This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Paymorz services.
This Privacy Policy ("Policy") explains how QUANTUMCONA LLP, operating as Paymorz™ ("Company," "we," "our," "us"), collects, uses, and protects your personal information through our website, mobile application, and related services (collectively, the "Platform").
Paymorz™ is a vendor management and payment enablement platform developed by QUANTUMCONA LLP. The Platform enables businesses, startups, and enterprise clients to onboard vendors, verify their KYC details, manage invoices, and process secure payments in compliance with Indian regulatory requirements.
We respect your privacy and comply with applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act), Information Technology Rules, 2011, Intermediary Guidelines, 2021, and Reserve Bank of India (RBI) regulations.
By using the Platform, you acknowledge that you have read, understood, and agree to this Policy. If you do not consent to this Policy, please discontinue use of our services immediately.
This Policy applies to all users of Paymorz™, including:
This Policy covers personal and sensitive data (including KYC, financial, and transactional details) collected through our website, mobile application, customer support channels, and authorized third-party tools.
This Policy does not apply to:
We encourage users to review third-party privacy practices before sharing their data with external services.
This Policy shall be governed by and construed in accordance with the laws of India, with exclusive jurisdiction in the courts of Hyderabad, Telangana, unless otherwise required by applicable law.
Terms used in this Policy have the same meaning as defined in the Paymorz™ Terms and Conditions.
This Policy aims to:
When you use Paymorz™, we collect and process certain personal and sensitive data to operate the Platform, verify users, process payments, and comply with legal obligations. We only collect information that is necessary, lawful, and proportionate, as required under Section 6 of the DPDP Act, 2023.
Data Categories: Name, business name, email address, phone number, physical address, and login credentials.
Purpose: Account creation, identity verification, communication, and registration compliance.
Data Categories: Bank account details, UPI ID, transaction references, and invoice details (processed via PCI-DSS–compliant partners such as Razorpay and similar payment aggregators).
Purpose: Secure payment processing, settlements, and financial compliance.
Important Note: Paymorz™ does not store card details or CVV information.
Data Categories: Permanent Account Number (PAN), Aadhaar details, business registration documents, Goods and Services Tax Identification Number (GSTIN), and proof of address.
Purpose: Identity verification, anti-fraud checks, and compliance with Reserve Bank of India (RBI) and Prevention of Money Laundering Act (PMLA) obligations.
Security: All sensitive data is encrypted and transmitted securely through secure channels.
Data Categories: Invoices generated, payments made to service providers, transaction and settlement details, communication records related to vendor onboarding or payments, and feedback history.
Purpose: To maintain transaction integrity, enable payment reconciliation, and support dispute resolution or audit compliance.
Data Categories: IP address, device ID, operating system type, browser information, performance logs, and approximate location (non-precise).
Collection Method: Collected via cookies, software development kits (SDKs), and analytics tools (e.g., Google Analytics, Mixpanel, and Sentry).
Purpose: Security monitoring, performance diagnostics, error tracking, and improving platform stability and user experience.
Data Categories: Messages, support tickets, attachments, and timestamps when you contact us.
Purpose: Customer support, issue tracking, and service quality improvement.
Data Categories: Subscription preferences, engagement metrics, and referral participation (collected only with your explicit consent).
Purpose: Sending product updates, promotional offers, and reward notifications.
Data Categories: Financial details, official identification documents, passwords, and biometric data (if utilized).
Purpose: Used exclusively for KYC verification, fraud prevention, or as legally required, with encryption and restricted access controls.
All data is processed lawfully under contractual necessity, legitimate interest, or user consent, in accordance with the DPDP Act, 2023.
We may receive limited data from the following sources:
All such data sharing is governed by Data Processing Agreements (DPAs) ensuring equivalent protection standards as required under the DPDP Act, 2023.
You are responsible for ensuring that all information you provide is accurate and up to date. Incorrect or false data may lead to account suspension or service restrictions. To update or correct your data, please contact support@paymorz.com.
You may choose not to provide certain data; however, this may restrict access to key features such as KYC verification, payment processing, or referral rewards.
Paymorz™ processes your personal and sensitive data only for lawful, necessary, and defined purposes, in accordance with Section 4(1)(b) of the DPDP Act, 2023. We never sell, rent, or use personal data for unrelated or unauthorized purposes.
Purpose: To register and maintain your account, authenticate identity, and verify contact details.
