Privacy Policy — unitpe

Effective Date: 20 December 2025 Last Updated: 20 December 2025

This Privacy Policy (“Policy”) describes how Inster Payments Technology Private Limited (“unitpe”, “Company”, “we”, “us”, “our”) collects, uses, shares, stores, and protects Personal Data when you visit https://unitpe.com or use our websites, dashboards, APIs, and products/services (collectively, the “Services”).

Company details
Legal entity: Inster Payments Technology Private Limited
CIN: U62099MH2025PTC457769
Address: VO-1131, WeWork Vaswani Chambers, 1st Floor, 264-265, Dr Annie Besant Rd, Municipal Colony, Worli Shivaji Nagar, Worli, Mumbai, Maharashtra 400030
Key definitions
  • Merchant = unitpe’s customer (business user).
  • Customer = Merchant’s customer (end user/payer).
  • Personal Data = data about an identifiable individual.
Important model note (non-custodial)
  • Payments: Payment processing and settlement are provided through partner RBI-authorized Payment Aggregator(s) (currently: Easebuzz).
  • Fintech Infrastructure: Banking rails (e.g., account onboarding/transaction execution) are provided through partner regulated bank(s) (currently: IDFC Bank). Transactions execute through the Merchant’s bank account based on Merchant authorization and partner bank terms.
  • unitpe does not hold, pool, or control Merchant or Customer funds.
  • Partners may change (increase/decrease). Where appropriate, we may update product pages or notify users.

Contents

1) Scope2) Our role (fiduciary/processor)3) Data we collect4) How we use data5) Lawful basis & compliance6) Sharing & disclosures7) Partner onboarding & partner policies8) Cookies & tracking9) Security, risk & fraud monitoring10) Retention11) Cross-border transfers12) Your rights (DPDP) & choices13) Children14) Automated decision-making15) Third-party links16) Changes to this Policy17) Contact & grievance redressal

1) Scope

This Policy applies to Personal Data processed by unitpe in connection with the Services, including website visitors, Merchants, and authorized Merchant users. It applies to Customers (Merchant end users) only to the limited extent Customer data is processed through Merchant-enabled flows and the Services (for example, transaction status metadata, references, or support logs).

This Policy does not apply to services we do not control (including partner Payment Aggregators, partner banks, KYC/verification providers, ERP/accounting platforms, and other third parties). Their terms and privacy policies apply to their services.

2) Our role (Data Fiduciary / Data Processor)

Depending on context, unitpe may act as a data fiduciary/controller (where we determine the purposes and means of processing) or as a data processor/service provider (where we process data on behalf of a Merchant).

  • Fiduciary examples: website operations, account administration, platform security, compliance, risk monitoring, and communications.
  • Processor examples: Merchant dashboards/reports, reconciliation views, connected-banking tools, payout/payroll workflows initiated by Merchant, and integrations configured by Merchant.

Merchants are responsible for ensuring they have all required rights, notices, and consents from Customers, employees, vendors, and other individuals whose data they process using the Services.

3) Data we collect

We collect and process Personal Data that you provide, that is generated through your use of the Services, and that we receive from Partners or service providers. We process data only for lawful purposes and to the extent permitted by applicable law, partner requirements, and contractual commitments.

A) Data you provide
  • Website/contact: name, email, phone, company, messages.
  • Account/admin: names, emails/phones, roles/permissions, authentication details (stored securely).
  • Merchant onboarding/KYC (as applicable): business identifiers (PAN, GSTIN, CIN/LLPIN), addresses, authorized signatory details, and documents required to onboard and enable partner rails.
  • Support: emails, tickets, chat, and attachments you send us.
B) Data generated through use
  • Technical data: IP address, device/browser/OS, timestamps, diagnostics.
  • Logs & audit trails: login events, API usage, access logs, error logs, security events.
  • Operational metadata: transaction/workflow IDs, timestamps, statuses, reconciliation references.
Customer financial data (important)

We do not store card data or bank account data of a Merchant’s Customers. Where necessary for support, auditability, compliance, risk controls, and reconciliation, we may store limited transaction references/status metadata and identifiers (masked or tokenized where feasible).

C) Data received from Partners
  • Partner Payment Aggregators: onboarding status, payment statuses, settlement/refund/dispute references.
  • Partner banks: onboarding/workflow status, transaction execution status, bank references.
  • KYC/verification vendors: verification results/reference IDs (if enabled).
  • ERP/accounting platforms: integration tokens/config metadata and sync events (if enabled and authorized).

4) How we use data

  • Operate the website and provide the Services (accounts, dashboards, APIs, integrations).
  • Onboarding, verification, compliance operations, and record-keeping.
  • Security, risk management, and fraud monitoring (detect/prevent abuse, account takeover, suspicious patterns).
  • Customer support, communications, product notices, and service updates.
  • Analytics and improvement (performance, reliability, debugging, feature development).
  • Legal protection (enforce terms, resolve disputes, respond to lawful requests).

We may store and process data to the extent permitted under applicable law for compliance, platform integrity, prevention of fraud, and improvement of the Services.

5) Lawful basis & compliance

We process Personal Data in accordance with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 (DPDP), and other applicable rules/guidelines. Depending on context, processing may be based on:

  • Consent (where required; e.g., certain cookies/analytics or optional communications).
  • Performance of a contract (to provide Services to Merchants and authorized users).
  • Compliance with legal obligations (where applicable).
  • Legitimate uses (including security, fraud prevention, and platform integrity).

