Last Updated: April 2026
Effective Date: 1st April 2026
1. Introduction
Tapits Technologies Pvt. Ltd. (“Tapits”, “Fingpay”, “we”, “us”, or “our”), operating under the brand Fingpay, is an entity authorised by the Reserve Bank of India (“RBI”) as a Payment Aggregator for online and physical payment services. We are incorporated under the Companies Act, 2013, with Corporate Identification Number (CIN) U72900MP2016PTC040639, and are headquartered at 20 Dhenu Market, Indore 452003, Madhya Pradesh, India.
Fingpay provides a comprehensive suite of business-to-business (B2B) digital payment and financial services, including Unified Payments Interface (UPI), Aadhaar Enabled Payment System (AEPS), Micro ATM services, BHIM Aadhaar Pay, Payment Gateway solutions, Bharat Bill Payment System (BBPS), Cash Management Services (CMS), KYC and merchant onboarding solutions, virtual accounts, field collection applications, and AI-powered voice bots. Fingpay’s clients include banking and financial institutions, micro, small and medium enterprises (MSMEs), business correspondent (BC) networks, and enterprise partners across India.
This Privacy Policy (“Policy”) explains how Fingpay collects, stores, uses, processes, discloses, and protects personal information and sensitive personal data or information (“SPDI”) that you provide to us or that we collect in connection with your use of Fingpay’s website (https://www.fingpay.co.in), mobile applications, application programming interfaces (APIs), and associated services (collectively, the “Platform”).
This Policy is published in compliance with:
The Information Technology Act, 2000 (“IT Act”) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”);
The Reserve Bank of India’s guidelines on Payment Aggregators and Payment Gateways;
The National Payments Corporation of India (“NPCI”) circulars and framework requirements applicable to AEPS, UPI, and other NPCI-operated payment systems; and
Applicable Indian laws and regulations governing data protection and privacy.
By accessing or using the Platform, you acknowledge that you have read and understood this Policy. If you do not agree with the terms of this Policy, you should discontinue use of the Platform.
This Policy applies only to information collected through the Platform and does not apply to information collected through third-party websites, even if those websites are linked from the Platform.
2. Definitions
As used in this Policy, the following terms shall have the meanings assigned to them below:
“Personal Information” means any information that relates to a natural person and is capable of identifying such person, either alone or in combination with other information, including name, email address, mobile number, date of birth, and similar identifiers.
“Sensitive Personal Data or Information” or “SPDI” has the meaning assigned under Rule 3 of the SPDI Rules, and includes: passwords; financial information such as bank account details, credit or debit card numbers, and other payment instrument details; physical, physiological, and mental health conditions; sexual orientation; medical records and history; biometric information (including Aadhaar-linked fingerprint and iris data); KYC documents; and any information received by a body corporate in confidence.
“User” or “you” refers to any individual or entity that accesses or uses the Platform, including merchants, corporate partners, business correspondents, and end customers transacting through Fingpay-powered services.
“Platform” means the Fingpay website (fingpay.co.in), mobile applications, APIs, and all related products and services operated by Tapits Technologies Pvt. Ltd.
“Affiliates” means parent companies, subsidiaries, joint ventures, and other entities under common control with Tapits Technologies Pvt. Ltd.
“Third-Party Service Providers” means vendors, partners, and service providers engaged by Fingpay to support the delivery of its services.
“RBI” means the Reserve Bank of India.
“NPCI” means the National Payments Corporation of India.
3. Information We Collect
Fingpay collects the following categories of information in connection with the provision of its services:
3.1 Information Provided Directly by You
When you register on the Platform, onboard as a merchant or partner, or use Fingpay’s services, you may provide:
Identity information: full name and date of birth;
Contact information: email address, mobile number, and mailing address;
Business information: business name, business category, GST registration number, and business address; (If applicable)
Financial information: bank account details and IFSC code,;
KYC documents: Aadhaar number (or Aadhaar Virtual ID), PAN card details, passport, voter identity card, and other documents required under RBI’s Know Your Customer (KYC) guidelines; and
Biometric data: fingerprint or iris data collected solely in connection with Aadhaar-enabled authentication for AEPS transactions.
