Last Updated: 1 June 2025

Privacy Policy

We are committed to protecting your privacy and handling your data with transparency and care.

Minimal Data Collection Only what's needed to serve you
No Data Selling Your data is never sold to third parties
Your Rights Access, correct, or delete your data
This Privacy Policy explains how DSEWA SERVICES INDIA PRIVATE LIMITED We collects, uses, stores, shares, and protects information about you when you use our platform, mobile application, website, and related services (collectively, the "Platform"). It applies to all users including retailers, distributors, master distributors, and end customers.

1. Introduction

At FinPe, privacy is a foundational principle — not an afterthought. We are committed to being transparent about the data we collect, why we collect it, and how we use it to deliver secure and reliable financial services to millions of Indians.

This Policy is drafted in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (DPDPA), and guidelines issued by the Reserve Bank of India (RBI).

By accessing or using the FinPe Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform.

2. Who We Are

DSEWA SERVICES INDIA PRIVATE LIMITED is the Data Fiduciary (controller) responsible for your personal data. We are a registered fintech company operating as a Business Correspondent (BC) / sub-BC network under the BC framework of the Reserve Bank of India, providing last-mile financial and digital services across India.

  • Registered Name: DSEWA SERVICES INDIA PRIVATE LIMITED
  • Mobile: +91-9217843115
  • Email: Available via support@finpe.net

3. Data We Collect

We collect the minimum data necessary to provide our services, comply with regulations, and improve the platform. The categories of data we collect include:

Category Examples Who It Applies To
Identity Data Full name, date of birth, gender, photograph Partners & End Customers
Contact Data Mobile number, email address, residential / business address Partners & End Customers
Government ID Data Aadhaar number (masked), PAN number, Voter ID, Driving Licence Partners & End Customers (KYC)
Financial Data Bank account number, IFSC code, wallet balance, transaction history Partners & End Customers
Business Data Shop name, GSTIN, business category, geo-location of outlet Partners only
Device & Technical Data IP address, device ID, OS version, app version, browser type All users
Usage Data Login timestamps, features accessed, transaction logs, error reports All users
Location Data GPS coordinates at time of transaction (where permitted) Partners (AEPS / Micro ATM)
Biometric Data: Fingerprint or iris data processed during AEPS transactions is handled exclusively within the UIDAI-authorised biometric ecosystem. FinPe does not store, process, or retain any biometric data on its own servers.

4. How We Collect Your Data

We collect your personal data through the following channels:

  • Direct Registration: Information you provide when signing up as a Partner or entering customer details for a transaction.
  • KYC Process: Identity and address documents submitted during eKYC verification via Aadhaar OTP or biometric authentication.
  • Transactions: Details entered or captured during payment, transfer, recharge, or other service transactions.
  • Platform Usage: Automatically collected data such as device information, IP address, log data, and session activity when you use our app or website.
  • Third-Party Sources: Information received from banks, NPCI, UIDAI, NSDL/UTI, insurance companies, or other regulated partners to verify identity or complete services.
  • Customer Support: Data you share when you contact our support team via phone, email, or chat.

5. Purpose of Use

We use the data we collect for the following specific purposes:

  • Service Delivery: Activating your account, processing transactions, and providing all services available on the Platform.
  • Identity Verification (KYC): Verifying the identity of partners and customers as required by RBI, UIDAI, and other regulatory authorities.
  • Regulatory Compliance: Meeting obligations under AML, CFT, PMLA 2002, FEMA 1999, and other applicable laws including audit and reporting requirements.
  • Fraud Detection & Prevention: Monitoring transactions for suspicious activity, preventing unauthorised access, and protecting the platform from abuse.
  • Customer Support: Responding to your queries, complaints, and grievances efficiently.
  • Commission & Settlement: Calculating, crediting, and reconciling your earnings and wallet balance.
  • Platform Improvement: Analysing usage patterns to improve features, reliability, and user experience (using anonymised/aggregated data).
  • Marketing & Notifications: Sending you relevant service updates, offers, and platform notifications — you may opt out of promotional communications at any time.
  • Legal & Dispute Resolution: Maintaining records necessary to resolve disputes, enforce agreements, and comply with court orders or regulatory directives.


