Privacy Policy

1. Introduction

KUPIS Fintech Private Limited ("we", "us", "our", or "the Company") is a technology company registered under the Companies Act, 2013, headquartered in Rajahmundry, Andhra Pradesh, India. We operate websites and platforms including kupisfintech.com, kreativeupi.com, and verifynow.ind.in.

This Privacy Policy describes how we collect, use, store, and protect personal and business information when you visit our websites, use our services, or interact with our platforms. By using our services, you agree to the practices described in this Policy.

2. Information We Collect

2.1 Information You Provide to Us

• Contact Information: Name, email address, mobile number, and company name when you fill out contact or enquiry forms.
• Account Information: Username, password (hashed), and profile details when you register on VerifyNow.
• Identity Documents: Aadhaar number, PAN number, GSTIN, or bank account details when you use our verification services.
• Communications: Messages, enquiries, or support requests you send to us.
• Business Information: Company registration details, business address, and operational information for B2B clients.

2.2 Information Collected Automatically

• Usage Data: Pages visited, time spent, clicks, and navigation patterns on our websites.
• Device Information: IP address, browser type, operating system, device type, and screen resolution.
• Cookies: Session cookies for login state and preference cookies for website functionality.
• Log Data: Server logs including access timestamps, referring URLs, and error information.

2.3 Third-Party Verification Data

When you use our verification services (Aadhaar, PAN, GST, or bank verification), we receive data from government databases and financial institutions solely for the purpose of completing the requested verification. We do not store raw Aadhaar biometric data.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide verification APIs, process transactions, and operate our platforms.
• Communication: To respond to enquiries, provide customer support, and send service notifications.
• Account Management: To create and manage user accounts on VerifyNow and our API platforms.
• Billing: To process payments and maintain billing records for B2B services.
• Legal Compliance: To comply with applicable Indian laws, regulations, and court orders.
• Security: To detect fraud, prevent abuse, and secure our systems.
• Service Improvement: To analyze usage patterns and improve our products and services.
• Marketing: To send relevant product updates and offers with your consent (you can opt out at any time).

4. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract: Where processing is necessary to deliver services you have requested or contracted for.
• Consent: Where you have given explicit consent (e.g., for marketing communications).
• Legal Obligation: Where we are required to process data to comply with applicable law.
• Legitimate Interests: Where processing is in our legitimate interest to operate and improve our services, provided these do not override your rights.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data in the following circumstances:

5.1 Verification Partners

For identity and business verification services, we pass relevant identifier data (Aadhaar number, PAN, GSTIN, bank details) to authorised verification service providers and government APIs solely to complete the verification you requested. Results are returned to you; raw data is not retained beyond what is necessary for the verification transaction.

5.2 Service Providers

We engage third-party vendors for hosting, payment processing, SMS delivery, WhatsApp API, and analytics. These vendors process data only as instructed by us and under confidentiality obligations.

5.3 Legal Requirement

We may disclose information when required by law, court order, or regulatory authority, or to protect the rights, property, or safety of KUPIS Fintech, our users, or the public.

5.4 Business Transfer

In the event of a merger, acquisition, or asset transfer, your data may be transferred as part of that transaction, subject to continued privacy protections equivalent to this Policy.

6. Aadhaar Data — Special Provisions

KUPIS Fintech processes Aadhaar numbers in accordance with the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, and UIDAI regulations. Specifically:

• We do not store full Aadhaar numbers in plain text after verification is completed.
• Biometric data is never collected or stored by us.
• Aadhaar data is used only for the verification purpose consented to by the data principal.
• We comply with all UIDAI circulars and data protection requirements applicable to Authentication Service Agencies (ASA) and KUA.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy:

• Verification Records: Retained for a minimum period as required by applicable Indian laws and regulations.
• Account Data: Retained until account deletion request is fulfilled, plus a post-deletion period for legal compliance.
• Transaction Logs: Retained for financial audit purposes as required by law (typically 7 years for financial records).
• Contact Form Data: Retained for 1 year or until the matter is resolved, whichever is later.

8. Data Security

We implement industry-standard security measures to protect your information:

• All data transmitted to and from our websites is encrypted via HTTPS/TLS.
• Sensitive data (passwords, API keys) is stored using one-way hashing and encryption.
• Access to production data is restricted to authorised personnel only.
• We conduct regular security reviews and maintain audit logs.
• Our servers are hosted in secure data centres with physical and logical access controls.

No system is 100% secure. If you suspect your account has been compromised, please contact us immediately at contact@kupisfintech.com.

9. Cookies

Our websites use cookies to improve your experience. Types of cookies we use:

• Essential Cookies: Required for website functionality (login sessions, security tokens).
• Analytics Cookies: To understand how visitors use our website (anonymous usage data).
• Preference Cookies: To remember your settings and preferences.

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.

10. Your Rights

Subject to applicable Indian law, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete data.
• Right to Deletion: Request deletion of your personal data (subject to legal retention requirements).
• Right to Withdraw Consent: Withdraw consent for marketing communications at any time.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing for direct marketing purposes.

To exercise any of these rights, contact us at contact@kupisfintech.com. We will respond within 30 days.

11. Third-Party Links

Our websites may contain links to third-party websites (payment gateways, government portals, etc.). We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies.

12. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a person under 18, we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website and, where appropriate, by email. The effective date at the top of this page indicates when this Policy was last updated. Continued use of our services after a change constitutes acceptance of the updated Policy.

14. Grievance Officer

In accordance with the Information Technology Act, 2000 and applicable rules, the name and contact details of our Grievance Officer are:

15. Contact Us

For privacy-related questions, requests, or complaints, please contact:

• Email: contact@kupisfintech.com
• Website: kupisfintech.com/contact
• Address: KUPIS Fintech Private Limited, Rajahmundry, Andhra Pradesh, India