privacy-content

1. Introduction

Refyne Tech Private limited (hereinafter referred to as “Refyne” or "the Company”), through its Website, i.e., https://www.refyne.co.in/ and Mobile Application called "Refyne” runs an employee financial wellness platform (“Refyne Platform”) that allows the employee users to track their salary and enables them to withdraw on credit, the earned amount of salary at any point of time at an agreed transaction fees which credit is extended by Financial Partners with whom Refyne has arrangements.

The terms used in the Privacy Policy ("Policy”) have the meaning as defined in the Terms of Use. The present policy lays down how Refyne collects, uses, processes, discloses, shares and transfers Personal Data and other data of users of the Refyne Platform (“You” or “User”) . This Policy must be read in consonance with the Terms of Use.

By using or accessing the Refyne Platform or opening an Account on the Refyne Platform, You agree to accept the terms contained in the present Policy. This Policy is an electronic record in the form of an electronic contract and is created in accordance with (i) Information Technology Act, 2000 and rules made thereunder; (ii) Digital Personal Data Protection Act, 2023 and rules made thereunder; (iii) Reserve Bank of India (Non-Banking Financial Companies – Credit Facilities) Directions, 2025; and (iv) other applicable laws, regulations and rules.

In case You do not wish to agree to the terms of this Privacy Policy, You may feel free not to use the Refyne Platform.

Refyne reserves with itself rights to modify, change or update this Policy at any time. In the event Refyne makes any changes in this Policy, the same will be communicated to You. It is hereby suggested that You carefully read and understand the Policy before agreeing to the terms and conditions set forth herein.

2. Collection of Consent

The Company collects your consent by giving to You a notice containing the following information:

The Personal Data collected from You and the purpose for which the same is being processed;
The manner in which You may withdraw your consent;
The grievance redressal mechanism and how You may exercise your rights under the same;
The rights available to You under applicable law;
Who has access to the data provided by You;
The manner in which You may make a complaint to the Data Protection Board of India, once established.

This notice shall be in a plain and easy to understand language and shall be available to You in English or in any of the languages mentioned in the Eighth Schedule of the Constitution of India.

3. Processing of Information and its Purpose

Refyne collects, processes, uses, discloses, shares and transfers Personal Data, other content, communications, information provided by You or on your behalf, your Data Fiduciary(ies) or Data Processors when the Users register on the Refyne Platform, for the purpose of providing the User with the Products and Services.

Purpose of collecting the information is to enable the User to access and avail the Products and Services available on the Refyne Platform.

For the purpose of this Policy, the term "Personal Data” shall mean any information You or on your behalf your Data Fiduciary(ies) or Data Processors provides to Refyne which is used to identify You, to reach out to You, to undertake fraud checks, to perform credit risk assessments, to complete your onboarding process and submitting relevant documents with your Data Fiduciary(ies) or Data Processors For the purpose of this Policy, the term "Non-Personal Data” shall mean information that does not specifically identify an individual but includes information from You such as the type of internet browser You use, mobile device or computer You use, your preferences on the Platform, and your Internet Service Provider (ISP)

Personal Data and Non-Personal Information together is referred to as "Information”. Refyne may collect Information from You when You open an Account or fill the Application Form, when You use the Products and Services, when You participate in surveys conducted by Refyne, when You interact with the customer care team, or when You carry out transactions on the Refyne Platform. You specifically undertake and warrant the accuracy and truthfulness of the Personal Data You share and agree that You shall be solely responsible for any and all data submitted by You. You shall keep updating the Information provided, in the event such information changes. You can change or update your Personal Data, by sending an email to the grievance redressal officer, whose details are mentioned below.

You agree to indemnify Refyne, against all losses, damages, claims, penalties, costs arising out of the inaccuracy of the Personal Data provided. Refyne may collect details about your use of the Refyne Platform and/or Products and Service, such as the features used, any activity carried out and the frequency/duration/time thereof, the actions taken etc.

Refyne may be required to collect and combine details from and about the mobile phones, computers, tablets, and other electronic devices that You may use to access the Refyne Platform.

