F
Finvex

Privacy Policy

Last updated: April 2026

1. Introduction

Finvex Technologies ("Company," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our payment infrastructure platform at finvexpay.com (the "Platform").

By accessing or using the Platform, you consent to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with the practices described herein, please do not use the Platform.

2. Data We Collect

Information You Provide

  • Account information: name, email address, phone number, business name, and business type.
  • Identity verification: government-issued identification, PAN, GST registration number, and business registration documents.
  • Financial information: bank account details, settlement preferences, and billing address.
  • Communication data: support tickets, emails, and any correspondence with our team.

Information We Collect Automatically

  • Transaction data: payment amounts, timestamps, payment methods, and transaction status.
  • Device information: IP address, browser type, operating system, and device identifiers.
  • Usage data: pages visited, features used, API calls made, and interaction patterns.
  • Log data: server logs, error reports, and performance metrics.

Information from Third Parties

  • Payment processor data from Razorpay, including transaction verification and settlement information.
  • Identity verification data from KYC/AML service providers.
  • Publicly available business information from government registries.

3. How We Use Your Data

We use the information we collect for the following purposes:

  • Providing, maintaining, and improving the Platform and its features.
  • Processing payments, settlements, and refunds.
  • Verifying your identity and complying with KYC/AML regulations.
  • Communicating with you about your account, transactions, and service updates.
  • Detecting, preventing, and investigating fraud, security breaches, and abuse.
  • Generating analytics and insights to improve the Platform experience.
  • Complying with legal obligations, regulatory requirements, and law enforcement requests.
  • Sending transactional notifications via SMS, email, or WhatsApp through our communication partners.
  • Providing AI-powered features including intelligent dunning and analytics.

4. Data Storage

Your data is stored on secure servers located in India. We use industry-standard encryption for data at rest and in transit. Our infrastructure providers maintain SOC 2 Type II compliance and follow best practices for data center security.

  • All sensitive data is encrypted using AES-256 encryption at rest.
  • Data in transit is protected using TLS 1.2 or higher.
  • Payment card data is handled in compliance with PCI-DSS Level 1 standards through our payment processor.
  • Regular backups are maintained with appropriate access controls and encryption.

5. Data Sharing

We do not sell your personal information. We may share your data in the following circumstances:

  • Service providers: We share data with trusted third-party service providers who assist in operating the Platform, subject to strict confidentiality agreements.
  • Payment processing: Transaction data is shared with payment processors to facilitate payment processing and settlement.
  • Legal compliance: We may disclose data when required by law, regulation, legal process, or governmental request.
  • Fraud prevention: We may share data with fraud detection services and law enforcement to prevent and investigate fraudulent activities.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction, subject to the same privacy protections.

6. Third-Party Services

The Platform integrates with the following third-party services, each with their own privacy policies:

Razorpay

We use Razorpay as our primary payment gateway for processing payments. Razorpay may collect and process payment-related data in accordance with their privacy policy. Data shared includes transaction amounts, payment method details, and merchant information necessary for payment processing.

Twilio

We use Twilio for SMS and WhatsApp notifications, including transaction alerts, OTP verification, and dunning communications. Data shared includes phone numbers, message content, and delivery status information.

Anthropic

We use Anthropic's AI services to power intelligent features such as AI-driven dunning, analytics insights, and customer communication optimization. Data shared is limited to anonymized transaction patterns and communication templates. No personally identifiable information is shared with Anthropic for AI processing.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on the Platform. The types of cookies we use include:

  • Essential cookies: Required for the Platform to function properly, including session management and authentication.
  • Analytics cookies: Used to understand how users interact with the Platform, helping us improve features and performance.
  • Preference cookies: Used to remember your settings, language preferences, and dashboard configurations.

You can manage cookie preferences through your browser settings. Disabling essential cookies may impact the functionality of the Platform. We do not use advertising or cross-site tracking cookies.

8. Security Measures

We implement comprehensive security measures to protect your data:

  • End-to-end encryption for all data transmission using TLS 1.2+.
  • AES-256 encryption for sensitive data at rest.
  • Regular security audits and penetration testing.
  • Role-based access controls with principle of least privilege.
  • Two-factor authentication available for all accounts.
  • Continuous monitoring for suspicious activity and unauthorized access attempts.
  • Secure API key management with rotation capabilities.
  • Incident response procedures for prompt handling of security events.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to implementing industry best practices.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to restriction: Request that we limit the processing of your personal data under certain circumstances.
  • Right to portability: Request your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to the processing of your personal data for certain purposes.
  • Right to withdraw consent: Withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at support@finvexpay.com. We will respond to your request within 30 days.

10. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data in compliance with the General Data Protection Regulation (GDPR). Our lawful bases for processing include:

  • Contract performance: Processing necessary to fulfill our contractual obligations to you.
  • Legitimate interests: Processing necessary for our legitimate business interests, such as fraud prevention and platform improvement.
  • Legal obligation: Processing required to comply with applicable laws and regulations.
  • Consent: Processing based on your explicit consent, which can be withdrawn at any time.

For data transfers outside the EEA, we implement appropriate safeguards including standard contractual clauses approved by the European Commission. If you are an EEA resident and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.

11. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account data: Retained for the duration of your account and for 5 years after account closure for compliance purposes.
  • Transaction data: Retained for 7 years as required by Indian financial regulations and tax law.
  • Communication logs: Retained for 3 years for service improvement and dispute resolution.
  • Analytics data: Aggregated and anonymized data may be retained indefinitely for statistical and research purposes.
  • Legal hold data: Data subject to legal proceedings or regulatory investigation may be retained beyond standard periods as required.

12. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at support@finvexpay.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on the Platform and, where appropriate, by sending you an email notification. The "Last updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically for any changes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Finvex Technologies

Data Protection Inquiries

Website: finvexpay.com

Email: support@finvexpay.com