RocketPay
  • Loan Collections Deposit Collections Subscription Collections Trade Credit Collections Collect on Tally
  • Mobile Locking
  • NBFCs, Fintechs & Regulated Lenders MFIs Credit Cooperative Societies Retailers, Distributors & Manufacturers (MSME) SaaS & Subscription Businesses
  • Partner With Us — Payments Partner With Us — Mobile Locking
  • About Us
  • Blog API Docs — Payments ↗ API Docs — Mobile Locking ↗ UPI Autopay PSPs Banks Supporting eNACH
Book Demo

Legal

Privacy Policy

Effective Date: 16th June 2026  ·  Absird Financial Technologies Private Limited (RocketPay)  ·  CIN: U72900KA2022PTC160353

This Privacy Policy describes how RocketPay collects, uses, stores, and protects your Personal Data. By using our Platform or Services, you acknowledge that you have read and understood this Policy.

1. Introduction

This Privacy Policy (“Policy”) describes how Absird Financial Technologies Private Limited, operating under the brand name “RocketPay” (“Company”, “we”, “our”, or “us”), collects, uses, stores, shares, and protects Personal Data in connection with your use of the RocketPay platform, website (rocketpay.co.in), mobile application, APIs, Tally plugin, and all associated services (collectively, the “Platform”).

Our registered office is at: Building Number 917, 1st Floor, 5th Main Rd, Sector 7, HSR Layout, Bengaluru. CIN: U72900KA2022PTC160353.

This Policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and its SPDI Rules, 2011, and other applicable Indian laws governing data privacy and protection.

If you have any questions about this Policy or wish to exercise your data rights, contact us at: support@rocketpay.co.in.

2. Who This Policy Applies To

  • Customers — businesses, lenders, NBFCs, MFIs, Credit Cooperative Societies, MSMEs, distributors, manufacturers, and SaaS companies that register on and use the RocketPay Platform;
  • End-Users — borrowers, debtors, subscribers, or individuals whose payment mandate is set up or whose device is subject to locking through the Platform, where RocketPay processes their data on behalf of the Customer;
  • Visitors — individuals who visit our website, contact us for information, or interact with our Platform without completing a full registration.
  • Prospects and Leads — individuals who submit a demo request, contact form, or enquiry through our website, landing pages, or advertising campaigns, and whom our sales team may contact.

Where RocketPay processes the Personal Data of End-Users on behalf of a Customer, the Customer is the Data Fiduciary and RocketPay acts as a Data Processor. In such cases, the Customer’s privacy policy governs the Customer’s relationship with the End-User. RocketPay’s obligations as a Data Processor are described in Section 11 below.

Where RocketPay collects and processes the Personal Data of Prospects and Leads (for example, through a demo booking or contact form), RocketPay is the Data Fiduciary for that data and determines the purpose and means of its processing.

3. Key Definitions

TermMeaning
Personal DataAny data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act, 2023.
Sensitive Personal DataFinancial data, health data, biometric data, official identifiers, and other categories specified under the SPDI Rules, 2011 and as may be notified under the DPDP Act, 2023.
Data FiduciaryAn entity that determines the purpose and means of processing Personal Data.
Data ProcessorAn entity that processes Personal Data on behalf of a Data Fiduciary.
Data PrincipalThe individual to whom Personal Data relates.
ProcessingAny operation performed on Personal Data — collection, storage, use, disclosure, sharing, deletion, and more.
ConsentA free, specific, informed, and unambiguous indication of the Data Principal’s wishes by which they signify agreement to the processing of their Personal Data.
DPDP ActThe Digital Personal Data Protection Act, 2023.
UPI AutopayThe NPCI-governed recurring payment mandate framework via Unified Payments Interface.
eNACHElectronic National Automated Clearing House — RBI-governed framework for recurring debit mandates.
Device LockingRemote restriction of financed mobile device functionality upon payment default, via Google DLC and OEM-native locking infrastructure.

4. Personal Data We Collect

4.1 From Customers (Businesses and Lenders)

CategoryDetails
Business IdentityLegal name, trade name, type of entity, business registration number, GST number, CIN
Authorised RepresentativesName, designation, mobile number, email address, PAN, Aadhaar (for KYB verification)
Bank and Financial DetailsBank account number, IFSC code, account type — for settlement purposes
KYB DocumentsCertificate of Incorporation, GST certificate, bank statement, authorisation letter, and other documents required for onboarding
Platform UsageLogin activity, API usage logs, dashboard actions, IP address, device information, session timestamps
Communication DataEmails, support tickets, call records with our team

4.2 From End-Users (via Customers)

CategoryDetails
IdentityName, mobile number
Financial AccountBank account number, IFSC code, UPI ID — for mandate registration and debit execution
Mandate DataMandate reference number, amount, frequency, start/end date, status
Device IdentifiersIMEI number, device model, device brand — collected only for Device Locking customers; used solely to activate, manage, or deactivate device locks
Transaction DataDebit attempt records, success/failure status, settlement reference numbers

4.3 From Website Visitors

  • IP address, browser type, operating system, device type;
  • Pages visited, time spent, referring URL;
  • Cookie data (see Section 9 for details).

