Privacy Policy

Introduction

AllUpiPay Financial Services Ltd. ("AllUpiPay", "we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and financial services (collectively, the "Services").

Please read this policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

Data Controller: AllUpiPay Financial Services Ltd. is the data controller for the personal information you provide. We are registered with the Information Commissioner's Office (ICO) in the United Kingdom under registration number ZA000000.

Information We Collect

We collect different types of information to provide and continually improve our Services. The categories of information we collect include:

Category	Examples	Purpose
Identity Data	Full name, date of birth, government-issued ID	KYC verification & account creation
Contact Data	Email address, phone number, postal address	Communication & notifications
Financial Data	Bank account details, transaction history, wallet balance	Processing payments & compliance
Technical Data	IP address, device type, browser, operating system	Security & platform optimisation
Usage Data	Pages visited, features used, session duration	Product improvement & analytics
Communication Data	Support messages, feedback, survey responses	Customer support & service quality

We collect this information directly from you when you register, from your use of our Services, and in some cases from third-party sources such as credit reference agencies and fraud prevention databases.

How We Use Your Data

We use the information we collect for the following purposes:

To create and manage your AllUpiPay account and verify your identity in compliance with applicable laws.
To process transactions, transfer funds, and facilitate payment services on your behalf.
To detect, investigate, and prevent fraudulent transactions, money laundering, and other illegal activities.
To communicate with you about your account, transactions, service updates, and security alerts.
To personalise your experience and provide tailored product recommendations and offers.
To analyse usage patterns and improve the functionality, reliability, and performance of our Services.
To comply with legal obligations including AML, KYC, and reporting requirements imposed by regulators.

No Selling of Data: AllUpiPay does not sell, rent, or trade your personal information to third parties for their own marketing purposes.

Legal Basis for Processing

We process your personal data only where we have a lawful basis to do so. Under the UK GDPR and applicable data protection laws, we rely on the following legal bases:

Contract: Processing is necessary to perform the contract we have with you — specifically, to provide our payment and financial services.
Legal Obligation: We are required to process certain data to comply with financial regulations and anti-money laundering laws.
Legitimate Interests: We process data for fraud prevention, network security, and improving our Services.
Consent: Where we rely on consent (e.g., for marketing communications), you may withdraw it at any time.

Sharing Your Information

We may share your personal information with selected third parties under the following circumstances:

Service Providers: Third-party vendors who assist us in operating our platform, processing payments, and providing customer support — all bound by confidentiality agreements.
Financial Partners: Banks, payment networks, and card schemes necessary to process your transactions.
Regulatory Bodies: Government agencies, law enforcement, and financial regulators where required by law or court order.
Fraud Prevention Agencies: Credit reference and fraud prevention agencies to verify your identity and protect against financial crime.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

Third-Party Links: Our Services may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their individual privacy policies.

Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience on our platform, analyse site traffic, and serve relevant content.

Essential Cookies: Required for the platform to function correctly. They cannot be disabled.
Analytics Cookies: Help us understand how users interact with our Services so we can improve them.
Preference Cookies: Remember your settings and personalise your experience.
Marketing Cookies: Used to deliver relevant advertisements. These require your consent.

You can manage your cookie preferences at any time through your browser settings or via our Cookie Consent Manager.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, accounting, or reporting requirements.

Account and identity data is retained for a minimum of 5 years after account closure, as required by AML regulations.
Transaction records are retained for 7 years in accordance with financial reporting obligations.
Marketing data is retained until you withdraw consent or opt out of communications.
Technical and usage logs are retained for up to 12 months for security and performance monitoring.

Deletion Requests: Upon receiving a verified deletion request, we will erase your data within 30 days, except where retention is required by law.

Data Security

Protecting your data is our highest priority. We implement a comprehensive set of technical and organisational security measures to safeguard your personal and financial information.

256-bit SSL/TLS encryption for all data in transit between your device and our servers.
AES-256 encryption for sensitive data stored at rest in our databases.
Multi-factor authentication (MFA) for all account access.
Regular third-party security audits and penetration testing.
Role-based access controls ensuring staff can only access data necessary for their role.
24/7 fraud monitoring and anomaly detection systems.

Data Breach Notification: In the event of a data breach, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by law.

Your Rights

Under UK GDPR and applicable data protection legislation, you have the following rights regarding your personal data. You may exercise these rights at any time by contacting our Data Protection Officer.

Right to Access

Request a copy of the personal data we hold about you and how it is being used.

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data where there is no legal basis for continued processing.

Right to Portability

Receive your data in a structured, machine-readable format to transfer to another provider.

Right to Object

Object to processing of your data for direct marketing or legitimate interest purposes.

Right to Restrict

Request that we limit how we use your data while a dispute or complaint is being resolved.

To exercise any of these rights, please submit a request to privacy@AllUpiPay.com. We will respond within 30 days.

International Transfers

AllUpiPay operates globally and may transfer your personal data to countries outside the United Kingdom or European Economic Area (EEA). When we do so, we ensure that adequate safeguards are in place to protect your data, including:

Standard Contractual Clauses (SCCs) approved by the UK ICO or European Commission.
Transfers to countries deemed adequate by the UK or EU authorities.
Binding Corporate Rules where applicable within our corporate group.

Your Protection: Regardless of where your data is processed, it will always be subject to protections at least equivalent to those provided under UK data protection law.

Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.

Upon discovery that we have inadvertently collected data from a minor, we will take prompt steps to delete such information from our systems and terminate any associated account.

Changes to Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, by email or in-app notification.

Material Changes: For significant changes that affect how we use your data in new ways, we will seek your explicit consent before applying those changes to your existing personal data.

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact our Data Protection Officer (DPO):

DPO Email: privacy@AllUpiPay.com
General Email: info@AllUpiPay.com
Phone: +44 45 7200 8200
Address: L.K. Road, Vashi – 410200
Response Time: We aim to respond to all privacy requests within 30 calendar days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

By continuing to use AllUpiPay's Services, you acknowledge that you have read and understood this Privacy Policy. We are committed to transparency, security, and putting your privacy first.