Enterprise Data Protection & Privacy Policy

B. Enterprise Data Protection & Privacy Policy

1. Data Fidelity and Compliance with the DPDP Act, 2023

Evyaparpay Financial Technologies Private Limited executes all personal data ingestion, processing pipelines, structural retention, and communication workflows in absolute alignment with the provisions of the Digital Personal Data Protection Act, 2023 (DPDP Act). Ingested data objects encompass user identification vectors, cryptographically masked biometric hashes, verified PAN strings, financial institution accounts, transactional payloads, geographic location metrics, and specialized unique machine device parameters.

2. Sovereign Data Localization and Cryptographic Storage Protections

Pursuant to the strict structural data-localization mandates enforced by the Reserve Bank of India, all transaction records, structural logging metadata, and core ledger balances are localized, executed, and archived exclusively on highly resilient cloud storage infrastructure physically located within the sovereign borders of the Republic of India. In-transit payloads are shielded utilizing TLS 1.3 encryption protocols, while archival assets are continuously hardened using institutional-grade 256-bit Advanced Encryption Standards (AES-256).

3. Right to Correction, Erasure, and Principal Data Rights

Every Data Principal (User) retains the absolute statutory right under the DPDP Act, 2023, to demand the inspection, formal rectification, updating, or systemic erasure of their personal profile data elements. However, data objects required by financial sector regulators for statutory multi-year auditing compliance, financial transaction logging, and national security directives cannot be systemically deleted until the expiration of the legally mandated retention timeline.

4. Data Collection

We collect information you provide during registration, KYC onboarding, transactions, and support interactions. This includes name, contact details, identity documents, financial account information, and device identifiers necessary for fraud prevention.

5. Data Sharing

We do not sell personal data. Information may be shared with regulatory authorities (RBI, FIU-IND), payment networks (NPCI), insurance partners (IRDAI-regulated entities), and service providers under strict contractual obligations and only as required for service delivery or legal compliance.

6. Contact for Data Requests

To exercise your data rights under the DPDP Act, 2023, contact our Grievance Redressal Officer at risk@zepay.money.