PRIVACY POLICY

This Privacy Policy explains our policy regarding the collection, use, disclosure and transfer of your information by Catagrowth Technologies Private Limited ("Company," "we," "us," or "our") is committed to ensuring the privacy and security of data processed through our technology platform. This Privacy Policy outlines how we collect, use, process, store, and protect data in compliance with applicable Indian laws, including but not limited to the Information Technology Act, 2000, the Personal Data Protection Bill (if applicable), the Reserve Bank of India (RBI) Guidelines, and other relevant data protection and cybersecurity regulations.

SCOPE & APPLICABILITY

This Privacy Policy applies to our B2B platform, which facilitates transactions, rewards, and data analytics between banks, NBFCs, merchants, and other financial institutions (collectively referred to as "Partners"). No individual (end-user/customer) directly accesses or interacts with our platform. All customer-related data is received, processed, and stored in hashed form to ensure data security and privacy after obtaining consent to do so from our Partners.

DATA COLLECTION & PROCESSING

We do not collect personal data directly from individuals. Instead, we process transactional and anonymized customer data shared by our Partners. The types of data we handle include:

  • Transactional Data: Payment details, purchase history, reward points earned, redeemed, or expired.
  • Merchant & Bank Data: Business details, agreements, transaction volumes, and settlement reports.
  • Anonymized Customer Data: All personally identifiable information (PII) is converted into a hashed format before being processed by our systems.
  • Technical & Usage Data: Logs, metadata, and analytics required for service improvement and fraud detection.

Purpose of Data Processing

We process data to:

  • Suggest potential partners on the platform to run joint campaigns
  • Launch Offer campaigns and disburse rewards
  • Analyze spending patterns to customize and enhance rewards programs
  • Provide business intelligence reports to our Partners
  • Ensure compliance with regulatory and legal obligations

DATA STORAGE & SECURITY MEASURES

All customer-related data is stored in hashed format using industry-standard encryption techniques. We comply with RBI’s data localization guidelines, ensuring all transaction data remains stored in servers located in India. Role-based access controls (RBAC) and multi-factor authentication (MFA) are enforced to prevent unauthorized access. Regular audits and security assessments are conducted to identify and mitigate vulnerabilities. Data backup policies ensure recovery in case of a security breach or system failure.

DATA SHARING & DISCLOSURE

We do not sell, trade, or disclose data to third parties, except under the following conditions:

  • Regulatory Compliance: When required by Indian regulatory bodies such as RBI, SEBI, NPCI, or other government authorities.
  • Fraud Prevention & Risk Mitigation: Data may be shared with fraud detection agencies or partners to prevent financial crimes.
  • Legal Requirements: In response to legal orders, warrants, or law enforcement investigations.
  • Service Providers: Third-party vendors engaged for infrastructure, security, or analytics, subject to strict confidentiality obligations.

DATA RETENTION POLICY

Transactional and hashed customer data is retained for a period specified under RBI guidelines or applicable laws. Upon expiration of the retention period, data is securely deleted or anonymized. Partners may request data deletion, provided it does not conflict with legal obligations.

RIGHTS & RESPONSIBILITIES OF PARTNERS

Partners are responsible for ensuring that they collect and share customer data in compliance with applicable privacy laws. Partners must obtain the necessary consent from their customers before sharing data with us. Partners can request reports, insights, or modifications related to their data, subject to authentication and verification.

COMPLIANCE WITH INDIAN LAWS & REGULATIONS

We ensure full compliance with:

  • Information Technology Act, 2000 & IT (Reasonable Security Practices and Procedures) Rules, 2011
  • RBI Master Directions on Digital Payment Security Controls
  • Digital Personal Data Protection Act, 2023
  • Prevention of Money Laundering Act (PMLA), 2002
  • Any other relevant financial or data protection regulations

DATA BREACH NOTIFICATION POLICY

In case of a data breach, we will notify the affected Partners within 48 hours of detection. Incident response teams will work to contain, assess, and mitigate risks associated with the breach. Reports will be submitted to regulatory authorities as per legal requirements.

COOKIES & TRACKING TECHNOLOGIES

Use of Cookies: Since FealtyX operates a B2B platform that does not allow direct individual logins, our use of cookies and tracking technologies is limited to system functionality, security, and performance monitoring. We do not use cookies for individual user profiling, targeted advertising, or personal data collection directly.

Types of Cookies Used: We utilize the following types of cookies and tracking technologies:

  • Essential Cookies: These are strictly necessary for the operation of our platform, ensuring secure authentication, session management, and fraud prevention.
  • Performance & Analytics Cookies: These help us analyze system performance, detect anomalies, and optimize platform functionality for our banking, NBFC, and merchant partners.
  • Security Cookies: Used to prevent fraud, unauthorized access, and detect malicious activities on our platform.

Third-Party Tracking & Analytics: We may use third-party analytics services (such as Google Analytics or similar tools) to collect aggregated, non-personal insights about platform usage, ensuring compliance with Indian data protection laws. However, all customer-related data remains hashed and anonymized before being processed.

Cookie Control & Consent: Since the platform is used exclusively by registered partners (banks, NBFCs, merchants), cookie policies are part of contractual agreements with our partners. Partners may configure their browser settings to block or restrict cookies, but this may impact platform functionality.

AMENDMENTS & UPDATES

We may update this Privacy Policy periodically to comply with new laws, regulatory requirements, or changes in our business practices. Partners will be notified of any significant changes.

QUESTIONS / GRIEVANCE REDRESSAL

In the event you have any grievance relating to the processing of information provided by you, you may contact our Grievance Department, atcare@fealtyx.com or write to us at the following address: Unit 101, Oxford Towers 139 HAL Old Airport Road H.A.L II Stage Bangalore Karnataka 560008.

Last Modified on March 18th 2025