4.4 From Prospects and Leads (Demo and Contact Form Submissions)

When you book a demo or submit an enquiry through our website, landing pages, or a third-party scheduling or form tool (such as Calendly), we collect the information you provide, which may include:

  • Your name, business email address, phone number, company name, and designation or role;
  • Information about your business that you choose to share — such as organisation type, monthly transaction or collection volume, existing technical setup, use case, and your timeline for going live;
  • Campaign and referral information — such as the advertisement, search keyword, or source through which you reached us (including UTM parameters and ad click identifiers).

4.5 Data We Do Not Collect

We do not collect credit card or debit card numbers from End-Users. We do not collect social media credentials, messaging history, or any data unrelated to the collections and device locking use cases described above.

5. How We Use Personal Data

PurposeApplies To
Customer onboarding and KYB verificationCustomers
Mandate creation, modification, pause, and cancellation (UPI Autopay / eNACH)Customers and End-Users
Execution of recurring debit instructionsEnd-Users
Device lock and unlock operationsEnd-Users (Device Locking customers only)
Settlement processing and reconciliationCustomers
Fraud detection and preventionCustomers and End-Users
Platform security and access controlCustomers
Regulatory compliance and legal obligations (RBI, NPCI, IT Act, DPDP Act)Customers and End-Users
Customer support and grievance resolutionCustomers and End-Users
Platform analytics and service improvement (using anonymised/aggregated data)Visitors and Customers
Transactional SMS and email alertsCustomers and End-Users
Marketing and product updates (only with explicit opt-in)Customers
Responding to demo requests, contact forms, and enquiriesProspects and Leads
Qualifying, scoring, and routing leads to the sales teamProspects and Leads
Conducting discovery calls, including AI-assisted and recorded callsProspects and Leads
Sales follow-up and communication (phone, email, WhatsApp)Prospects and Leads
Measuring advertising performance and optimising marketing campaignsVisitors, Prospects and Leads

6. Lawful Basis for Processing (DPDP Act 2023)

6.1 Consent

Where we process Personal Data of End-Users (for example, for UPI Autopay or eNACH mandate registration), we rely on consent obtained through the mandate authentication flow. End-Users complete an active authentication step (UPI PIN, net banking login, or debit card authentication) that constitutes their consent to the mandate and associated data processing.

For marketing communications to Customers, we rely on explicit opt-in consent at the time of registration.

6.2 Contractual Necessity

Processing necessary to fulfil the services under our Customer Agreement or these Terms of Use — including onboarding, mandate execution, settlement, and device lock/unlock operations.

6.3 Legitimate Uses

Processing necessary to comply with Applicable Law (including RBI and NPCI requirements), prevent fraud, and maintain the security and integrity of the Platform.

7. UPI Autopay and eNACH Mandate Data

This section specifically governs how RocketPay handles data in the context of UPI Autopay and eNACH mandate creation, execution, and management.

When a Customer sets up a UPI Autopay or eNACH mandate for an End-User:

  • The End-User’s bank account details, UPI ID, and mandate parameters are collected solely for the purpose of executing recurring debit instructions.
  • This data is shared with NPCI (for UPI Autopay), the sponsoring bank (for eNACH), and the relevant payment network as required to process the mandate.
  • RocketPay does not use End-User mandate data for any purpose other than mandate management and execution on behalf of the Customer.
  • Mandate reference numbers, debit status records, and settlement data are retained for the period specified in Section 12 (Data Retention).

Customers who set up mandates for End-Users are themselves Data Fiduciaries for that data. Customers must maintain their own lawful basis for sharing End-User data with RocketPay and must ensure End-Users have been informed of the mandate and the data sharing involved.

8. Device Locking Data

This section applies only to data processed in connection with the Device Locking feature. Device identifiers are collected solely for locking and unlocking financed mobile devices.

For Customers using the Device Locking feature (Google DLC), RocketPay collects and processes:

  • IMEI number of the financed device;
  • Device model, brand, and operating system version;
  • Lock/unlock event logs with timestamps;
  • Loan or financing reference number (as provided by the Customer).

