Slashy Logo

Privacy Policy

This Privacy Policy ("Policy") describes how Remittx Private Limited (CIN: U74999DL2016OPC303824), a company incorporated under the Companies Act, 2013, and having its registered office at 1st Floor, Gopala Krishna Complex, Residency Road, Bengaluru, Karnataka, India – 560025 ("Company", "we", "our", or "us"), collects, uses, processes, stores, and protects your personal data when you access or use our digital gift card platform, Slashy..

By using our Platform, you consent to the collection and processing of your personal data as described in this Policy. If you do not agree with this Policy, please do not use our Platform.

1. SCOPE AND APPLICATION

1.1 Coverage

This Policy applies to all personal data collected through our Platform, including:

  • Website: driffle.com/slashy
  • Mobile applications (iOS and Android)
  • API integrations
  • Customer service interactions
  • Marketing communications

1.2 Jurisdiction

This Policy applies to all users of our Platform, regardless of their location, in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable Indian data protection laws.

1.3 Third-Party Services

This Policy does not apply to third-party websites, applications, or services that may be linked to or integrated with our Platform. We encourage you to review the privacy policies of such third parties.

2. KEY DEFINITIONS

2.1 Important Terms

  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Sensitive Personal Data" includes financial information, payment details, biometric data, and other categories as defined under applicable law
  • "Data Principal" means the natural person to whom the personal data relates (you)
  • "Data Fiduciary" means any person who alone or in conjunction with others determines the purpose and means of processing of personal data (us)
  • "Processing" means any operation performed on personal data including collection, storage, use, disclosure, and deletion
  • "Platform" means our Slashy website, mobile applications, APIs, and related services
  • "Gift Cards" means digital vouchers and prepaid instruments available through our Platform

3. PERSONAL DATA WE COLLECT

3.1 Information You Provide Directly

  • Account Information: Name, email address, mobile number, date of birth, gender
  • Identity Verification: Government-issued ID details, PAN card, Aadhaar details (when required)
  • Payment Information: UPI ID, payment method details, billing address
  • Profile Information: Preferences, communication settings, gift card purchase history
  • Communication Data: Customer service interactions, feedback, survey responses

3.2 Information Collected Automatically

  • Device Information: Device type, operating system, browser type, device identifiers
  • Usage Data: Pages visited, features used, time spent, click patterns, search queries
  • Location Data: IP address-based location, GPS location (with permission)
  • Transaction Data: Purchase history, transaction amounts, timestamps, merchant details
  • Technical Data: Log files, cookies, web beacons, session information

3.3 Information from Third Parties

  • Payment Partners: Transaction verification and fraud prevention data
  • Identity Verification Services: KYC verification status and risk assessment
  • Brand Partners: Gift card redemption and usage information
  • Social Media: Profile information if you connect social media accounts
  • Public Sources: Information available in public databases for verification purposes

4. HOW WE USE YOUR PERSONAL DATA

4.1 Primary Purposes

  • Service Provision: Creating and managing your account, processing gift card purchases and deliveries
  • Payment Processing: Facilitating secure transactions and preventing fraud
  • Customer Support: Responding to inquiries, resolving issues, providing assistance
  • Platform Improvement: Analyzing usage patterns, developing new features, enhancing user experience
  • Personalization: Customizing content, recommendations, and offers based on your preferences

4.2 Communication Purposes

  • Transactional Communications: Order confirmations, delivery notifications, payment receipts
  • Service Updates: Changes to terms, policies, or platform features
  • Marketing Communications: Promotional offers, newsletters, product updates (with consent)
  • Security Alerts: Suspicious activity notifications, password reset confirmations

4.3 Legal and Compliance Purposes

  • Regulatory Compliance: Meeting RBI requirements for payment systems and gift card issuance
  • Legal Obligations: Responding to legal requests, court orders, regulatory inquiries
  • Risk Management: Fraud detection, anti-money laundering, customer due diligence
  • Dispute Resolution: Investigating complaints, chargebacks, and account disputes

5. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds:

5.1 Consent

  • Marketing communications
  • Optional data collection (e.g., location services)
  • Cookies and tracking technologies (where required)

5.2 Contractual Necessity

  • Account creation and management
  • Processing gift card purchases
  • Providing customer support

