Privacy Policy

1. Who We Are

ZingPay is a payment gateway operated by PayAxis Private Limited (CIN: U74999XX2024PTC000000), a company incorporated under the Companies Act, 2013, with its registered office in India. We are a payment aggregator regulated in accordance with the Reserve Bank of India (RBI) guidelines on Payment Aggregators and Payment Gateways.

2. Information We Collect

We collect the following categories of information:

2.1 From Merchants

• Business registration details (company name, CIN, GSTIN, PAN)
• Director / proprietor KYC documents (Aadhaar, PAN, passport)
• Bank account details for settlement
• Contact information (email, phone)
• Website / app URLs and business description

2.2 From Customers (End-Users)

• Payment instrument details (card number is tokenised — we never store raw card data)
• UPI ID or VPA for UPI payments
• Name and email for payment receipt
• Device and browser information for fraud detection
• IP address and geolocation (approximate)

2.3 Automatically Collected

• Log data (API calls, timestamps, error codes)
• Cookies and session identifiers on our web checkout
• Transaction metadata (amount, currency, status)

3. How We Use Your Information

• Processing Payments: To authorise, capture, settle, and refund transactions.
• KYC & Compliance: To verify merchant identity in accordance with RBI, PMLA, and FEMA regulations.
• Fraud Prevention: To detect and prevent fraudulent transactions using ML models and rule engines.
• Customer Support: To resolve disputes, chargebacks, and queries.
• Product Improvement: Anonymised, aggregated data to improve our services.
• Legal Obligations: To comply with court orders, regulatory requests, and applicable law.

4. Data Storage & Security

All data is stored on servers located in India. We implement the following security measures:

• PCI DSS Level 1 certification — the highest standard for payment data security
• 256-bit AES encryption at rest; TLS 1.2+ in transit
• Card numbers are never stored — we use tokenisation (RBI-compliant)
• Multi-factor authentication for all internal systems
• Regular third-party penetration testing
• SOC 2 Type II audited infrastructure

5. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

• Banks & Card Networks: Visa, Mastercard, RuPay, NPCI — to process payments.
• Acquiring Banks: Our banking partners for settlement.
• Fraud Prevention Partners: For fraud scoring and device fingerprinting.
• Regulatory Authorities: RBI, FIU-IND, law enforcement — when legally required.
• Merchants: Transaction data related to their own customers.

6. Data Retention

• Transaction records: 8 years (as required by RBI guidelines)
• KYC documents: 5 years from the end of the business relationship
• Log data: 2 years
• Cookie data: As per cookie expiry (typically 30–90 days)

7. Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), you have the right to:

• Access: Request a copy of personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Erasure: Request deletion of your data (subject to legal retention requirements).
• Grievance: Lodge a complaint with our Data Protection Officer.

To exercise these rights, email us at [email protected] with "Data Request" in the subject line.

8. Cookies

Our web checkout uses cookies for session management, fraud detection, and analytics. You can disable cookies in your browser, but this may affect checkout functionality. We do not use third-party advertising cookies.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via email to registered merchants at least 14 days in advance. Continued use of ZingPay after the effective date constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related queries or to exercise your rights, contact our Data Protection Officer:

PayAxis Private Limited
Email: [email protected]
Subject: Privacy / DPO Request