This data is used solely to activate, manage, and deactivate device locks at the Customer’s instruction. It is shared with our DLC technology partners to the extent necessary to operate the device locking infrastructure, under applicable data processing agreements.

Device identifier data is not used for profiling, advertising, or any purpose unrelated to the device financing and recovery use case.

End-User consent to device locking and associated data collection must be obtained by the Customer as part of the financing agreement — as required under Section 7 of our Terms of Use. The Customer is the Data Fiduciary for device locking data.

9. Cookies and Tracking Technologies

Our website (rocketpay.co.in) uses cookies and similar tracking technologies to:

  • Maintain session state and authentication;
  • Understand how visitors use the site (page views, navigation paths, time on page);
  • Improve website performance and user experience;
  • Detect and prevent fraudulent or unauthorised access.

We use two types of cookies:

  • Session cookies — temporary cookies that expire when you close your browser. Used to maintain your logged-in session on the Platform.
  • Persistent cookies — cookies that remain on your device until you delete them or they expire. Used for analytics and platform improvement.

Third-party analytics and advertising tools may also set cookies and similar technologies (such as pixels and tags) on our website. These include Google Analytics, Google Ads, and Meta (Facebook) Pixel. We use these tools to measure website traffic, understand how visitors arrive at and move through our site, measure the performance of our advertising campaigns (including on Google Search and Meta platforms), and reach relevant audiences.

To measure ad conversions accurately, we may share hashed (irreversibly encrypted) identifiers — such as a hashed version of your email address or phone number submitted through our forms — with advertising platforms like Google and Meta. These platforms process this data under their own privacy policies and only to attribute and measure conversions. We do not share your raw name, email, or phone number with advertisers, and we do not sell your Personal Data.

You can disable cookies in your browser settings. Note that disabling cookies may affect the functionality of the Platform, particularly login and session management features.

10. AI Voice Agent and Call Recording

This section explains how RocketPay handles your Personal Data when you book a demo or enquiry and are contacted for a discovery call, including the use of an automated voice agent and call recording.

When you submit a demo request or enquiry, you may receive a discovery call to understand your requirements. These calls may be conducted, in whole or in part, by an automated AI voice agent operating on RocketPay’s behalf, or by a member of our sales team.

In connection with these calls, we collect and process:

  • A recording and written transcript of the call;
  • The information you share during the conversation — such as your business details, collection volumes, use case, current setup, and requirements;
  • An automated summary and assessment of the call, which may include qualification scoring and analysis of the conversation to help our sales team respond appropriately.

We use this information solely to understand your needs, qualify your enquiry, route it to the right member of our team, and follow up with you. The AI voice agent is provided by a third-party technology partner who acts as our Data Processor under a data processing agreement and may only use your data to provide this service to RocketPay.

If you do not wish for your call to be recorded or handled by an automated system, you may tell us at any point during the call or write to us at support@rocketpay.co.in, and we will arrange for a member of our team to assist you and honour your preference.

11. Transfer and Disclosure of Personal Data

11.1 When We Share Data

We do not sell, rent, or trade your Personal Data. We share Personal Data only in the following circumstances:

RecipientPurpose and Basis
NPCITo register and execute UPI Autopay mandates — contractual necessity
Sponsor Banks (NACH)To register and execute eNACH mandates — contractual necessity
DLC Technology PartnersTo operate Device Locking infrastructure — contractual necessity; bound by data processing agreement
Banking PartnersFor settlement processing — contractual necessity
RBI, NPCI, and Regulatory AuthoritiesWhere required by law, regulation, or direction — legal obligation
Courts and Law EnforcementIn response to a valid court order, subpoena, or legal process — legal obligation
Auditors and Legal CounselFor audit, compliance, or legal advice purposes — legitimate use; under confidentiality obligations
Successor Entity (in case of M&A)If RocketPay is acquired or merges, subject to the acquirer honouring this Policy — legitimate use

11.2 RocketPay as Data Processor

  • We process End-User data only on the documented instructions of the Customer;
  • We do not use End-User data for any purpose beyond what is necessary to provide the Services to the Customer;
  • We maintain appropriate technical and organisational security measures;
  • We notify Customers promptly in the event of a Personal Data breach involving their End-User data;
  • We assist Customers in responding to Data Principal rights requests where the data is within our control.

11.3 What We Never Do

  • Sell Personal Data to third parties;
  • Share Personal Data with advertisers or data brokers;
  • Use End-User mandate or device data for any commercial purpose unrelated to the Services;
  • Transfer Personal Data outside India except as described in Section 15.