5.3 Legal Obligation

  • KYC and identity verification
  • Tax reporting and compliance
  • Anti-money laundering requirements

5.4 Legitimate Interest

  • Fraud prevention and security
  • Platform improvement and analytics
  • Business development and operations

6. DATA SHARING AND DISCLOSURE

6.1 Authorized Sharing

We may share your personal data with:

  • Payment Partners: Banks, payment gateways, and processors for transaction processing
  • Brand Partners: Gift card issuers for redemption and customer support purposes
  • Service Providers: Technology vendors, analytics providers, customer support platforms
  • Identity Verification Services: KYC providers for compliance and fraud prevention
  • Legal Authorities: Government agencies, regulators, law enforcement (when required by law)

6.2 Business Transfers

In case of merger, acquisition, or sale of business assets, your personal data may be transferred to the acquiring entity, subject to appropriate safeguards.

6.3 Data Protection Measures

All third parties who receive your data are bound by:

  • Contractual data protection obligations
  • Confidentiality requirements
  • Purpose limitation restrictions
  • Security and retention standards

7. INTERNATIONAL DATA TRANSFERS

7.1 Data Localization

In compliance with RBI guidelines, all payment system data is stored within India. Other personal data is primarily processed and stored in India using local data centers.

7.2 Cross-Border Transfers

Limited personal data may be transferred outside India only:

  • For technical support and maintenance by international vendors
  • When required for specific gift card redemption processes
  • Subject to adequate safeguards and regulatory approvals

7.3 Safeguards

International transfers are protected by:

  • Standard contractual clauses
  • Adequacy decisions by Indian authorities
  • Corporate binding rules
  • Specific authorization from data protection authorities

8. DATA SECURITY MEASURES

8.1 Technical Safeguards

  • Encryption: End-to-end encryption for data transmission (TLS 1.3 or higher)
  • Data Storage: AES-256 encryption for data at rest
  • Access Controls: Multi-factor authentication, role-based access, principle of least privilege
  • Network Security: Firewalls, intrusion detection systems, regular security monitoring
  • Secure Infrastructure: SOC 2 compliant data centers with physical security measures

8.2 Organizational Measures

  • Employee Training: Regular data protection and security awareness programs
  • Access Management: Background checks, confidentiality agreements, access reviews
  • Incident Response: 24/7 security monitoring, incident response procedures
  • Vendor Management: Due diligence, security assessments, contractual obligations
  • Regular Audits: Internal and external security assessments, compliance reviews

8.3 Data Breach Response

In case of a data breach, we will:

  • Contain and assess the incident within 24 hours
  • Notify relevant authorities within 72 hours (as required)
  • Inform affected users without undue delay
  • Provide clear information about the breach and mitigation steps
  • Implement measures to prevent similar incidents

9. YOUR RIGHTS AND CHOICES

9.1 Data Principal Rights

Under the DPDP Act, you have the right to:

  • Right to Information: Obtain details about how your personal data is processed
  • Right to Correction: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Grievance Redressal: Lodge complaints about data processing practices
  • Right to Nominate: Designate another person to exercise your rights in case of death or incapacity

9.2 How to Exercise Your Rights

To exercise your rights, contact us at:

  • Email: [email protected]
  • Subject Line: "Data Rights Request - [Your Name]"
  • Include: Your registered email address and specific request details

We will respond to your request within 30 days and may require identity verification before processing.

9.3 Marketing Communications

You can opt out of marketing communications by:

  • Clicking "unsubscribe" links in our emails
  • Updating your preferences in your account settings
  • Contacting our customer support team
  • Sending an opt-out request to [email protected]

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Cookies

We use the following types of cookies:

  • Strictly Necessary: Essential for platform functionality and security
  • Performance: Analytics and usage monitoring to improve our services
  • Functional: Remember your preferences and personalize your experience
  • Marketing: Deliver relevant advertisements and measure campaign effectiveness

10.2 Cookie Management

You can manage cookies through:

  • Browser settings to block or delete cookies
  • Our cookie preference center (where available)
  • Opt-out links provided by third-party analytics providers
  • Privacy settings in your mobile device for app-based tracking

10.3 Do Not Track

We respect Do Not Track signals and will not track users who have enabled this setting in their browsers.

