Privacy Policy

This Quality System Documentation is the property of. All ideas and information contained within these documents are the intellectual property rights of Aurus PayTech. These documents are not for general distribution and are meant for use only for the person they are specifically issued to. These documents shall not be loaned to anyone, within or outside Aurus PayTech, including its customers. Copying or unauthorized distribution of these documents, in any form or means including electronic, mechanical, photocopying or otherwise is illegal.

1. Policy Statement:

Aurus Paytech Private Limited (“Aurus”, “Company”, “We”, “Us”) is committed to protecting personal data and respecting the privacy rights of individuals whose personal and sensitive information is collected and processed by the Company. Aurus complies with applicable data protection laws and adopts industry best practices to ensure lawful, fair, transparent, and secure processing of personal data across all its payment aggregation services, including Online (PA-O), Physical/device-based (PA-P), and Cross-Border (PA-CB) transaction processing.

2. Purpose

The purpose of this Privacy Policy (“Policy”) is to describe the manner in which Aurus collects, stores, uses, processes, shares, and protects personal information of customers, merchants, and users (“Users”). By accessing our website or using our services, Users consent to the collection and processing of personal data in accordance with this Policy and applicable laws.

3. Data collection at Aurus Paytech:

Some of the types of information or data that Aurus Paytech collects includes the following:

1) Aurus may collect the following categories of information:

  • a) Identity & Contact Information: Customer/merchant name, email address, phone number, business address, PAN (where applicable), and other identification details.
  • b) Financial & Transaction Information: GST number, merchant bank account details, UPI ID, issuing bank name, transaction details including product/service description, transaction date, currency, amount, payment status, and related identifiers.
  • ⚠ Aurus does not store full Cardholder Data (CHD) such as complete card numbers, CVV, or sensitive authentication data. Card processing is handled through PCI-DSS compliant infrastructure.
  • c) Technical & Usage Information: IP address, browser type, device information, pages visited, timestamps, and other usage-related analytics collected through cookies or similar technologies.

2) Financial information such as GST number, bank account related information such as account name, card details, Unified Payments Interface (UPI) ID, name of issuing bank, merchant’s name, category and other identifiers along with the details of products or services purchased or paid for, mode of payment, the date, currency and amount of the transaction(s), whether the payment was successful, and other information provided by You directly or indirectly to Us or provided to Us by banks, merchants or other service providers or business partners.

3) Usage related information such as when Our website is visited, the IP addresses, pages viewed, the browsers used by the Users; Account usernames and passwords; Your preferred settings and themes, communications with customer support, promotional and marketing campaigns, surveys, and records of Your subscriptions to marketing materials, or withdrawal, as the case maybe.

4) Other user-enhancing technologies – We may use cookies, web beacons or other similar technologies to enhance Our services to customers.

4. How Aurus Paytech collects the information:

Aurus collects data through:

  • Online onboarding forms
  • Payment transactions processed via Online, Physical, or Cross-Border channels
  • Customer and merchant communications
  • Website usage and cookies
  • Offline interactions, where applicable

How Aurus Paytech uses the data:

Aurus Paytech may use the data collected in the following manner:

  • a) To preserve, keep the transaction history: The name, address, email, and transaction information may be collected and stored as part of the transaction history. The majority of the data collected under this category is business contact information. Aurus Paytech may need to share some of this data (address, payment) with delivery services, credit card clearing/settlement houses that are required to complete the transaction.
  • b) To generate the reports required for business purposes: Personal data is used to create the reports required for business purposes like card summary report, sale summary report, quarterly business reports, transaction processing report etc.
  • c) Delivering the information and support your request, including technical notices, security alerts, and administrative messages to resolve disputes, collect fees, and provide assistance for problems with Our services or Your account;
  • d) d) To provide future services and support, for maintenance of Our services and/or developing new services and for communicating with You about opportunities, products, services, contests, promotions, discounts, incentives, surveys, and rewards offered by Us.

Aurus uses personal data for the following purposes:

  • a) Processing and facilitating payment transactions
  • b) Merchant onboarding and verification
  • c) Maintaining transaction history and compliance records
  • d) Resolving disputes and processing refunds
  • e) Providing customer and technical support
  • f) Generating business and regulatory reports
  • g) Preventing fraud and enhancing transaction security
  • h) Communicating service updates and administrative notices

For cross-border transactions, data may be processed in coordination with banking partners and payment networks as required for lawful transaction processing.

