Privacy Policy

1. Introduction

Instanow Info Systems Private Limited (“Instifi” or “we” or “us”) is an RBI-authorized Payment Aggregator and provides regulated Payment Aggregation Services through its websit InstiFi, mobile applications, APIs and related services (collectively, the “Website” or “Services”).

For the purposes of this Privacy Policy, “User” means any natural or legal person accessing or using the Website and Services as defined in the Terms of Use. “Merchant” means a User onboarded to receive payments under a separate Merchant Agreement. “Customer” or “Payer” means a person initiating a payment transaction through the Website and Services. The terms “you” and “your” refer to any User, Merchant, or Customer, as applicable

This Privacy Policy explains how we collect, use, process, and share information that identifies or relates to you (“Personal Information”) when you access or use the Website or Services. By using our Website or Services, you consent to the collection and use of your Personal Information as described in this Privacy Policy.

We process Personal Information based on (i) your consent, (ii) performance of a contract, (iii) compliance with legal and regulatory obligations, and (iv) legitimate uses permitted under applicable data protection laws.

If you do not agree with this Privacy Policy, please do not use the Services. Please note that your use of the Services is also subject to our Terms of Use, which are an integral part of our agreement with you.

We implement reasonable security measures appropriate to the nature of the information and our business. While we implement industry-standard safeguards, no method of transmission over the internet is completely secure. Accordingly, we cannot guarantee absolute security of information transmitted electronically.

2. Information We Collect and How We Use It

3. Merchant Account Information

If you register an account as a merchant or business on Instifi, we collect and store the Personal Information you provide for that account. This includes your name, email address, mobile number, business name, business address, and other contact or registration details. We may also collect sensitive financial information required by law or regulation, such as your bank account information, debit/credit card numbers, and KYC documents (PAN, Aadhaar, company incorporation documents, etc.) to comply with Reserve Bank of India guidelines for payment aggregators.

We use your email address to send you account-related updates, service announcements, and newsletters (if you subscribe). You may unsubscribe from marketing or promotional emails by clicking the link provided in those emails or by contacting us. We may use your mobile number to send transaction-related SMS alerts or two-factor authentication messages as needed.

Instifi does not sell or rent Personal Information to third parties. You have the option to review and update the Personal Information in your account at any time by accessing your account settings on the Website. If you choose to delete or deactivate your merchant account, we will remove your information from our active systems, except as required by law or for legitimate business purposes (such as record-keeping or dispute resolution).

Personal Information relating to merchant accounts may be retained for such period as required under applicable laws, including RBI guidelines, anti-money laundering laws, tax laws, and record-keeping obligations, even after account closure.

4. Customer Information

When you make a payment as a customer (payer) using Instifi’s services (for example, when checking out on a merchant’s website), we collect the information you provide during the transaction. This may include your name, billing and shipping address, email address, mobile number, and payment instrument details as required to process the transaction through secure, PCI DSS compliant systems. InstiFi does not store sensitive authentication data such as CVV.

We use this information solely to process your payment and facilitate your transaction. With your consent (typically given at the merchant’s checkout), we share necessary transaction details and relevant Personal Information with the merchant to complete your order, arrange delivery, or provide requested services. This allows merchants to fulfill your order, issue receipts, provide customer support, and process refunds.

Merchants act as independent data fiduciaries/controllers with respect to Personal Information shared with them. Instifi processes payment-related information strictly for the limited purpose of facilitating transactions and does not determine the purpose or means of merchants’ independent data processing activities. We encourage you to review the privacy policies of any merchants or third parties you do business with, as those policies govern how your data is handled after it leaves our platform. We do not use or share your payment information for any marketing purposes without your explicit consent. Payment information collected for transaction processing is not used for targeted advertising or marketing purposes.

5. Usage Data and Analytics

We automatically collect certain information about how you use the Services. This may include:

• Log Data: Details such as your IP address, device type, operating system, browser type, and Internet Service Provider (ISP).
• Activity Data: Your browsing activity on the Services, including pages or screens viewed, buttons clicked, search queries, time spent on pages, and sequence of actions.
• Timing Data: Dates and times when you access the Services or perform specific actions (for example, when you make a payment).

