Annapurna Tech Universe Private Limited (ATU)

Privacy Policy

This Privacy Policy governs the collection, storage, use, and processing of Personal Information across all ATU platforms and products.

Introduction

Annapurna Tech Universe Private Limited (hereinafter referred to as the "Company", "we", "our", or "us") is registered at the Registrar of Companies (ROC) on the records of the Ministry of Corporate Affairs (MCA), under the Companies Act, 2013. Our registered office is situated at Plot No. 3753, KHATA No. 1594, Ghatikia, Khandagiri, Bhubaneswar, Khorda-751030, Orissa, India.

Annapurna Tech Universe (ATU) is a technology-driven organization focused on building secure, scalable, and intelligent digital solutions. ATU operates as an umbrella entity for innovative platforms in digital payments, electronic authentication, and intelligent data processing.

This Privacy Policy ("Policy") governs the collection, storage, use, and processing of Personal Information across all ATU platforms and products. When you use any of our applications, services, or platforms, you entrust us with your personal information. We highly value your privacy and are committed to protecting it by adhering to this Policy.

This Policy complies with Indian laws, rules and regulations, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as per the Information Technology Act, 2000.

These Indian laws necessitate the publication of a privacy policy governing practices relating to collection, usage, storage, transfer, and disclosure of Personal Information. This Policy is aligned with Indian laws, and the processing of your Personal Information will adhere to these laws as our products and services are exclusively offered to Indian customers in India.

By visiting, downloading, or using any ATU Platform or service, and/or by sharing your information or utilising our products or services, you explicitly consent to abide by this Policy and the relevant terms and conditions. If you do not agree with this Policy, kindly refrain from using or accessing our Platforms.

1. Collection of Personal Information

Depending on the product or service you use, we may collect and process the following categories of personal information. Not all categories apply to every product - only the information relevant to the specific service you access will be collected.

1.1 Identity & Registration Information

  • Name, date of birth, gender, phone number, and other registration details required to create your account and verify your identity.
  • OTPs received for mobile number verification and authentication purposes.
  • Face capture and liveliness data used to authenticate identity during signing or verification workflows.
  • Identity document data extracted from government-issued documents such as Voter ID, PAN Card, Driving Licence, Passport, and Aadhaar,including name, date of birth, address, identification numbers, and photographs . Full Aadhaar numbers are never stored - only masked versions are processed and retained, in compliance with UIDAI guidelines.

1.2 Device & Technical Information

  • Device identifiers used to identify users and prevent unauthorised multi-device access.
  • IP address, time-stamp data, and session information to safeguard against illegal activities such as fraud and misappropriation.
  • Cookies and similar technologies used to identify your browser or application session.
  • Internet permissions and Wi-Fi state information required for the app to connect to the internet.

1.3 Permissions & Sensor Data

  • Camera, read external storage, and media image permissions to enable photo uploads and document capture within the application.
  • SMS and call permissions to verify OTPs, bind SIM for UPI registration as per NPCI guidelines, and confirm a valid SIM card is present during registration or login.
  • Contacts permission used solely to facilitate easy selection of numbers for mobile recharge services.
  • Location permission used to determine available products, delivery feasibility, and to establish signing context for fraud detection purposes.
  • Biometric (fingerprint) permission for secure, seamless login in place of passwords.

1.4 Document & Workflow Information

  • Document data including file format, submission timestamp, and API caller identification for audit and processing purposes.
  • Verification results, confidence scores, and extraction accuracy data generated during document processing.
  • Loan or contract documents and associated signing workflow data, including audit trail records that provide a tamper-evident log of all signing actions.
  • Digital signatures and signing timestamps associated with completed signatures.
  • Geographic location at the time of signing, captured to establish signing context and detect potential fraud or coercion.

2. Purpose and Use of Information

ATU may process the information collected for purposes including, but not limited to:

  • Creation of user accounts, identity authentication, and granting appropriate access and privileges.
  • Execution of payment processes, transactional facilitation, and compliance with applicable regulatory requirements.
  • Extraction and digitisation of information from identity documents for KYC, customer onboarding, and loan processing workflows.
  • Performing identity verification against government-recognised databases and APIs, including Aadhaar, PAN, and Voter ID verification services.
  • Verifying signatory identity and capturing, securing, and validating electronic signatures on financial and loan documents in a legally compliant manner.
  • Recording and validating geographic location and biometric data as part of signing verification and fraud prevention processes.
  • Generating legally admissible, audit-ready evidence packages including digital certificates, timestamps, and verification records.
  • Enhancement of user experience through analysis of aggregated, anonymised user behaviour and processing data.
  • Monitoring, review, and customisation of services to ensure user safety, convenience, and regulatory compliance.
  • Enforcement of applicable terms and conditions and dissemination of information regarding offers, products, and service updates.
  • Detection of security breaches, prevention of fraudulent activities, and undertaking forensic or internal audits as required.
  • Resolution of disputes, provision of technical support, and ensuring overall service safety and integrity.

3. Cookies and Similar Technologies

We utilise cookies and similar technologies on our platforms to enhance user experience, analyse web page flow, and measure promotional effectiveness. These technologies help in providing targeted information and features. You have the option to manage cookies via your browser settings, although this might affect certain platform features.

