100%

Privacy Policy

Committed to Protecting Your Data

Policy Name – Shahparpay Solutions Private Limited

Effective Date: 12 April 2025

This Privacy Policy explains how Shahparypay (“Platform”), owned by Shahparpay Solutions Private Limited (“Company”, “we”, “our”, “us”), collects, uses, protects, and shares your personal information. We are committed to safeguarding your data in compliance with applicable laws, SOC 2 principles, and ISO/IEC 27001:2022 standards.

1. Data We Collect

We collect the following categories of data:

  • Personally Identifiable Information (Name, Contact Details, KYC Documents)
  • Financial Information (Bank Details, UPI IDs, Transaction Data)
  • Device & Network Data (IP Address, Browser, Location, Device IDs)
  • Behavioral Data (Login Patterns, Access Logs)

2. Purpose of Data Collection

Your data is collected to:

  • Authenticate users and prevent fraud
  • Process payments and financial transactions
  • Comply with RBI & regulatory mandates
  • Enhance platform security & user experience
  • Provide customer support & grievance redressal

3. Data Storage & Retention

We store your data in encrypted databases hosted on ISO 27001 and SOC 2 Type II certified data centers located within India. Data retention follows statutory guidelines and is reviewed periodically to ensure minimal retention aligned with legal, regulatory, and operational needs.

4. Security Measures & Encryption

We employ industry-leading security controls, including but not limited to:

  • Data Encryption at Rest: All sensitive data is encrypted using AES-256 bit encryption algorithms ensuring confidentiality.
  • Data in Transit: Communication between your browser and our servers is protected with TLS 1.3 encryption with Perfect Forward Secrecy (PFS).
  • Hashing: Passwords and sensitive credentials are hashed using PBKDF2 with SHA-256 and salted hashes to prevent reverse engineering.
  • Key Management: Encryption keys are managed using Hardware Security Modules (HSM) and follow key rotation policies as per ISO 27001 Annex A.10 guidelines.
  • Network Security: Firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Web Application Firewalls (WAF) protect against external threats.
  • Access Controls: Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), and Zero Trust Architecture (ZTA) limit internal data access.
  • Audit Logs: All data access and modifications are logged with immutable audit trails and regular monitoring as per SOC 2 requirements.

5. Data Sharing & Disclosure

We do not sell or rent your personal data. Data is shared with:

  • Regulatory bodies (as mandated by RBI, FIU-IND, etc.)
  • Banking partners & payment service providers
  • Fraud detection and cybersecurity partners
  • Third-party service providers under strict Data Processing Agreements (DPA)

6. International Data Transfers

All data processing and storage are maintained within India. If data transfer outside India becomes necessary, it will comply with applicable laws, using Standard Contractual Clauses (SCCs) and equivalent safeguards.

7. User Rights & Controls

As a user, you have the right to:

  • Access your personal data
  • Request correction of inaccurate information
  • Withdraw consent for processing (where applicable)
  • Request deletion of data (subject to legal obligations)

You can exercise these rights by contacting our Data Protection Officer (DPO) at shahparpay@gmail.com.

8. Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance user experience, perform analytics, and secure sessions. You may manage your cookie preferences via browser settings.

9. Incident Response & Breach Notification

In the unlikely event of a data breach, we have a defined Incident Response Plan adhering to SOC 2 guidelines. Affected users will be notified promptly as per regulatory requirements.

10. Compliance & Audits

We undergo periodic third-party audits for SOC 2 Type II and ISO 27001 compliance. Internal risk assessments and penetration testing are conducted quarterly.

11. Updates to this Privacy Policy

We reserve the right to update this policy periodically. Any changes will be communicated through our website with the updated effective date.

12. Contact Information

For any privacy-related queries, please reach out to:

Email: shahparpay@gmail.com

Phone: +91 8240039776

Address: 4/1, VICTORIA LANE, BHADRESWAR MUNICIPALITY, HOOGLY, TELINIPARA, Bhadreswar, Hooghly, West Bengal, 712125

GST: 19ABLCS9558A1ZV