Legal Document  ·  Framework v1.0

Privacy Policy

How Sarthi Pay collects, uses, and protects your personal data — in plain, simple language.

Effective: May 13, 2026
Updated: May 13, 2026
RBI Compliant
India Jurisdiction
NOTE: This is a framework only. A qualified legal professional must draft and review the final Privacy Policy before it is published or enforced.
5.4.1

Data Collected

We collect only what is necessary to deliver our services securely and in full compliance with applicable Indian regulations.

Identity Data
Name, mobile number, email address (if provided)
KYC Documents
Aadhaar, PAN, or other government-issued ID
Financial Data
Bank account details for virtual account linkage
Usage Data
Device info, IP address, and in-app activity logs
5.4.2

Purpose of Collection

Your personal data is processed strictly for the following purposes:

  • Account creation, identity verification, and onboarding
  • KYC compliance as mandated by RBI and PMLA
  • Facilitating secure fund transfers and virtual account operations
  • Sending transactional notifications and service updates
  • Fraud prevention, risk management, and regulatory reporting
  • Improving platform features and overall user experience
5.4.3

Legal Basis for Processing

We process your personal data under one or more of the following legal bases under Indian data protection law:

  • Consent — You have given explicit consent for specific activities
  • Contractual necessity — Processing is required to perform our services
  • Legal obligation — Compliance with RBI, PMLA, and other regulations
  • Legitimate interests — Fraud prevention and platform security
5.4.4

Data Sharing

We do not sell your personal data. We may share it only with:

  • Banking partners and payment processors for transaction execution
  • KYC verification agencies (e.g., UIDAI, NSDL) as required
  • Regulatory and law enforcement authorities under legal obligation
  • Cloud and technology service providers under strict data processing agreements
All third-party partners are contractually bound to process your data only as instructed and in accordance with applicable data protection laws.
5.4.5

Data Retention

We retain personal data only as long as necessary for the purposes stated in this policy, or as required by law.

  • KYC & transaction records: minimum 5 years post account closure (per PMLA)
  • Account and usage data: duration of account + 2 years
  • Marketing preferences: until consent is withdrawn

Upon expiry, data is securely deleted or irreversibly anonymised.

5.4.6

Data Security

Sarthi Pay implements industry-standard technical and organisational measures to protect your data:

256-bit AES Encryption
AI Fraud Detection
Biometric Auth
PCI-DSS Compliant
Role-based Access
Pen Testing
5.4.7

Your Rights

Subject to applicable law, you have the following rights over your personal data:

🔍
Access
Request a copy of the data we hold about you
✏️
Correction
Have inaccurate or incomplete data corrected
🗑️
Erasure
Request deletion where no legal basis exists
🚫
Objection
Object to legitimate-interest processing
📦
Portability
Receive your data in a structured format
↩️
Withdraw Consent
Withdraw at any time without affecting prior processing
5.4.8

Cookies & Tracking

Our platform uses cookies and similar technologies for session management, analytics, and preference storage. You may manage non-essential cookies via your browser settings or our in-app cookie preference centre.

Disabling essential cookies may impair core platform functionality such as login and payments.
5.4.9

Children's Privacy

Sarthi Pay services are not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a minor has provided data, we will delete it promptly. Parents or guardians should contact us immediately at the details below.

5.4.10

Contact Us

For privacy queries, data requests, or complaints, reach our Data Protection Officer:

Data Protection Officer
Sarthi Pay Pvt. Ltd.  ·  Registered in India 🇮🇳
privacy@sarthipay.in 1800-XXX-XXXX (Toll Free) [Registered Office, India]

We aim to respond to all requests within 30 days. If unsatisfied, you may escalate to the relevant data protection authority.