Privacy Policy
Last Update : December 1, 2025
PayYantra facilitates a variety of Business Institutions (“Merchants”) to collect payments, from their end customers, through its powerful, scalable, tailor-made payments platform, for both domestic and international transactions. PayYantra offers multiple products to its Merchants, which allows the Merchants to collect payments in a secure, transparent, affordable, and convenient manner from their end customers. Being a service oriented financial services company, satisfaction of Merchants and the Customers using PayYantra, is of prime importance of PayYantra to maintain a lasting relationship, and to encourage Merchants and Customers to transact digitally in a safe and secured way.
Therefore, PayYantra has delineated this Policy, duly approved by its Board of Directors, to define mechanisms (a) to ensure that the Merchants and Customers are treated fairly and without bias always, and (b) to provide for an opportunity to the Merchants and the Customers to raise and/ or escalate their complaints within and outside PayYantra, if they are unsatisfied with PayYantra’s products or services.
This Privacy Policy is applicable to Users of Our Services as well as to Our full-time, part-time, temporary employees and interns, merchants, business partners, contractors, vendors, outsourcers, consultants, contingent workers, temporary agency workers, etc. who provide services to PayYantra.
By using Our Services, You agree that You have read, understood and are bound by Our Privacy Policy and You hereby, provide Your express consent to the past, present and future collection, usage, processing, sharing and storage of Your Personal Data, including the transfer of Your Personal Data to third parties or service providers for the purposes as stated in this Policy. This Policy may be amended and updated by Us periodically, in order to be compliant with any changes in the Applicable Laws and/ or legal and regulatory developments. The Policy also enumerates Your Rights, the manner in which You can exercise these Rights and accessibility to Our point of contact for raising any concerns You may have regarding the protection of Your Personal Data.
We advise You to return to this page periodically to review the updated and current version of Our Privacy Policy.
Definitions
- “Applicable Laws” shall mean Information Technology Act, 2000, The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, Payment and Settlement Systems Act, 2007, Prevention of Money Laundering Act, 2002 and any other applicable rules and regulations issued thereunder, including any guidelines, circulars, ordinance, order, judgment, notification, decree, bye-law, governmental restriction, or any similar form of decision having the force of law in India.
- “Biometrics” means the technologies that measure and analyze human body characteristics such as fingerprints, eye retinas and irises, voice patterns, facial patterns, hand measurements and DNA for authentication purposes.
- “Password” means a secret word, code, passphrase, secret key or encryption/decryption keys used to gain access to information.
- “Reasonable security practices and procedures” means security practices designed to protect Personal Data from unauthorized access, damage, use, modification, disclosure or impairment, as specified under Applicable Laws or agreements.
- “Personal Data” means any information that relates to You and is capable of identifying You, including:
- Password
- Financial information such as Bank account, credit card, debit card or other payment instrument details
- Physical, physiological and mental health condition
- Sexual orientation
- Medical records and history
- Biometric information
- Any detail relating to the above shared for obtaining our services
- Any such information received under lawful contract or otherwise
- “Processing” means automated operations such as collection, recording, storage, retrieval, disclosure, erasure or destruction performed on Personal Data.
- Exception to Personal Data: Information that is publicly available or furnished under the Right to Information Act, 2005 or other Applicable Laws shall not be regarded as Personal Data.
Purpose
- The purpose of this Privacy Policy is to inform You, about the reasons for Our collection, usage, processing, storage, transfer and sharing of Your Personal Data while using or accessing Our Services. We will also provide details as to the manner in which We collect, use, process, store, transfer and share Your Personal Data when You use or have access to Our Services.
- We may ask You to provide Us with Your Personal Data that We may use to contact or identify You. We may also collect Your Personal Data for improving Our Services.
- You may choose to not share such information with Us, however, that will restrict Your registration on Our Website or availability of certain features. If Your information is used for any different purpose than the ones listed in this Privacy Policy, We will ask You for Your consent in advance for such purposes. You acknowledge that information provided to third-party accounts by You may be transmitted into Your account with Us on Your authorization for such transmissions and such third-party account Information will be covered under this Privacy Policy.
- Your Personal Data is collected, processed, used, stored, disclosed, or shared as described in Our Privacy Policy, and we hereby through this Privacy Policy, seek Your consent through this notice regarding the collection, processing, use, storing and sharing Your Personal Data for one or more of the purposes detailed herein. If Your specific consent is required to obtain for any other purposes or under Applicable Laws of India, We will procure such specific consent from You. Your Personal Data is used, processed, stored and/or disclosed in accordance with this Privacy Policy and in compliance with the Applicable Laws.
