Privacy Policy

Effective Date: 1 August 2021

Last updated: 9th September 2025

Inditab Esolutions Private Limited ("EaseMyDeal", "we", "us") values your privacy and ensures that your personal information is handled with the highest standards of care. This Privacy Policy governs your information when you use our platform—whether via website, mobile app, APIs, or white-label integrations—and is an integral part of our Terms & Conditions.

1. Applicability & Scope

1.1 This Privacy Policy is incorporated by reference into the Terms & Conditions and governs data handling procedures; for service performance, refunds, and dispute forums, refer to the T&C. Covers all EaseMyDeal users accessing services like: recharges, bill payments (BBPS), credit card payments, gold & gift PPI, loans, travel bookings, wallet services, and micro-transactions.

1.2 When accessed via partner whitelabel or API integrations, partner terms govern service delivery; EaseMyDeal's data processing remains strictly limited to disclosed purposes and subject to contractual safeguards with partners.

2. Information We Collect

2.1 Personal Identifiers: Name, Mobile No, Email ID, date of birth, contact details, KYC documents (PAN, Masked Aadhaar, etc.), device identifiers, IP address, and login credentials. Device identifiers and IP addresses are collected for security, fraud prevention, session management, and regulatory audit trails.

2.2 Transactional & Behavioral Data: Recharge & bill details, credit card/loan applications, travel itineraries, transaction histories, geolocation, app usage patterns.

2.3 Sensitive Data: Masked Aadhaar, encrypted financial credentials, and medical or health data if availed via services.

2.4 Cookies & Tracking Data: Session cookies, behavioral analytics, marketing pixels, and device fingerprints.

3. Legal Grounds for Data Processing

3.1 Consent: By default, opt-in for data use beyond service delivery (e.g., marketing, personalization).

3.2 Performance of Contract: Necessary for executing service agreements between the User and EaseMyDeal or third-party providers. Essential transaction facilitation, KYC/AML verification, dispute handling, and settlement processing are performed on the basis of executing the service agreement between the User and EaseMyDeal or third-party service providers.

3.3 Regulatory Compliance: Obligations under RBI, NPCI, IT Act 2000, DPDP Act 2023, SEBI, and more. Regulatory compliance (RBI, NPCI, FIU, IT Act 2000, DPDP Act 2023, SEBI, and other applicable laws) constitutes a legal obligation that permits processing without consent where required by law.

3.4 Legitimate Interests: Improving platform security, preventing fraud, and optimizing service delivery—unless overridden by User rights.

4. Use of Your Information

Transaction facilitation, KYC/AML compliance, dispute resolution, refunds, and chargebacks.
Personalization via AI models: recommendation of products (loans, gift PPI, travel, etc.).
Platform improvement, fraud detection, risk analytics, and internal auditing.
Regulatory & forensic reporting (e.g., to RBI, FIU).
Marketing and promotional communication—with an option to withdraw at any time.
Credit report analysis and scores displayed are for educational purposes only and do not influence lender underwriting decisions.

5. Sharing & Disclosure

5.1 Service Execution: Shared with banks, NBFCs, issuers (gold/gift PPI), partners (travel, bill payment), and credit bureaus.

5.2 Registered Consent: For loan facilitation services (sharing credit reports, scores) -- User must provide informed consent, retractable anytime.

5.3 Legal & Risk: Disclosed to regulators, law enforcement, or courts under lawful demand; suspicious activity reports may be filed without prior notification to the User.

5.4 Corporate Transfers: In mergers or acquisitions, data will be transferred under equivalent protection.

5.5 No Third-Party Sale: User data will not be sold, rented, or traded.

6. Data Retention

Transactional Records: Retained for regulatory compliance (typically 5 to 7 years) or longer if required by law.
Sensitive Data: Retained for regulatory compliance if required by law. Otherwise, deleted immediately once the purpose expires.

7. Security Measures & Certifications

PCI DSS Level 2, SAR Audits, CISA/CICRA adherence.
End-to-end encryption (TLS at rest and in transit).
Multi-layer security: AppLock, OTPs, PINs, biometric access.
Regular vulnerability & ASV scans, third-party audits & VAPT, SOC-2 style controls.

8. User Rights

Access, correct, or delete personal data (subject to regulatory exceptions).
Withdraw consent for non-essential processing (e.g., marketing).
Withdraw consent for credit reports.
File grievances with our Grievance Officer and escalate to regulators.

9. Cookie & Tracking Management

Strictly segregated: necessary, analytics, performance, functional, and marketing cookies.

10. Children & Minors Policy

Users must be 18+. We do not knowingly collect data from minors. Use of the platform by minors is only under parental/guardian supervision.

11. Digital Personal Data Protection Act, 2023 (DPDP)

Compliant with DPDP:

Data fiduciary disclosures, rights-enabled dashboards, data breach notifications, and grievance redress mechanisms.

12. Information Security Governance

Structured policies ensuring Confidentiality, Integrity, and Availability. Managed by a Risk Management Committee with regular board reporting.

13. Third-Party Integration & APIs

Data shared via APIs only under strict agreements, limiting access to specific data elements and purposes. Logs are maintained for audit and tracking.

14. Transparency & Notices

Policy updated periodically. Significant changes announced via in-app notification or email, with "Last Updated" timestamp prominently displayed.

15. Liability Limitation — Privacy Data Breaches

Liability capped to the actual convenience fee retained per transaction or INR 100, whichever is lower.
No liability for third-party breaches (banks, NBFCs, partners).