Privacy Policy

Payvriz Technologies Private Limited ("idto.ai", "we", "our", "us"), having its registered office at: 3rd floor, Orchid Centre, Golf Course Road, Sector 53, Gurugram, Haryana – 122002, India. Email: info@idto.ai is committed to protecting the privacy of individuals whose information we process in the course of delivering our services. This Privacy Policy describes how we collect, use, disclose, store, and protect your personal data, in accordance with the Digital Personal Data Protection Act, 2023 (DPDP), the Information Technology Act, 2000, and other applicable laws in India.

1. Scope of This Policy

  • Visitors to our website (www.idto.ai).
  • Users interacting with our APIs, SDKs, and related services.
  • Individuals whose personal or sensitive data is processed by us in connection with onboarding, verification, fraud prevention, and related use cases.

2. Definitions

  • Personal Data – Any data about an individual who is identifiable by or in relation to such data.
  • Sensitive Personal Data – Includes government-issued identifiers, financial information, biometric data, and other categories defined under applicable laws.
  • Data Principal – The individual to whom the personal data relates.
  • Grievance Officer – The person appointed by us to address privacy-related concerns, as detailed in Section 12.

3. How We Collect Information

  • Directly from you – via our website, forms, SDK, APIs, or customer support channels.
  • Through our clients/partners – when they integrate with our platform and provide us your data for legitimate business purposes.
  • From authorised third-party data sources – such as government databases, identity verification partners, and financial institutions, based on your consent.

4. Types of Data We Process

  • Identity Data – Name, date of birth, address, photograph, government ID details (e.g., Aadhaar, PAN, passport).
  • Contact Data – Email address, mobile number.
  • Financial Data – Bank account details, credit bureau data.
  • Behavioural Data – Device identifiers, geolocation, fraud risk scores, transaction patterns.
  • Documents – Uploaded scans/images for verification.

We only collect data necessary for the stated purpose and limit retention as per law.

5. Purpose of Processing

We process personal data for purposes including but not limited to:

  • Identity verification and KYC (Know Your Customer).
  • Fraud detection and risk management.
  • Customer onboarding for financial institutions, fintechs, and other regulated entities.
  • Compliance with applicable legal obligations.
  • Product development, analytics, and improving our services.

6. Legal Basis for Processing

  • Consent – Where required, we obtain explicit consent from you or our client/partner on your behalf.
  • Legal obligation – Compliance with laws and regulatory requirements.
  • Legitimate interests – For fraud prevention, security, and improvement of services.

7. Data Sharing & Disclosure

We do not sell your data. We may share your information only with:

  • Authorised financial institutions, clients, or service providers.
  • Government authorities and regulators, where required by law.
  • Third-party vendors supporting identity verification, fraud prevention, or analytics.

8. Data Security

We implement appropriate technical and organisational measures such as encryption, access control, and monitoring to safeguard your personal data against unauthorised access, disclosure, or misuse.

9. Data Retention

We retain data only as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law and regulatory obligations.

10. Your Rights

As a Data Principal under the DPDP Act, you have the following rights:

  • Right to access your personal data.
  • Right to correction and erasure.
  • Right to withdraw consent (where processing is based on consent).
  • Right to grievance redressal.

11. Cookies & Tracking

Our website may use cookies and similar technologies to enhance your browsing experience and for analytics. You can manage cookie preferences through your browser settings.

12. Grievance Officer

For concerns, queries, or to exercise your rights under this policy, you may contact our Grievance Officer:

Email: privacy@idto.ai

Address: Payvriz Technologies Pvt Ltd, 3rd Floor, Orchid Centre, Golf Course Road, Gurugram, Haryana – 122002

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. Please review periodically.