Privacy Policy

Effective date: 29 April 2026

This Privacy Policy explains how BILLWING ESOLUTIONS (OPC) PRIVATE LIMITED (“Paybeez”, “we”, “us”) collects, uses, shares and protects your personal data when you use our website, app and services. We comply with the Information Technology Act, 2000 (and rules thereunder), the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and applicable RBI master directions on KYC and Prepaid Payment Instruments.

1. Data We Collect

(a) Information you provide

  • Name, mobile number, email address.
  • KYC details where required (PAN, Aadhaar VID, date of birth, address).
  • Bank/UPI handle and last-4 of card used for wallet top-up (full card numbers are never stored by us; tokenisation is handled by our PCI-DSS certified payment partner).
  • Mobile/DTH/utility account numbers, operator and circle for recharge transactions.
  • Any communication you send to support.

(b) Information we collect automatically

  • Device and browser identifiers, IP address, OS, app version.
  • Usage logs, request IDs, timestamps, error traces.
  • Cookies and similar technologies for session management and security.

(c) Information from third parties

  • Payment status from our payment aggregator.
  • Recharge result from upstream operators / aggregators.
  • KYC verification results from regulated KYC service providers.

2. Purpose of Processing

  • To create and operate your account and wallet.
  • To process recharge, bill payment and refund transactions.
  • To meet legal, regulatory and KYC/AML obligations.
  • To prevent fraud, abuse, and to enforce our Terms.
  • To provide customer support and resolve grievances.
  • To send transactional notifications (OTPs, receipts, status).
  • To improve our services through aggregated, non-identifying analytics.

3. Legal Basis (DPDP Act)

We process your personal data under the following lawful bases under Section 7 of the DPDP Act, 2023:

  • Consent for marketing communications and optional features.
  • Performance of contract for processing your transactions.
  • Compliance with law for KYC, tax, AML and regulator requests.
  • Legitimate use for fraud prevention, security and dispute resolution.

4. Sharing of Data

We do not sell your personal data. We share it only with:

  • Payment aggregators / gateways to process top-ups and refunds.
  • Recharge / bill-payment aggregators and the operator/biller you transact with.
  • KYC service providers, AML screening providers and credit-bureau-licensed verifiers.
  • Cloud and infrastructure providers under written confidentiality and DPA terms.
  • Law-enforcement, courts or regulators when legally compelled.
  • Professional advisors (auditors, lawyers) bound by confidentiality.

5. Data Storage and Security

  • Personal data is stored on servers located in India.
  • All traffic between your device and our servers is encrypted with TLS 1.3.
  • Sensitive data at rest is encrypted; access is restricted on a need-to-know basis with audit logging.
  • We undergo periodic vulnerability assessments. We have implemented “reasonable security practices and procedures” under Rule 8 of the IT (Reasonable Security Practices) Rules, 2011 — ISO 27001 aligned.
  • Card numbers, CVV and full bank credentials are never stored on Paybeez systems; PCI-DSS scope is limited to our payment partner.

6. Data Retention

We retain personal data only as long as necessary for the purposes above and to comply with statutory obligations:

  • KYC records: 5 years after account closure (PMLA).
  • Transaction records: 8 years (tax / RBI guidelines).
  • Operational logs: 12–18 months.
  • Marketing data: until you withdraw consent.

7. Your Rights

Subject to law, you can:

  • Access a summary of personal data we hold about you.
  • Request correction of inaccurate or outdated data.
  • Request erasure where no legal retention obligation applies.
  • Withdraw consent for non-essential processing such as marketing.
  • Nominate another individual to exercise rights in case of incapacity (DPDP Act §14).
  • Lodge a complaint with the Data Protection Board of India once it is operational.

To exercise these rights, email privacy@paybeez.in from your registered email/mobile. We will respond within 30 days.

8. Cookies

We use first-party, strictly necessary cookies for sign-in, session and CSRF protection. We do not place advertising cookies. You can clear cookies in your browser settings; doing so will sign you out.

9. Children

Paybeez is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact privacy@paybeez.in for deletion.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be notified via the app or email. Continued use after the “Effective date” above signifies acceptance.

11. Grievance Officer / Data Protection Officer

Name: Customer Care Head, Paybeez
Email: grievance@paybeez.in
Address: House no. 1262, Block L, Mangolpuri, North West Delhi, Delhi 110083, India
Working hours: Monday–Saturday, 10:00–18:00 IST. Acknowledgement within 48 hours; resolution within 30 days.

BILLWING ESOLUTIONS (OPC) PRIVATE LIMITED

CIN: U62013DL2024OPC436610

House no. 1262, Block L, Mangolpuri, North West Delhi, Delhi 110083, India

Email: support@paybeez.in · Phone: +91 84487 88621