PRIVACY POLICY

Effective Date: 10/06/2025

1. Introduction
Kalpesri Consulting Private Limited, trading as Transakt (“Company”, “we”, “us”, “our”), is a Telangana-registered fintech start-up that acts solely as a referral and onboarding partner for licensed payment-gateway providers (“PG Partners”). We do not store, process, or transmit cardholder or transaction data; such data is handled entirely by the relevant PG Partner.

This Privacy Policy explains how we collect, use, disclose, store, and secure Personal Data and Business Information in compliance with: the Information Technology Act 2000 and allied SPDI Rules 2011, the Digital Personal Data Protection Act 2023 (DPDP Act), RBI data-localisation directions, and other applicable Indian laws. By accessing our website or engaging our services, you acknowledge that you have read and understood this Policy.

2. Definitions
“Personal Data” means any information relating to an identified or identifiable natural person, including name, mobile number, email address, government identity, or any combination thereof.

“Business Information” means non-personal information about a legal entity, such as GST IN, CIN, PAN, or registered address.

“Ultimate Beneficial Owner (UBO)” means an individual who owns or controls at least ten per cent of the equity or voting rights in a corporate body.

“Services” means lead generation, merchant onboarding, KYC packaging, support, and other ancillary activities that connect merchants to PG Partners.

“User” or “Merchant” means any individual or entity that visits our website or engages Transakt for onboarding.

3. Scope
This Policy applies to data collected:

  • through transakt.in and any sub-domains;

  • through telephone, email, WhatsApp, web forms, and offline interactions; and

  • in documents submitted for onboarding (collectively, “Channels”).

It does not apply to processing performed directly by PG Partners, whose privacy terms are independent of Transakt.

4. Information We Collect
We collect only the data necessary to perform our Services or to meet legal requirements:

a. Merchant KYC and Contact Data – proprietor or director name, email address, mobile number, PAN, masked or XML Aadhaar, GST IN, business address, cancelled cheque or bank statement, and similar onboarding documents.

b. Corporate Documents – Memorandum and Articles of Association, Certificate of Incorporation, CIN, board resolutions, UBO declarations, and other constitutive records.

c. Usage and Device Data – IP address, browser type, pages visited, limited cookies, and similar diagnostic information for security and performance.

d. Marketing Leads – name, email, phone number, and referral source obtained via campaigns, networking, or referrals.

We do not knowingly collect sensitive personal data such as financial account credentials, health data, or biometrics.

5. Legal Bases for Processing
We process Personal Data under one or more of the following lawful grounds:

  • fulfilment of a contract or steps taken at the request of a User prior to entering a contract;

  • compliance with applicable legal or regulatory obligations;

  • our legitimate interests in operating, protecting, and improving our Services, provided such interests are not overridden by User rights;

  • consent, where required—for example, for optional marketing communications.

6. How We Use Information
We use the information we collect to:

  1. verify identity, perform due-diligence checks, and create KYC packs for submission to PG Partners;

  2. communicate with Users regarding application status, technical onboarding, and regulatory updates;

  3. provide cross-sell or tailored offers limited to payments and allied fintech solutions, unless the User opts out;

  4. maintain statutory records and fulfil regulatory or contractual obligations; and

  5. protect and enhance our website and Services through security monitoring and analytics.

We do not use Personal Data for automated decision-making that produces legal or similarly significant effects.

7. Disclosure of Information
We disclose Personal Data only to:

  • PG Partners – exclusively for evaluating and activating a Merchant’s PG account;

  • Cloud and Infrastructure Providers – Google Workspace (email, Drive) and Hostinger International Ltd. (website hosting), each bound by written contracts requiring equivalent data-protection safeguards;

  • Government or Law-Enforcement Authorities – where we are legally compelled to do so or to exercise or defend legal claims.

We never sell or rent Personal Data.

8. International Transfers
Where data is stored on servers located outside India (e.g., EU data centres operated by Hostinger or Google), transfers are governed by Standard Contractual Clauses or comparable safeguards. Transaction data that falls under RBI’s circular dated 6 April 2018 remains within India and is stored exclusively by the PG Partner.

9. Data Retention
Onboarding records are retained for seven (7) years from the date a Merchant relationship ends, or longer if required by law. Marketing-lead data is retained for up to three (3) years after the last interaction or until the User opts out, whichever occurs first. Server logs are generally retained for twelve (12) months. After expiry of the relevant period, data is securely destroyed using cryptographic erasure or equivalent industry-standard methods.

10. Security Measures
We employ appropriate technical and organisational measures including, but not limited to:

  • TLS 1.2 or higher encryption for data in transit and AES-256 encryption at rest in cloud storage;

  • multi-factor authentication for remote access to internal systems;

  • role-based access controls restricted to authorised personnel;

  • endpoint anti-malware protection, timely patch management, and routine internal security reviews;

  • an incident-response procedure targeting initial acknowledgement within four (4) hours and containment within twenty-four (24) hours of discovery.

No method of transmission or storage is completely secure; however, we strive to use commercially acceptable means to protect Personal Data.

11. User Rights
Subject to applicable law, Users have the right to:

  • request access to and a copy of their Personal Data;

  • request correction or deletion of inaccurate or unnecessary Personal Data;

  • restrict or object to processing based on legitimate interest;

  • withdraw consent for marketing at any time.

Requests should be directed to admin@transakt.in. We will respond within the timeframe prescribed by law.

12. Cookies
We use only essential cookies for site functionality and limited Google Analytics cookies for aggregated usage insights. Users may disable cookies through browser settings; core site features will remain available.

13. Children
Our Services are intended for business entities and individuals aged eighteen (18) years and above. We do not knowingly collect Personal Data from minors.

14. Changes to This Policy
We may update this Privacy Policy periodically to reflect legal, technical, or business developments. Material changes will be notified by email or prominent notice on our website and will take effect fourteen (14) days after posting unless a shorter period is required by law.

15. Grievance and Data-Protection Officer
Email: admin@transakt.in
Phone: +91 9666271515

We endeavour to resolve all complaints within thirty (30) days. If you are not satisfied with our response, you may escalate to the Data Protection Board of India or another competent authority.

16. Contact Us
For any questions about this Privacy Policy or our privacy practices, please email admin@transakt.in

Last updated: 10/06/2025

Scroll to Top