- Recharge & Bills
- Ticket Booking
- Payments & Services
- Paytm for Business
- Company
Download App
Sign InTerms & Conditions
One97 Communications Limited
- TERMS & CONDITIONS
- GRIEVANCE
- PRIVACY
- LOAN PRODUCT- PRIVACY POLICY & T&C
- ANTI BRIBERY AND ANTI CORRUPTION POLICY
- UPI
I. Types of Information we collect
1. Any data that we collect and process is need-based and is obtained with your express consent, only to the extent necessary for us to assist with your requirement(s) and in the manner as detailed hereinafter below in Sections III to VII.
2. Your privacy is of utmost importance to us. Protecting your Personal Data is a key commitment for us.
3. We are governed by and comply with the provisions of applicable rules, regulations and laws in India including but not limited to the Reserve Bank of India (Digital Lending) Directions, 2025,, THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023, the Information Technology Act, 2000 and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 while safeguarding your privacy and protecting your personal data.
2. Your privacy is of utmost importance to us. Protecting your Personal Data is a key commitment for us.
3. We are governed by and comply with the provisions of applicable rules, regulations and laws in India including but not limited to the Reserve Bank of India (Digital Lending) Directions, 2025,, THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023, the Information Technology Act, 2000 and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 while safeguarding your privacy and protecting your personal data.
II. Applicability of this policy.
This Privacy Policy shall apply uniformly to our desktop website, mobile WAP site & mobile applications.
This Privacy Policy applies to all data collected by us from you. If the data is classified as Personal Data in terms of existing guidelines, we exercise additional safeguards in collection and storage of the same.
1. “Personal Data” is data relating to you that is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of your identity or any combination of such features with any other information.2. Personal Data refers to information that is not available or accessible freely in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force.
3. In this Policy, all reference to “us”, “our” and “we” shall mean and include One97 Communications Ltd. and its subsidiaries and group companies. All reference to “you” and “your” shall mean and refer to you, the Customer or User using our services through any medium or platform.
III. Information we collect
When you use our services, you understand and agree that we may collect, process and store information about you including (but not limited to) your phone number, address, email, billing information and payment preferences. We do for various reasons such as to facilitate your requests, provide seamless services and automatically complete forms for future transactions. The following information may be collected with your explicit consent and used only for purposes specified in the consent notice:
1. Personal details (e.g., name, contact details including, residential address, date of birth, documents such as PAN card, a proof of identity and a proof of address and/ or education details).
2. Your usage details including transaction history, balances, payment details, etc. for effecting transfer of monies through various payment channels provided by us.
3. Financial details (e.g., income, expenses, and/ or credit history) which are required for grant of some of our products/ services.
4. Images of documents/photos required to avail some of our products/ services.
5. Voice recordings of our conversations with our customer care agent(s) with you to address your queries/grievances.
6. Opinions provided by you to us by way of feedback or responses to surveys;
7. One time access to your mobile camera device towards many in-app functionalities for recording video, including but not limited to video KYC process, etc.;
8. One time access to your device location for KYC requirements;
9. One time access to the microphone to record audio for carrying out video KYC process and voice typing, etc.; and
10. Access to Wi-Fi details through SSID information from your device, in order to notify users about the security of Wi-Fi network.
Note: For the devices supporting authentication through biometrics, Paytm app provides a feature to unlock the app using face ID or fingerprint recognition. We do not seek, retrieve or store your biometric information, including face ID and fingerprint permissions, through your mobile device.
1. Personal details (e.g., name, contact details including, residential address, date of birth, documents such as PAN card, a proof of identity and a proof of address and/ or education details).
2. Your usage details including transaction history, balances, payment details, etc. for effecting transfer of monies through various payment channels provided by us.
3. Financial details (e.g., income, expenses, and/ or credit history) which are required for grant of some of our products/ services.
4. Images of documents/photos required to avail some of our products/ services.
5. Voice recordings of our conversations with our customer care agent(s) with you to address your queries/grievances.
6. Opinions provided by you to us by way of feedback or responses to surveys;
7. One time access to your mobile camera device towards many in-app functionalities for recording video, including but not limited to video KYC process, etc.;
8. One time access to your device location for KYC requirements;
9. One time access to the microphone to record audio for carrying out video KYC process and voice typing, etc.; and
10. Access to Wi-Fi details through SSID information from your device, in order to notify users about the security of Wi-Fi network.
