Privacy Policy

Last Updated: November 1, 2025

1. Introduction

Welcome to TapRupee ("we," "us," or "our"). We value the trust you place in us. This Privacy Policy outlines how we collect, use, process, and protect your personal information when you use our virtual credit card services and mobile application (the "App").

We are committed to protecting your privacy and ensuring the security of your financial data in compliance with applicable Indian laws and regulations. By downloading and using the App, you agree to the terms of this Privacy Policy.

2. Information We Collect

To provide you with virtual credit services, facilitate top-ups (recharges), and maintain transaction records, we collect the following types of information:

A. Personal Identity & KYC Information

To comply with "Know Your Customer" (KYC) norms and evaluate your creditworthiness, we require:

• Basic Information: Full name, phone number, gender, date of birth, and residential address.
• Identity Documents: Images of your government-issued ID (e.g., Aadhaar) captured via the camera.
• Employment Proof: Images or details regarding your work status to assess repayment capacity.

B. Permissions & Device Data

We request specific permissions to ensure account security, verify your identity, and assess credit risk. We adhere to a strict data minimization policy.

• SMS Permission (Financial SMS Only)
  We strictly access transactional SMS (e.g., bank alerts, payment confirmations) to analyze your financial profile and cash flow for credit risk assessment. We DO NOT read, store, or share your personal or private text messages.
• Call Log Permission (Device Security & Verification)
  We access specific metadata from your call logs strictly to verify that the SIM card is active on the current device (Device Binding) and to authenticate Voice OTPs. This ensures the uniqueness and security of your device environment. We collected the following specific fields:
  • Call Number: To match against our verification system's incoming number.
  • Call Type: Strictly filtered for Incoming or Missed calls (to verify receipt).
  • Call Duration: To confirm the nature of the verification call.
  • Timestamp: To ensure the call occurred within the verification time window.
  Privacy Commitment: We do NOT access your contact names or unrelated personal call history. This data is processed transiently for verification purposes.
• Camera Permission
  Required to capture clear images of your ID documents and proof of employment for KYC compliance.
• Location Permission (Approximate)
  We collect your coarse location to verify that the login attempt is from a valid region and to prevent unauthorized access from suspicious locations.
• Installed Application List (App List)
  We scan the list of installed apps to identify potential security threats (e.g., remote access trojans, unauthorized lending apps) that may compromise your financial data.
• Device Information
  We collect hardware model, operating system version, unique device identifiers (IMEI/IMSI), and network information for app stability and security.

3. Data Security and Encryption

We treat your data with the highest level of security.

• Encryption: All data collected from your device (including images, device identifiers, and permission-based data) is encrypted using banking-grade protocols (SSL/TLS 256-bit encryption) before being securely uploaded to our servers:[https://api.taprupee.click]. This ensures your data is unreadable to unauthorized parties during transmission.
• Secure Infrastructure: Our servers are protected by advanced firewalls and access control systems. We regularly audit our security measures to prevent data breaches.

4. Data Retention and Deletion

We follow a strict "Storage Limitation" principle regarding your data:

• Temporary Storage (Sensitive Data): Data collected strictly for immediate verification or risk scoring (such as Call Log metadata, App Lists, and raw SMS data) is uploaded to our servers for processing and is deleted or anonymized immediately after the verification or credit assessment is complete. We do not permanently hoard this sensitive data.
• Account Data (Long-term): We retain your basic profile, KYC documents, and Transaction History (recharges and spending records) for as long as your account is active. This is necessary to allow you to view your spending history and to comply with Indian financial regulations (e.g., PMLA Act) for audit purposes.

5. How We Use Your Information

• Service Delivery: To activate your virtual credit card and process top-ups.
• Currency Conversion: To ensure accurate transaction values for cross-border services, we utilize the open-source exchange rate interface https://api.exchangerate-api.com/v4/latest/USD to provide real-time currency conversion data.
• User History: To display your recharge and consumption records within the App.
• Risk Control: To detect fraud, money laundering, and assess credit limits.
• Security Verification: To bind your device to your account using Call Log and Device markers tho prevent account takeover.
• Communication: To send you transaction alerts and policy updates.

6. Disclosure to Third Parties

We do not sell your personal information. We may share your data only with:

• Legal Authorities: When required by law, court order, or government regulation.

7. Your Rights

You have the right to access, review, and request corrections to your personal data. You may also request the deletion of your account. However, please note that we may retain specific transaction records for a statutory period as required by Indian law.

8. Contact Us

For general inquiries about the App, please contact us at: help@taprupee.click