Privacy Policy

Payvendo Solutions Private Limited (GST No. 08AAPCP4078D1Z4) ("PAYVENDO", "we", "us", or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, share, and protect information about you when you use our website (www.payvendo.co.in), mobile applications, APIs, and related services (collectively, the "Platform"). This policy is governed by the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and applicable guidelines issued by the Reserve Bank of India (RBI). By accessing or using the Platform, you consent to the collection and use of your information as described in this Privacy Policy.

We collect the following categories of information: 2.1 Identity & KYC Information • Full legal name, date of birth, gender • PAN card number and copy • Aadhaar number (last 4 digits, masked as per UIDAI guidelines) • Passport or Driving License (for enhanced KYC) • Business registration documents, GST certificate, CIN 2.2 Contact & Account Information • Email address, mobile number • Mailing address and registered business address • Login credentials (stored in encrypted/hashed form — never in plaintext) 2.3 Financial Information • Bank account number and IFSC code (for payouts and settlements) • UPI ID(s) registered on the platform • Transaction history, payment receipts, and settlement records 2.4 Technical & Usage Data • IP address, browser type, operating system, device identifiers • Access logs, API call logs, and audit trails • Cookies and session data • GPS/location data (only when explicitly permitted by you for relevant services) 2.5 Communications • Support tickets, emails, chat logs, and call recordings (for quality assurance) • Feedback, survey responses, and reviews

We use the collected information for the following purposes: • Account creation, verification, and management • KYC compliance as mandated by RBI/PMLA regulations • Processing and settling transactions via BBPS, IMPS, NEFT, UPI • Fraud detection, risk assessment, and prevention of unauthorized activity • Complying with legal obligations, court orders, or regulatory directives • Improving our Services through analytics and machine learning • Sending transactional communications (receipts, OTPs, alerts) • Sending promotional content (with your consent; unsubscribe available) • Resolving disputes and enforcing our Terms and Conditions We do not use your information for any purpose beyond what is reasonably necessary to provide and improve our Services.

We do not sell, rent, or trade your personal information. We may share your information with: 4.1 Regulatory & Government Bodies We are required to share transaction data and identity information with RBI, Financial Intelligence Unit (FIU-IND), NPCI, Income Tax Department, and other law enforcement agencies under applicable law. 4.2 Banking & Payment Partners Your bank account details are shared with our banking partners (nodal banks, sponsor banks) strictly for payment processing and settlement. 4.3 Third-Party Service Providers We engage vetted vendors for: • Cloud infrastructure (servers hosted within India) • SMS/email communication services • KYC/video verification providers • Customer support tools All third parties are bound by data processing agreements and are prohibited from using your data for any other purpose. 4.4 Business Transfers In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections. 4.5 Consent-Based Sharing With your explicit consent, we may share anonymized or aggregated data for research or partnership purposes.

We implement industry-standard security measures to protect your data: • 256-bit AES encryption for data at rest • TLS 1.2/1.3 encryption for data in transit • PCI-DSS compliant infrastructure for payment card data • Multi-factor authentication (MFA) for all administrative access • Role-based access control (RBAC) — employees access only what they need • Regular vulnerability assessments and penetration testing • ISO 27001-aligned information security management system • Incident response protocols with mandatory RBI breach notification No method of transmission over the internet is 100% secure. In the unlikely event of a data breach, we will notify affected users within 72 hours as required by applicable regulations.

We retain your personal data for the following periods: • KYC documents: 5 years after account closure (as mandated by PMLA) • Transaction records: 5 years from the date of transaction (RBI mandate) • Audit logs and API call logs: 3 years • Customer support communications: 2 years • Marketing preferences and consent records: Duration of relationship + 1 year After the applicable retention period, data is securely deleted or anonymized. You may request deletion of non-mandatory data (marketing profiles, browsing history) at any time.

As a data principal under applicable Indian law, you have the right to: • Access: Request a copy of the personal data we hold about you. • Correction: Request correction of inaccurate or incomplete personal data. • Deletion: Request deletion of personal data that is no longer necessary (subject to legal retention requirements). • Portability: Request your transaction data in a machine-readable format. • Withdraw Consent: Withdraw consent for marketing communications at any time without affecting prior processing. • Grievance Redressal: Lodge a complaint with our Grievance Officer. To exercise these rights, contact: Help@payvendo.co.in Our Grievance Officer will respond within 30 days as per IT Act requirements.

We use the following types of cookies: Strictly Necessary Cookies: Required for the Platform to function (session management, CSRF protection). Cannot be disabled. Performance Cookies: Help us understand how users interact with the Platform (Google Analytics, anonymized). You may opt out. Functional Cookies: Remember your preferences (language, theme, dashboard layout). Marketing Cookies: Used for retargeting only with your explicit consent. You can manage cookie preferences through your browser settings or our cookie consent manager. Disabling certain cookies may affect functionality.

Our Services are not directed at or intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately at Help@payvendo.co.in and we will take steps to delete such information promptly.

We may update this Privacy Policy periodically to reflect changes in our practices, regulatory requirements, or business operations. When we make material changes, we will: • Post the revised policy on our Platform with an updated "Last Modified" date. • Send an email notification to registered users. • Display a prominent notice on the Platform for 30 days. Your continued use of the Platform after changes become effective constitutes your acceptance of the revised policy.

For any privacy-related queries, data requests, or grievances, please contact: Grievance Officer – Privacy Payvendo Solutions Private Limited Email: Help@payvendo.co.in Phone: +91 98111 98522 Address: Office No. 515 on 5th Floor in Commercial Building named Mansarovar Plaza, at Madhyam Marg, Mansarovar, Jaipur.<br/>GST No. 08AAPCP4078D1Z4 We will acknowledge your request within 48 hours and resolve it within 30 days. Regulatory Authority: If your concern is not resolved, you may approach: • Ministry of Electronics and Information Technology (MeitY), India • Reserve Bank of India (RBI) Ombudsman (for payment service complaints) Last Updated: March 2026