Note: For the devices supporting authentication through biometrics, Paytm app provides a feature to unlock the app using face ID or fingerprint recognition. We do not seek, retrieve or store your biometric information, including face ID and fingerprint permissions, through your mobile device.
IV. Usage and Storage of your Personal Data
We use and store your Personal Data for providing you with services as well as our partners’ products/services as well as to perform, among other actions, the following:
1. To facilitate transactions conducted by you or generating various reports on these transactions.
2. To undertake research and analytics for offering or improving our products/ services and their security and service quality.
3. To check and process your requirements, instructions or requests received from you in respect of the products/ services including but not limited to loans, financial facilities, commodities, etc. you may want to purchase / use / avail from us or other service providers / entities / institutions on our website/mobile application.
4. To share updates on changes to the platform/products/services and their terms and conditions with you.
5. To investigate and resolve any complaints/ claims/ disputes submitted by you.
6. To respond to queries or feedback submitted by you
7. To verify your identity in order to provide products/ services to you.
8. To carry out lawful credit checks, screenings, or due diligence checks as may be required by us.
9. To monitor and review products/ services from time to time.
10. To undertake financial/ management reporting and create and maintain various risk management models.
11. To conduct audits and for record keeping purposes.
12. To enable us to show you advertisements, selective offers and promotions, search results,location-based services, which may be relevant to you, based upon your interests and consent shared, if you sign up for such promotions/offers.
13. To auto populate relevant third-party pages’ basis your online pointer-clicking patterns on advertisement displayed on our website pages.
14. To comply with the requirements of applicable laws/ regulations and/ or court orders/ regulatory directives received by us.
This means that we will not:
1. To facilitate transactions conducted by you or generating various reports on these transactions.
2. To undertake research and analytics for offering or improving our products/ services and their security and service quality.
3. To check and process your requirements, instructions or requests received from you in respect of the products/ services including but not limited to loans, financial facilities, commodities, etc. you may want to purchase / use / avail from us or other service providers / entities / institutions on our website/mobile application.
4. To share updates on changes to the platform/products/services and their terms and conditions with you.
5. To investigate and resolve any complaints/ claims/ disputes submitted by you.
6. To respond to queries or feedback submitted by you
7. To verify your identity in order to provide products/ services to you.
8. To carry out lawful credit checks, screenings, or due diligence checks as may be required by us.
9. To monitor and review products/ services from time to time.
10. To undertake financial/ management reporting and create and maintain various risk management models.
11. To conduct audits and for record keeping purposes.
12. To enable us to show you advertisements, selective offers and promotions, search results,location-based services, which may be relevant to you, based upon your interests and consent shared, if you sign up for such promotions/offers.
13. To auto populate relevant third-party pages’ basis your online pointer-clicking patterns on advertisement displayed on our website pages.
14. To comply with the requirements of applicable laws/ regulations and/ or court orders/ regulatory directives received by us.
We may process, store, and retain your Personal Data on our computer servers and/ or on the servers of third parties having contractual relationships with us. All Personal Data is stored at data centers in servers located in India. However, in case the data is required to be sent for processing to servers located outside India, the same shall be brought back to India within 24 hours of completion of processing and shall be deleted from the servers located outside India within the same time frame. We will retain your data for the period of 6 months or till consent revocation or till satisfaction of the purpose of the data or for such period as required to comply with any law for the time being in force, whichever is earlier.
Note: We respect your privacy and do not access your computer or mobile phone data such as files and media, contact lists, call logs, and other telephony functions.This means that we will not:
- Access your photos, videos, or other files stored on your computer device / mobile phone.
- Access your contact list or address book.
- Access your call history or record your calls.
- Use your computer / phone's microphone or camera multiple times for the same transaction.
V. Sharing your data.
We may share your data with competent/ legal/ statutory/ regulatory agencies/ authorities, if directed by them to do so. We may do so when directed or required by legal/ regulatory/ statutory/ governmental authorities/ judiciary under any applicable laws/ regulations or judicial pronouncement through legally enforceable orders/directions.
