Privacy Policy
Last Updated: October 20, 2024. This policy governs how Speedx Innovations Private Limited handles your data across all digital payment touchpoints.
01Introduction
Speedx Innovations Private Limited ("Company", "UPITranzact", "we", "us", or "our") respects your privacy and is committed to protecting the Personal Data (defined below) of its users—Merchants, Prospective Merchants, and End-Customers. This Privacy Policy outlines our practices regarding the collection, use, processing, and disclosure of your information through our website (www.upitranzact.com), digital switch, APIs, and dashboard.
By accessing or using our Services, you agree to be bound by the terms of this Policy. If you do not agree with these practices, please refrain from using our platform.
02Scope & Applicability
This Policy applies to all individuals and entities who access the Services of UPITranzact. It covers information collected online through the website and mobile applications, as well as data captured during transaction processing via our payment switch. This Policy is designed to comply with the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023 (DPDP Act), and relevant RBI mandates on payment aggregators.
03Definitions
Personal Data
"Any data about an individual who is identifiable by or in relation to such data." This includes names, email addresses, contact numbers, and identification numbers.
Sensitive Personal Data
"Financial information such as bank account details, credit/debit card numbers, biometric information, and official identifiers like PAN and Aadhaar."
Data Principal
"The individual to whom the personal data relates."
04Information We Collect
A. Information You Provide to Us
Registration & Profile: When you create a merchant account, we collect your full name, business name, professional email address, phone number, and physical business address.
KYC Documentation: To comply with legal mandates, we collect documents such as Permanent Account Number (PAN), Goods and Services Tax (GST) registration details, Aadhaar (masked), and Director/Proprietor identification proofs.
Financial Information: We collect your bank account number, IFSC code, and branch details to facilitate settlements. For customers, we may temporarily handle (but not store in raw form) card details or UPI IDs to process payments.
B. Information Collected Automatically
When you interact with our website or APIs, we automatically capture technical logs to ensure security and improve service performance:
05How We Use Your Information
Your data is used solely for the purpose of providing and enhancing our fintech services. This includes:
Service Delivery
Processing transactions, facilitating settlements, and providing real-time dashboard analytics.
Security & Fraud
Verifying identities during onboarding and monitoring transactions for suspicious behavior or high-risk activity.
Compliance
Maintaining mandatory audit trails as per RBI and NPCI guidelines and responding to legal requests from financial regulators.
Communication
Sending transaction receipts, security alerts, and system maintenance updates.
06Consent Mechanism
In accordance with the DPDP Act 2023, all data collection is based on explicit, informed, and free consent. By checking the consent boxes during registration or by initiating a transaction through our switch, you provide us the authority to process your data for the specified purposes.
Withdrawal of Consent
You have the right to withdraw your consent at any time. However, please note that withdrawing consent for core payment processing data will result in the immediate termination of your ability to use the Services, as we cannot fulfill transactions without these mandatory data points. To withdraw consent, please contact privacy@upitranzact.com.
08Data Localization
In strict compliance with the RBI's Directive on Storage of Payment System Data (April 2018), we ensure that the entire data relating to payment systems processed by us is stored only in India.
This includes end-to-end transaction details, information collected, carried, and processed as part of the payment message, as well as any customer data captured.
09Data Security Measures
We employ "Privacy by Design" principles to ensure that security is baked into every layer of our infrastructure:
Data at rest is protected with AES-256 encryption. Data in transit is secured via TLS 1.3 tunnels.
Strict Identity and Access Management (IAM) protocols with Multi-Factor Authentication (MFA).
24/7 real-time intrusion detection and behavioral analysis of API traffic.
Regular quarterly security audits and vulnerability assessments (VAPT).
10Data Retention
We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Transaction Records: Retained for a minimum of 10 years as per AML/KYC guidelines.
- KYC Data: Retained for the duration of the merchant relationship + 5 years post-termination.
- Session Logs: Retained for 180 days to support platform security forensics.
11Your Rights (Data Principal Rights)
Right to Access
You can request a summary of your personal data being processed and with whom it has been shared.
Right to Correction
You can update, complete, or correct any inaccurate personal data in our records.
Right to Erasure
You can request the deletion of your data once the purpose of its processing is fulfilled (subject to legal retention mandates).
Right of Grievance Redressal
You maps escalate any privacy concerns to our Nodal Officer if you are not satisfied with our standard support.
Privacy & Grievance Office
Dedicated channel for data protection inquiries as per DPDP Act Section 10.
Grievance Redressal Officer (GRO)
83, DARAULI, ZAMANIA, Zamania Bazar, Zamania, Ghazipur- 232329, Uttar Pradesh
Integrity • Transparency • Innovation