InDhanPay App Privacy Policy

Last updated: April 2026

InDhan PayGate Private Limited ("InDhanPay", "we", "us", or "our") operates the InDhanPay mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. InDhanPay is a fintech and fueltech platform that provides digital payment processing, reconciliation, and retail automation services for fuel stations and merchants across India.

By downloading, installing, or using the App, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please uninstall the App and discontinue use.

1. Information We Collect

1.1 Information You Provide

  • Account & Identity Information: Full name, email address, phone number, date of birth, PAN number, Aadhaar number (where legally required), and government-issued identification documents for KYC verification.
  • Business Information: Business name, business type, GST number, fuel station license details, and related regulatory information.
  • Financial Information: Bank account details, UPI IDs, and transaction details necessary to process payments and settlements.
  • Support & Communication: Messages, feedback, and correspondence you send to us through the App or other support channels.

1.2 Information Collected Automatically

  • Device Information: Device model, operating system version, unique device identifiers (Android ID), screen resolution, and mobile network information.
  • Usage Data: App features used, screens visited, session duration, interaction patterns, and crash/error reports.
  • Log Data: IP address, access timestamps, API request logs, and error diagnostics.

1.3 Permissions We Request

The App may request the following device permissions. Each is used solely for the stated purpose:

  • Internet Access: Required for all App functionality including payment processing, data synchronization, and real-time notifications.
  • Camera: Used for scanning QR codes for payments and capturing documents for KYC verification. The App does not access your camera in the background.
  • Storage (Read/Write): Used to download and store transaction reports, invoices, and receipts on your device.
  • Notifications (Push): Used to send transaction alerts, payment confirmations, and important service updates.
  • Biometric Authentication: Used for secure App login and transaction authorization via fingerprint or face recognition. Biometric data is processed on-device and never transmitted to our servers.
  • Network State: Used to detect connectivity status and optimize offline/online behavior.

All permissions are optional and can be managed through your device settings. Denying certain permissions may limit specific App features.

2. How We Use Your Information

  • Payment Processing: To process UPI payments, bank transfers, settlements, refunds, and generate transaction records.
  • Account Management: To create, verify, and manage your account, including KYC compliance as mandated by RBI regulations.
  • Service Delivery: To provide payment reconciliation, retail analytics, invoicing, and fuel station management features.
  • Security & Fraud Prevention: To detect, prevent, and investigate unauthorized transactions, suspicious activity, and potential fraud.
  • Communication: To send transaction alerts, payment confirmations, security notifications, and service updates via push notifications, SMS, email, or WhatsApp.
  • Legal Compliance: To comply with applicable Indian laws including RBI guidelines, the Information Technology Act, 2000, and other relevant regulations.
  • Improvement: To analyze aggregated, anonymized usage patterns to improve App performance, fix bugs, and develop new features.

3. Data Sharing and Disclosure

We share your information only when necessary and with appropriate safeguards:

  • Payment Partners: With banks, NPCI (for UPI), payment gateways (such as Razorpay), and financial institutions solely to process your transactions.
  • Service Providers: With trusted third-party providers for cloud hosting (AWS), push notifications, SMS delivery, email services, and analytics — each bound by strict data processing agreements.
  • Regulatory Authorities: With RBI, NPCI, law enforcement, or other government authorities when required by law, court order, or regulatory directive.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred as part of that transaction, with prior notice to you.

We do not sell, rent, or trade your personal information to third parties for advertising or marketing purposes.

4. Data Security

We implement the following security measures to protect your data:

  • TLS 1.2/1.3 encryption for all data transmitted between the App and our servers.
  • AES-256 encryption for sensitive data stored at rest on our servers.
  • HMAC-SHA256 request signing for API communications to prevent tampering and replay attacks.
  • Payment processing handled through PCI-DSS certified partners (Razorpay). InDhanPay does not store your card or payment instrument details on its own servers.
  • Secure authentication with JWT tokens and session management.
  • Role-based access controls limiting data access to authorized personnel on a need-to-know basis.

While we take reasonable steps to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

5. Data Retention

  • Account Data: Retained for the duration of your account and for 180 days after account deletion to handle any pending transactions or disputes.
  • Transaction Records: Retained for a minimum of 5 years as required by RBI guidelines and Indian financial regulations.
  • KYC Documents: Retained as mandated by RBI KYC norms (minimum 5 years after business relationship ends).
  • Usage & Analytics Data: Retained in anonymized form for up to 2 years for service improvement purposes.

6. Your Rights

Under applicable Indian laws, including the Information Technology Act, 2000, you have the following rights:

  • Right to Access: Request information about the personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete personal data.
  • Right to Withdraw Consent: Withdraw consent for data processing at any time through the App settings or by contacting us. This may affect your ability to use certain features.
  • Right to Grievance Redressal: Lodge a complaint with our Grievance Officer (details in Section 11 below).

To exercise any of these rights, contact us at support@indhanpay.com. We will respond within 72 hours and resolve your request within 30 days.

7. Children's Privacy

The App is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@indhanpay.com, and we will promptly delete such information.

8. Third-Party Services

The App may integrate with or link to third-party services (payment gateways, banks, UPI apps). These services have their own privacy policies, and we are not responsible for their data practices. We encourage you to review their privacy policies before providing any information.

9. Data Transfer

Your data is primarily stored and processed on servers located in India. In limited cases, data may be processed by our cloud service providers (AWS) in data centers outside India, subject to adequate safeguards and in compliance with applicable laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes through the App (via in-app notification or push notification) and by updating the "Last updated" date at the top of this page. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

11. Grievance Officer

In accordance with the Information Technology Act, 2000, the details of our Grievance Officer are:

  • Name: Utkarsh Jyotishi
  • Designation: Grievance Officer
  • Email: support@indhanpay.com
  • Phone: +91 8120235064
  • Address: CIDI Office, SGSITS Campus, 23 Sir M. Visvesvaraya Marg, Indore, Madhya Pradesh 452003

Grievances will be acknowledged within 24 hours and resolved within 30 days from the date of receipt.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices: