Payzoplus is live in beta — early access pricing available.
Payzoplus

Privacy Policy

Last updated: 25 May 2026 · Version 2.0

Payzoplus Global Private Limited (CIN U62099MP2025PTC080778) is the data fiduciary responsible for your personal data. This policy explains what we collect, why, how we protect it, and the rights you have.

We are committed to protecting your privacy and handling your personal data lawfully, fairly, and transparently. This policy is published in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and — where applicable to users in the EU/EEA — the General Data Protection Regulation (GDPR).

1. Data we collect

1.1 Information you provide

  • Identity & KYC: full name, date of birth, photograph, PAN, Aadhaar (via OTP/offline XML through our regulated KYC partner — we do not store the Aadhaar number where prohibited), passport, and other government IDs.
  • Business KYC: certificate of incorporation, GSTIN, IEC, beneficial-ownership details, authorised-signatory information, and bank-account proof.
  • Contact: email, mobile number, residential and registered address.
  • Financial: bank-account/UPI details, beneficiary details, transaction amounts, purpose codes, and supporting invoices/documents.

1.2 Information collected automatically

  • Device & technical: IP address, device identifiers, browser, OS, and app version.
  • Usage: pages visited, features used, timestamps, and referral URLs.
  • Cookies & similar technologies: as described in our Cookie Policy.

1.3 Information from third parties

We may receive data from KYC/verification providers, credit-information companies, banking and payment partners, sanctions/watch-list databases, and publicly available registries, to verify identity and meet legal obligations.

2. Why we use your data & legal basis

PurposeLegal basis
Provide and operate the Services, process transactionsPerformance of contract
Identity verification, KYC, AML, fraud and sanctions screeningLegal obligation (PMLA, RBI, FEMA)
Compliance with tax, accounting, and regulatory reportingLegal obligation
Customer support and service communicationsPerformance of contract / legitimate interest
Security, prevention of misuse, and auditLegitimate interest / legal obligation
Product improvement and analyticsConsent / legitimate interest
Marketing communicationsConsent (withdrawable at any time)

3. Consent & its withdrawal

Where we rely on consent, you may withdraw it at any time by writing to privacy@payzoplus.com. Withdrawal does not affect processing carried out before withdrawal, nor processing required to meet a legal obligation or to provide a service you have requested.

4. How we share data

We do not sell your personal data. We share it only as needed with:

  • Banking & payment partners and authorised dealers to execute transactions and settlement;
  • KYC, fraud, and sanctions-screening providers to verify identity and meet AML obligations;
  • Regulators, law-enforcement, and courts where required by law or valid legal process;
  • Service providers (cloud hosting, communications, analytics) under binding data-processing agreements;
  • Professional advisers and auditors bound by confidentiality.

5. Cross-border transfers

Some service providers may process data outside India. Where we transfer personal data internationally, we do so in accordance with the DPDP Act and apply appropriate safeguards (such as contractual protections) to ensure a comparable level of protection. Transfers are not made to jurisdictions restricted by the Central Government.

6. Data retention

We retain personal data for as long as your account is active and thereafter for the periods mandated by law — including a minimum of five (5) years for KYC and transaction records under the PMLA and RBI directions — after which data is securely deleted or anonymised.

7. Information security

  • Encryption in transit (TLS) and at rest using industry-standard algorithms;
  • Access controls, least-privilege, and audit logging;
  • Controls modelled on ISO/IEC 27001 and PCI-DSS scope minimisation (we do not store full card numbers);
  • Regular vulnerability scans, penetration testing, and monitoring.
In the event of a personal-data breach likely to cause harm, we will notify the Data Protection Board of India and affected users as required by the DPDP Act, without undue delay.

8. Your rights

Subject to applicable law, you have the right to:

  • Access a summary of your personal data and the processing activities;
  • Correct, complete, update, or erase your personal data;
  • Withdraw consent and request data portability (where applicable under GDPR);
  • Nominate another individual to exercise your rights in the event of death or incapacity (DPDP Act);
  • Grieve and escalate (see Section 10).

To exercise these rights, contact our Data Protection Officer at privacy@payzoplus.com. We will respond within the timelines prescribed by law.

9. Children's data

Our Services are not directed to individuals under 18. We do not knowingly process the personal data of children except as permitted by law. If we learn that we have collected such data without verifiable guardian consent, we will delete it.

10. Grievances & Data Protection Officer

For any privacy concern, contact our Data Protection Officer / Grievance Officer at privacy@payzoplus.com or +91 98932 28615. See our Grievance Redressal Policy for escalation steps. Unresolved complaints may be referred to the Data Protection Board of India.

11. Updates

We may update this policy from time to time. Material changes will be notified through the Platform or by email, and the “last updated” date above will be revised.