We use this non-personally identifiable information to administer, maintain, and improve the Services. For example, we use data to monitor performance, diagnose technical issues, and enhance security. We also use aggregated or anonymized usage data to understand user behavior, analyze trends, and improve our services. We may share aggregated or anonymized statistical information that does not identify any individual user. Such data shall not include payment information or financial data and shall not be used for profiling without consent where required by law.

6. Intellectual Property Rights

All content, logos, graphics, text, designs, and other materials on the Services (collectively, “Instifi Content”) are the property of Instanow Info Systems Private Limited or its licensors and are protected by copyright, trademark, and other intellectual property laws. You may not copy, reproduce, distribute, modify, or create derivative works based on any Instifi Content without our prior written permission. Any rights not expressly granted in this Privacy Policy or in our Terms of Use are reserved by Instanow Info Systems Private Limited (Instifi) and its licensors.

7. Cookies and Tracking Technologies

Instifi uses cookies and similar tracking technologies to enhance your experience and collect information about how you use our services:

• Cookies: We may place small text files (cookies) on your device when you visit the Services. Cookies help us recognize your browser, remember your preferences, and provide secure login sessions. We use session cookies (which expire when you close your browser) and persistent cookies (which remain until they expire or you delete them).
• Why We Use Cookies: Cookies allow us to identify you when you return to our site, store your preferences (such as language or login status), and track your navigation through the Services. For example, cookies may keep you logged in while you move between pages or remember your language preference on return visits.
• Third-Party Cookies: We may permit third-party service providers (such as Google Analytics, advertising networks, or social media platforms) to set cookies on the Services. These third parties may use cookies to gather anonymous usage information and deliver targeted advertisements based on your browsing activity across different websites. Importantly, these cookies do not collect your name, address, or other personal identifiers unless you have explicitly provided such information. We do not share your Personal Information with these third parties for advertising; they see only anonymized usage data.
• Managing Cookies: You can manage or disable cookies through your browser’s settings (for example, in Chrome, Firefox, Safari, or Edge). Each browser provides instructions for how to block or delete cookies. If you disable cookies, some features of the Services may not function properly. For more information about cookies and how to manage them, you may visit www.allaboutcookies.org or consult your browser’s help pages.

8. Enforcement of Policies

We use the Personal Information and other data we collect in connection with your use of the Services to enforce our Terms of Use and this Privacy Policy. For example, we may use your data to investigate, prevent, or take action regarding suspected fraud, security violations, or illegal activities involving the Services. We may share relevant information internally and with third parties (such as law enforcement authorities) to protect our rights, property, or the safety of others, including our users.

Payment system data, including complete transaction details, are stored only within India in compliance with RBI data localisation requirements. Any cross-border transfer, where permitted, shall be carried out strictly in accordance with applicable RBI directions and data protection laws.

In the event of a data breach affecting Personal Information, we shall notify affected users and relevant authorities in accordance with applicable law and regulatory requirements.

9. Disclosure and Sharing of Information

We will not sell or rent your Personal Information to third parties. We will only share your Personal Information in the following situations:

• With Service Providers and Partners: We may share Personal Information with third party service providers, vendors, and partners who help us operate the Services and provide services to you. These may include payment processors, banks, cloud hosting providers, data analytics firms, customer support services, fraud prevention services, and identity verification companies. These parties are authorized to use your Personal Information only to provide the services they perform for Instifi, and they are required to maintain the confidentiality and security of your information.
• With Affiliates and Subsidiaries: We may share your information with our parent company, subsidiaries, or affiliates under common control (if any). We require that these entities abide by this Privacy Policy. If Instifi is acquired by or merged with another company, that company will assume the rights and obligations with respect to your Personal Information as described in this Privacy Policy.
• For Legal Reasons: We may disclose your Personal Information in response to legal requests or proceedings if we have a good faith belief that disclosure is necessary to comply with applicable law, regulation, subpoena, or court order. We may also disclose information if we believe it is necessary to: (a) enforce or apply our Terms of Use and other agreements; (b) detect, prevent, or address fraud or security issues; or (c) protect the rights, property, or safety of Instifi, our users, or the public. We may share information with government authorities or law enforcement agencies as required by law. We may comply with lawful requests, court orders, regulatory directions, or statutory requirements in accordance with applicable law.
• Aggregate or Anonymized Data: We may share aggregated or anonymized information that does not identify you personally. For example, we might disclose the total number of users who have viewed a particular advertisement or feature. This aggregated information cannot be used to identify any individual user and is not considered Personal Information under this Privacy Policy.
• With Regulatory Authorities: As a Payment Aggregator, we are subject to regulatory oversight. We may share your Personal Information with regulatory authorities (such as the Reserve Bank of India) or with banks and payment networks if required by law or regulation. We ensure that any such disclosures comply with applicable data protection requirements.