4. Sharing and Disclosure of Information

Your Personal Information is shared in accordance with applicable laws, following due diligence and aligned with the outlined purposes in this Policy. We may share your Personal Information with various entities, including business partners, service providers, regulatory bodies, governmental authorities, financial institutions, and internal teams such as security and investigation teams.

This sharing of Personal Information, as applicable, is on a need-to-know basis and serves various purposes, including but not limited to:

  • Facilitating the provision of products or services availed by you and enabling services between you and the relevant service providers.
  • Completing payment transactions initiated by you, where merchants or service providers request your Personal Information based on your instructions.
  • Sharing the customer's phone number with the Technical Service Provider of the BBPS service provider for facilitating bill payment transactions, in strict compliance with regulatory requirements.
  • Meeting requirements from financial institutions for fraud prevention, risk management, and fund recovery, as per applicable laws.
  • Rendering services related to communication, data storage, transmission, security, analytics, fraud detection, risk assessment, and research.
  • Enforcing our Terms or Policy and protecting the rights, property, or safety of users or the public.
  • Complying with legal requirements, court orders, or other legal processes in good faith, as reasonably necessary.
  • Responding to government authority requests for initiatives, benefits, or grievance resolution.
  • Collaborating with internal investigation departments or appointed agencies for investigative purposes within or outside Indian jurisdiction.
  • In the event of mergers, acquisitions, or business restructuring, sharing information with relevant entities as required.

While information is shared with third parties as per this Policy, the processing of your Personal Information is regulated by their policies. We ensure that stricter or no less stringent privacy protection obligations are imposed on these third parties, wherever applicable and feasible. The Company or any person on its behalf shall not publish sensitive personal data or information.

5. Storage and Retention

Where applicable, we store Personal Information within India, abiding by applicable laws, and retain it for a duration necessary for the purpose for which it was collected. However, we may retain Personal Information related to you if deemed necessary to prevent fraud or abuse, or if required by law due to legal or regulatory proceedings or directives. Upon reaching the retention period, Personal Information is deleted in compliance with applicable laws.

Recipients of Personal Information may include business partners, service providers, merchants, regulatory bodies, financial institutions, third parties for transaction fulfilment and communication, internal departments, and governmental authorities or agencies as required by law.

6. Reasonable Security Practices

We prioritise the security of your personal and sensitive information. We have implemented administrative, technical, and physical security measures to safeguard your data. While we strive for an effective security system, we acknowledge that no system is entirely impenetrable.

As part of our reasonable security practices, we conduct rigorous internal and external reviews to ensure robust information security. This includes encryption and controls for both data in motion and data at rest within our network and servers. Our databases are stored on servers protected by firewalls, with access restricted through password protection and strict limitations.

You play a crucial role in maintaining the confidentiality and security of your account details. Please refrain from sharing your login credentials, passwords, and OTPs with anyone. It is your responsibility to promptly inform us of any actual or suspected compromise of your personal information.

7. Third-Party Products, Services, or Websites

When using ATU products, you may encounter links to other websites or applications. These operate under their own privacy policies, beyond our control. Once you leave our platform, your data is governed by the privacy policy of the visited site or application. Review their policies before proceeding, as they may differ from ours. We hold no responsibility for how third parties handle your information. For concerns, contact the domain owner directly.

8. Your Consent

We process your Personal Information with your consent. By utilising any ATU platform or service and/or by providing your Personal Information, you explicitly consent to the processing of your Personal Information by us, adhering to the terms outlined in this Policy.

If you share Personal Information related to other individuals, you affirm that you possess the authority to do so and grant us permission to utilise the information in accordance with this Policy.

9. Privacy Controls

You have choices about the information we collect and how we use it:

  • Device-level settings: Controls on your device may determine what information we collect.
  • Delete your App account entirely.
  • You may also request that content be removed from our servers in accordance with applicable law.

10. Modifications to Policy

Due to the dynamic nature of our business operations, our policies will undergo alterations. We retain the exclusive discretion to amend, adjust, supplement, or remove segments of this Policy without prior written notice to you. We will post the changes on the website to keep you updated. Although we will make reasonable efforts to notify you of these modifications, it remains your responsibility to periodically review this Policy for updates or alterations on our website. Your continued usage of our services or Platform subsequent to the publication of such modifications implies your acceptance and consent to the revised terms. It is assured that alterations to policies will never compromise the protection of Personal Information already disclosed by you.

11. Contact Information

If you have any complaints or concerns, including those pertaining to breach of Terms of Use, Privacy Policy, and other policies, or have any questions regarding this Policy, please contact us:

Organisation
Annapurna Tech Universe Private Limited
Registered Office
Plot No. 3753, KHATA No. 1594, Ghatikia, Khandagiri, Bhubaneswar, Khorda-751030, Orissa, India
Jurisdiction
This Policy applies to services offered in India only. Deactivate/Delete account links also function within India only.

We are committed to responding to your queries within a reasonable timeframe. Any delays in resolution will be communicated to you proactively.