3.2 Information Collected Automatically
When you interact with the Platform, we may automatically collect:
Device information: device model, operating system, browser type and version, and device identifiers;
Usage information: pages visited, features used, search queries, session duration, referring URL, and timestamp data;
Network information: IP address, geographic location (to the extent determinable from IP address), and network details;
Transaction information: records of payment transactions processed through the Platform, including transaction amounts, counterparty details, timestamps, and status; and
Log data: server logs, error reports, and diagnostic information relating to your use of the Platform.
3.3 Information Received from Third Parties
Fingpay may receive information about you from third parties, including:
Financial institutions and banks with whom Fingpay has integration arrangements, for the purpose of facilitating payment processing and settlement;
NPCI and other payment network operators, in connection with the operation of UPI, AEPS, and other payment services;
KYC verification agencies and authentication service providers, for identity verification purposes;
Government databases and registries, to the extent permitted by applicable law; and
Your employer, business partner, or principal entity (for corporate or BC onboarding), to the extent such information is shared with Fingpay for the purpose of enabling your access to the Platform.
3.4 Cookies
Fingpay uses cookies, web beacons, and similar tracking technologies on its website and mobile applications to enhance your experience, remember your preferences, and analyse usage patterns. Cookies are small data files stored on your device. Fingpay uses both:
Session cookies, which are temporary and expire when you close your browser; and
Persistent cookies, which remain on your device until deleted or until they expire.
Certain third-party analytics and advertising tools integrated into the Platform may also collect anonymised data about your visits using cookies. These tools do not collect or have access to your personally identifiable information. You may disable cookies through your browser settings; however, doing so may affect the functionality of certain features of the Platform.
4. How We Use Your Information
Fingpay uses the personal information and SPDI it collects for the following purposes:
4.1 Service Delivery and Account Management
To register, verify, and maintain your account on the Platform;
To process payment transactions, including UPI, AEPS, Micro ATM, BHIM Aadhaar Pay, and BBPS transactions;
To facilitate merchant onboarding, KYC verification, and account settlement;
To provide Cash Management Services, virtual account management, and field collection services; and
To enable access to APIs and developer tools provided by Fingpay.
4.2 Compliance and Regulatory Obligations
To comply with RBI’s Payment Aggregator guidelines, anti-money laundering (AML) regulations, and other applicable regulatory requirements;
To conduct KYC and ongoing due diligence on merchants and partners as required by RBI and NPCI and other regulatory entities;
To report transactions and related data to regulatory authorities, including RBI, NPCI, Financial Intelligence Unit – India (FIU-IND), and other government agencies, as required by law; and
To maintain transaction records in accordance with applicable data retention requirements.
4.3 Security, Fraud Prevention, and Risk Management
To detect, investigate, and prevent fraudulent transactions, unauthorised access, and other illegal activities;
To monitor transactions for suspicious activity and report the same in accordance with applicable laws; and
To protect the security and integrity of the Platform and of payment systems operated or supported by Fingpay.
4.4 Customer Support and Communication
To respond to your queries, complaints, and requests submitted through grievance redressal channels;
To send transaction alerts and notifications via SMS, email, or push notification;
To send service-related communications, including updates to the Platform, policy changes, and regulatory notices; and
To send marketing and promotional communications, where you have subscribed to receive such communications. You may unsubscribe from marketing communications at any time by following the unsubscribe link included in our emails or by writing to info@tapits.in.
4.5 Product Improvement and Analytics
To analyse usage data and user behaviour in aggregated and anonymised form for the purpose of improving the Platform and developing new products and services;
To calibrate and personalise your experience on the Platform; and
To conduct internal audits, quality assurance, and performance monitoring.
Fingpay shall not use your personal information for any purpose materially different from those set out above without seeking your prior consent.
