Privacy Policy (DPDP Act 2023 Compliant)

Privacy Policy

VeerPay (“VeerPay,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, and security of personal and financial information entrusted to us by our users. This Privacy Policy describes the manner in which VeerPay collects, uses, processes, stores, discloses, and safeguards personal data when users access or use our website, applications, products, and services.

This Policy is framed in accordance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023, relevant rules there under, and other applicable financial, banking, and regulatory requirements. By using VeerPay’s services, you acknowledge and consent to the collection and processing of your information as described in this Privacy Policy.

1. Who We Are

VeerPay is a digital payment and transaction facilitation platform that enables secure electronic payments and financial transactions for individuals and businesses. VeerPay provides technology-driven payment solutions designed to ensure efficiency, reliability, regulatory compliance, and data security.

Our platform acts as an intermediary that facilitates payment processing through authorized banking institutions, card networks, and regulated financial partners. VeerPay does not operate as a bank but works in coordination with licensed entities to deliver compliant payment services while maintaining high standards of trust and transparency.

2. General Privacy Policy

VeerPay places the highest importance on user privacy and data protection. We collect and process personal data only for lawful purposes that are directly related to the delivery of our services and compliance with regulatory obligations.

Our privacy practices are guided by the following principles:

• Collection of data only when necessary and lawful
• Use of data solely for specified and legitimate purposes
• Limitation of data access to authorized personnel only
• Protection of data against unauthorized access, misuse, loss, or disclosure
• Retention of data only for as long as legally or operationally required

VeerPay does not sell, lease, or commercially exploit personal data of users under any circumstances.

3. Security of Information

VeerPay employs robust administrative, technical, and physical safeguards to ensure the security and integrity of personal and financial data. These measures include, but are not limited to:

• Data encryption during transmission and storage
• Secure servers and restricted access controls
• Role-based access to sensitive information
• Continuous monitoring and periodic security assessments
• Compliance with industry security standards, including PCI-DSS

All payment- related data is processed through secure, PCI-DSS compliant infrastructure. VeerPay does not store sensitive card authentication data such as CVV, PINs, or full magnetic stripe data. While we strive to use commercially acceptable means to protect information, users acknowledge that no digital transmission or storage system is completely risk-free.

4. Data Collection

VeerPay may collect, store, and process Sensitive Personal Data or Information (SPDI) and other personal data, including but not limited to:

• Full name and date of birth
• Contact information such as email address and phone number
• Billing and residential address
• Transaction details, payment references, and transaction history
• Identity verification documents and information required for KYC compliance

Card-related information is not stored in raw form. All card numbers are securely tokenized using PCI-DSS compliant protocols and processed through authorized payment gateways and banking partners.

Data may be collected directly from users, automatically through the use of our services, or from authorized third-party service providers strictly for lawful purposes.

5. Purpose of Processing

VeerPay processes personal and sensitive data only for legitimate business and regulatory purposes, including:

• Facilitating and completing payment transactions
• Verifying user identity and conducting customer due diligence
• Complying with Know Your Customer (KYC), Anti-Money Laundering (AML), and counter-terrorism financing obligations
• Detecting, preventing, and investigating fraud, unauthorized activity, or security incidents
• Maintaining transaction records, audit logs, and internal controls
• Complying with legal, regulatory, tax, and reporting requirements

Data is not processed in a manner incompatible with these stated purposes unless permitted or required by law.

6. Data Sharing and Disclosure

VeerPay shares personal information strictly on a need-to-know basis and only where lawful and necessary. Information may be disclosed to:

• Regulated banking partners and financial institutions
• Card networks such as Visa and MasterCard
• Payment processors, technology vendors, and service providers operating under contractual confidentiality obligations
• Government authorities, regulators, statutory bodies, or law enforcement agencies when required by applicable law, regulation, or judicial order

All third parties are required to adhere to appropriate data protection and security standards consistent with this Privacy Policy and applicable laws.

7. Data Retention

VeerPay retains personal and transactional data only for the duration necessary to fulfill the purposes outlined in this Policy or as mandated by applicable laws and regulations.

Financial and transactional records may be retained for a period ranging from five (5) to ten (10) years, or longer if required under banking, taxation, anti-money laundering, or regulatory frameworks. Upon expiration of the retention period, data is securely deleted, anonymized, or archived in accordance with applicable standards.

8. Your Rights

In accordance with the Digital Personal Data Protection Act, 2023, users are entitled to the following rights:

• The right to obtain confirmation of whether their personal data is being processed
• The right to access personal data held by VeerPay
• The right to request correction or updating of inaccurate or incomplete information
• The right to request erasure of personal data, subject to legal and regulatory retention obligations

Requests related to data rights will be evaluated and addressed within a reasonable timeframe, provided such requests do not conflict with mandatory record-keeping or compliance requirements.

9. User Responsibilities

Users are responsible for maintaining the confidentiality of their account credentials and for all activities conducted through their account. Users must notify VeerPay immediately in the event of suspected unauthorized access, data breach, or misuse of their account.

10. Changes to This Privacy Policy

VeerPay reserves the right to revise, update, or modify this Privacy Policy at any time to reflect changes in legal, regulatory, technological, or operational requirements. Any changes will be published on the VeerPay website, and continued use of the services shall constitute acceptance of the updated Privacy Policy.

10. Grievance Officer: Mrs. Pooja Sabarwal, email: legal@veerpay.com.