Sometimes, we may need share your Personal Data with our external partners/ service providers/ third parties, as the case may be. Such sharing of data is done strictly on a “need to know” basis and is subject to appropriate contractually bound data confidentiality and security requirements, which are in line with applicable laws. We may share your data with our partners/ service providers/ third parties for enabling the provision of the products/ services availed by you or providing you with products/ services to better serve your needs and interests. The details of our partners/ service providers/ third parties with whom we may share your Personal Data in terms of your explicit consent on a partial and “need-to-know” basis are enclosed herewith vide Annexure – A.
VI. Option to deny/revoke the consent concerning your personal data.
At any point in time, you may choose to deny/ revoke consent for use and/ or restrict disclosure to third parties of any or all your data. Whenever you do so, we shall immediately stop processing, storing or restrict the sharing of your data, as the case may be. However, we may still process or share your data, if directed to do so under law or regulation. If you choose to opt revoke / restrict usage of your data, we may not be able to offer / serve you with various products/ services. This is because some of products / services offered by us may require your consent for using/ storing/ sharing your Personal Data in accordance with this Policy.
VII. Purging of your Personal Data
You could provide instruction to us to delete/forget your account data if you do not further wish to utilise our services through One97’s desktop website, mobile WAP site or mobile application whenever you want. When you choose to do so, we wont be able to provide you with our products/services. After that, your data is disposed off by us except for any record retention required as per applicable laws. For example, law requires your transaction logs to be stored post the deletion of an account too. Likewise, in the event of pendency of any legal/ regulatory proceeding or receipt of any legal and/ or regulatory direction to that effect, we may be required by the law to retain your Personal Data for longer periods.
Note: For requests related to Clauses VI and VII, you can send an email to [email protected] and the same will be processed by 10th day of the subsequent month from the date of the request.
Note: For requests related to Clauses VI and VII, you can send an email to [email protected] and the same will be processed by 10th day of the subsequent month from the date of the request.
VIII. Personal Information Verification and Rectification
You can review, update, or rectify any information provided to us by placing a request using the contact details provided under the ‘Contact us’ section on our website / mobile site / mobile application.
IX. Cookie Policy
1. A “cookie” is a small piece of information stored by a web server on a web / mobile browser, so it can be later read back from that browser.
2. We may use cookie and tracking technology depending on the features of products/services offered.
3. However, no Personal Data is collected through cookies and other tracking technology. However, if you had consented to provided Personal Data previously, cookies may be tied to such information and used accordingly by us.
2. We may use cookie and tracking technology depending on the features of products/services offered.
3. However, no Personal Data is collected through cookies and other tracking technology. However, if you had consented to provided Personal Data previously, cookies may be tied to such information and used accordingly by us.
X. Links to other websites
Our website / mobile site may contain links to other websites, which may not be maintained by us. This Policy only applies to us, our website, mobile site and mobile application. You are requested to read the other websites’ privacy policies when visiting these websites.
XI. Reasonable Security Practices and Procedures
We take various steps and measures to protect the security of your Personal Data from misuse, loss, unauthorized access, modification, or disclosure. We use the latest secure server layers encryption and access control on our systems. Our safety and security processes are audited by a third-party cyber security audit agency from time to time.
We also provide multiple levels of security to safeguard your usage of our mobile application through Login/ Logout option, App Lock feature for payments, etc. all of which is controlled by you. We also ensure the ‘device binding’ feature for your mobile application, so that the same login credentials cannot be used on different devices without any additional factor authentications such as OTPs. We strongly advise you against sharing your Account’s login, password, and OTP details with anybody.
When you submit credit or payment card information, we encrypt the information in compliance with Payment Card Industry (PCI) data security standards in order to store and process it securely.
While we observe appropriate security measures to protect your Personal Data on all our digital platforms, security risks may still arise due to reasons beyond our control. For eg. hacking, virus dissemination, force majeure events, breach of firewall, etc. Please note that the measures we take do not guarantee absolute protection of your Personal Data. In case you raise any such incidents of data breach to us, we will handle all such incidents as per applicable law.
We also provide multiple levels of security to safeguard your usage of our mobile application through Login/ Logout option, App Lock feature for payments, etc. all of which is controlled by you. We also ensure the ‘device binding’ feature for your mobile application, so that the same login credentials cannot be used on different devices without any additional factor authentications such as OTPs. We strongly advise you against sharing your Account’s login, password, and OTP details with anybody.