5. Sensitive Personal Data or Information (SPDI)
5.1 Nature of SPDI Handled by Fingpay
Given the nature of Fingpay’s services, Fingpay necessarily handles significant volumes of Sensitive Personal Data or Information, including:
Aadhaar numbers and Aadhaar Virtual IDs, used for biometric authentication in AEPS and BHIM Aadhaar Pay transactions;
Biometric data (fingerprint and iris scans), processed in real time through NPCI’s authentication infrastructure for AEPS transactions;
PAN (Permanent Account Number)/ Aadhar or any other verification ID details, collected as part of KYC and merchant onboarding;
Bank account numbers and IFSC codes, used for payment processing and settlement;
Credit and debit card information, handled in connection with Payment Gateway services; and
Other KYC documents, including government-issued identity documents required under RBI guidelines.
5.2 Consent for SPDI
Where required under the SPDI Rules, Fingpay obtains your prior written consent before collecting SPDI. Such consent may be provided electronically. You have the right to withdraw your consent at any time; however, withdrawal of consent may result in Fingpay being unable to provide certain services that are dependent on such data.
6. Disclosure and Sharing of Information
Fingpay does not sell, rent, or trade your personal information or SPDI to third parties. Fingpay may disclose your information only in the following circumstances:
6.1 Service Delivery Partners
Fingpay may share your information with Third-Party Service Providers engaged to support the operation of the Platform, including:
Banking and financial institution partners, for the purpose of processing and settling payment transactions;
NPCI, for the operation of UPI, AEPS, BBPS, and other NPCI-run payment services;
KYC verification and identity authentication providers;
Cloud infrastructure, hosting, and technology service providers;
Customer support and communication service providers; and
Analytics and fraud detection vendors.
Third-Party Service Providers are contractually obligated not to use your information for any purpose other than to provide the specific services for which they are engaged.
6.2 Regulatory and Legal Disclosures
Fingpay may disclose your information to regulatory authorities, law enforcement agencies, and courts as required by law or regulation, including:
The Reserve Bank of India, in connection with its regulatory oversight of Fingpay as a Payment Aggregator;
NPCI, in connection with the operation of payment systems;
Financial Intelligence Unit – India (FIU-IND), under the Prevention of Money Laundering Act, 2002;
Income Tax Authorities, Enforcement Directorate, and other government agencies, as required by applicable law;
Courts, tribunals, or other adjudicatory bodies, pursuant to a valid legal process such as a court order, summons, or search warrant; and
Any other authority empowered under applicable Indian law to receive such information.
6.3 Affiliates
Fingpay may share your information with its Affiliates for internal business purposes, subject to the requirement that such Affiliates maintain the confidentiality and security of your information in a manner consistent with this Policy.
6.4 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of all or substantially all of the assets of Tapits Technologies Pvt. Ltd., your personal information may be transferred to the acquiring or successor entity. Fingpay will take reasonable steps to ensure that any such transferee honours the commitments made in this Policy.
6.5 Aggregated and Anonymised Data
Fingpay may disclose aggregated or anonymised information about usage of the Platform and its services to third parties for business or analytical purposes. Such information does not identify any individual user.
7. Data Security
Fingpay has implemented a comprehensive information security framework in accordance with the SPDI Rules and applicable industry standards. Key security measures include:
ISO 27001:2013 Certification: Fingpay’s information security management system has been certified against the ISO 27001:2013 standard by an accredited certification body;
PCI-DSS Compliance: Fingpay complies with the Payment Card Industry Data Security Standard (PCI-DSS) in connection with the handling of cardholder data;
Encryption: Sensitive data in transit is encrypted using industry-standard protocols (TLS 1.2 or higher). Data at rest is encrypted using AES-256 or equivalent standards;
Access Controls: Access to personal information and SPDI is restricted to authorised personnel on a need-to-know basis. Role-based access controls and multi-factor authentication are implemented;
Vulnerability Management: Fingpay conducts regular vulnerability assessments and penetration testing to identify and remediate security risks;
Incident Response: Fingpay maintains a documented security incident response plan; and
Third-Party Audits: Fingpay’s security controls are subject to periodic third-party audits.
