Introduction
Effective Date May 1, 2025
Razorpay Payments International Inc. (“we” or “us or “our”) is committed to protecting the privacy of our users. This Privacy Policy outlines what data we process, how we do that, how it is used, how we safeguard it, and what your rights are. This Privacy Policy applies to the data we obtain from you when you use the Site and when you use the products, services, tools, and functionality offered or made available by us, whether online (including the Site), in person, or when you otherwise interact with us (herein collectively referred to as the “Services”). The “Site” shall mean all websites, devices, and applications that we operate, the pages within each such websites, devices and applications, and equivalent, mirror, replacement, substitute or backup such websites, devices and applications, and pages that are associated with each such websites, devices, and applications. By signing up for, accessing, or using our Services or by accessing our Site, you accept this Privacy Policy and consent to our collection, use, and disclosure of your Personal Data as described in this Privacy Policy. This Privacy Policy only covers our data collection, maintenance, and processing.
What information do we collect?
We collect two types of information from you, Personal Data and Technical Data (as defined below). Although we do not normally use Technical Data to identify individuals, sometimes individuals can be recognized from it, either alone or when combined or linked with Personal Data. In such situations, Technical Data can also be considered to be Personal Data under applicable laws, and we will treat the combined data as Personal Data. We may collect and process, for example, the following Personal Data: (i) name and contact details; (ii) e-mail address; (iii) phone number; (iv) date of birth (v) Social Security Number, (vi) invoicing and billing information; (vii) business and financial data, including but not limited to credit histories, credit scores, transaction history, and credit rates; and (viii) other Personal Data that you provide to us. The specific kind of Personal Data collected will depend on how you use the Services. Some of the Personal Data is received directly from you during your use of the Site or at the point of registration for the Services or otherwise at the beginning of and during your use of the Services, and the rest is based on the data you provide to us that is processed.
The Services use several web analytics services to compile Technical Data and reports on visitor usage and to help us improve our Services (“Technical Data”). Technical Data we gather in connection with the use of our Services may include, for example, the following data: (a) your IP address; (b) browser type and version; (c) preferred language; (d) geographic location using IP address or the GPS, wireless, or Bluetooth technology on your device; (e) operating system and computer platform; (f) the full Uniform Resource Locator (URL) clickstream to, through, and from our Services, including date and time; (g) products or services you viewed or searched for while using our Services; (h) areas of our Services you have visited; and (i) historical data regarding your use of our Services.
How do we collect your information?
We collect information from you from several sources, including bit not limited to:
Browsing Our Site:
When you visit the Site, our servers will collect information about your internet browsing activity on our Site.
Opening an Account:
When evaluating the Services and submitting an application to become our customer, you will be required to provide us with information about your business and its owners and officers. When you use your account, we will collect Personal Data and Technical Data. In addition, we may use session replay and similar technology to collect and recorf data about your use of, and interaction with, the Services, including recording certain interactions such as your mouse movements, keystrokes, and other activity. We use these technologies to better understand your interactions with the Services, in order to review and improve the customer experience, improve our marketing, and for troubleshooting purposes.
Your Inquiries:
When you complete and submit a form or otherwise provide us or third parties with personal information about you on our Site, or contact us by e-mail and telephone, we store the inquiries and their contents.
Customers of our Partner Platforms:
If you access the Services through a software platform, marketplace, payment facilitator, or other business that has an integration with us (“Partner Platform”), we may receive information about you from the Partner Platform, such as information about your business, its owners and officers, and transactions.
Customers of our Merchants:
If you are making a payment to a merchant that uses our Services to process your payment, we may, directly or through the merchant or Partner Platform providing services to the merchant, collect, process, and store financial and transaction related personal information about you and your transaction.
Service Providers:
We may receive information about you from our service providers, such as companies that manage risk and fraud or market the Services, card networks, payment processors, referral partners, identity verification companies, and from third parties that you have permitted to release information to us. We also may receive information about you from publicly available sources, such as from social media platforms like LinkedIn.
What do we use your information for?
