Privacy Policy

Effective Date: February 19, 2026Last Updated: February 19, 2026

1. Introduction

Optimoney Technologies Private Limited ("Platform", "we", "us", "our") is committed to protecting the digital personal data of our users in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Digital Personal Data Protection Rules, 2025 ("DPDP Rules"), the Information Technology Act, 2000 ("IT Act") and associated rules, and applicable Indian laws.

This privacy policy ("Policy") describes how we collect, use, process, store, share and retain digital personal data of our users ("Data Principals"), and the rights you have in relation to your personal data.

By accessing or using the Platform, you signify your free, specific, informed, unconditional and unambiguous consent (by a clear affirmative action) to the collection and processing of your personal data in accordance with this Policy.

2. Definitions

In this Policy, the capitalised terms have the following meanings:

  • "Data Principal"
    Means the individual to whom the personal data relates (i.e., you, the user).
  • "Data Fiduciary"
    Means the Platform, that alone or jointly determines the purpose and means of processing personal data.
  • "Data Processor"
    Means any person who processes personal data on behalf of the Data Fiduciary.
  • "Personal Data"
    Means any data about an individual who is identifiable by or in relation to such data.
  • "Digital Personal Data"
    Means personal data in digital form (collected online or collected offline then digitised).
  • "Processing"
    Means any automated operation or set of operations performed on digital personal data, including collection, storage, use, disclosure, erasure, etc.
  • "Child"
    Means an individual who has not completed 18 (eighteen) years of age.

3. Personal Data We Collect

In the course of providing access to the Platform and responding to user-initiated requests, the Platform may collect and process limited categories of Digital Personal Data, strictly on a need-to-know basis and in accordance with the principles of purpose limitation and data minimisation prescribed under the DPDP Act.

The Digital Personal Data collected by the Platform may include:

  • a) Identification and Contact Details: Name, mobile number, email address and such other basic contact information as may be voluntarily provided by the Data Principal while submitting a lead form or otherwise communicating with the Platform.
  • b) User Query and Service-Related Information: Information relating to the Data Principal's stated problem, query, or service requirement, as shared through the Platform or during subsequent communications.
  • c) Communication and Interaction Records: Records of communications exchanged with the Data Principal through permitted channels including email, telephone calls, or messaging applications (such as WhatsApp, where a number has been provided), solely for the purposes of responding to queries, follow-ups, and service-related interactions.

The Platform does not intentionally collect sensitive personal data, nor does it seek to collect personal data beyond what is expressly provided by the Data Principal for the purposes stated herein. The Platform does not knowingly collect personal data of a Child. In the event personal data relating to a Child is identified, such data shall be dealt with in accordance with applicable law.

4. How We Use Your Personal Data

Digital Personal Data collected by the Platform is used solely by the Platform for the purposes of lead qualification (i.e., assessing and evaluating user-submitted inquiries to determine relevance, service suitability, and appropriate response), addressing user-initiated requests, and providing services, in a manner consistent with the DPDP Act.

5. Disclosing and Sharing of Personal Data

The Platform does not disclose, share, sell, transfer, or otherwise make available the Digital Personal Data of Data Principals to any third-party vendors, group entities, or external organisations in the ordinary course of its business.

Disclosure of Digital Personal Data shall occur only where such disclosure is required or permitted under applicable law, including pursuant to a valid order, direction, or request issued by a court of competent jurisdiction, statutory authority, or regulatory body.

Where disclosure of or access to Digital Personal Data is necessary for processing activities carried out on behalf of the Platform, such access shall be provided solely to authorised Data Processors engaged under written agreements that incorporate adequate data protection, confidentiality, and security obligations, in accordance with the DPDP Act.

6. Data Principal Rights

Under the DPDP Act, you as a Data Principal have the following rights:

  • Right to Access: You may request a summary of the Personal Data being processed about you, and the identities of all Data Fiduciaries / Data Processors with whom your data has been shared.
  • Right to Correction/Completion: You may request correction, completion or updating of your Personal Data if it is inaccurate, incomplete or outdated.
  • Right to Erasure ("Right to be Forgotten"): You may request deletion of your Personal Data when: (a) the purpose for which it was collected is no longer being served; (b) you withdraw your consent (unless retention is required for a legal obligation).
  • Right to Withdraw Consent: You may withdraw your consent at any time, and we shall cease processing your data (unless otherwise authorised by law) in as easy a manner as the consent was given.
  • Right to Nominate: You may nominate a person who will exercise your rights on your behalf in the event of your death or incapacity.
  • Right to Grievance Redressal: You have the right to lodge grievances and obtain redressal from us (and ultimately from the Data Protection Board of India).
  • Response Time: We will respond to all valid requests within 30 (thirty) days of receipt of your request (unless a shorter period is specified under applicable law or rules).

7. Data Security and Retention

A. Data Security

We implement appropriate technical, organisational, and physical safeguards to protect Personal Data against unauthorised access, misuse, alteration, loss, or destruction, in accordance with applicable law.

B. Data Retention
  • We retain Personal Data only as long as necessary to fulfil the purpose(s) for which it was collected, or as required under applicable law.
  • Unless legally required to be retained (for e.g., regulatory, audit or dispute-resolution purposes), we will delete or irreversibly anonymise your Personal Data after a period of 3 (three) years of account inactivity.
  • Prior to scheduled deletion for inactivity, we will send you a 48 (forty-eight) hours' advance warning (via your registered contact method) giving you an opportunity to prevent deletion.

8. Children's Data

The Platform is not intended for use by children and does not knowingly collect or process the Digital Personal Data of any individual who has not attained 18 (eighteen) years of age. In the event that Personal Data of a Child is identified as having been collected inadvertently, the Platform shall take reasonable steps to delete such data in accordance with applicable law.

9. Personal Data Breach Notification

In the event of a Personal Data Breach (unauthorised access, loss or disclosure of Personal Data), we will, without undue delay, notify:

  • The Data Protection Board of India (or any successor authority) as required by applicable law or rules.
  • Each affected Data Principal (you) through your registered contact method (email/app notification), in a clear, concise and plain-language notice describing: the nature of the breach; the likely consequences; the measures taken/being taken; and contact details for further queries.
  • We will also keep an internal incident record and review and update our prevention controls.

10. Grievance Redressal Mechanism

We have appointed a Grievance Officer to address all user data-related grievances and ensure timely resolution in accordance with applicable law.

Data Principals may submit grievances or requests to access, correction, deletion, or restriction of processing of their personal data by writing to the Grievance Officer at:

mihirmehta@optimoneytech.com

Upon receipt of a grievance, the Grievance Officer shall endeavour to resolve or respond within 30 (thirty) days, or within such other timeframe as may be prescribed under applicable law.

11. Changes to this Privacy Policy

We may update this Policy from time to time (for example, to reflect changes in law, internal practices, or the Platform's features). We will notify you of any material changes by posting the updated Policy on the Platform and updating the "Last Updated" date. We may also send you a notification (email/app) in case of significant changes. Your continued use of the Platform after the effective date of the updated Policy will constitute your acceptance of the changes.

12. Jurisdiction and Governing Law

This Policy is governed by and construed in accordance with the laws of Republic India, including but not limited to the DPDP Act, the IT Act and associated rules. Any disputes in relation to this Policy will be subject to the jurisdiction of the competent courts in Mumbai, Maharashtra.