This Privacy Policy (“Policy”) describes how BimaPay Finsure Private Limited (the “Company”,  “we”, “us”, or “our”) collects, uses, stores, discloses and transfers personal data of users (“you”,  “your”) in connection with your use of our website, mobile application, and the services we offer  relating to insurance premium financing (the “Services”). By accessing or using our Services, you  consent to the collection and processing of your personal data as described herein. Our Services  may contain links to third-party websites. BimaPay is not responsible for the privacy practices of  such third-party websites or platforms. We recommend reviewing their privacy policies whenever  you leave our Services. 

1. DEFINITIONS 
1.1. “Applicable Law” means all Indian laws, rules, regulations, guidelines, notifications, circulars,  and lawful directions of regulators including but not limited to the Reserve Bank of India (“RBI”),  the Insurance Regulatory and Development Authority of India (“IRDAI”), and the Digital  Personal Data Protection, Act, 20203 (“DPDP”).  
1.2. “Cookies” shall mean small text or data files placed on a user’s device by the Company or its  authorized service providers, enabling the storage and retrieval of information for purposes  including, but not limited to, authentication, session management, preference retention, analytics,  and security, in compliance with applicable data protection and cyber laws. 
1.3. “Data” means all information—personal, sensitive, non-personal, technical, or metadata— collected, generated, stored, processed, or transmitted by the Company in connection with its  digital lending and related services. It includes, without limitation, identifiers such as name,  contact details, financial and biometric information, KYC records, device and location data,  cookies, analytics, usage patterns, and other technical or behavioural information, whether  identifiable or anonymised. All Data is handled solely for legitimate business, operational,  analytical, or regulatory purposes in accordance with applicable laws and user permission. 
1.4. “Personal Data” means any data about an individual who is identifiable by or in relation to such  data, as defined under Applicable Law. 
1.5. “Processing” includes collection, storage, use, disclosure, transfer or any operation performed on  Personal Data.  
1.6. “Third Party” means any person or entity other than the User and BimaPay.  1.7. “Sensitive Personal Data” includes financial information such as bank account, payment  instrument details, KYC documents, credit information, biometric information or any other  category designated as sensitive under Applicable Law.  

2. COLLECTION OF DATA AND INFORMATION 
2.1. BimaPay may collect the following categories of Data and Personal Data, either directly from you,  through automated means, or from authorised third parties: 
2.1.1. Identification & KYC Data: Name, gender, date of birth, photograph, government-issued  identification numbers (e.g., PAN, Aadhaar), address proofs and related document. 2.1.2. Financial Data: Bank account details, UPI ID, payment instrument details, premium and  financing transaction records, credit bureau information, repayment history. 
2.1.3. Contact Data: Email address, mobile number, residential and correspondence address. 2.1.4. Device & Technical Data: IP address, device identifiers, browser type, operating system,  geolocation (if enabled), cookies and log files. 
2.1.5. Communications: Emails, in-app messages, support chats, survey responses and call  recordings (if any).
2.1.6. Derived / Analytical Data: Risk scores, behavioural profiles, aggregated statistics.  2.2. We collect Non Personal Data including device information, cookies, and usage patterns. This  information is used to enhance user experience, measure engagement, and optimise Services. You  may manage cookie preferences; disabling cookies may affect functionality. 
2.3. We may obtain information from authorised third parties, including merchants, financial  institutions, credit bureaus, and KYC registries, to deliver Services or verify identity. 2.4. With your consent, we may collect credit information from credit bureaus registered under the  Credit Information Companies (Regulation) Act, 2005.  
2.5. Financial data may be shared with authorised processors, payment partners, or regulators strictly  for transaction processing or compliance. 
2.6. All Personal and Non-Personal Data is stored using industry-standard safeguards, including  encryption, restricted access, and secure servers. Data may be stored within India, and any cross border transfer is protected under applicable laws and contractual measures.  
Failure to provide requisite Data may render BimaPay unable to provide or continue certain  Services.  

3. PURPOSE OF PROCESSING 
3.1. Provision of Services: account creation, identity verification, premium financing, facilitation of  insurance payments, and customer support. 
3.2. Regulatory Compliance: fulfilment of obligations under RBI/IRDAI guidelines, anti-money  laundering (AML) and know-your-customer (KYC) requirements.  
3.3. Credit Assessment & Underwriting: credit bureau checks, risk profiling and determining  eligibility for financing.  
3.4. Fraud Detection & Security: monitoring transactions to prevent unauthorised or illegal activities.  3.5. Analytics & Product Development: improving Services, developing new products, market  research and performance measurement.  
3.6. Marketing & Communication: sending service-related notices, updates, offers and promotions  (subject to consent where required). 
3.7. Legal Enforcement: asserting or defending legal claims, responding to lawful requests of  governmental authorities.  
Processing is based on one or more of: (a) your consent; (b) performance of a contract; (c)  compliance with legal obligations; or (d) BimaPay’s legitimate business interests.  

4. DATA RETENTION 
All Personal and non- Personal Data is stored using secure, industry-standard safeguards,  including encryption, restricted access controls, and protected server environments, consistent  with: applicable laws, RBI guidelines and globally recognised data-protection standards. Unless  otherwise required, BimaPay stores data within India and ensures that any cross-border transfers  are protected by adequate contractual and legal safeguards. 

5. SECURITY PRACTICES 
BimaPay implements reasonable technical and organisational measures including encryption,  secure servers, access controls, vulnerability assessments and staff confidentiality undertakings.  Despite these measures, no system can guarantee absolute security.

