter-terrorism financing (CTF), and regulatory reporting obligations.
• Customer Support: To respond to your inquiries, resolve disputes, and provide technical assistance.
• Communications: To send you service updates, transaction receipts, security alerts, and (with your consent) marketing communications.
• Analytics & Research: To analyze usage patterns, diagnose technical issues, and develop new features.

4. Information Sharing & Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service Providers: We engage trusted third-party partners to perform functions such as cloud hosting (AWS/Azure), data analytics, customer support, and fraud detection. These partners are contractually bound to protect your data and use it only for specified purposes.
• Financial Partners & Banking Partners: To process UPI transactions and settlements, we share necessary transaction data with NPCI (National Payments Corporation of India), acquiring banks, and payment system operators.
• Legal Compliance: We may disclose information if required by law, subpoena, court order, or government request, including to meet national security or law enforcement obligations.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email or prominent notice on our website.
• With Your Consent: We may share information for other purposes with your explicit consent.

5. Data Security & Retention

We implement industry-standard security measures to protect your information, including:

• 256-bit TLS encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Regular security audits and penetration testing
• Access controls and multi-factor authentication for internal systems
• Real-time fraud monitoring and anomaly detection

Retention Period: We retain your personal information for as long as your account is active or as needed to provide Services. Transaction data is retained for a minimum of 7 years to comply with financial regulations and tax laws. After termination, we may retain anonymized or aggregated data for analytical purposes.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. Types of cookies we use:

• Essential Cookies: Required for authentication, session management, and security.
• Preference Cookies: Remember your language and dashboard preferences.
• Analytics Cookies: Help us understand how users interact with our platform (e.g., Google Analytics).

You can control cookies through your browser settings. However, disabling essential cookies may affect your ability to use our Services.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your account and personal data, subject to legal retention obligations.
• Restriction: Request restriction of processing in certain circumstances.
• Portability: Request a machine-readable copy of your data.
• Opt-out: Unsubscribe from marketing communications via the link in our emails.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

9. Third-Party Links & Services

Our website and dashboard may contain links to third-party websites, plugins, or applications (e.g., banking portals, documentation tools). Clicking those links may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy practices. We encourage you to read their privacy policies.

10. International Data Transfers

PezaPay operates primarily in India. If you are accessing our Services from outside India, your information may be transferred to, stored, and processed in India or other countries where we or our service providers maintain facilities. By using our Services, you consent to such transfers. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place for international data transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Effective Date"
• Sending an email notification to registered merchants
• Displaying a prominent notice on your dashboard

Your continued use of our Services after the effective date constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer (DPO) at:

PezaPay Privacy Team
Email: [email protected]
Support: [email protected]
Address: PezaPay Technologies, Bengaluru, Karnataka, India - 560001

Grievance Redressal Mechanism: In accordance with Indian IT Rules, 2011, any complaints or grievances may be addressed to our Grievance Officer at [email protected]. We acknowledge complaints within 24 hours and resolve within 30 days.