6) Sharing & disclosures

We share Personal Data only as necessary to provide the Services, operate securely, meet contractual commitments, and comply with applicable law. We do not sell Personal Data as a business practice.

A) Partners (rails & providers)
  • Payment Aggregators for payment processing/settlement features (currently: Easebuzz).
  • Partner banks for account/rails execution (currently: IDFC Bank).
  • KYC/verification and other Partners where enabled and authorized.
B) Service providers (processors)
  • Cloud infrastructure: Amazon Web Services (AWS).
  • Network/security: Cloudflare (as needed).
  • SMS/communications: Jio / Airtel (DLT registration & routes), Fast2sms (delivery gateway).
  • Analytics (if enabled): Google Analytics / measurement tools (if enabled), Vercel Analytics (if enabled).
C) Legal / safety / business transfers
  • We may disclose data to regulators, authorities, or law enforcement when required by law or legal process.
  • We may disclose data to protect the rights, safety, and security of unitpe, Merchants, Customers, Partners, or the public.
  • If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, data may be transferred as part of that transaction, subject to lawful safeguards.

7) Partner onboarding & partner policies

Some features are enabled through Partners (for example, partner Payment Aggregators for Payments and partner banks for banking rails). To use those Partner-powered features, a Merchant may be onboarded with the relevant Partner(s) and may be required to accept the Partner’s terms, policies, and privacy practices.

Merchant acknowledgement
  • By enabling Partner-powered features within unitpe, the Merchant authorizes us to share required onboarding/KYC and operational data with relevant Partners to provide those services.
  • Partner services are governed by Partner policies; Partner approvals/limits and certain compliance actions are determined by Partners.

8) Cookies & tracking

We may use cookies and similar technologies for essential functionality, security, and (if enabled) analytics. Cookie categories may include:

  • Strictly necessary: required for site security and core functionality.
  • Performance/analytics (optional): help us understand usage and improve performance (e.g., Google/Vercel analytics where enabled).

You can control cookies via your browser settings and (where offered) consent controls. Disabling cookies may affect functionality.

9) Security, risk & fraud monitoring

We implement commercially reasonable technical and organizational safeguards designed to protect Personal Data and the Services (e.g., encryption in transit via TLS/HTTPS, access controls, least privilege, monitoring and logging, secure development practices, and vendor controls).

We also maintain risk management and fraud monitoring measures to detect and prevent abuse, suspicious behavior, unauthorized access, and platform misuse. This may include monitoring authentication events, anomalous access patterns, API abuse, and operational metadata patterns (where available).

No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10) Retention

We retain Personal Data only as long as necessary to provide the Services, maintain audit/security records, comply with legal and contractual requirements (including partner requirements), resolve disputes, and enforce agreements. Retention varies by data type. Where feasible, we delete or anonymize data.

Data typeTypical purposeRetention (high-level)
Account & profile data (Merchant/admin users)Account operation, access controlFor the life of the account + reasonable period after closure
KYC/onboarding documents (where applicable)Onboarding, compliance, audits, partner requirementsAs required by law/partners and for legitimate compliance needs
Operational metadata (references, statuses)Reconciliation, support, auditsAs needed for reconciliation/support and contractual/legal needs
Security logs & audit trailsSecurity monitoring, incident investigationAs needed for security and compliance; may persist longer for investigations
Support communicationsIssue resolution and qualityAs needed for support history and dispute handling

11) Cross-border transfers

Some vendors/Partners may process or store data outside India depending on service architecture. Where cross-border transfers occur, we take reasonable measures to implement safeguards consistent with applicable law and contractual protections.

12) Your rights (DPDP) & choices

Subject to applicable law (including DPDP), you may have rights including: (a) access to information about processing, (b) correction and erasure of Personal Data, (c) withdrawal of consent (where consent is the basis), (d) grievance redressal, and (e) the right to nominate another person to exercise rights on your behalf.

To submit a request, email business@unitpe.com with your request and relevant details for verification. We may need to verify identity/authority before actioning requests. If we process data on behalf of a Merchant (for example, a Customer of a Merchant), the Merchant may be the primary party responsible, and we may redirect you accordingly.

13) Children

Our Services are intended for business use and are not directed to children. We do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data, contact us at business@unitpe.com.

14) Automated decision-making

We may use automated systems to help detect fraud/abuse and protect platform integrity (for example, risk scoring of access patterns or suspicious activity). Such systems are used to support security and compliance and may result in temporary limitations, holds, or requests for additional verification.

15) Third-party links

Our website and Services may include links or integrations to third-party services. We are not responsible for their privacy practices. Review third-party policies before using those services.

16) Changes to this Policy

We may update this Policy from time to time. The updated version will be posted on this page with an updated “Last Updated” date. If changes are material, we may provide additional notice where appropriate.

17) Contact & grievance redressal

For privacy questions, requests, or complaints, contact business@unitpe.com. As we are a small team, this email is used for all purposes and routes internally to the appropriate owner.

Address: VO-1131, WeWork Vaswani Chambers, 1st Floor, 264-265, Dr Annie Besant Rd, Municipal Colony, Worli Shivaji Nagar, Worli, Mumbai, Maharashtra 400030