When you submit credit or payment card information, we encrypt the information in compliance with Payment Card Industry (PCI) data security standards in order to store and process it securely.
While we observe appropriate security measures to protect your Personal Data on all our digital platforms, security risks may still arise due to reasons beyond our control. For eg. hacking, virus dissemination, force majeure events, breach of firewall, etc. Please note that the measures we take do not guarantee absolute protection of your Personal Data. In case you raise any such incidents of data breach to us, we will handle all such incidents as per applicable law.
XII. Contact us
You may contact us on any aspect of this policy or for any discrepancies/ grievances with respect to your Personal Data, by writing to our Grievance Officer as per the details provided below:
Name: Aditya Ranade
Designation: Nodal Grievance Redressal Officer
Email ID: [email protected]
Phone: 01205083345
One97 Communications Limited
One Skymark Tower-D Plot No H-1 OB Sector-98 Noida-201 304
In addition to above, if you are not satisfied with the resolution after 30 days, you may decide to raise the same to RBI Ombudsmen at https://cms.rbi.org.in/cms/indexpage.html#eng or send a physical complaint to “Centralised Receipt and Processing Centre, 4th Floor, Reserve Bank of India, Sector17, Central Vista, Chandigarh - 160017” as per the grievance redressal mechanism prescribed by the Reserve Bank
Name: Aditya Ranade
Designation: Nodal Grievance Redressal Officer
Email ID: [email protected]
Phone: 01205083345
One97 Communications Limited
One Skymark Tower-D Plot No H-1 OB Sector-98 Noida-201 304
In addition to above, if you are not satisfied with the resolution after 30 days, you may decide to raise the same to RBI Ombudsmen at https://cms.rbi.org.in/cms/indexpage.html#eng or send a physical complaint to “Centralised Receipt and Processing Centre, 4th Floor, Reserve Bank of India, Sector17, Central Vista, Chandigarh - 160017” as per the grievance redressal mechanism prescribed by the Reserve Bank
XIII. Policy Review & Updates
This policy may be reviewed by us as and when required as per our discretion. Therefore, this Policy is subject to change at any point in time. We encourage you to check this Policy regularly in order to be informed of how we are committed in protecting your information and providing you with the improved content/products/services. The latest & most updated policy can always be found at LOAN PRODUCT- PRIVACY POLICY & T&C. While we will make reasonable efforts to keep you updated regarding any changes to this Policy, we strongly recommend that you review this Policy periodically to make sure that you don’t miss out on any changes. Please check the “Last updated” legend at the bottom of this page to see when this Privacy Policy was last updated.
XIV. Governing Law & Jurisdiction
This policy will be governed by and construed in accordance with the laws of India and subjected to the exclusive jurisdiction of Courts at New Delhi, India.
Annexure-A
Details of our partners’/ service providers/ third parties with whom One97 Communications Limited may share customers’ Personal Data on a partial and “need-to-know” basis
| Particulars | Name of partners/ service providers/ third parties |
|---|---|
| Offline KYC | Perfios Software Solutions Private Limited |
| Name Match | Perfios Software Solutions Private Limited |
| Digilocker | Digiotech Solutions Private Limited |
| PAN Validation | Perfios Software Solutions Private Limited Signzy Technologies Pvt Ltd Handy Online Solutions Private Limited |
| Selfie Liveliness and Face Match | Baldor Technologies Pvt Ltd |
| Address Completeness | Searce Cosourcing Services Pvt Ltd |
| GeoCode and Reverse GeoCode | C.E. Info Systems Limited |
| Credit Bureau Pull | Experian Credit Information Company of India Private TransUnion CIBIL Limited |
| Penniless Service | Yes Bank Limited |
| eNACH Mandate | Digiotech Solutions Private Limited |
| UPI Autopay | Yes Bank Limited Digiotech Solutions Private Limited |
| Text to Speech | Embee Software Pvt Ltd |
| Email Validation | Signzy Technologies Pvt Ltd |
| Document Verification and Facilitation | Decentro Tech Private Limited Signzy Technologies Pvt Ltd Perfios Software Solutions Pvt Limited |
| Mutual Fund Report | Paytm Services Pvt Ltd |
| Collection services | Urja Money Private Limited |
| Lenders | Banks/NBFC |
Last updated on: 14th July 2025