There are several purposes for our collection, maintenance, and processing of Personal Data. We collect, maintain, and process Personal Data to perform our contractual obligations to you and to comply with any legal obligations. Furthermore, we collect, maintain, and process Personal Data to run, maintain, and develop our business. We also use or process Personal Data and Technical Data for some or all of the following purposes:
Quality of Services:
We may process information regarding the use of the Services to improve the quality of our Services (e.g. by analyzing any trends in the use of our Services). When possible, we will do this using only aggregated, non-personally identifiable data. Personal Data may also be used for research and analysis purposes in order to improve our Services.
Provide Services:
We collect, maintain and process Personal Data in the first place to be able to offer the Services to you and to run, maintain, and develop our business, including providing Personal Data to affiliates and third party providers necessary to provide the Services. In some cases, Personal Data may be collected, maintained, and processed in order to carry out our contractual obligations to you. Further, if you contact our customer service, we will use the information that you provide for answering questions and solving possible issues.
Communication:
We may collect, maintain and process Personal Data for the purpose of contacting you regarding our Services, to offer new products and services, and to inform you of changes in our Services.
Functionality of Services:
Provided the following are done in full compliance with this Privacy Policy, applicable laws, rules, and regulations, we may (a) process, analyze, and manage data to provide the Services to you; and (b) use data to analyze, develop, and improve the Services.
Share Information:
We may share information with third parties that is not personally identifying, such as aggregated or anonymized data that does not identify you or our third parties, in our discretion, where not prohibited by law.
Compliance:
We may share Personal Data in response to a subpoena or similar investigative demand, court order, requests for cooperation from a law enforcement agency, self-regulatory body, or other governmental agency to establish or exercise our legal rights, to defend against legal claims, or as we reasonably believe is required by law. In such cases, we may raise or waive any legal objection or right available to us.
Prevent Illegal Activities:
We may share Personal Data when we believe that disclosure is appropriate in order to investigate, prevent, or take action regarding any actual or suspected illegal activity or other wrongdoing, to protect and defend the rights, property, or safety of our business, our users, our employees, or others or to enforce any of our agreements or policies.
How do we protect your information?
We will take all reasonable and appropriate security measures to protect the Personal Data we store and process from unauthorized access or unauthorized alteration, disclosure or destruction. We maintain all Personal Data collected through industry standard safe mechanisms. We use administrative, organizational, technical, and physical safeguards to protect the Personal Data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. If a security breach occurs despite our security measures that is likely to have negative effects to your privacy, we will inform you and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as reasonably possible. We use appropriate security measures to keep your Personal Data safe; however, we cannot guarantee that your Personal Data will always remain secure. We encourage you to disclose any suspected security vulnerabilities or bugs to us at security_private@razorpay.com / compliance@razorpay.com. After a transaction, your private information (credit cards, social security numbers, financials, etc.) will be kept on file for more than 60 days in order to comply with our banking partners’ requirements.
Do we use cookies?
Yes. Cookies are small files that a site or its service provider transfers to your computers hard drive through your internet browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information. We use cookies to understand and save your preferences for future visits, keep track of advertisements and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. Please note that some parts of our Services may not function properly if use of cookies are refused. If you wish to op-out of cookies, you can use Clym.io tool located at https://clym.io/blog/introducing-widget-layouts-for-website-compliance. Further, our Services may not respond to Do-Not-Track requests or headers from some or all browsers.
Do we disclose any information to outside parties?
We do not share Personal Data with third parties outside of our organization other than in connection with the performance of the Services, including, without limitation, with third party providers for the Services, unless one of the following circumstances applies:
Consent:
We may share Personal Data with third parties outside of our organization when we have your explicit consent to do so. You have the right to withdraw this consent at all times.
Necessity:
To the extent that third parties need access to Personal Data to perform the Services, we have taken appropriate contractual and organizational measures to ensure that Personal Data is maintained and processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations.
Service Providers:
We may share Personal Data to authorized service providers who perform services for us (including data storage, sales, marketing and customer support services). Our agreements with our service providers include commitments that the service providers agree to limit their use of Personal Data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy. Please bear in mind that if you provide Personal Data directly to a third party, such as through a link on our website, the processing is typically based on their policies and standards.