While Fingpay implements commercially reasonable security measures, no system of security is infallible. Transmission of information over the internet inherently carries risk. Fingpay cannot guarantee absolute security of information transmitted to or from the Platform. Users are advised to take appropriate precautions, including using strong and unique passwords and keeping their login credentials confidential.
Your account on the Platform is protected by a password. You are solely responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. Please notify Fingpay immediately at info@tapits.in if you suspect any unauthorised access to your account.
8. Data Retention
Fingpay retains personal information and SPDI for as long as is necessary to fulfil the purposes for which it was collected and to comply with applicable legal and regulatory requirements, including:
Transaction records: Payment transaction data is retained for a minimum period of eight (8) years from the date of the relevant transaction, in accordance with the Prevention of Money Laundering (Maintenance of Records) Rules, 2005, and RBI guidelines applicable to Payment Aggregators;
KYC records: KYC documents and identity verification records are retained for a minimum of eight (8) years from the date of cessation of the business relationship, or such longer period as may be required by applicable regulations;
Account information: Information associated with your registered account is retained for the duration of your account and for a reasonable period thereafter, or for such longer period as may be required by law; and
Communication and support records: Records of communications and grievance resolution are retained for a period of two (2) years, unless a longer retention period is required by applicable law.
Upon the expiration of the applicable retention period, Fingpay will take steps to securely delete or anonymise your personal information, unless further retention is required by law or is necessary to resolve disputes or enforce agreements.
The User shall have an option to request erasure of certain personal information provided by them (subject to applicable legal and regulatory retention requirements). If you opt for erasure, Fingpay will delete such information from its systems to the extent permissible under applicable law. Please contact info@tapits.in to make such a request.
9. Your Rights and Choices
Subject to applicable law and the requirements of Fingpay’s regulatory obligations, you have the following rights with respect to your personal information:
9.1 Right to Access
You have the right to request confirmation of whether Fingpay holds personal information about you, and to request access to such information. Registered users may access and review certain personal information through the “Account” section of the Platform.
9.2 Right to Correction
You have the right to request correction of inaccurate or incomplete personal information held by Fingpay. You may update certain personal information directly through your account settings or by contacting Fingpay at info@tapits.in.
9.3 Right to Erasure
You may request deletion of your personal information, subject to Fingpay’s obligations to retain certain information under applicable laws and regulations. Erasure may result in the inability of Fingpay to continue providing services to you.
9.4 Right to Withdraw Consent
Where processing of your SPDI is based on consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. You may exercise this right by contacting info@tapits.in.
9.5 Right to Opt Out of Marketing
If you have opted in to receive marketing communications from Fingpay, you may opt out at any time by clicking the “Unsubscribe” link in any marketing email, or by sending a request to info@tapits.in. You will continue to receive transactional and service-related communications that are necessary for the operation of your account.
9.6 How to Exercise Your Rights
To exercise any of the rights described above, please contact Fingpay at info@tapits.in with the subject line “Privacy Rights Request”. Fingpay will respond to your request within a reasonable timeframe and in accordance with applicable law.
10. Third-Party Links and Services
The Platform may contain links to third-party websites, applications, or services. Such links are provided for your convenience only and do not constitute an endorsement or recommendation by Fingpay of the linked website, its content, or the products and services offered through it.
Fingpay is not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any third-party website or service that you access through a link on the Platform.
Where you are redirected to a third-party payment or authentication interface (such as a bank’s own portal or a government authentication gateway), any information you provide on such interface is governed by the privacy policy of the relevant third party.
11. Changes to This Privacy Policy
Fingpay may update this Policy from time to time to reflect changes in its services, business practices, or applicable legal and regulatory requirements.
