Last updated: 8 October 2025
Effective date: 8 October 2025
Entity: MyRupaya Contentedge Private Limited having CIN: U72900RJ2022PTC079257
Contact: admin@myrupaya.in
Grievance Officer (India): Abhijeet Saxena, Chief Executive Officer, admin@myrupaya.in,
+91 6375 278 708

This Privacy Policy explains how MyRupaya Contentedge Private Limited ("we", "our", "us")

collects, uses, discloses, and protects personal data in relation to our discountfinder
application available in India (the "App"). It is drafted to comply with the Information
Technology Act, 2000 and the rules thereunder, including the Information Technology
(Reasonable Security Practices and Procedures and Sensitive Personal Data or
Information) Rules, 2011 (the "SPDI Rules"), and, as applicable, the Digital Personal Data
Protection Act, 2023 ("DPDP Act"). If there is any conflict, the requirements of applicable
law will prevail.

​

1) Scope & Controller
This Policy applies to personal data processed by us when you use the App in India. Unless
stated otherwise, we are the "data fiduciary"/controller for your personal data.

2) What we do
MyRupaya helps you discover publicly available offers and discounts based on the brand
names of credit and debit cards you use. We also help you compare credit cards, bank
accounts, and other financial products. We do not ask for or store card numbers, CVV,
expiry dates, PINs, netbanking credentials, or similar sensitive authentication data.

3) Personal data we collect
We collect the minimum data necessary to operate the App:
1. Account & Profile Data
o Name, mobile phone number, and email address (stored in your account),
password/credential (hashed), and your inApp preferences. These identifiers
are required to create and operate your account and to communicate with
you.

2. Card Brand Metadata (UserProvided)

o The brand/network and bank of your payment cards that you manually
select or confirm in the App (e.g., "HDFC Bank- Swiggy HDFC Credit Card-
Mastercrd").
o We do not collect card numbers or any transaction data.
3. Contacts (Optional, with explicit optin)
o If you grant the App permission to access your phone contacts, we collect
names and phone numbers/emails strictly to enable the feature described in
Section 6 ("Contacts Feature").
o Access to contacts is not required to use the App’s core offerfinding features.
4. Device & Usage Data
o Device identifiers, OS and App version, IP address (truncated or generalised),
logs, crash reports, and usage analytics (e.g., screens viewed, taps/clicks) to
maintain and improve the App.

5. Communications
o Messages you send to our support, survey responses, or feedback.

Sensitive Personal Data: We do not intentionally collect "sensitive personal data" under the
SPDI Rules (e.g., passwords in plain text, financial information such as bank account or card
numbers, health data, etc.). Do not share such data with us through freetext fields.

4) Sources of personal data
 You, when you provide data in the App.
 Your device, via permissions you grant (e.g., contacts).
 Service providers, who provide analytics, crash logging, hosting, or customer support
tools.

5) How we use personal data (Purposes & legal bases)
We use your personal data for the following purposes and, as applicable, on the following
legal bases under the DPDP Act:
1. Provide and operate the App (set up your account, show offers based on your
selected card brands).
Legal basis: Consent (where obtained) and performance of contract.

2. Contacts Feature (optional) — show you card brand names (not numbers) of
contacts who also use the App and have opted in, and reciprocally show your card
brand names to those contacts (see Section 6).
Legal basis: Consent (optin; revocable at any time).
3. Customer support & communication — respond to queries, send service messages,
notify about changes.
Legal basis: Performance of contract and legitimate use consistent with the DPDP
Act.
4. App security, fraud prevention, diagnostics — maintain availability, integrity, and
security.
Legal basis: Compliance with law and legitimate use.
5. Improvement & analytics — understand App usage to improve features and
performance (using privacypreserving measures where feasible).
Legal basis: Consent (where required) and legitimate use.
6. Marketing & offers communications — send you messages, notifications, and
emails about shopping and other offers, discounts, feature updates, and promotions
from us and, where permitted, from selected partners. You can opt out at any time
(see Section 9).
Legal basis: Consent (including via device settings for push notifications) and/or
**legitimate use
6) Contacts Feature (Optional; Reciprocity explained)
This feature is off by default and requires your express optin to access your phone contacts.
 What we access: contacts’ names and phone numbers/emails from your device
address book.
 How we match: we create privacyprotective identifiers (e.g., hashing/normalising
phone numbers/emails) to check if your contacts also use MyRupaya and opted in to
this feature.
 What is shared/visible: Only the card brand names that each optedin user has
chosen to display (e.g., "Axis Bank – RuPay Select") are visible to matching contacts.
No card numbers or transactional information are shown.
 Reciprocity: If you opt in to view your contacts’ card brand names, your selected
card brand names will also be visible to your contacts who (i) have installed
MyRupaya and (ii) opted in.
 Your choice: You can deny or withdraw contact permission at any time in your
device settings or within the App. Denying or withdrawing does not limit your access
to core discountfinder features.