Information that may be obtained when You use Platform could include:

Information	Purpose	Platform
Name	Sign-up; Login and KYC	Mobile and Web
Phone Number	Sign-up; Login and Customer KYC	Mobile and Web
Email ID	Sign-up and login	Mobile and Web
Selfie	Customer KYC	Mobile and Web
Date of Birth	Customer KYC	Mobile and Web
Address	Customer KYC	Mobile and Web
PAN Number	Customer KYC	Mobile and Web
Aadhar	Customer KYC	Mobile and Web
Voter ID	Customer KYC	Mobile and Web
Driver’s license	Customer KYC	Mobile and Web
Bank Account information	Disbursements	Mobile and Web
Location	One time access for KYC and Fraud Detection	Mobile and Web
Screensize	To adjust your views	Mobile and Web
OS	OS specific code blocks, and Analytics	Mobile
Storage	One time access for uploading documents pertaining to Customer KYC	Mobile and Web
Camera	One time access for document upload, Video KYC, selfie capture	Mobile and Web
Cookies	Deeplink	Web

The data collected for the purposes of KYC shall be further processed by our partnered Non-Banking Financial Company (NBFC) for credit underwriting purposes and to ensure compliance with all applicable laws and regulatory requirements.

4. Information Usage

Refyne may use your Information to:

Manage Your Account.
Providing You with access to the Refyne Platform and/or use of the Products and Services.
Send SMS for authenticating operations via One Time Password (OTP) etc.
Conduct survey or analysis of your Account.
Develop, test and improve the Refyne Platform, testing and troubleshooting, rectifying glitches, improving navigation and the facilitation of Products and Services.

5. Data Storage and Security

All data collected from you is stored exclusively on secure servers located within the territory of India. Refyne maintains a strict audit trail of all data flows to ensure compliance with these localization mandates.

6. Information – How It May Be Shared

Refyne may disclose or share your Information, which includes your Personal Data, with the following persons to enable providing of Products and Services:

Sharing with Financial Partners or credit information companies. Information shared by You may be disclosed and shared with the financial partner and/or credit information companies, as the case may be, in order to enable You to avail the Salary / Earned Amount Advance Facility and other Products and Services.
Disclosure as required by law or to authorities. Your Information may be shared with authorities such as government/statutory/regulatory authorities or under court orders; to establish or exercise legal rights; to defend against legal claims; or as otherwise required by law.
Disclosure to third parties including payment gateways. Refyne may be required to provide, disclose or share Information that is collected from You to third-party service providers, including payment gateways, to provide the Products and Services to You.
Sharing of Information with prospective acquirers. Information may be required to be disclosed acquirer, assignee or other successor entity in connection with a sale, merger, or reorganization of all or substantially all of the equity or business of Refyne.
Sharing of information with third-party service providers. Refyne may share your information with third-party service providers who are engaged in the provision of information technology services for fulfilling various aspects of the Refyne Platform and for research and data analytics.
Sharing of information with identity and other information verification providers. We may share your information to identity and other information verification providers to complete identification and information verification processes in accordance with applicable laws.
Sharing of information with Marketing, business development, and sales partners. We may share your information with our marketing, business development and sales partners for the purpose of improving and carrying out marketing or business development activities to provide better services to You through the Refyne Platform.

If You send us personal correspondence, such as emails or letters, or if other Users or third parties send us correspondence about your activities on the Refyne Platform, we may collect and store such information for providing services and for record keeping purposes.

Refyne shall ensure the following, with respect to the Personal Data shared with third-parties:

In the event, You withdraw Your consent, Refyne shall ensure that all the third-parties with whom the data has been shared, delete the same, subject to any regulatory requirements.
Refyne shall enter into a valid contract, with the third-parties, with whom Personal Data may be shared.

Refyne shall not share/process your Information outside the jurisdiction of India, unless such sharing/processing has been explicitly permitted under the applicable law. List of third parties with whom Information may be shared:

