Privacy Policy
We are committed to protecting your privacy and handling your data with transparency and care.
1. Introduction
At FinPe, privacy is a foundational principle — not an afterthought. We are committed to being transparent about the data we collect, why we collect it, and how we use it to deliver secure and reliable financial services to millions of Indians.
This Policy is drafted in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (DPDPA), and guidelines issued by the Reserve Bank of India (RBI).
2. Who We Are
DSEWA SERVICES INDIA PRIVATE LIMITED is the Data Fiduciary (controller) responsible for your personal data. We are a registered fintech company operating as a Business Correspondent (BC) / sub-BC network under the BC framework of the Reserve Bank of India, providing last-mile financial and digital services across India.
- Registered Name: DSEWA SERVICES INDIA PRIVATE LIMITED
- Mobile: +91-9217843115
- Email: Available via support@finpe.net
3. Data We Collect
We collect the minimum data necessary to provide our services, comply with regulations, and improve the platform. The categories of data we collect include:
| Category | Examples | Who It Applies To |
|---|---|---|
| Identity Data | Full name, date of birth, gender, photograph | Partners & End Customers |
| Contact Data | Mobile number, email address, residential / business address | Partners & End Customers |
| Government ID Data | Aadhaar number (masked), PAN number, Voter ID, Driving Licence | Partners & End Customers (KYC) |
| Financial Data | Bank account number, IFSC code, wallet balance, transaction history | Partners & End Customers |
| Business Data | Shop name, GSTIN, business category, geo-location of outlet | Partners only |
| Device & Technical Data | IP address, device ID, OS version, app version, browser type | All users |
| Usage Data | Login timestamps, features accessed, transaction logs, error reports | All users |
| Location Data | GPS coordinates at time of transaction (where permitted) | Partners (AEPS / Micro ATM) |
4. How We Collect Your Data
We collect your personal data through the following channels:
- Direct Registration: Information you provide when signing up as a Partner or entering customer details for a transaction.
- KYC Process: Identity and address documents submitted during eKYC verification via Aadhaar OTP or biometric authentication.
- Transactions: Details entered or captured during payment, transfer, recharge, or other service transactions.
- Platform Usage: Automatically collected data such as device information, IP address, log data, and session activity when you use our app or website.
- Third-Party Sources: Information received from banks, NPCI, UIDAI, NSDL/UTI, insurance companies, or other regulated partners to verify identity or complete services.
- Customer Support: Data you share when you contact our support team via phone, email, or chat.
5. Purpose of Use
We use the data we collect for the following specific purposes:
- Service Delivery: Activating your account, processing transactions, and providing all services available on the Platform.
- Identity Verification (KYC): Verifying the identity of partners and customers as required by RBI, UIDAI, and other regulatory authorities.
- Regulatory Compliance: Meeting obligations under AML, CFT, PMLA 2002, FEMA 1999, and other applicable laws including audit and reporting requirements.
- Fraud Detection & Prevention: Monitoring transactions for suspicious activity, preventing unauthorised access, and protecting the platform from abuse.
- Customer Support: Responding to your queries, complaints, and grievances efficiently.
- Commission & Settlement: Calculating, crediting, and reconciling your earnings and wallet balance.
- Platform Improvement: Analysing usage patterns to improve features, reliability, and user experience (using anonymised/aggregated data).
- Marketing & Notifications: Sending you relevant service updates, offers, and platform notifications — you may opt out of promotional communications at any time.
- Legal & Dispute Resolution: Maintaining records necessary to resolve disputes, enforce agreements, and comply with court orders or regulatory directives.
6. Legal Basis for Processing
We process your personal data on the following legal grounds under the Digital Personal Data Protection Act, 2023 and applicable regulations:
- Consent: You have provided explicit consent during registration and KYC for processing your personal data.
- Contractual Necessity: Processing is required to fulfil the Partner Agreement and deliver services you have requested.
- Legal Obligation: We are required to process certain data to comply with RBI, UIDAI, NPCI, SEBI, and other regulatory mandates.
- Legitimate Interest: Processing is necessary for fraud prevention, platform security, and improving our services, where this does not override your fundamental rights.
7. How We Share Your Data
FinPe does not sell your personal data. We share data only in the following limited circumstances:
- Regulated Financial Partners: Banks, NPCI, UIDAI, NSDL/UTI, insurance companies, and payment networks as necessary to process your transactions.
- Technology Service Providers: Cloud hosting, analytics, SMS/notification gateways, and other IT vendors who process data on our behalf under strict data processing agreements.
