Privacy Policy

1. Introduction

Digifinpay ("we", "our", "us") is committed to protecting the privacy of customers, merchants and partners. This Privacy Policy explains how we collect, use, share and protect personal information when you use Digifinpay services including AEPS (Aadhaar Enabled Payment System), MicroATM and other digital financial services.

2. Information we collect

• Identity & contact: name, mobile number, email, address.
• KYC & government IDs: Aadhaar number (where required), PAN, passport or other IDs for onboarding.
• Biometric data & AEPS inputs: biometric templates (fingerprint/IRIS) captured during transaction flows by microATM / biometric PoS devices. Note: Digifinpay processes biometric authentication strictly as per NPCI & bank rules — biometric templates are not stored on our servers unless explicitly required by the bank/partner and will be handled only in permitted secure flows. (See section on retention below.)
• Transaction data: bank account info (masked), transaction amounts, timestamps, merchant IDs.
• Device & technical: device identifiers, IP, geo-location (if enabled), app logs for fraud/security prevention.

3. How we use information

• To process transactions and provide AEPS and other services.
• To verify identity and meet bank & regulatory KYC obligations.
• To detect and prevent fraud, abuse, and security incidents.
• To send transactional alerts, receipts, statements and support communications.
• To comply with lawful requests from courts, regulators and banks.

4. Biometric & Aadhaar-specific handling

AEPS transactions use Aadhaar-linked authentication through biometric capture. We do not use Aadhaar or biometric data for any purpose outside the transaction authentication flow. Where biometric templates or Aadhaar details are transmitted, they are encrypted end-to-end and handled according to NPCI / bank requirements. For a formal definition and permitted AEPS transactions, see NPCI AePS product overview. :contentReference[oaicite:9]{index=9}

5. Data retention & deletion

We retain personal and transactional data for the period required by applicable law and by our contractual commitments with banks and regulators. Biometric templates are retained only as per bank/integration requirements and NPCI rules; otherwise biometric data is not persisted beyond the required transaction authentication lifecycle.

6. Sharing & third parties

We share limited personal data with: partner banks, payment gateways, NPCI (if required), regulatory authorities, fraud-prevention partners, and our KYC/verification vendors. We do not sell personal data to third parties.

7. Security

We use industry-standard encryption, secure key management, access controls and regular audits. We implement technical and organizational measures to safeguard biometric and financial data.

8. Your rights

You may request access, correction, or deletion of your personal data subject to legal restrictions (e.g., obligation to retain transaction data for regulatory reporting). For privacy requests contact:

privacy@digifinpay.com

9. Updates to this policy

We may update this policy to reflect changes in law, business practices, or platforms. We will publish the effective date at the top.

References: NPCI AePS documentation and industry guides for biometric & AEPS flows. :contentReference[oaicite:10]{index=10}