Details of Third Party	Summary of Processing Activity
Amazon Web Services India Private Limited 14th Floor Block - E, International Trade Tower, Nehru Place New Delhi, Delhi 110019.	Hosts the infrastructure including the databases and servers to provide the financial services offered by Refyne
Webklipper Technologies Private Limited, B-1602, Lotus Corporate Park, off Western Express Highway, Goregaon (East), Mumbai, Maharashtra – 400063 (hereinafter referred	Manage user segments for marketing campaigns
Mixpanel India Services Private Limited No. 1, Ground Floor, 79,,coles Road, pulikeshinagar, ,Bangalore, North,bangalore,karnataka,560005-india	Track user interaction with mobile app and web app to measure customer retention and engagement
GupShup Technology India Private Limited Eastland Citadel, #102, Ground Floor & Mezzanine Floor, Hosur Main Road Kaveri Layout, S.G. Palya, Koramangala, Bengaluru, Karnataka 560029	Messaging platform
Sunita Finlease Limited Sunita Finlease Ltd., G.E.Road, Opp. Rajkumar College, Choubey Colony, Raipur - 492010, Chhattisgarh.	Lending Partner
Olety Finance Private Ltd #19 ground floor #15/16 House of Lords complex, St. Marks Road, Bangalore 56000	Lending Partner
Junoon Capital Services Private Limited Property No.6, 2nd Floor, Pocket-3, Sector-17, Dwarka New Delhi, Delhi - 110078	Lending Partner
Refyne Finance Private Limited #522, 24th Main Road, Parangi Palya, Sector 2, HSR Layout, Bangalore, Karnataka - 560102	Lending Partner

7. Protection Of Information

Our servers are located within the territory of India, where your data is stored securely.

The Platform has reasonable security measures as per the Information Technology Act, 2000 in place to protect the loss or misuse of the information under our control. We implement reasonable physical, administrative, and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure. For example, we encrypt all sensitive personal information when we transmit such information over the internet. We also require that our registered third-party service providers protect such information from unauthorized access, use and disclosure. However, You agree that the same cannot be foolproof since no security system is impassable and accordingly Refyne cannot and does not commit or guarantee that the Information may be absolutely free from invasion or breach.

Our Platform has stringent security measures in place to protect the loss, misuse, and alteration of information under control. We endeavour to safeguard and ensure the security of the information provided by You. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, as per the applicable law. Refyne stores and processes User Personal Data in a hosted environment secured within Virtual Private Cloud setup on Public Cloud viz Amazon AWS.

We blend security at multiple steps within our products with the state-of-the-art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks. Please note that we or our Financial Partners or any person authorized by us will not ask You to share any sensitive data or information such as account/login/passwords/financial information (bank details, OTPs etc) and other sensitive personal information via email/telephone/SMS/link. Please do not share such information to any person even if such persons claims to be the authorized representative of us and/or any of our partners. However, transacting over the internet has inherent risks which can only be avoided by You following security practices yourself, such as not revealing account/login/passwords/financial information such as bank details, OTPs and other sensitive personal information to any other person. In the event You suspect that your account/personal information has/may have been compromised or You receive any suspicious call, SMS, link, email requesting your sensitive personal information, You may reach out to our grievance officer and inform him of the same.

The Platform may contain links to third party applications/websites that may collect Personal Data about You. In the event You access such third party applications/websites, please be aware that the privacy policy of such third party shall be applicable on the information collected from such applications/websites. Please refer to the privacy policies of such third parties before sharing any data with them. Refyne shall not be liable or responsible for any breach of security or disclosure of your Information by or for any actions or inactions of the financial partner or any other third party that receives your Information.

You are solely responsible for maintaining the confidentiality of your username and password and Refyne would, in no circumstances be liable or responsible for any breach in this regard by You.

In the event of becoming aware of any cyber security incident or breach by Refyne or any third-party to whom your Personal Data has been shared, Refyne shall duly intimate You and the relevant authorities, in accordance with the Applicable law.

8. How We Handle Data Breaches

We take the security of your information seriously. In the unlikely event of a personal data breach, we have strict protocols in place to protect your rights and keep you informed If we become aware of a breach involving your personal data, we will notify you promptly without delay. This notification will be sent through your user account or the contact details you have registered with us. To ensure you stay informed, we will provide:

What happened, the nature of the data involved, and when it occurred.
How this breach might realistically affect you.
The steps we have already taken—and are currently taking—to fix the issue and limit any risks.
Specific recommendations on steps you can take to protect your own interests (such as changing passwords or monitoring accounts).
Contact information for a dedicated representative who can answer your questions regarding the incident.

In compliance with the law, we will also notify the Data Protection Board of India immediately following a breach. The intimation will include a description of the breach, including its nature, extent, timing, location of occurrence and likely impact. Within 72 hours or within such longer period as the Board may allow, we will provide the Board with a comprehensive report pertaining to the breach which will include detailed information in respect to such breach such as facts related to the events, circumstances and reasons leading to the breach, the remedial measures we are implementing to prevent it from happening again, any findings regarding the person who caused such breach, report regarding the intimations given to affected Data Principals and any other information as required by the Board in this regard.

