Privacy Policy

1. Introduction

InnopayPG ("we," "our," or "us"), a subsidiary of Omniware, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment aggregation services, website, and related applications.

As an RBI-licensed Payment Aggregator, we are bound by the Reserve Bank of India's guidelines on data protection and privacy, including the Payment Aggregator and Payment Gateway Guidelines 2020 and subsequent amendments.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name, email address, phone number, and postal address
• PAN, Aadhaar (with consent), and other KYC documents
• Bank account details and IFSC codes
• Business registration documents (GST, CIN, etc.)
• Authorized signatory details

2.2 Transaction Information

• Payment transaction details and history
• UPI IDs, masked card numbers (we do not store full card numbers)
• Settlement and refund records
• Invoice and receipt information

2.3 Technical Information

• IP address, browser type, and device information
• API access logs and webhook delivery records
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for:

• Processing payment transactions and settlements
• KYC verification and merchant onboarding
• Fraud detection and prevention
• Compliance with RBI regulations and legal requirements
• Customer support and dispute resolution
• Service improvement and analytics
• Communication about service updates and offers

4. Data Sharing and Disclosure

We may share your information with:

• Banking Partners: For transaction processing and settlements
• Payment Networks: NPCI, Visa, Mastercard, RuPay for payment routing
• Regulatory Authorities: RBI, FIU-IND, and other government bodies as required by law
• Service Providers: Cloud hosting, fraud detection, and KYC verification partners
• Law Enforcement: When required by valid legal process

We do not sell your personal information to third parties for marketing purposes.

5. Data Security

We implement robust security measures including:

• PCI-DSS Level 1 certification for card data handling
• 256-bit SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• Tokenization for sensitive payment credentials
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• ISO 27001 certified data centers

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Transaction records: 10 years (as per RBI guidelines)
• KYC documents: 5 years after business relationship ends
• Technical logs: 180 days
• Marketing preferences: Until you opt out

7. Your Rights

You have the right to:

• Access your personal data held by us
• Request correction of inaccurate information
• Withdraw consent for marketing communications
• Request data portability (where technically feasible)
• Lodge a complaint with relevant authorities

Note: Certain data may be retained for regulatory compliance even after account closure.

8. Cookies Policy

We use cookies and similar technologies for:

• Session management and authentication
• Security and fraud prevention
• Analytics and performance monitoring
• Remembering your preferences

You can manage cookie preferences through your browser settings.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related queries or to exercise your rights: