Finyatra Private Limited ("Finyatra," "we," "us," or "our"), based in Lucknow, India (Pincode: 226010), provides payment acceptance and business management services via its website and mobile application (the "Platform"). This Privacy Policy describes how we collect, use, process, and disclose the personal and business information of our registered Merchants/Users and the transactional data processed for their customers ("End-Customers").

1. Scope

This policy applies to all information collected directly from Merchants during account setup and usage, and to Transaction Data processed by our platform.

2. Information We Collect

We collect two primary categories:

Merchant Data (for registration, KYC, and account management)

• Identity and Contact: Name, business name, address, email, mobile number, and contact details
• KYC and Regulatory: PAN, GST Number (if applicable), Proof of Address (Aadhaar/Voter ID), and documents required by Indian law or banking partners
• Financial: Bank account number, IFSC code, and account holder name
• Usage: Platform activities, features accessed, preferences

Transaction Data (processed for payment acceptance)

• Transaction amount, time, date, status, payment method (e.g., card type, Net Banking provider), and unique identifiers
• Masked/tokenized instrument details (such as last four digits of cards; Finyatra **does not store full card numbers or CVV**)
• Customer information tied to transactions (email or phone, if provided by Merchant or payment channel)

3. Usage of Information

Information is used for:

• Payment processing and fund settlement
• KYC/AML compliance (as required by RBI and other Indian regulators)
• Risk and fraud management; monitoring transactions to prevent unauthorized/fraudulent activity
• Service delivery, troubleshooting, customer support, and to enhance platform features
• Communication: Service-related updates, invoices, and alerts (including chargeback notifications)

4. Disclosure and Sharing

Information is shared only as necessary and under strict conditions:

• With financial partners (banks, card networks, payment gateway providers) to process and settle transactions
• For legal, regulatory, or government authority requirements (e.g., RBI, tax authorities)
• With third-party service providers (e.g., for identity verification, fraud prevention, data analytics), under contractually mandated confidentiality and security
• In case of business transfers (merger/acquisition), Merchant Data may be transferred as part of the transaction

5. Data Security and Retention

• Security: Industry-standard security measures (encryption, access controls) protect data from unauthorized access or misuse.
• Retention: Data is retained for as long as your account stays active, and for additional periods as legally required (for KYC, AML, or tax compliance). After this, data is securely deleted or anonymized.

6. Merchant Obligations for End-Customer Data

Merchants must ensure their own compliance with applicable data protection laws for any data directly collected from End-Customers, including a legally compliant **Privacy Policy for their own site/app** which covers Finyatra's payment processing activities.

7. Policy Updates

We may update this policy as our business, technology, or legal requirements change. Material policy changes will be notified via email or prominent Platform notices.

8. Contact & Grievance Officer

For privacy questions or concerns, contact:

• Attention: Grievance Officer, Finyatra Private Limited
• Email: info@finyatra.in
• Registered Office: Lucknow, Uttar Pradesh, India – 226010