Privacy Policy

Shilvora Software Private Limited ("we," "our," or "us"), operating under the brand name Paybachat, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and financial information when you visit our website, use our mobile application, or interact with our APIs.

1. Information We Collect

To provide secure and compliant fintech services, we collect the following types of information:

• Personal Information: Name, email address, mobile number, postal address, and business details.
• KYC Documents: PAN Card, Aadhaar Card, GST Certificates, and shop photos, as mandated by the RBI for merchant onboarding.
• Financial Information: Bank account details, transaction history, and wallet balances.
• Biometric Data: For Aadhaar Enabled Payment System (AEPS) transactions, fingerprint data is captured securely. Note: We do not store biometric data; it is encrypted and transmitted directly to UIDAI/NPCI.
• Device & Usage Information: IP address, browser type, operating system, and GPS location data (strictly for fraud prevention and geographical compliance).

2. How We Use Your Information

We use the collected information for the following purposes:

• To process and facilitate financial transactions (Recharges, Bill Payments, DMT, AEPS).
• To verify your identity and comply with Anti-Money Laundering (AML) and KYC regulations.
• To detect, prevent, and mitigate fraud, unauthorized access, or illegal activities.
• To resolve disputes, process chargebacks, and provide customer support.
• To send administrative notices, transactional SMS/emails, and service updates.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only under the following circumstances:

• Partner Banks & NPCI: Transactional data is securely transmitted to banking partners and the National Payments Corporation of India (NPCI) to process payments.
• Legal Authorities: We may disclose information to law enforcement agencies, cyber cell units, or government bodies if required by law or a valid legal process.
• Third-Party Service Providers: We may share limited data with trusted vendors (like SMS gateways or cloud hosting providers) strictly under confidentiality agreements.

4. Data Security

Paybachat employs state-of-the-art security measures to protect your data. All data transmitted between your device and our servers is encrypted using 256-bit SSL encryption. We maintain strict access controls and conduct regular security audits. However, please note that no method of electronic transmission or storage is 100% secure.

5. Data Retention

We retain your personal and transactional information for as long as your account is active and as necessary to fulfill the purposes outlined in this policy. Furthermore, we are legally required by the RBI and NPCI guidelines to store transaction logs and KYC details for a minimum of 10 years, even after account closure.

6. Your Rights

As a user, you have the right to:

• Review and update your personal profile information.
• Request a copy of your transaction history.
• Opt-out of promotional marketing communications (transactional alerts cannot be opted out of).
• Request account deactivation (subject to statutory data retention laws).