We recommend that you review this Policy periodically. If Fingpay makes material changes to the manner in which it collects or processes your personal information, Fingpay will provide notice through the Platform or through other appropriate communication channels prior to the changes taking effect.
Continued use of the Platform following the publication of an updated Policy constitutes your acknowledgement of the changes. If you do not agree to the updated Policy, you should discontinue use of the Platform and may request deactivation of your account by writing to info@tapits.in.
12. Applicable Law and Jurisdiction
This Policy is governed by and shall be construed in accordance with the laws of India. Any dispute arising out of or relating to this Policy or the collection, use, and processing of personal information by Fingpay shall be subject to the exclusive jurisdiction of the competent courts and tribunals located in Indore, Madhya Pradesh, India.
This Policy is subject to, and should be read in conjunction with, the IT Act, the SPDI Rules, the RBI’s Payment Aggregator guidelines, and other applicable Indian laws and regulations relating to data protection and privacy.
13. Grievance Redressal
Tapits Technologies Pvt. Ltd. is a fintech company incorporated in 2016 with the objective of developing simple but powerful digital payment and banking products targeted towards the underserved and unbanked population of India. Fingpay offers a wide array of digital payment services, including AEPS, Micro ATM, Aadhaar Pay, UPI, and BBPS, serving millions of transactions. Fingpay is committed to resolving customer and merchant complaints fairly and expeditiously, regardless of the source or nature of the complaint.
13.1 Governing Framework
Fingpay’s grievance redressal process has been established in accordance with:
The RBI Banking Ombudsman Scheme;
The RBI Digital Payments Ombudsman Scheme; and
NPCI Circular 46 on AEPS — Harmonisation of TAT and Customer Compensation Policy.
13.2 How to Register a Complaint
To register a complaint or grievance, please provide the following details:
Transaction date and time;
Product name (e.g., AEPS, UPI, Micro ATM);
Transaction details, including unique transaction ID and amount; and
A description of the nature of the complaint.
13.3 Escalation Matrix
Complaints and grievances should be escalated in accordance with the following three-level process:
Level | Designation | Contact Details | Resolution Time |
|---|---|---|---|
L1 | AEPS / Micro ATM / Aadhaar Pay / UPI Support | Phone: 97709 04294 Email: info@tapits.in Email: help@tapits.in Address: Tapits Technologies, R 510, Savitri Empire, Opposite Sayaji Club, Near Vikram Urban, Mechanic Nagar, Indore – 452011 | 5 working days |
L2 | Service Manager | Email: escalations@tapits.in | 2 working days |
L3 | Nodal Officer | Email: Nodalofficer@tapits.in | 1 working day |
13.4 Nodal Officer
Grievance Nodal Officer: Mr. Rahul Sisodiya
Phone: +91 9770904283
Email: Nodalofficer@tapits.in
13.5 RBI Digital Payments Ombudsman
If your complaint is not resolved to your satisfaction through the above escalation process, you may approach the RBI Digital Payments Ombudsman Scheme within one month from the date of receiving Fingpay’s final response. Complaints may be filed online through the RBI’s Complaint Management System at:
https://m.rbi.org.in/Scripts/FAQView.aspx?Id=24
14. Contact Information
For any queries relating to this Policy, or to exercise your rights under this Policy, please contact Fingpay using the following details:
Tapits Technologies Pvt. Ltd. (Fingpay)
CIN: U72900MP2016PTC040639
GST: 23AAFCT7179K1ZV
Registered Office
20 Dhenu Market, Indore 452003, Madhya Pradesh, India
Additional Offices
Laxmi Tower, Bharat Nagar Rd, G Block BKC, Bandra Kurla Complex, Bandra East, Mumbai, Maharashtra 400051
35, Paigah Colony, Begumpet, Secunderabad, Hyderabad, Telangana 500003
General Enquiries
Email: info@tapits.in
Privacy and Data Requests
Email: info@tapits.in (Subject: Privacy Rights Request)