Legal Basis: Contractual necessity; legitimate interest.
Purpose: To verify authenticity under Reserve Bank of India (RBI), Prevention of Money Laundering Act (PMLA), and KYC regulations using PAN, Aadhaar, GSTIN, or equivalent identification documents.
Legal Basis: Legal obligation; legitimate interest (fraud prevention).
Purpose: To process, reconcile, and record payments through PCI-DSS–compliant partners (e.g., Razorpay).
Legal Basis: Contractual necessity; legitimate interest (financial audit).
Purpose: To facilitate vendor onboarding, service provider engagement, invoice management, payment requests, and exchange of compliance documents.
Legal Basis: Contractual necessity.
Purpose: To assist users, log issues, and track resolutions for transparency and audit purposes.
Legal Basis: Contractual necessity; legitimate interest.
Purpose: To monitor activity, detect anomalies, and prevent unauthorized or suspicious behavior using automated and manual checks.
Legal Basis: Legal obligation; legitimate interest.
Purpose: To fulfill obligations under applicable laws, court orders, or regulator directives (e.g., RBI, Financial Intelligence Unit - India (FIU-IND), Tax authorities).
Legal Basis: Legal obligation.
Purpose: To analyze anonymized usage patterns, fix errors, and enhance platform performance.
Legal Basis: Legitimate interest; user consent (for non-essential analytics cookies).
Purpose: To send product updates, promotions, or referral offers only with explicit consent.
User Control: Users may withdraw consent at any time through account settings or unsubscribe links.
Legal Basis: Consent.
Purpose: To enforce our Terms and Conditions, resolve violations, and maintain records for audits and investigations.
Legal Basis: Legal obligation; legitimate interest.
Paymorz™ does not engage in fully automated decision-making or profiling that produces legal effects without human oversight. Aggregated, anonymized insights (e.g., usage trends, fraud patterns, uptime metrics) may be used internally for analytics but never identify individuals.
We collect and retain only data necessary for the purposes outlined above. If Paymorz™ introduces new integrations or features, we will conduct a Data Protection Impact Assessment (DPIA) and inform users before processing any new data category or use. New purposes will always be supported by either a lawful basis or fresh consent.
Paymorz™ expressly forbids the following:
Paymorz™ processes personal data only when there is a clear and lawful basis, in line with Sections 4 and 7 of the DPDP Act, 2023. We process your data when:
We do not sell, lease, or process data for unrelated or unauthorized purposes.
Application: Used for non-essential or optional processing, such as:
Consent Management: Consent is obtained through clear, affirmative action and may be withdrawn at any time via account settings or email to support@paymorz.com. Withdrawal does not affect processing completed before revocation.
Application: Required to perform Paymorz™'s contractual and operational obligations, including:
Importance: Without this data, Paymorz™ cannot deliver its essential vendor management and payment processing services.
Application: We process and retain data as required by:
Note: These obligations may continue even after consent withdrawal or account closure.
Application: We process limited data to ensure operational integrity and service improvement, such as:
Safeguards: We apply strict safeguards to ensure such processing never overrides user rights.
Application: In rare cases, Paymorz™ may process data to assist lawful investigations or fulfill public mandates (e.g., fraud detection, AML compliance), under authorized supervision.
Application: For internal staff, consultants, or verified vendors, data is processed for onboarding, payroll, and compliance with labor and tax obligations.
Paymorz™ does not engage in automated decisions or profiling that produce legal or significant effects without human oversight. Automated tools (e.g., fraud detection) operate under supervision and regular review.
Before processing data for a new or secondary purpose, Paymorz™ will:
No new purpose is introduced without a valid lawful basis and transparency update.
Paymorz™ maintains internal Records of Processing Activities (RoPA) detailing:
These records are periodically reviewed by the Data Protection Officer (DPO) for ongoing compliance.
Paymorz™ does not sell or trade user data. Information may be shared only with trusted partners that help us operate the Platform or meet legal obligations. Each disclosure is limited, documented, and protected by confidentiality agreements and Data Processing Agreements (DPAs) that require equivalent safeguards under the DPDP Act, 2023, and Information Technology Rules, 2011.
Partners: Razorpay and similar licensed payment aggregators.
Purpose: Process and reconcile transactions, prevent fraud, and comply with Reserve Bank of India (RBI) KYC and record-keeping norms.