Legal:
We may share Personal Data with third parties outside of our organization if we have a good-faith belief that access to and use of the Personal Data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of our customers or the public in accordance with the law. When possible, we will you about such transfer and processing.
Any Other Legitimate Reason:
If we are involved in a merger, acquisition or asset sale, we may transfer Personal Data to the third party involved; however, we will continue to ensure the confidentiality of all Personal Data. We will give notice to you when your Personal Data is transferred or becomes subject to a different privacy policy as soon as reasonably possible.
What are your rights concerning your Personal Data?
We will handle your requests and rights in accordance with applicable law. This means there may be legal reasons why we cannot fulfill all requests. We may need to request specific information from you to help confirm your identify and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response time.
Withdraw Consent:
In case the collection, maintenance, or processing of Personal Data is based on your consent, you may withdraw your consent at any time. Withdrawing your consent may lead to fewer possibilities to use the Services or the complete termination of our Services.
Correction:
You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary Personal Data we have stored about you corrected or completed.
Objection:
You may object to certain use of Personal Data if such information is collected, maintained, or processed for other purposes than purposes necessary for the performance of our Services to you or for compliance with a legal obligation. You may also object to any further collection, maintenance, or processing of Personal Data after previously giving consent. If you object to the further collection, maintenance, or processing of Personal Data, this may lead to fewer possibilities to use the Services or the complete termination of our Services.
Access:
We offer you access to your Personal Data that we maintained or processed. This means that you may contact us, and we will inform you what Personal Data we maintain and the purposes such Personal Data is used for.
Portability:
You have the right to receive your Personal Data from us in a structured and commonly used format and to independently transmit that information to a third party.
Deletion:
You may also ask us to delete your Personal Data from our systems. We will comply with such request, unless we have a legitimate ground to not delete the information. We may not immediately be able to delete all residual copies from our servers and backup systems after the active Personal Data has been deleted. Such copies shall be deleted as soon as reasonably possible.
Restriction:
You may request us to restrict certain maintenance or processing of Personal Data, but this may however lead to fewer possibilities to use our Services or the complete termination of our Services.
The above-mentioned rights may be used by sending a letter or an e-mail to us at the addresses set out below, including the following information: the full name, company name (if applicable), address, e-mail address, and a phone number. We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded. If you consider our collection, maintenance, or processing of Personal Data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection.
California Online Privacy Protection Act Compliance
We are required by the California Consumer Privacy Act of 2018 (“CCPS”) to provide this CCPS Notice to California residents to explain how we collect, use, and share their Personal Data, and the rights and choices we offer California residents regarding our handling of their Personal Data. This CCPA Notice applies only to California residents whose interactions with us are limited to:
1. Visiting our Site;
2. Signing up for email alerts;
3. Commenting on or contributing to our blogs;
4. Establishing an account that does not include financial products or services; or
5. Applying for our job openings on our websites (however, note that the CCPA limits some of the privacy rights for job applicants).
This CCPA Notice does not apply to the Personal Data we collect, use, or disclose about consumers who initiate or complete the process of applying for financial products or services. This is because this information is subject is subject to the federal Gramm-Leach-Billey Act (“GLBA”) and implementing regulations of the California Financial Information Privacy Act (“FIPA”), or representatives of businesses that seek to obtain our products or services, or to provide products or services to us. We do not sell personal information. As explained in this Privacy Policy, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising.
Categories of Information We Collect
Categories of Information We Collect
Do we collect this information?
Do we disclose this information for business purposes?
Identifiers
Yes
No
Online
Yes
No
Protected
Yes
No
Commercial Information
No
No
Biometric Information
No
No
Internet or Network Information
Yes
No
Geolocation Data
Yes
No
Professional or Employment Information
No
No
Education Information
No
No
Inferences
Yes
No
Financial Information
Yes
No
Medical Information
No
No
Categories of Personal Information
Examples of Elements Within the Category
Biometric Information
An individual’s physiological, biological or behavioral characteristics, including information pertaining to an individual’s DNA, that is used or is intended to be used, singly or in combination with each other or with other identifying data, to establish an individual’s identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a face print, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
Commercial Information
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Financial Information
Bank account number, debit or credit card numbers, insurance policy number, and other financial information.
