Paytroz

Privacy Policy

Last updated: November 11, 2025

Paytroz Technologies Private Limited ("Paytroz", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment infrastructure services, APIs, and platforms.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

1.1 Information You Provide

When you register for an account or use our services, we collect:

  • Business information: Company name, registration number, business type, and tax identification
  • Contact information: Name, email address, phone number, and business address
  • Financial information: Bank account details, payment instrument information
  • Identity verification: KYC documents including PAN, Aadhaar, GST certificates, and business licenses
  • Transaction data: Payment amounts, currency, timestamps, transaction IDs, and metadata

1.2 Information Collected Automatically

When you use our APIs and services, we automatically collect:

  • API usage data: Endpoints accessed, request/response times, error rates, and usage patterns
  • Device information: IP address, browser type, operating system, and device identifiers
  • Log data: Access times, pages viewed, API calls made, and system activity
  • Performance data: Response times, uptime metrics, and service quality indicators

1.3 Information from Third Parties

We may receive information about you from:

  • Payment gateways and banking partners for transaction processing
  • KYC verification providers for identity confirmation
  • Credit bureaus and risk assessment agencies
  • Regulatory authorities and government databases

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Delivery

  • Process payments, transactions, and fund transfers
  • Provide access to our APIs, SDKs, and developer tools
  • Enable payment gateway switching and routing
  • Facilitate UPI QR code generation and soundbox services
  • Manage wallet services and fund accounts

2.2 Security and Fraud Prevention

  • Verify your identity and prevent unauthorized access
  • Detect and prevent fraud, money laundering, and suspicious activities
  • Monitor transactions for compliance with anti-money laundering (AML) regulations
  • Conduct risk assessments and implement security measures

2.3 Legal and Regulatory Compliance

  • Comply with RBI guidelines, PCI DSS standards, and other applicable regulations
  • Respond to legal requests, court orders, and regulatory inquiries
  • Maintain records as required by law for audit and investigation purposes
  • Report suspicious transactions to appropriate authorities

2.4 Service Improvement

  • Analyze usage patterns to improve our services
  • Develop new features and functionality
  • Optimize API performance and reliability
  • Conduct research and analytics

2.5 Communication

  • Send transactional notifications and service updates
  • Provide customer support and respond to inquiries
  • Send important security alerts and system notifications
  • Share product updates and technical documentation

3. Data Security

We implement comprehensive security measures to protect your information:

3.1 Technical Security

  • TLS 1.3 encryption for data in transit
  • AES-256 encryption for data at rest
  • Secure key management with regular key rotation
  • Multi-factor authentication for account access
  • API authentication using secure tokens and signatures
  • Regular security audits and penetration testing

3.2 Organizational Security

  • Access controls and role-based permissions
  • Employee background verification and security training
  • Confidentiality agreements with all personnel
  • Segregation of duties and least privilege access
  • 24/7 security monitoring and incident response

3.3 Compliance Certifications

  • PCI DSS Level 1 certification
  • ISO 27001 information security management
  • RBI compliance for payment services
  • SOC 2 Type II certification

Despite our security measures, no system is completely secure. We cannot guarantee absolute security but commit to promptly addressing any security incidents and notifying affected parties as required by law.

4. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account information: Retained while your account is active and for 7 years after account closure
  • Transaction records: Retained for 10 years as required by RBI and tax regulations
  • KYC documents: Retained for 5 years after relationship ends as per AML/CFT guidelines
  • API logs: Retained for 90 days for operational purposes and 1 year for security analysis
  • Support communications: Retained for 3 years for quality assurance

After the retention period, we securely delete or anonymize your information. You may request deletion of certain data, subject to our legal and regulatory obligations.

5. Data Sharing and Disclosure

We do not sell your personal information. We share information only in the following circumstances:

5.1 Service Providers

We share information with trusted partners who help us deliver our services:

  • Payment gateways and acquiring banks for transaction processing
  • KYC verification service providers
  • Cloud infrastructure providers (with data residency in India)
  • Customer support and analytics platforms

All service providers are contractually obligated to protect your information and use it only for specified purposes.

5.2 Business Partners

With your consent, we may share information with:

  • Banks and NBFCs for financial services
  • Merchants and retailers for transaction completion
  • Integration partners when you connect third-party services

5.3 Legal Requirements

We may disclose your information when required to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from government authorities
  • Enforce our terms of service and protect our legal rights
  • Investigate fraud, security issues, or policy violations
  • Protect the safety and security of our users and services

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

  • Request a copy of your personal information
  • Obtain your data in a structured, machine-readable format
  • Access your transaction history and API usage logs

6.2 Correction and Update

  • Update your account and business information
  • Correct inaccurate or incomplete data
  • Modify your communication preferences

6.3 Deletion and Restriction

  • Request deletion of your account and associated data
  • Restrict processing of your information for specific purposes
  • Object to processing based on legitimate interests

Please note that some data cannot be deleted due to legal and regulatory retention requirements. We will retain necessary information to comply with AML, tax, and financial regulations.

6.4 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@paytroz.com. We will respond to your request within 30 days. You may need to verify your identity before we process your request.

7. International Data Transfers

Your data is primarily stored and processed in India. If we transfer data outside India, we ensure:

  • Compliance with RBI guidelines on data localization
  • Adequate safeguards through standard contractual clauses
  • Appropriate security measures for cross-border transfers
  • Your explicit consent where required by law

Critical payment and financial data is stored exclusively in India as mandated by regulatory requirements.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain secure sessions and authenticate users
  • Remember your preferences and settings
  • Analyze website and API usage patterns
  • Prevent fraud and enhance security

You can control cookie preferences through your browser settings. Disabling cookies may affect the functionality of our services.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, and business operations. We will notify you of material changes through:

  • Email notification to your registered email address
  • Prominent notice on our website and dashboard
  • In-app notifications for significant changes

Your continued use of our services after notification of changes constitutes acceptance of the updated policy.

11. Contact Information

For privacy-related questions, concerns, or requests, please contact:

Data Protection Officer

Paytroz Technologies Private Limited

Email: privacy@paytroz.com

Phone: +91 9503296098

Address: Third Floor, Navale IT Park, Mumbai-Bangalore bypass Highway, Navale Brg, Pune, Maharashtra 411041

For general inquiries: support@paytroz.com

12. Grievance Redressal

If you have any grievances regarding the processing of your information, you may contact our Grievance Officer:

Grievance Officer

Email: grievances@paytroz.com

Response Time: Within 30 days of receipt

We are committed to resolving complaints in accordance with applicable privacy laws and regulations.