We may collect following types of Your Personal Data:
| Types of Personal Data | Purpose | Details of Personal Data |
|---|---|---|
| Name and Contact Information | For providing payment aggregation, payouts and verification services to Our merchants, business partners and end-customers. | Full name(s), title, age, user ID, gender, date of birth, phone number(s), address, state/city, country, PIN code, email address(es), billing addresses. |
| Financial Information | Account Registration | Bank account numbers, e-NACH, NEFT, IMPS, UPI ID details, tokenized card data, card type, expiry date, and cardholder name. |
| Identification Information | For providing payment and verification services and to comply with screening requirements as per Applicable Laws. | KYC documents including proof of identity/address, photograph, PAN, GST, and similar regulatory submissions. |
| Payments Related Data | For payment aggregation, payouts and compliance with Applicable Laws. | Payment gateway ID, issuing bank name, merchant details, product/service details, mode of payment, date, currency, amount, transaction status, and other related parameters provided by You or service providers. |
| Log Data | Statistical analysis of service usage to improve performance and User experience. | Browser type, IP address, location, URLs, timestamps, device details, OS, brand/model, geo-location and access logs. |
| Credit Related Information | For payment services related to financial institutions/account aggregators and to support Our business partners. | Credit risk/score and assessment information received from authorized financial institutions or account aggregators. |
| Information Provided by You or Received via Third Parties | To facilitate Services, analyze service usage, customer support, marketing communications, and analytics. You may opt-out anytime. | Account usernames/passwords, email, preferred settings, support chats, campaign interactions, survey responses, subscription records. *(Uses cookies and third-party analytics — subject to their respective policies.)* |
| Device Information | To enhance user experience, optimize Services, and deliver targeted ads. | Contact list, call records, SMS, media files, location data — only with necessary permissions granted by You. |
Exception to Our Collection of Your Personal Data
- We do not collect certain categories of Personal Data, such as Your details relating to Your race or ethnicity, religious or philosophical beliefs, biometric information, sexual orientation, political opinions, or information about Your physical, physiological, mental health condition, medical records and history or any genetic information.
Your Rights
- Right to Review Your Personal Data - You may review the Personal Data provided by You and any Personal Data found to be inaccurate or deficient will be corrected or amended by Us, as feasible. However, please note, that We will not be responsible for the authenticity of the Personal Data provided by You.
- Withdrawal of Your Consent - You may choose not to provide Your Personal Data, at any time while availing the Services or otherwise, or withdraw Your consent provided to Us earlier, in writing to our support email.
- However, in case You choose to not provide or later withdraw Your consent, We may not be able to provide to You some or all of the features and functionalities of Our Services. This may also affect Our ability to process Your Personal Data and lead to the discontinuation of Our Services for which such Personal Data was required to be used or was being used, at Our sole discretion.
- Please note that these rights are limited in instances where We are legally required to retain Your Personal Data in order to be compliant with the Applicable Laws.
Security
- We adhere to the international security standards and certifications issued by the International Organization for Standardization, the Payment Card Industry Data Security Standards (PCI DSS) Council and Cybersecurity Standards by the American Institute of Certified Public Accountants (AICPA) such as ISO/IEC 27001:2022, PCI-DSS v4.0.1 and Service Organization Control Type 2 (SOC 2), respectively. We have regular audits of Our Information System that is carried out by CERT-In empanelled auditors as required under the Applicable Laws.
- The security of Your Personal Information is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Information, We cannot guarantee its absolute security.
International Transfer
- Your Personal Data may be transferred to and maintained on computers located outside of Your state, country or other governmental jurisdiction where the data protection laws may differ from those of Your jurisdiction.
- If You are located outside India and choose to provide information to Us, please note that We transfer the information, including Personal Data, to India and process it there. Your consent to this Privacy Policy followed by Your submission of Your Personal Data represents Your agreement to that transfer.
Links To Other Sites
- Our Service may contain links to other sites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Children's Privacy
- Our Service does not address anyone under the age of 13 ("Children").
- We do not knowingly collect personally identifiable information from children under 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us at [email protected]. If We become aware that We have collected Personal Data from children under age 13 without verification of parental consent, We take steps to remove that information from Our servers.
Retention of Your Personal Data
- We retain Your Personal Data for no longer than is required for the purposes for which Your Personal Data is collected or for the period required to be maintained under the Applicable Laws.
Exception to Consent for Disclosure of Personal Data
- We seek Your express consent for the disclosure of Your Personal Data for the purposes stated in this Privacy Policy, unless such disclosure is necessary for compliance of a legal obligation under the Applicable Laws or any law for the time being in force.
- Your Personal Data may be shared, without obtaining prior consent, with Government agencies mandated under the Applicable Laws or any law in India to obtain Your Personal Data for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences. In which case, the Government agency or authority sends a request to Us stating the purpose of seeking Your Personal Data.
- Your Personal Data so obtained by the Government agency or authority is not published or shared with any third party, unless the disclosure to any third party is required by an order under the Applicable Laws or any law in India for the time being in force.
- By Using Our Services and/or by providing Your Personal Data, You consent to the collection and Use of the information You disclose on Us in accordance with this Privacy Policy, including but not limited to Your consent for sharing Your information as per this Privacy Policy. As per Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are provided below:
Grievance Officer – Contact Details
As per the Information Technology Act 2000 and rules made thereunder, the name and contact details of the Grievance Officer are provided below:
- Name: Mr. Rajiv Moti
- Company: PayYantra Innovations Pvt Ltd
- Address: Unit No - EF 802, JMD Megapolis, Sector-48, Sohna Road, Gurgaon - 122018
- Email ID: [email protected]