- Distributor / Master Distributor Network: Aggregated performance data (not personal data) may be visible to your up-line distributor for commission and hierarchy management.
- Regulatory & Law Enforcement Authorities: We disclose data to government bodies, courts, or regulators when required by law, court order, or to protect FinPe's legal rights.
- Auditors & Legal Advisors: Professionals bound by confidentiality obligations who assist with compliance, audits, or legal matters.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
| Data Type | Retention Period | Basis |
|---|---|---|
| KYC & Identity Documents | 5 years after account closure | PMLA 2002 / RBI BC Guidelines |
| Transaction Records | 5 years from transaction date | PMLA 2002 / Payment Systems Act |
| Account & Profile Data | Duration of partnership + 5 years | Contractual & Legal Obligation |
| Device & Usage Logs | 90 days (security logs: 1 year) | Legitimate Interest / Security |
| Marketing Preferences | Until opt-out or account closure | Consent |
| Customer Support Records | 3 years from resolution | Legitimate Interest / Legal |
After the applicable retention period, data is securely deleted or anonymised so that it can no longer be associated with you.
9. Security Measures
We implement industry-standard technical and organisational measures to protect your data against unauthorised access, loss, alteration, or disclosure:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- Encryption at Rest: Sensitive personal and financial data is encrypted at rest using AES-256 encryption.
- PCI-DSS Compliance: Our payment processing infrastructure meets Payment Card Industry Data Security Standards.
- Multi-Factor Authentication: Partner accounts are protected by password, MPIN, and OTP-based two-factor authentication.
- Access Controls: Internal access to personal data is restricted on a need-to-know basis with role-based access controls and audit logging.
- Vulnerability Management: Regular penetration testing, security audits, and patch management are conducted to identify and address security risks.
- Incident Response: We have a documented data breach response procedure. In the event of a breach affecting your rights, you will be notified as required by law.
10. Cookies & Tracking Technologies
Our website and web-based Partner Portal use cookies and similar tracking technologies to enhance your experience. We use:
- Strictly Necessary Cookies: Essential for logging in, navigating, and using secure features of the portal. Cannot be disabled.
- Functional Cookies: Remember your preferences such as language and session settings.
- Analytics Cookies: Help us understand how users interact with the platform so we can improve it (e.g., Google Analytics — anonymised data only).
- Security Cookies: Used to detect and prevent fraud and protect your session.
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the portal. Our mobile app does not use browser cookies but may use similar device-based identifiers for session management and analytics.
11. Your Rights
Under the Digital Personal Data Protection Act, 2023 and applicable laws, you have the following rights with respect to your personal data:
Right to Access
Request a copy of the personal data we hold about you.
Right to Correction
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your data, subject to legal retention obligations.
Right to Withdraw Consent
Withdraw consent at any time where processing is consent-based.
Right to Grievance
Lodge a complaint with our Grievance Officer or the Data Protection Board of India.
Right of Nominee
Nominate a person to exercise your data rights in case of death or incapacity.
To exercise any of the above rights, please contact our Grievance Officer at support@finpe.net. We will respond within 30 days of receiving your request. Please note that some requests may be limited where we have legal obligations to retain data.
12. Children's Privacy
The FinPe Platform is not intended for use by individuals under the age of 18 years. We do not knowingly collect personal data from minors. If you believe that a child has provided us with personal data, please contact us immediately at support@finpe.net and we will take steps to delete such data promptly.
13. Cross-Border Data Transfers
FinPe's primary data processing infrastructure is located within India. In limited cases, we may engage technology service providers whose servers are located outside India (e.g., for cloud infrastructure, analytics, or communication tools).
Any cross-border transfer of personal data is carried out in accordance with the provisions of the Digital Personal Data Protection Act, 2023 and applicable RBI guidelines. We ensure that adequate safeguards — such as data processing agreements containing standard contractual clauses — are in place before transferring data internationally.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes:
- The revised Policy will be published on the FinPe website and Partner Portal with an updated "Last Updated" date at the top of the page.
- For material changes — particularly those that affect your rights or how we use sensitive data — we will notify you via your registered email address or an in-app notification at least 15 days before the change takes effect.
- Your continued use of the Platform after the effective date of any revision constitutes your acceptance of the updated Privacy Policy.
We encourage you to review this Policy periodically. If you have concerns about any change, please contact us before the change takes effect.
15. Contact & Grievance Redressal
If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a complaint about how we handle your personal data, please reach out to us:
Privacy & Grievance Officer
We take every privacy concern seriously. Our dedicated privacy team will acknowledge your request within 48 hours and resolve it within 30 days.