Partners: Google Cloud, Supabase, Amazon Web Services (AWS), or equivalent secure hosts certified under ISO 27001 or SOC 2.
Purpose: Reliable storage, uptime, and scalability of Platform data.
Partners: Mixpanel, Google Analytics, or comparable analytics SDKs.
Purpose: Understand usage trends and improve functionality using anonymized or pseudonymized data.
Partners: Clerk.dev (for login), SendGrid / Twilio (for OTPs and emails), and similar future providers.
Purpose: Account access, alerts, and verification.
Partners: Independent verification or background-check agencies.
Purpose: Fulfill Reserve Bank of India (RBI) and Financial Intelligence Unit - India (FIU-IND) KYC-AML obligations.
Partners: Law firms, auditors, and tax consultants.
Purpose: Legal defense, contract enforcement, and statutory audit.
Recipients: Courts, regulators, or law-enforcement bodies—only on lawful request or statutory compulsion.
Purpose: Legal compliance and prevention of unlawful activity.
Circumstances: In mergers or acquisitions, data may transfer to a successor entity with equal safeguards.
Purpose: Business continuity.
Access Control: Access is role-based and limited to trained staff in support, compliance, or engineering departments.
Purpose: Secure internal operations.
Each vendor is screened for certifications (ISO 27001, SOC 2, PCI DSS), localization compliance, and past security record. All future or replacement providers—known or unknown—will meet equivalent protection standards, and material additions will be disclosed through policy updates.
Paymorz™ never:
We may share only aggregated or anonymized statistics (e.g., usage or performance trends) that cannot identify individuals.
At Paymorz™, protecting your personal and financial data is fundamental to our operations. We apply multi-layered administrative, technical, and organizational safeguards to preserve confidentiality, integrity, and availability throughout the data lifecycle.
Our security framework aligns with:
Paymorz™ maintains a 24×7 Incident Response Framework (IRF) to detect, assess, and resolve security incidents:
Users share responsibility for securing their accounts. We recommend:
Negligence in account hygiene may limit Paymorz™'s ability to prevent misuse.
Automated validation and audit logs ensure information remains accurate and up to date, in compliance with DPDP Act Section 9(1).
Security measures are independently reviewed through:
All findings are reviewed and tracked by the DPO and Executive Security Committee.
We maintain a proactive cybersecurity culture through:
As a user ("Data Principal") under the Digital Personal Data Protection Act, 2023 (DPDP Act), you have specific rights regarding your personal data. Paymorz™ ensures full transparency and compliance with:
You can exercise your rights at any time by writing to support@paymorz.com or contacting our Grievance Officer (see Section 12).
What You Can Request:
Response Time: We will respond within 15 business days. Certain information (e.g., trade secrets or other users' data) may be redacted for security reasons.
Legal Reference: DPDP Act Section 11(2)(b).
What You Can Request: Correction or completion of inaccurate information at any time via your account settings or written request.
Response Time: Verified corrections are completed within 7 working days.
Legal Reference: DPDP Act Section 12(1)(b).
When You Can Request: Deletion or anonymization of data if:
Response Time: Deletion occurs within 30 days, unless retention is required by Reserve Bank of India (RBI), Financial Intelligence Unit - India (FIU-IND), or tax laws, in which case data will be restricted, not erased.
Legal Reference: DPDP Act Section 12(1)(c).
Application: For optional data uses (e.g., marketing or analytics), you can withdraw consent at any time via:
Effect: Withdrawal takes effect within 10 business days and does not affect processing completed before withdrawal.
Legal Reference: DPDP Act Section 6(4).
What You Can Request: A copy of your personal data in a structured, machine-readable format (e.g., CSV, JSON) to transfer elsewhere.
Response Time: Fulfilled within 20 business days, subject to legal and technical feasibility.
Legal Reference: DPDP Act Section 12(1)(e).
When You Can Request: Restrict or object to processing when:
Effect: Processing will be paused (except storage) until resolved.
Legal Reference: DPDP Act Section 12(1)(d).
What You Can Request: Nominate someone to exercise your rights if you pass away or become incapacitated.
Process: Submit a notarized authorization via support@paymorz.com. Verified requests are processed within 30 days.
Legal Reference: DPDP Act Section 13.
Process: Complaints to our Grievance Officer are:
Escalation: If unresolved, you may escalate to the Data Protection Board of India (DPB).