7. How We Share Your Data

FinPe does not sell your personal data. We share data only in the following limited circumstances:

  • Regulated Financial Partners: Banks, NPCI, UIDAI, NSDL/UTI, insurance companies, and payment networks as necessary to process your transactions.
  • Technology Service Providers: Cloud hosting, analytics, SMS/notification gateways, and other IT vendors who process data on our behalf under strict data processing agreements.
  • Distributor / Master Distributor Network: Aggregated performance data (not personal data) may be visible to your up-line distributor for commission and hierarchy management.
  • Regulatory & Law Enforcement Authorities: We disclose data to government bodies, courts, or regulators when required by law, court order, or to protect FinPe's legal rights.
  • Auditors & Legal Advisors: Professionals bound by confidentiality obligations who assist with compliance, audits, or legal matters.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.
All third-party service providers are contractually bound to process your data only as instructed by FinPe and to maintain appropriate security standards.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

Data Type Retention Period Basis
KYC & Identity Documents 5 years after account closure PMLA 2002 / RBI BC Guidelines
Transaction Records 5 years from transaction date PMLA 2002 / Payment Systems Act
Account & Profile Data Duration of partnership + 5 years Contractual & Legal Obligation
Device & Usage Logs 90 days (security logs: 1 year) Legitimate Interest / Security
Marketing Preferences Until opt-out or account closure Consent
Customer Support Records 3 years from resolution Legitimate Interest / Legal

After the applicable retention period, data is securely deleted or anonymised so that it can no longer be associated with you.


9. Security Measures

We implement industry-standard technical and organisational measures to protect your data against unauthorised access, loss, alteration, or disclosure:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: Sensitive personal and financial data is encrypted at rest using AES-256 encryption.
  • PCI-DSS Compliance: Our payment processing infrastructure meets Payment Card Industry Data Security Standards.
  • Multi-Factor Authentication: Partner accounts are protected by password, MPIN, and OTP-based two-factor authentication.
  • Access Controls: Internal access to personal data is restricted on a need-to-know basis with role-based access controls and audit logging.
  • Vulnerability Management: Regular penetration testing, security audits, and patch management are conducted to identify and address security risks.
  • Incident Response: We have a documented data breach response procedure. In the event of a breach affecting your rights, you will be notified as required by law.
No security system is impenetrable. While we take every reasonable precaution, we cannot guarantee absolute security. Please keep your credentials confidential and report any suspicious activity to us immediately.

10. Cookies & Tracking Technologies

Our website and web-based Partner Portal use cookies and similar tracking technologies to enhance your experience. We use:

  • Strictly Necessary Cookies: Essential for logging in, navigating, and using secure features of the portal. Cannot be disabled.
  • Functional Cookies: Remember your preferences such as language and session settings.
  • Analytics Cookies: Help us understand how users interact with the platform so we can improve it (e.g., Google Analytics — anonymised data only).
  • Security Cookies: Used to detect and prevent fraud and protect your session.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the portal. Our mobile app does not use browser cookies but may use similar device-based identifiers for session management and analytics.


11. Your Rights

Under the Digital Personal Data Protection Act, 2023 and applicable laws, you have the following rights with respect to your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Correction

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your data, subject to legal retention obligations.

Right to Withdraw Consent

Withdraw consent at any time where processing is consent-based.

Right to Grievance

Lodge a complaint with our Grievance Officer or the Data Protection Board of India.

Right of Nominee

Nominate a person to exercise your data rights in case of death or incapacity.

To exercise any of the above rights, please contact our Grievance Officer at support@finpe.net. We will respond within 30 days of receiving your request. Please note that some requests may be limited where we have legal obligations to retain data.


12. Children's Privacy

The FinPe Platform is not intended for use by individuals under the age of 18 years. We do not knowingly collect personal data from minors. If you believe that a child has provided us with personal data, please contact us immediately at support@finpe.net and we will take steps to delete such data promptly.


13. Cross-Border Data Transfers

FinPe's primary data processing infrastructure is located within India. In limited cases, we may engage technology service providers whose servers are located outside India (e.g., for cloud infrastructure, analytics, or communication tools).

Any cross-border transfer of personal data is carried out in accordance with the provisions of the Digital Personal Data Protection Act, 2023 and applicable RBI guidelines. We ensure that adequate safeguards — such as data processing agreements containing standard contractual clauses — are in place before transferring data internationally.

All sensitive financial and KYC data is stored exclusively on servers within India in compliance with RBI data localisation requirements.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes:

  • The revised Policy will be published on the FinPe website and Partner Portal with an updated "Last Updated" date at the top of the page.
  • For material changes — particularly those that affect your rights or how we use sensitive data — we will notify you via your registered email address or an in-app notification at least 15 days before the change takes effect.
  • Your continued use of the Platform after the effective date of any revision constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Policy periodically. If you have concerns about any change, please contact us before the change takes effect.


15. Contact & Grievance Redressal

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a complaint about how we handle your personal data, please reach out to us:

Privacy & Grievance Officer

We take every privacy concern seriously. Our dedicated privacy team will acknowledge your request within 48 hours and resolve it within 30 days.