Except as described above, we will not share your Personal Information with third parties without your consent. When we do share your information with third parties, we make efforts to protect it through contractual and security measures.

10. Third-Party Links

The Services may contain links to third-party websites or services (for example, KYC Verification and authentication, or advertising networks). These links are provided for your convenience only. We do not control, endorse, or review these third-party sites, and we are not responsible for their content or privacy practices. If you click on a link to a third-party site and provide information to them, the information you share will be governed by that site’s privacy policy, not this one. We encourage you to read the privacy policies of any third-party sites you visit before providing any personal information.

11. Accessing and Updating Your Personal Information

If you have an Instifi account, you can review, update, or correct your Personal Information by logging into your account and editing your profile or account settings. Certain information may be retained beyond deletion requests where required for regulatory compliance, fraud prevention, dispute resolution, or legal record-keeping obligations. If you need assistance or wish to request the deletion of your Personal Information, you may contact our customer support team at [[email protected]]. We will respond to your requests in accordance with applicable laws and our internal policies. You may withdraw your consent for processing Personal Information at any time, subject to legal and contractual limitations. Withdrawal of consent may result in suspension or discontinuation of Services where such processing is necessary for regulated payment services

12. Security

We use industry-standard security measures to protect your Personal Information from unauthorized access, use, or disclosure. This includes technical and organizational measures such as encryption, secure servers, intrusion detection systems, and access controls. Your Instifi account is protected by a password, and you should keep your password confidential. We also recommend using multi-factor authentication if available. Access to Personal Information within Instifi is limited to employees, agents, or contractors who need it to perform their job duties (such as processing transactions, providing customer support, or complying with legal requirements). All such personnel are bound by confidentiality obligations. All employees, contractors, and service providers with access to Personal Information are bound by confidentiality and data protection obligations. However, please understand that no method of electronic transmission or storage is perfectly secure. While we strive to use commercially reasonable means to protect your data, we cannot guarantee absolute security. We cannot be held responsible for unauthorized access to your data that is beyond our control. If you have questions or concerns about the security of your information, you may contact us at [email protected].

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time without prior notice. The “Last Updated” date at the top of this document indicates when it was last revised. When we make material changes, we will post the revised policy on our website and, if you have an account with us, we may also notify you by email or through the Services. Your continued use of the Services after any revisions to this Privacy Policy signifies your acceptance of the changes. We encourage you to review this Privacy Policy periodically. If you do not agree with any changes to this policy, you should stop using the Services and may request to deactivate your account.

14. Applicable Law

Your use of the Services and any disputes arising out of or relating to this Privacy Policy will be governed by the laws of India. You agree that any legal action or proceeding between you and Instifi will be exclusively brought in the courts located in Mumbai, India (or at our discretion, any other court of competent jurisdiction). You hereby submit to the jurisdiction of these courts for resolution of any such disputes.

15. Complaints and Grievance Redressal

We are committed to addressing any complaints or concerns you may have about our handling of your Personal Information. If you have any feedback, questions, or requests regarding this Privacy Policy, please contact our Data Protection Officer (DPO) or Grievance Redressal Officer using the details below:

• Data Protection Officer (DPO): Arbaaz Jamal
• Postal Address: Office No.325, 2nd Floor, Casa Del Sol, Miramar Goa. 403001
• Grievance Email id: [email protected]

We will acknowledge your complaint promptly and endeavor to resolve it in accordance with applicable laws and regulatory requirements.