Legal
Privacy policy
Last updated: July 9, 2026
PayByCc (“we”, “us”, “Platform”) respects your privacy. This Privacy Policy explains what personal data we collect when business owners, freelancers, service providers, startups, and customers use our payment and marketplace services, why we use it, how long we keep it, and your rights. It applies wherever this policy is linked, including our website and application.
In short
- We collect only what is needed to run accounts, KYC verification, orders, and licensed payment processing.
- We do not sell your personal data.
- Sensitive payment card data is handled by gateway partners; we do not store full card numbers when tokenised.
- You may contact us to access, correct, or raise concerns about your data — see Section 12.
1. Who we are
Add your registered business name and address in Admin → Website to display them here.
Privacy requests: Contact.
2. Information we collect
- Account: name, email, phone, password (hashed), role (customer/seller), user code.
- Seller profile: company name, GSTIN (if provided), address, services offered, bank details for settlement.
- KYC: PAN, Aadhaar or other identity fields where required; verification status.
- Orders & payments: order amounts, fees, GST/TDS/TCS fields, status, gateway references, payment-link tokens, and payment metadata from licensed processors (we do not store full card numbers when the gateway tokenises them).
- Bank accounts: bank name, holder name, account number, IFSC for payouts.
- Technical: IP, device/browser, session cookies, application logs for security and support.
- Communications: contact form and support messages.
3. How we use data
- Operate the marketplace (search, orders, payments, settlements).
- Verify identity and manage risk (including Safe Status for settlements).
- Process UPI, card, net banking, wallet, and other payments via partners.
- Comply with applicable Indian law — including tax, PMLA/AML, RBI-related payment norms, and lawful government or court requests.
- Prevent fraud and improve reliability (including structured audit logs).
- Respond to support inquiries.
4. Sharing
We do not sell personal information. We may share with:
- Payment gateways and banks to authorize and settle transactions.
- KYC or verification partners where used.
- Hosting, SMS/OTP, email, and infrastructure providers under contract.
- Authorities when required by law or to protect rights and safety.
- Other users only as needed for transactions (e.g. seller sees order details relevant to fulfilment).
5. Retention
We retain data as long as needed for the purposes above, including legal, tax, and dispute requirements. Logs and order records may be kept for compliance periods even after account closure where required.
6. Security
We use HTTPS, access controls, hashing of secrets, and encryption for sensitive configuration where implemented. No system is perfectly secure; report concerns via Contact.
7. Legal basis & Indian law
We process personal data where necessary to perform our contract with you, comply with legal obligations, pursue legitimate interests (fraud prevention, security, service improvement), or with your consent where required. This includes obligations under the Information Technology Act, 2000 (and rules thereunder) and, where applicable, the Digital Personal Data Protection Act, 2023 (DPDP Act) and related guidance as it comes into force.
8. Your rights
- Request access, correction, or deletion of personal data we control, subject to legal retention needs.
- Withdraw consent where processing is consent-based (without affecting prior lawful processing).
- Nominate another individual to exercise rights on your behalf in situations permitted by law.
- Raise a grievance with us; we will respond within reasonable timelines.
9. Cookies & sessions
Essential cookies support login, CSRF protection, and session management. Disabling them may prevent sign-in.
10. Children
The Platform is not directed at children under 16. We do not knowingly collect their data.
11. International transfers
If data crosses borders, we use safeguards required by applicable law.
12. Grievance & contact
For privacy questions, data requests, or complaints, contact us via Contact. We will acknowledge and work to resolve grievances within timelines required by applicable law. If you are not satisfied, you may have rights to escalate to the Data Protection Board of India once fully operational under the DPDP Act.
13. Changes
We may update this policy; the “Last updated” date will change. Material changes may receive additional notice.
14. Related policies
Please also read our Terms & Conditions, which govern use of the Platform alongside this Privacy Policy.