11. DATA RETENTION

11.1 Retention Periods

We retain personal data for the following periods:

  • Account Data: For the duration of account activity plus 7 years after closure
  • Transaction Data: 10 years from transaction date (as required by financial regulations)
  • Communication Records: 3 years from last interaction
  • Marketing Data: Until consent is withdrawn or 2 years of inactivity
  • Security Logs: 1 year for standard logs, 7 years for incident-related logs

11.2 Retention Criteria

Data retention is based on:

  • Legal and regulatory requirements
  • Business and operational needs
  • Risk management considerations
  • User relationship status

11.3 Secure Deletion

When data is no longer required, we ensure:

  • Complete deletion from active systems
  • Secure destruction of backup copies
  • Certificate of destruction for sensitive data
  • Regular deletion audits and compliance checks

12. CHILDREN'S PRIVACY

12.1 Age Restrictions

Our Platform is not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18.

12.2 Parental Consent

If we discover that we have collected personal data from a child under 18 without parental consent, we will:

  • Delete the information immediately
  • Terminate any associated account
  • Implement additional safeguards to prevent future occurrences

12.3 Reporting

If you believe we have collected information from a child under 18, please contact us immediately at [email protected].

13. GRIEVANCE REDRESSAL

13.1 Grievance Team

For any privacy-related concerns or complaints, contact our Grievance Team:

  • Email: [email protected]
  • Response Time: 7 business days
  • Resolution Time: 30 days maximum

13.2 Complaint Process

  • Submit your complaint via email with detailed description
  • We will acknowledge receipt within 24 hours
  • Investigation and response within 7 business days
  • Resolution or escalation plan within 30 days
  • Right to appeal to Data Protection Board if unsatisfied

13.3 Data Protection Board

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India as per the DPDP Act.

14. COMPLIANCE AND GOVERNANCE

14.1 Regulatory Compliance

We comply with:

  • Digital Personal Data Protection Act, 2023
  • Information Technology Act, 2000 and IT Rules
  • RBI guidelines on Payment Systems and Data Localization
  • Reserve Bank of India Master Directions on Prepaid Payment Instruments
  • Foreign Exchange Management Act (FEMA) regulations

14.2 Data Protection Impact Assessment (DPIA)

We conduct DPIAs for:

  • New data processing activities involving high risk
  • Implementation of new technologies
  • Large-scale processing of sensitive personal data
  • Systematic monitoring of public areas

14.3 Regular Audits

We conduct:

  • Annual privacy compliance audits
  • Quarterly security assessments
  • Monthly vendor compliance reviews
  • Ongoing monitoring of data processing activities

15. UPDATES TO THIS POLICY

15.1 Policy Changes

We may update this Policy to reflect:

  • Changes in applicable laws and regulations
  • New features or services offered through our Platform
  • Enhanced security measures and data protection practices
  • Feedback from users and regulatory authorities

15.2 Notification Process

We will notify you of significant changes through:

  • Email notification to your registered email address
  • Prominent notice on our Platform
  • In-app notifications for mobile users
  • SMS alerts for material changes (where applicable)

15.3 Continued Use

Your continued use of our Platform after policy updates constitutes acceptance of the revised Policy. If you do not agree with the changes, please discontinue using our Platform.

16. CONTACT INFORMATION

16.1 Data Protection Queries

Email: [email protected]
Subject Line: "Privacy Policy Inquiry"

16.2 General Customer Support

Email: [email protected]
Response Time: 24-48 hours

16.3 Company Details

Remittx Private Limited
CIN: U74999DL2016OPC303824
Registered Office: 1st Floor, Gopala Krishna Complex, Residency Road, Bengaluru, Karnataka, India – 560025

17. LANGUAGE AND INTERPRETATION

17.1 Governing Language

This Policy is prepared in English. In case of any translation into other languages, the English version shall prevail in case of any inconsistency.

17.2 Jurisdiction

This Policy is governed by Indian law and subject to the jurisdiction of courts in Bengaluru, Karnataka.

17.3 Severability

If any provision of this Policy is deemed invalid or unenforceable, the remaining provisions shall continue to be valid and enforceable.