Last updated: 8 July 2024
RushPe Technologies Private Limited ("RushPe", "we", "us") is committed to safeguarding personal data processed through our UPI-native payments platform. This Privacy Policy outlines how we collect, use, disclose, and protect information in line with the Digital Personal Data Protection Act, UPI guidelines, and industry best practices set by leaders such as PhonePe.
We collect information that you provide directly (merchant onboarding documents, contact details, support requests) and information automatically generated through platform usage (transaction metadata, device identifiers, IP addresses). We may also receive data from partner PSP banks, NPCI, credit bureaus, or KYC service providers for verification and risk management.
Processing is grounded in lawful bases such as performance of contract, consent, compliance with legal obligations, and legitimate interests. We use data to provision services, process payments, prevent fraud, resolve disputes, improve our products, and comply with regulatory reporting.
RushPe shares information with partner PSP banks, NPCI, auditors, vendors, and regulators strictly on a need-to-know basis. We require contractual safeguards, confidentiality commitments, and security controls aligned with RBI and NPCI expectations.
We deploy layered security encompassing encryption in transit and at rest, tokenisation, role-based access, endpoint protection, and continuous monitoring. Security practices mirror our ISO 27001 and PCI DSS controls and are reviewed periodically through internal and external audits.
Data is retained only for as long as necessary to fulfil the purposes outlined here or mandated by law (including NPCI circulars and RBI master directions). Post the retention period, data is securely anonymised or destroyed.
Data principals (end customers) may exercise rights to access, correct, update, or delete their personal data, and withdraw consent where applicable. Requests can be raised via privacy@rushpe.co. We may require identity verification before executing requests.
Our websites and dashboards may use cookies, SDKs, or analytics tools to improve performance, remember settings, and detect anomalies. You can control cookies via browser settings. Essential cookies needed for security or transaction completion cannot be disabled.
RushPe stores data primarily in India. Where cross-border transfers are necessary (for backups or global vendors), we ensure adequate safeguards through standard contractual clauses and regulator-aligned controls.
RushPe services are intended for use by authorised merchants and not by individuals below 18 years of age. We do not knowingly collect personal data from minors.
We may revise this Privacy Policy to reflect new product capabilities, regulatory updates, or security practices. Updates will be communicated through dashboards or email notifications. Continued use constitutes acceptance of the updated policy.
For privacy queries or grievances, write to privacy@rushpe.co. Our Data Protection Officer is Ms. Uzma Khan, RushPe Technologies Private Limited, Indiranagar, Bengaluru 560038. Grievances are acknowledged within 24 hours and resolved within 15 business days.