This Privacy Policy is in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable RBI and NPCI data protection guidelines. We are committed to protecting your personal data and being transparent about how we use it.
Mythri DigiTech ("we", "us", "our") operates the Credit Wallet platform. We are committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and all applicable RBI and NPCI directives.
This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your rights under Indian law as a Data Principal.
We process your personal data for the following lawful purposes under the DPDP Act:
KYC verification is conducted through the DigiLocker platform authorized by the Government of India. We handle your identity documents as follows:
Payment processing is handled by licensed payment service providers (Razorpay, Cashfree). We do not store full card numbers or UPI credentials. All payment data is tokenized and handled in accordance with PCI-DSS standards by our gateway partners.
Bank account details provided for withdrawals are stored in encrypted form and are accessible only for settlement processing. We do not share your bank account details with third parties except as required for settlement.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data | Duration of account + 2 years | Contractual |
| KYC documents | Minimum 5 years post-closure | PMLA / RBI |
| Transaction records | 10 years | NPCI / RBI |
| Technical logs | 90 days | Security |
We implement industry-standard and regulatory-mandated security measures to protect your personal data, including:
While we implement robust security measures, no system is completely immune to breaches. In the event of a data breach affecting your rights, we will notify affected users and regulatory authorities as required by the DPDP Act within prescribed timelines.
As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:
Request a summary of personal data we hold about you and how it is being processed.
Request correction of inaccurate or incomplete personal data we hold about you.
Request deletion of personal data when the purpose of processing is fulfilled, subject to legal retention obligations.
Raise concerns with our Data Protection Officer. Unresolved complaints can be escalated to the Data Protection Board of India.
Withdraw consent for non-mandatory data processing. Note: withdrawal of consent for mandatory processing (KYC, compliance) may result in service restrictions.
Nominate a person to exercise your data rights in the event of your death or incapacity, as per the DPDP Act.
Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we discover that we have inadvertently collected data from a minor, we will delete it immediately. If you believe a minor has provided data to us, please contact our DPO.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory guidelines. We will notify you of material changes via email or in-app notification at least 15 days before they take effect. The "Last updated" date at the top of this page reflects when the policy was last revised.
For privacy-related queries, data access requests, or complaints, contact our Data Protection Officer:
Data Protection Officer — Mythri DigiTech
Email: info@mythridigitech.com
Platform: mythridigitech.com
We will acknowledge your request within 48 hours and respond fully within 30 days as mandated by the DPDP Act, 2023. Unresolved complaints may be escalated to the Data Protection Board of India.