Privacy Policy for Mexora Money App
Date: September 24, 2025
Version: 1.1
Company Name: Mexora Infosys Private Limited
App Name: Mexora Money
Email: mexorainfosys@gmail.com
Phone Number: +91 7518071206
Website: https://mexoramoney.com
Mexora Money (“we,” “us,” “our,” or “Data Fiduciary”) is committed to protecting the privacy and security of your personal data. This Privacy Policy (“Policy”) outlines how we collect, process, use, store, share, and protect your digital personal information in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and other applicable laws, including Google Play Store requirements.
We adhere to the principle of data minimization, collecting only the data necessary to provide our services. By using the Mexora Money app, you consent to this Policy. If you do not agree with this Policy, please do not use the app.
1. Consent and Notice
In compliance with the DPDP Act, we obtain your explicit, informed, free, specific, unconditional, and unambiguous consent before processing your personal data. Consent is collected via app pop-ups, checkboxes, or other clear mechanisms.
- Type of Consent: Explicit consent is obtained, especially for sensitive data (e.g., financial information). You may withdraw consent at any time, though this may affect service availability.
- Notice: At the time of app installation or registration, we provide clear notice about the purpose, type, sharing, and your rights regarding data collection. Services requiring consent will not be available if consent is not provided.
- Children’s Consent: For users under 18, we require verifiable parental consent as per the DPDP Act.
2. Information Collection
We collect the following types of personal and non-personal information, only as necessary to provide services such as mobile recharge, DTH recharge, bill payments, AEPS, BBPS, UPI, and other financial services. Data is collected either automatically or through user input.
# 2.1 Personal Information
- Name
- Mobile Number (for OTP verification)
- Email Address (for communication and account recovery)
- KYC Details (e.g., PAN, Aadhaar, Address) – if required for financial services, in compliance with RBI/NPCI guidelines.
# 2.2 Financial and Transaction Data
- Bank account details, UPI ID, or other payment information – for transaction processing.
- Transaction History – related to recharges, bill payments, etc.
- Sensitive Financial Data – collected in compliance with PCI-DSS standards.
# 2.3 Device and Technical Information
- Device ID, IMEI, MAC Address
- IP Address, Browser Type, Operating System (OS), App Version
- Location Data (GPS or IP-based) – only with consent, if required for services (e.g., finding nearby service providers).
- App Usage Data – crash reports, session duration.
# 2.4 Other Information
- Customer Support Data – information shared during support interactions (e.g., chats, call recordings with consent).
- Promotional Data – information provided during participation in campaigns.
- Analytics Data – collected via third-party SDKs (e.g., Google Analytics, Firebase).
We do not collect unnecessary data, and any non-essential data is anonymized.
3. Use of Information
Your information is used solely for specified purposes, as required by the DPDP Act:
- To provide and improve services (e.g., processing transactions).
- For account verification, security, and fraud prevention (e.g., KYC and AML compliance).
- To provide customer support.
- To send notifications, updates, or promotional messages (with opt-in consent).
- For data analytics and research (anonymized) to enhance app performance.
- To comply with legal and regulatory requirements (e.g., RBI, NPCI, TRAI).
We do not use your data for any other purpose without your additional consent.
4. Data Sharing and Disclosure
We do not sell or rent your personal information. Data is shared only in limited circumstances, in compliance with the DPDP Act:
- With Service Providers/Partners: Banks, telecom operators, payment gateways (e.g., Razorpay, NPCI), or API partners to deliver services. These partners act as Data Processors and are bound by contracts with us.
- With Legal Authorities: If required by law, court order, or government agencies (e.g., RBI, Enforcement Directorate).
- Internal Use: For audits, fraud prevention, or security purposes within the company.
- Business Transfers: In case of a merger or acquisition, data may be transferred to the new entity under the same safeguards.
- Third-Party Services: The app may include third-party links or SDKs (e.g., Google Ads), which have their own privacy policies. We are not responsible for their data practices.
Before sharing, we ensure recipients comply with the DPDP Act and other applicable laws.
5. Data Storage and Retention
- Storage: Data is stored on secure servers in India, through cloud providers (e.g., AWS) that comply with MeitY guidelines. International transfers occur only if necessary and with Standard Contractual Clauses (SCC).
- Retention: Data is retained only as long as necessary for the stated purpose (e.g., transaction data for 5 years per RBI rules). After that, it is deleted or anonymized. You can request data deletion.
6. Data Security
We implement industry-standard security measures to protect your data, as mandated by the DPDP Act:
- Encryption: Data in transit (TLS/SSL) and at rest.
- Firewalls, access controls, and regular security audits.
- Compliance with PCI-DSS, ISO 27001, and other standards.
- In case of a data breach, we will notify affected users and the Data Protection Board within 72 hours.
While we take robust measures, no internet-based system is 100% secure. We recommend using strong passwords and secure devices.
7. Cookies and Tracking Technologies
We use cookies, pixel tags, web beacons, and other tracking tools on the app and website to:
- Enhance user experience, analytics, and advertising.
- You can opt out of cookies, but this may affect certain app functionalities.
8. Children’s Privacy
Our services are not intended for users under 18. If we discover a minor using the app, we will promptly delete their data and notify their guardian. Special protections for children’s data are enforced as per the DPDP Act.
9. Your Rights
Under the DPDP Act, you have the following rights:
- Right to Access: Obtain a copy of your data.
- Right to Correction: Rectify inaccurate data.
- Right to Erasure: Request deletion of your data (if legally permissible).
- Right to Object: Object to data processing.
- Right to Data Portability: Transfer your data to another service.
- Right to Grievance: File complaints with us or the Data Protection Board.
To exercise these rights, contact us via email. We will respond within 30 days.
10. Grievance Redressal
For any complaints or concerns regarding your data or this Policy, contact our Grievance Officer:
- Name: Arnav Pal
- Email: mexorainfosys@gmail.com
- Phone: +91 7518071206
We will address your grievance within 30 days. If unresolved, you may approach the Data Protection Board of India under the DPDP Act.
11. Policy Changes
We may update this Privacy Policy periodically to reflect changes in laws, services, or operations. The updated Policy will be posted on the app and website, with the revision date. Continued use of the app after changes constitutes acceptance of the updated Policy.
12. Contact Us
For questions, suggestions, or complaints regarding this Privacy Policy, please contact:
Mexora Infosys Private Limited
App Name: Mexora Money
Email: mexorainfosys@gmail.com
Phone Number: +91 7518071206
Website: https://mexoramoney.com