Geolocation Data
Precise location, e.g., derived from GPS coordinates or telemetry data.
Identifiers
Real name, alias, postal address, unique personal identifier, customer number, email address, account name other similar identifiers.
Inferences
Inferences drawn from any personal information collected to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Medical Information
Personal information about an individual’s health or healthcare, including health insurance information
Internet or Network Information
Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
Professional or Employment Information
Information relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations), and educational background.
Protected Classification Characteristics
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Racial or ethnic origin, religious or philosophical beliefs, genetic data, and personal information collected and analyzed concerning a consumer’s sex life or sexual orientation are considered to be sensitive personal information under the CCPA.
The below provides California residents the right to know the categories of Personal Data collected and whether we disclosed your Personal Data for business purposes in the proceeding twelve (12) months:
Privacy Practices:
We do not sell Personal Data. As explained in our Privacy Policy, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising. Please note that we may also disclose Personal Data as described in this Privacy Policy.
Privacy Rights:
The CCPA grants individuals the following rights:
1. Information and Access. You can request information about how we have collected, used, and shared your Personal Data during the past 12 months. You can also request a copy of the Personal Data that we maintain about you.
2. Deletion. You can ask us to delete the Personal Data that we collected or maintained about you. Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. We will respond to requests for information and access only to the extent we are able to associate with a reasonable effort the information we maintain with the identifying details you provide in your request. If we deny your request, we will communicate our decision to you. You are entitled to exercise the rights described above free from discrimination. To request access to or deletion of Personal Data please contact us at dpo@razorpay.com 3. Opt-Out. You may request us to stop sharing your Personal Data (“op-out”, including via a user-enabled global privacy control). We cannot share your Personal Data after we receive your opt-out request unless you later authorize us to do so again.
4. Non-discrimination. We cannot deny you the Services, charge you a different price, or provide a different level or quality of the Services just because you exercised your rights under the CCPA. However, if you refuse to provide your Personal Data to us or ask us to delete or stop sharing your Personal Data, and that Personal Data or the sharing of the Personal Data is necessary for us to provide you with the Services, we may not be able to complete that portion of the Services or the Services in its entirety.
5. Correction. You have the right to ask us to correct any inaccurate information that we may have about you.
6. Limit. You can direct us to only use your sensitive Personal Data (i.e. your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the Services.
7. Identity verification. The CCPA requires us to verify the identity of the individual submitting a request to access or delete Personal Data before providing a substantive response to the request. We will ask you to verify your identity when you submit a request.
8.Authorized Agents. California residents can empower an “authorized agent” to submit a request on their behalf. We will require the authorized agent to have a written authorization confirming that authority.
Viriginia, Colorado, Connecticut, and Utah
In addition to your rights set forth in this Privacy Policy, residents of Virginia, Colorado, Connecticut, and Utah have the right to opt-out of the sharing of Personal Data. Residents of Virginia, Colorado and Connecticut also have the right to appeal any decision made by us concerning the use of your Personal Data.
Children’s Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older. If we learn we have collected such information, we will delete such information. To notify us that we might have any information from or about a person under the age of 13 , please contact us at dpo@razorpay.com.
Changes to our Privacy Policy
We reserve the right to modify or amend this Privacy Policy at any time and for any reason. If we make any changes, we will notify you by posting it on our Site. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the information we collect. By using our Services, you acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of any modifications. If there are material changes to this Privacy Policy, we will notify you more directly by email or means of a notice on the home page prior to the change becoming effective. We encourage you to review our Privacy Policy periodically to stay informed about our information practices and the ways you can help protect your privacy. Your continued access or use of our website and Services following a change means you consent to the collection, maintenance, use and disclosure of your Personal Data as set out in this Privacy Policy.
Contacting Us
If there are any questions regarding this Privacy Policy, you may contact us at dpo@razorpay.com