5.Data Security

We at Aurus Paytech use the reasonable and appropriate measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, considering the risks involved in the processing and the nature of the personal information. Aurus Paytech is therefore committed to keeping Your data secure.

The data at Aurus Paytech is secured, which covers the below security parameters:

  • a) Data backups are done on a regular basis. Access control mechanism is used for securing the backups. Also, the file-integrity tool is used.
  • b) Aurus Paytech uses two factor authentication mechanisms to restrict unauthorized access to the underlying data behind the key services and applications.
  • c) Aurus Paytech has multiple data-centres and these data-centres run in active/active mode facilitating immediate failover.
  • d) Aurus Paytech uses three levels of encryption: Data in transit is encrypted with AES 256 key and Data at rest is stored using RSA algorithm.
  • e) All the customer data is segregated into separate databases and communication networks. For example, separate VLANs are used for each customer.
  • f) Aurus Paytech protects the data in transit with IPSec security. IPSec uses Encapsulating Security Payload (ESP) protocol to encrypt data for confidentiality when the data is travelling over the network.
  • g) Business Contingency plans are adopted and are tested bi-annually.
  • h) Specifically Aurus is /does :
    • PCI-DSS V4.01 compliant infrastructure
    • Encryption of data in transit
    • Role-based access controls
    • Network segmentation and monitoring
    • Regular vulnerability assessments and security testing
    • Business continuity and disaster recovery planning

6. Physical security

Aurus maintains physical safeguards at its data center facilities, including restricted access controls, CCTV monitoring, visitor management procedures, and authorized access mechanisms to prevent unauthorized physical access to systems storing personal data.

Training and Guidance

Aurus Paytech provides general security training at least annually for all the staff to raise the security awareness and the responsibilities of Aurus Paytech. Aurus Paytech also issues procedures, guidance, and security instructions from time to time.

8. Sharing the Information

Aurus does not sell or rent personal data to third parties for marketing purposes.

Personal data may be shared with:

  • Banking partners
  • Payment networks
  • Regulatory or statutory authorities
  • Service providers supporting payment processing

Such sharing is limited to business, contractual, regulatory, or legal requirements.

For cross-border transactions, data may be transferred to relevant international banking or payment network entities as necessary for transaction processing.

9. Data Retention

Aurus retains personal data only for the duration required to fulfill the purposes outlined in this Policy and in accordance with applicable legal and regulatory requirements. Data retention and destruction practices are governed by the Company’s internal Data Retention & Destruction Policy.

Updates to this Policy:

Aurus Paytech might update this Policy from time to time. For example, if any significant changes are made to the Company’s secure environment, Aurus Paytech would make the updates to this Policy to reflect those changes in the Policy.

10. Legal Basis for processing personal data

Aurus Paytech collects and use personal information for a variety of business purposes that are in Our legitimate interests with the consent of the Users. If the User is from India, the legal basis of Aurus for collecting and using the personal information illustrated in this Policy will depend on the personal data concerned and the context in which we collect the data.

11. Your data protection rights:

Aurus Paytech make sure that the data We collect is reliable, accurate, complete, and up-to-date as per the applicable laws of India. In India, the Users have certain rights related to their personal data, including right to access, update, or request to deletion of personal data. Accordingly, You have the following rights in relation to your personal data:

  • a) Right of correction and right of withdrawal: Users may review the information that they have provided to Us; or correct their personal information/data provided to Us. The Users may also withdraw their consent, at any point, in relation to the collection, storage, usage and retention of personal data. The above said rights may be exercised by writing an email to the Grievance Officer, set out below. However, it may be noted that, in an event any User exercises the abovesaid rights, the Company may refuse to render its services, or the Company may not be able to provide it’s services to the User.
  • Grievances & Nodal Officer: Aurus has appointed a designated Nodal Officer / Grievance Officer responsible for addressing complaints, concerns, or requests relating to personal data, privacy, and transaction-related issues across Online (PA-O), Physical (PA-P), and Cross-Border (PA-CB) payment services.

Users may contact the Nodal Officer for:

  • Privacy-related concerns
  • Data access or correction requests
  • Withdrawal of consent
  • Escalation of unresolved grievances
  • Clarifications regarding processing of personal data

The details of the Nodal Officer are as follows: