Privacy Policy

DiasPay Fintech Pvt Ltd ("DiasPay", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your data when you use our platform, mobile application, and related services (collectively, the "Services").

By accessing or using our Services, you agree to the practices described in this policy. If you do not agree, please discontinue use of our Services.

1. Information We Collect

1.1 Personal Information

When you register and use our Services, we collect:

• Full name, email address, and mobile number
• Date of birth and gender
• KYC documents (Aadhaar, PAN, voter ID, or passport)
• Residential address and PIN code
• Profile photograph (optional)

1.2 Transaction Data

• Payment amounts, beneficiary details, and transaction history
• Bill payment details (biller name, consumer number, amount)
• Recharge and top-up details (operator, plan, mobile number)
• Gift card purchases (brand, denomination, voucher codes)
• Wallet balance, funding sources, and transfer records

1.3 Device & Technical Information

• Device type, model, operating system, and version
• IP address, browser type, and language preferences
• App version, device identifiers (IMEI, advertising ID)
• Location data (with your consent, for fraud prevention)
• Usage patterns, session duration, and feature interaction

1.4 Cookies & Tracking

We use cookies, web beacons, and similar technologies to maintain sessions, remember preferences, analyse usage patterns, and improve service quality. You can control cookie settings through your browser, though disabling cookies may affect functionality.

2. How We Use Your Information

• Service Delivery: Process transactions, execute bill payments, recharges, and gift card orders
• Account Management: Create and manage your account, verify identity through KYC
• Wallet Operations: Maintain wallet balances, process fund additions and withdrawals
• Security & Fraud Prevention: Detect and prevent unauthorized transactions, monitor for suspicious activity
• Compliance: Meet regulatory requirements under RBI, TRAI, and applicable Indian laws
• Communication: Send transaction receipts, OTPs, service updates, and promotional offers (with consent)
• Analytics: Understand usage patterns to improve features and user experience
• Dispute Resolution: Investigate and resolve transaction disputes, chargebacks, and complaints

3. Data Sharing & Disclosure

We share your information only in the following circumstances:

• Payment Partners: Banks, payment aggregators, and gateways to process your transactions
• Service Providers: BBPS billers, mobile operators, DTH providers, and gift card suppliers
• KYC Verification: UIDAI, NSDL, and authorized verification agencies
• Legal Requirements: When required by law, regulation, court order, or government authority
• Fraud Prevention: With law enforcement or regulatory bodies to investigate fraud
• Business Transfers: In connection with any merger, acquisition, or sale of assets

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Security

We implement industry-standard measures to protect your data:

• Encryption: All data transmitted using TLS 1.2+ (HTTPS). Sensitive data encrypted at rest using AES-256
• Access Controls: Role-based access with multi-factor authentication for internal systems
• PCI DSS Compliance: Card data handled through PCI DSS-compliant payment partners
• Regular Audits: Periodic security assessments, vulnerability testing, and code reviews
• OTP Security: One-time passwords expire after use and are stored using secure hashing
• Monitoring: 24/7 system monitoring for unauthorized access attempts

5. Data Retention

We retain your personal data for as long as your account remains active and as required to fulfil the purposes outlined in this policy. Transaction records are retained for a minimum of 10 years as per RBI and income tax regulations. Upon account closure, personal data is anonymised or deleted within 180 days, except where retention is required by law.

6. Your Rights

Under applicable data protection laws, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate or incomplete information
• Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Withdraw Consent: Opt out of marketing communications at any time
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at privacy@diaspay.in.

7. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete such information.

8. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email, in-app notification, or a prominent notice on our website. Continued use of our Services after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

10. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

11. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the Grievance Officer for the purpose of this Privacy Policy is: