1. Overview
Epoint Digital Private Limited ("Epoint Digital," "we," "us," or "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, disclose, and safeguard information when you visit our website, use our mobile applications (including Vouxe), access the Epoint Digital Portal, the Zyren Platform, or engage with any of our fintech, payment, or IT services (collectively, the "Services").
This Policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act"), to the extent applicable.
2. Data We Collect
Depending on how you interact with our Services, we may collect the following categories of information:
- Identity & Contact Data: Name, email address, phone number, postal address, and government-issued identification where required for KYC or compliance.
- Account & Profile Data: Username, password (stored in encrypted/hashed form), role, preferences, and account settings.
- Financial & Transaction Data: Payment details, transaction history, payout records, virtual payment identifiers, and routing metadata processed through our fintech infrastructure.
- Technical & Usage Data: IP address, device type, operating system, browser type, app version, log files, cookies, and analytics on how you use our platforms.
- Communications: Messages, support tickets, feedback, and correspondence sent to us via email, contact forms, or in-app channels.
3. How We Use Your Data
We process personal data for the following purposes:
- Providing, operating, and improving our Services and product ecosystem.
- Processing payments, payouts, and financial transactions securely.
- Verifying identity and fulfilling regulatory, KYC, and anti-money laundering (AML) obligations.
- Communicating service updates, security alerts, and support responses.
- Analyzing usage patterns to enhance performance, UX, and AI-driven features (such as analytics in Vouxe).
- Detecting, preventing, and investigating fraud, abuse, or security incidents.
- Complying with applicable laws, court orders, and regulatory directives.
4. Legal Basis for Processing
Under the DPDP Act and applicable regulations, we process personal data based on one or more of the following grounds: your explicit consent; performance of a contract with you; compliance with legal obligations; and legitimate business interests that do not override your fundamental rights and freedoms.
5. Cookies & Tracking Technologies
Our websites and web-based portals use cookies, session tokens, and similar technologies to maintain sessions, remember preferences, and analyze traffic. You may control cookie settings through your browser; however, disabling certain cookies may limit functionality of the Services.
6. Data Sharing & Disclosure
We do not sell your personal data. We may share information with:
- Service Providers: Cloud hosting (e.g., AWS), payment processors, SMS/email gateways, and analytics partners bound by confidentiality agreements.
- Business Partners: Distributors, banking partners, and telecom operators where necessary to deliver BaaS, recharge, or payment services.
- Regulatory & Legal Authorities: When required by law, subpoena, or regulatory inquiry.
- Corporate Transactions: In connection with mergers, acquisitions, or asset sales, subject to appropriate safeguards.
7. Data Security
We implement industry-standard technical and organizational measures to protect personal data, including encryption in transit (TLS/SSL), access controls, secure server infrastructure, regular security assessments, and employee training. While we strive to protect your information, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal and regulatory retention requirements (including financial record-keeping obligations), and resolve disputes. When data is no longer required, we securely delete or anonymize it.
9. Your Rights
Subject to applicable law, you may have the right to:
- Access and obtain a copy of your personal data.
- Request correction of inaccurate or incomplete data.
- Withdraw consent where processing is consent-based.
- Request erasure of data, subject to legal retention requirements.
- Lodge a grievance with our Grievance Officer or escalate to the Data Protection Board of India as provided under the DPDP Act.
To exercise your rights, contact us at hello@epointdigital.co.in or refer to our Grievance Redressal Policy.
10. Children's Privacy
Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately so we can take appropriate action.
11. International Data Transfers
Your data is primarily processed and stored within India. If data is transferred outside India for cloud hosting or technical operations, we ensure appropriate safeguards are in place as required by applicable law.
12. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be posted on this page with an updated "Last updated" date. We encourage you to review this Policy regularly.
13. Contact & Grievance Officer
For privacy-related inquiries or to exercise your data rights:
Epoint Digital Private Limited
Email: hello@epointdigital.co.in
Grievance Officer: Available via Grievance Redressal Policy
Website: www.epointdigital.co.in