 Storage: Contact identifiers used for matching are stored only as necessary to
provide the feature and are periodically refreshed. Raw address book data is not
sold.
Important: Please ensure you have your contacts’ consent before sharing their data with us
through this feature, as required by applicable law and platform policies.

7) Disclosures & international transfers
We may disclose personal data to:
 Service providers (processors) under contracts that require them to use data solely
to perform services for us (e.g., cloud hosting, analytics, crash reporting, customer
support).
 Affiliates within the MyRupaya group (if any) for operations consistent with this
Policy.
 Law enforcement or regulators where required by applicable law, court order, or to
protect rights, safety, or security.
 Business transfers: in connection with a merger, acquisition, or sale of assets, in
which case we will require the new entity to honour this Policy.
If we transfer personal data outside India, we will comply with applicable law and ensure
adequate protection (e.g., contractual safeguards, jurisdictional whitelists if prescribed, or
other lawful transfer mechanisms under the DPDP Act/Rules).

8) Data retention
We retain personal data only for as long as necessary for the purposes stated here or as
required by law. Typical retention:
 Account & Profile: for the life of your account and a reasonable period thereafter for
dispute resolution and legal compliance.
 Contacts Feature data: retained for as long as you keep the feature enabled and is
routinely refreshed; deleted or irreversibly deidentified upon optout or account
deletion (subject to backup cycles).
 Logs & analytics: for limited periods to ensure security and performance.

9) Your rights & choices

Subject to applicable law, you may:
 Access your personal data we hold about you.
 Correct inaccurate or incomplete data.
 Withdraw consent at any time (e.g., for contacts or analytics).
 Delete your account and request erasure of personal data, subject to legal retention
requirements.
 Grievance redressal: contact our Grievance Officer (details at top). We endeavour to
acknowledge and resolve grievances within 30 days as per the SPDI Rules/IT Act.
You can exercise many choices within the App (e.g., toggles for permissions). For other
requests, contact us at admin@myrupaya.in.

10) Security practices
We implement reasonable security practices and procedures as required under the IT Act
and SPDI Rules, including administrative, technical, and physical safeguards, such as
encryption in transit, access controls, rolebased access, audit logging, and staff training.
While we strive to protect your data, no system is 100% secure.

11) Children’s privacy
The App is intended for users 18 years and older. We do not knowingly collect personal data
from children. If you believe a child has provided personal data, contact us to delete it.

12) Thirdparty content & links
The App surfaces publicly available offers from thirdparty websites and providers. We are
not responsible for the privacy practices of those third parties. Please review their privacy
policies before engaging.

13) Changes to this Policy
We may update this Policy from time to time. Material changes will be notified within the
App or by email (where appropriate). Continued use after the effective date means you
acknowledge the updated Policy.

14) How to contact us
For questions, requests, or complaints about this Policy or our data practices, please
contact:
Email: admin@myrupaya.in
Postal: Registered address
Grievance Officer (India): Abhijeet Saxena — Email: admin@myrupaya.in — Response
timeline: within 30 days.

15) Summary of key points (PlainEnglish)
 We collect only what we need: your account details and card brand names (no card
numbers).
 Contacts permission is optional and only for showing card brand names among
contacts who also opt in. If you opt in to view others’ brands, yours will be visible to
them (reciprocity). You can opt out anytime.
 We do not sell personal data.
 You have rights to access, correct, delete, and withdraw consent.
 We follow India’s IT Act, SPDI Rules, and (as applicable) the DPDP Act.

Annex A — Contacts Feature Consent Text (inApp)
By enabling the Contacts feature, you agree that: (i) the App may access and process your
address book (names and phone numbers/emails) to determine which of your contacts use
MyRupaya and have enabled this feature; (ii) you will be able to view the card brand names
that such contacts have chosen to display; and (iii) on a reciprocal basis, your own selected
card brand names will be visible to those contacts. You may disable this feature at any time
in Settings, after which matching will stop and stored identifiers used for matching will be
deleted or deidentified within a reasonable period.
Annex B — Prohibited Data
 Card number, CVV, PIN, expiry date, OTPs, netbanking credentials, or any other
sensitive authentication data.
 Transaction histories or statements.
If you have any concerns about how your data is handled, please contact our Grievance
Officer. We are committed to protecting your privacy.