6. COOKIES 
Cookies are small data files placed on your device by our servers to: 
a. analyse service performance; 
b. understand user engagement; 
c. measure promotional effectiveness; and 
d. reduce the need to re-enter login credentials during active sessions.  
Certain functionalities of the WebApp require cookies to operate correctly. You may disable  cookies via your device or browser settings; however, disabling may restrict access to certain  features. 

7. CONSENTS 
The following consents are required for rendering of services to User, and Bimapay owns all the  data including but not limited to Data retrieved from Merchant: 

S.No.	Data	Purpose
1	Personal Identification Data (Name, Date of Birth, Gender, Photograph, Signature)	To verify identity, comply with KYC norms under applicable laws, prevent fraud.
2	Financial Information (Bank Account Details, Bank Statements, Credit Details, credit information from Bureaus)	Loan disbursement, repayment processing, creditworthiness assessment.
3	Device & Technical Data (IP Address, Device ID, OS, Browser Type)	Fraud detection, security monitoring, service optimisation.
4	Asset Information	Underwriting, assessing financial repayment capability.
5	We may access and retain SMS-related data and select application metadata from your device, including identifiers and versioning details. Such information may be obtained irrespective of application activity status.	This data is processed to facilitate service-related communications and support functions including personalization, verification, risk assessment, and compliance.

This data is processed to facilitate service related communications and support  functions including personalization,  verification, risk assessment, and  compliance.


All consents obtained by BimaPay, including but not limited to those specified in this Policy, are  necessary and mandatory for the provision of our products and/or services, as well as for  compliance with applicable laws and regulations. You acknowledge that refusal to provide, or  withdrawal of, any such mandatory consent may result in our inability to continue providing you  with the requested services. If you wish to withdraw a specific consent previously granted, you  may submit a written request to the Grievance Officer. Upon receipt of such request, we shall  process and comply with the withdrawal within twenty-eight (28) days.  

8. DISCLOSURES TO THIRD PARTIES 
8.1. BimaPay shares information only on a strict need-to-know basis with authorised third parties,  which may include:  
a. regulated financial institutions and insurance partners; 
b. payment processors and technology service providers; 
c. credit bureaus and KYC registries; 
d. collection agents; and 
e. governmental or regulatory authorities where legally required. 
8.2. All such third parties are bound by confidentiality and data-protection obligations equivalent to  those set forth in this Privacy Policy. 

9. DATA RETENTION & DELETION 
9.1. Personal Data will be retained for as long as necessary to fulfil the purposes for which it was  collected and as required by Applicable Law. 
9.2. Where BimaPay acts as a Lending Service Provider (“LSP”), we will securely store your Personal  Data for a period of ten (10) years even after full repayment of all dues, in accordance with RBI  Master Directions and other statutory requirements. 
9.3. Where you have expressly consented, certain data may be used during the retention period for  permissible promotional or marketing communications, subject to your right to withdraw consent  at any time.  
9.4. Upon the expiry of the retention period or withdrawal of consent (whichever is earlier), your data  will be securely deleted, anonymised, or irreversibly destroyed so that it cannot be reconstructed  or retrieved, except where continued retention is required to:  
a. comply with legal or regulatory obligations; 
b. resolve disputes; or 
c. enforce agreements 

10. CONTACT INFORMATION 
For queries, grievances, or to exercise your rights, contact us: 
BimaPay Finsure Private Limited 
Registered Address: 2nd Floor, Office No. 208, Plot No. H-1, Garg Tower, Netaji Subhash Place,  Pitampura, New Delhi, North West Delhi – 110034. 
Email: compliance@bimapay.in 
Grievance Officer: Abhishek Kumar Singh 

11. CHANGES TO THIS PRIVACY POLICY 
We reserve the absolute and unconditional right to amend, modify, revise, update, or delete any  portion of this Privacy Policy at our sole discretion, at any time, and for any reason, without prior  notice. Any such changes shall be effective immediately upon being posted or published through  appropriate channels, including but not limited to our website or application interface. You are  advised to review this Privacy Policy periodically to remain informed of any updates. Your  continued access to or use of the Services following the publication of any amendments shall  constitute Your binding acceptance of such changes.  

12. USER RIGHTS 
If any of the Data you have provided is inaccurate, incomplete, or outdated, you have the right to  provide BimaPay with the correct and complete information and request us to update it. We  encourage you to maintain accurate data to ensure uninterrupted access to our Services. Updates  to your Data may require submission of supporting documents for verification purposes.  
You have certain options regarding how your information is collected and used:
a. Device Permissions: You can modify or revoke permissions granted to the BimaPay app  via your device or browser settings. Please note that restricting access may affect the  functionality of certain Services. 
b. Uninstalling the App: You may remove the BimaPay app from your device or browser at  any time.  
c. Content Removal: You can request the deletion of your information from our systems in  accordance with the provisions below.  
BimaPay collects your Profile Data with your consent. You may choose to withhold information,  limit its use, restrict sharing with third parties, revoke previously granted consent, or request  deletion. However, withdrawal or restriction may not be possible if: 
a. You are actively using a Service that requires the data; or 
b. Retention is necessary to continue providing the Service or to comply with legal  obligations.  
BimaPay cannot guarantee or be held responsible for providing Services if mandatory information  is denied or consent is withdrawn.  
Requests for withdrawal, denial of consent, or deletion will be processed within 30 (thirty) days of: 
a. Receipt of a written request; or 
b. Completion/closure of all active Services; whichever is later. Until the request is  processed, your information may still be used to complete ongoing Services or related  obligations.  

13. LENDING PARTNERS 
Hindon Mercantile Limited 
Mufin Green Finance