9. Data Retention and Destruction Protocol

We will keep your Personal Data as long as you are a borrower and/or in the event where you have availed any of the Products and Services through the Refyne Platform. We may keep your information after you stop being a borrower/customer of the Products and Services. The reasons we may do this are:

To respond to a question or complaint, or to show whether we gave you fair treatment.
To establish, exercise or defend our legal claims.
To comply with legal rules that apply to us about keeping records or information, in which case we will retain your Personal Data for a minimum of 5 (five) years after your Account has been terminated or longer depending on applicable laws.

We will comply with the following procedure for destruction and disposal of Your Personal Data and other information:

Data Privacy Team is responsible for deleting or destroying electronic records. This includes ensuring that the Personal Data and other information is permanently removed from Refyne’s system and destroyed.
No Personal Data and other information that are currently involved in, or have open investigations, audits, or litigation pending shall be destroyed or otherwise discarded.
When retention requirements have been met, Personal Data and other information shall be immediately destroyed.
The authorized methods of destruction for non-electronic Personal Data and other information are shredding.

10. Your Rights As A Data Principal

Access Rights: You have the right to request access to the following information about Your Personal Data collected:

A summary of the Personal Data which is being processed by Refyne and the processing activities undertaken by Refyne with respect to such Personal Data.
The identities of all other entities with whom the Personal Data has been shared, along with a description of the Personal Data so shared; and any other information related to the Personal Data and its processing, as may be permitted under applicable law.

Right to correction and erasure of Personal Data: You have the right to correction, completion, updating and erasure of your Personal Data for the processing of which You have previously given consent.
Right to withdrawal of consent: You have the right to withdraw your consent provided for the collection and / or processing of your Personal Data at any time, by writing to the Grievance Redressal Officer at the contact details mentioned below. Provided that, such withdrawal shall not affect the legality of processing of the Personal Data based on your consent before such withdrawal. Once You have withdrawn consent to process your Personal Data stored with us, we will stop actively processing your Personal Data but may store it for archival/record keeping purposes in compliance with applicable laws. In such an event, we reserve the right to not allow You to further use the Refyne Platform or use any Products and Services thereunder, without any obligations or liability, whatsoever, whether in contract, tort, law, equity or otherwise, in this regard
Right to grievance redressal: You shall have the right to have readily available means of grievance redressal through the grievance redressal mechanism set up by Refyne, as provided below.
Right to Nominate: You shall have the right to nominate any other individual, who shall, in the event of your death or incapacity shall, exercise your rights as outlined in this Policy.

11. Your Obligations As A Data Subject

You represent and warrant to comply with the following obligations:

Comply with the provisions of all applicable laws as updated from time to time
To ensure not to impersonate another person while providing your Personal Data for a specified purpose
To ensure not to suppress any material information while providing your Personal Data for any document, unique identifier, proof of identity or proof of address issued by the State or any of its instrumentalities
To ensure not to register a false or frivolous grievance or complaint with Refyne or the Data Protection Board (once established); and
To furnish only such information as is verifiably authentic, while exercising the right to correction or erasure under the applicable law.
To update the Personal Data provided, as and when the same changes.

12. Mechanism For Grievance Redressal

In accordance with the Information Technology Act, 2000. and the rules made thereunder, and the Digital Personal Data Protection Act, 2023, and the rules thereunder (once implemented) the contact details for raising grievances, if any are provided below:

Address: Prestige Pegasus, Sarjapur - Marathahalli Rd, Ambalipura, Haralur, Karnataka 560103

Name: Goutham R.

Contact Number: 7795501555

Email: grievance@refyne.co.in

You may file Your complaint or raise any queries/requests by sending an email to our Grievance Redressal Officer the aforementioned email address. Our Grievance Redressal Officer shall revert to your complaint/query/request within the legally stipulated timelines.

13. Governing Law and Jurisdiction

This Privacy Policy will be governed by and construed in accordance with the laws of India and is subject to the exclusive jurisdiction of Courts at Bengaluru, Karnataka, India.

Last reviewed on: 31^st March 2026