Privacy Policy

2.1 Identity and KYC data

• Full name, date of birth, gender, nationality
• PAN, Aadhaar (masked / VID), passport, driving licence, voter ID
• Photograph, signature, and live selfie for video KYC
• FATCA / CRS declarations

2.2 Contact data

• Residential and communication address
• Mobile number, email address

2.3 Financial data

• Bank account details, IFSC, UPI ID
• Transaction history, purpose of remittance under LRS, source of funds

2.4 Travel and beneficiary data

• Passport and visa details, travel itinerary, beneficiary name, account, address

2.5 Technical data

• IP address, device identifiers, browser type, operating system
• Geolocation (with consent), session logs, cookies, and similar trackers

2.6 Agent-specific data

• Professional background, GSTIN, business address, commission and payout history
• Background-check and sanction-screening results

• Directly from you through forms, the website, mobile app, telephone calls, and emails
• Through Agents authorised to onboard you
• From third-party verification providers and central KYC registries (CKYCR)
• From government and regulatory databases for screening (PEP, sanctions, FIU-IND)
• Automatically through cookies, server logs, and analytics tools

We process your personal data only for specified, lawful purposes, including:

• processing forex transactions and remittances under FEMA;
• complying with KYC, AML, CFT, PMLA, and FATCA/CRS obligations;
• verifying identity and preventing fraud, hawala, and money-laundering;
• communicating exchange rates, transaction status, and service updates;
• administering the Agent Programme and calculating Commission;
• responding to grievances, audits, and regulatory queries;
• marketing and promotional communications, only where you have given consent;
• improving our services, security, and user experience.

Under the DPDP Act, we rely on one or more of the following grounds:

• your free, specific, informed, unconditional, and unambiguous consent;
• performance of a contract to which you are a party;
• compliance with a legal obligation (FEMA, PMLA, Income-tax Act, RBI directions);
• certain legitimate uses recognised under Section 7 of the DPDP Act.

We do not sell your personal data. We may share it with:

• RBI, FIU-IND, Income-tax Department, courts, and other regulatory or law-enforcement authorities, when required by law;
• banks, correspondent banks, SWIFT, card networks, and payment system operators necessary to execute your transaction;
• KYC, video-KYC, sanctions-screening, and fraud-detection service providers under written contracts;
• authorised Agents who introduced you, strictly to the extent required for transaction processing;
• our auditors, advocates, and professional advisors under confidentiality obligations;
• any successor entity in case of merger, acquisition, or business transfer.

We implement reasonable security practices and procedures, including:

• encryption of data in transit (TLS) and at rest;
• access controls, multi-factor authentication, and role-based permissions;
• regular vulnerability assessments and penetration testing;
• staff training and confidentiality undertakings;
• incident response and breach notification protocols.

Subject to applicable law, you have the right to:

• access a summary of personal data being processed about you;
• request correction, completion, or updating of inaccurate or outdated data;
• request erasure of data that is no longer necessary, subject to legal retention obligations;
• withdraw consent at any time, where processing is based on consent, without affecting prior lawful processing;
• nominate another individual to exercise your rights in case of death or incapacity;
• file a grievance with our Grievance Officer and, thereafter, with the Data Protection Board of India.