12. Data Retention

We retain Personal Data for the minimum period necessary to fulfil the purpose for which it was collected, comply with legal and regulatory requirements, and resolve disputes.

Data CategoryRetention Period
Customer onboarding and KYB documents5 years after termination of the Customer relationship — as required under RBI PA/PG guidelines
UPI Autopay mandate records5 years from the date of the last transaction on the mandate — NPCI requirement
eNACH mandate records5 years from the date of the last transaction on the mandate — NPCI/RBI requirement
Transaction and settlement records5 years — RBI and IT Act requirements
Device locking event logs (IMEI, lock/unlock records)5 years from the date of the last lock/unlock event, or termination of the Customer relationship, whichever is later
Platform access and API logs2 years — for security, audit, and fraud detection purposes
Customer support and grievance records3 years from resolution — Consumer Protection Act requirements
Website cookies and analytics dataUp to 2 years, or as set by the relevant analytics provider
Prospect / Lead data and CRM records36 months from the date of last meaningful contact, or until you ask us to delete it — whichever is earlier. Records are then deleted or anonymised.
Discovery call recordings and transcripts12 months from the date of the call, after which the recording is deleted. A short text summary may be retained for the lead-retention period above.
Advertising and analytics identifiersUp to 26 months, or as set by the relevant platform

After the applicable retention period, Personal Data is securely deleted or anonymised. Anonymised data (which cannot be used to identify any individual) may be retained indefinitely for statistical and analytical purposes.

Where a Customer requests deletion of their data before the end of the retention period, we will comply to the extent permitted by Applicable Law. Statutory retention obligations (such as RBI’s requirement to retain payment records) may prevent us from deleting certain data earlier.

13. Data Security

We implement appropriate technical and organisational security measures to protect Personal Data against unauthorised access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit (TLS/HTTPS) and at rest;
  • Role-based access controls — limiting access to Personal Data to employees and contractors who need it to perform their job functions;
  • Regular security audits and vulnerability assessments;
  • Multi-factor authentication for Platform access;
  • Incident response and breach notification procedures.

You acknowledge that no method of transmission over the internet or electronic storage is completely secure. While we take commercially reasonable precautions, we cannot guarantee absolute security of data transmitted to or stored on our systems.

13.1 Personal Data Breach Notification

  • Notify the Data Protection Board of India (once constituted) in accordance with the timelines prescribed under the DPDP Act and implementing rules;
  • Notify affected Customers promptly so they can take appropriate action in relation to their End-Users;
  • Take immediate steps to contain the breach and prevent further compromise.

14. Your Rights as a Data Principal (DPDP Act 2023)

If you are an individual whose Personal Data is processed by RocketPay, you have the following rights under the Digital Personal Data Protection Act, 2023.

14.1 Right to Access

You have the right to obtain a summary of your Personal Data that we process and information about the processing activities carried out on it. To exercise this right, write to us at support@rocketpay.co.in with your name, mobile number, and a description of the data you wish to access.

14.2 Right to Correction and Erasure

You have the right to request correction of inaccurate or incomplete Personal Data. You also have the right to request erasure of your Personal Data where:

  • The purpose for which the data was collected is no longer applicable;
  • You have withdrawn consent and there is no other lawful basis for processing;
  • The processing was unlawful.

We will comply with erasure requests to the extent permitted by Applicable Law. Where a statutory retention obligation applies (e.g., RBI’s 5-year record-keeping requirement for payment data), we will inform you of the reason we are unable to erase the data at that time.

14.3 Right to Grievance Redressal

If you have a complaint about how we process your Personal Data, you have the right to have it addressed. See Section 19 for grievance contact details and timelines.

14.4 Right to Nominate

You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. To register a nominee, write to support@rocketpay.co.in.

14.5 How to Exercise Your Rights

Send your request to support@rocketpay.co.in with:

  • Your full name and mobile number registered with us (or with the Customer, for End-Users);
  • A description of the right you wish to exercise;
  • Any supporting information relevant to your request.

We will acknowledge your request within 3 business days and respond substantively within 30 days. For complex requests, we may extend this period by a further 15 days with prior notice to you. We may need to verify your identity before fulfilling the request.

14.6 Right to Opt Out of Marketing and Sales Communications

If you are a Prospect or Lead, you may opt out of sales and marketing communications at any time by writing to support@rocketpay.co.in or using the unsubscribe option in our emails. On receiving your request, we will stop contacting you for sales and marketing purposes and, on request, delete your lead data and any associated call recordings, subject to any legal obligation to retain certain records.

14.7 Rights Relating to Automated Processing

Where we use automated tools to assess or score your enquiry (for example, during an AI-assisted discovery call), you may request information about that processing and ask for a member of our team to review it. You may also object to such automated assessment by contacting us at support@rocketpay.co.in.

15. Cross-Border Data Transfers

All Personal Data collected by RocketPay is stored and processed in India on servers located in India.

RocketPay shares device identifier data (IMEI, device model) with DLC technology partners for the purpose of operating the Device Locking infrastructure. Where such partners are based outside India, the transfer is governed by data processing agreements that include appropriate contractual safeguards. RocketPay ensures that these partners process this data only as instructed and in accordance with applicable Indian data protection law.

No other Personal Data is transferred outside India. If any future service requires cross-border transfer, we will update this Policy and ensure such transfer is in compliance with DPDP Act provisions and any applicable Government of India notifications on cross-border data transfer restrictions.

16. Third-Party Links and Services

The Platform may contain links to third-party websites, payment applications (such as BHIM, Google Pay, PhonePe), or banking portals. These third-party platforms have their own privacy policies and we have no control over or responsibility for their data practices. We encourage you to review the privacy policy of any third-party platform before providing them with your Personal Data.

RocketPay is not responsible for the privacy practices or content of linked third-party websites.

17. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our services, regulatory requirements, or data practices. Material changes will be communicated to registered Customers via email or platform notification at least 30 days before the change takes effect.

For changes required by law or regulation, the revised Policy may take effect with shorter notice or immediately, as required.

Your continued use of the Platform after the effective date of an updated Policy constitutes your acceptance of the revised terms. If you do not agree to the changes, you must stop using the Platform and notify us of your intention to terminate.

The current version of this Policy is always available at rocketpay.co.in/privacypolicy.

Update — 16th June 2026: This Policy was updated to describe how we handle data from prospects and leads, including demo and contact form submissions, advertising and conversion tracking on platforms such as Google and Meta, and discovery calls conducted with the assistance of an automated AI voice agent (including call recording, transcription, and related opt-out rights).

18. Applicable Law

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 and its rules, and other applicable Indian legislation. Any dispute arising out of this Policy shall be subject to the exclusive jurisdiction of the competent courts in Bengaluru, Karnataka.

19. Grievance Redressal and Data Protection Contact

19.1 General Support

  • Email: support@rocketpay.co.in
  • Working hours: Monday to Friday, 10:00 AM to 6:00 PM IST (excluding public holidays)

19.2 Privacy and Data Rights Requests

  • Email: support@rocketpay.co.in
  • Response within: 30 days of receipt (or as prescribed under DPDP Act implementing rules)

19.3 Grievance Officer

Grievance OfficerArpit Bajpai
DesignationCompliance Officer
CompanyAbsird Financial Technologies Private Limited (RocketPay)
AddressBuilding Number 917, 1st Floor, 5th Main Rd, Sector 7, HSR Layout, Bengaluru
Emailsupport@rocketpay.co.in
Phone+91 8951158001
Grievance Resolution Timeframe30 days from receipt of complaint

19.4 Regulatory Escalation

  • The Data Protection Board of India — once constituted under the DPDP Act, for complaints related to processing of your Personal Data;
  • The RBI Ombudsman — for payment-related grievances;
  • The National Consumer Helpline (1800-11-4000) — for consumer protection matters.

— End of Privacy Policy —
Absird Financial Technologies Private Limited | RocketPay | rocketpay.co.in

RocketPay

Collection Infrastructure for Indian Lenders and Businesses.

Products
  • Loan Collections
  • Deposit Collections
  • Subscription Collections
  • Trade Credit Collections
  • Mobile Locking
Solutions
  • NBFCs, Fintechs & Regulated Lenders
  • MFIs
  • Credit Cooperative Societies
  • Retailers, Distributors & Manufacturers (MSME)
  • SaaS & Subscription Businesses
Resources
  • API Docs — Payments
  • API Docs — Mobile Locking
  • UPI Autopay PSPs
  • List of Banks Supporting eNACH
Company
  • About Us
  • Book Demo
  • Partner With Us — Payments
  • Partner With Us — Mobile Locking
Terms of Use Privacy Policy Refund & Cancellation Policy

Absird Financial Technologies Pvt. Ltd  |  Building Number 917, 1st Floor, 5th Main Rd, Sector 7, HSR Layout, Bengaluru

NPCI Utility Code: NACH00000000061703  |  CIN: U72900KA2022PTC160353  |  GSTIN: 29AAWCA8748A1Z5

support@rocketpay.co.in  |  +91 89511 58001

Copyright © 2026 ABSIRD FINANCIAL TECHNOLOGIES PVT LTD. All rights reserved.