Legal Reference: DPDP Act Section 12(2).
To protect your privacy, we may verify your identity before fulfilling a rights request. We will only ask for information necessary for verification and delete it once verification is complete. Excessive or repetitive requests may be refused or incur a nominal administrative fee.
The response timelines for various requests are as follows:
All timelines comply with the DPDP Act and Paymorz™'s internal service standards.
Certain rights may be limited when processing is necessary for:
In such cases, users will be informed of the lawful grounds for exemption.
Paymorz™ is a professional services and vendor management platform intended exclusively for individuals aged 18 years and above. We do not knowingly collect, store, or process personal data from children or minors below this age threshold.
This restriction ensures compliance with:
To register and use the Paymorz™ Platform, users must:
By accessing or registering on the Platform, you confirm that you meet the applicable age and legal capacity requirements.
If Paymorz™ becomes aware that a user under 18 years has registered or transacted on the Platform, we will:
Where consent is not obtained within 15 working days, the account and all related data will be permanently deleted in accordance with our data retention policies.
If a minor's data is lawfully processed (e.g., through guardian consent), it will be limited to:
Paymorz™ does not process sensitive personal data, financial information, or behavioral analytics of minors, even with consent.
Paymorz™ is intended exclusively for use by registered businesses, authorized signatories, and adult representatives (aged 18 or above). Individuals below 18 years of age are not permitted to:
Any account found to be operated by a minor may be suspended or terminated in accordance with the Terms and Conditions.
To ensure compliance and prevent unauthorized use by minors, Paymorz™ employs:
These safeguards are designed to maintain platform integrity and minimize the risk of underage participation.
Parents and guardians are encouraged to:
Paymorz™ will take prompt action to verify and delete such data as required by DPDP Act Section 9(4).
For users in jurisdictions where the legal age of consent differs, Paymorz™ will apply the stricter applicable age threshold. Where parental consent is required under foreign law, Paymorz™ will seek documentation consistent with the relevant jurisdiction's standards before account activation.
If we discover that we have inadvertently collected personal data from a child without proper consent, we will:
If you believe that a minor's data has been improperly collected or used, please contact:
Paymorz™ processes and stores all user data—including financial, KYC, and transactional information—within servers located in India, in accordance with the Reserve Bank of India (RBI) Payment Aggregator and Payment Gateway Guidelines (2020) and Section 16 of the DPDP Act, 2023.
No cross-border transfers of personal or financial data are made unless required for technical hosting or performance monitoring through approved cloud infrastructure (e.g., Google Cloud, AWS, or Supabase). Any such limited transfers are subject to contractual safeguards ensuring compliance with Indian data protection standards.
In line with Reserve Bank of India's (RBI) Payment Aggregator/Payment Gateway (PA/PG) Guidelines (2020):
This ensures full regulatory compliance and audit access under Indian jurisdiction.
Limited non-financial data (e.g., usage logs, analytics, communication) may be transferred to or accessed by partners such as:
Such transfers are made only to:
Paymorz™ ensures all transfers meet the following protections:
International transfers may occur when:
All such transfers are logged, reviewed, and overseen by the Data Protection Officer (DPO).
When data is processed abroad:
This upholds the storage limitation principle.
Your rights (access, correction, deletion, objection, portability) remain fully enforceable even if data is processed abroad. You may request:
Responses will be provided within 15 working days via support@paymorz.com.
If Paymorz™ expands globally or integrates with new international partners:
If a breach occurs involving international data:
Paymorz™ ensures that all personal and transactional data remains accurate, complete, and reliable for its intended purpose. This obligation is grounded in:
Accuracy and integrity are treated as both a legal and ethical responsibility, essential for secure and transparent service delivery.
We follow clear accuracy standards:
Users must ensure all submitted information is:
Providing false or outdated data may result in restricted access, transaction suspension, or account termination under our Terms and Conditions.
Paymorz™ maintains technical and procedural controls to protect data integrity:
Partner agreements require:
All vendors operate under Data Processing Agreements (DPAs) with built-in accuracy and reporting obligations.
To ensure reliability:
Paymorz™ maintains a structured governance system that includes:
For automated processing (e.g., analytics or fraud detection):
This ensures accuracy without unintended distortions.
When a mismatch or correction request is identified:
Paymorz™ and its service partners use cookies, SDKs, pixels, and similar tracking technologies to provide core functionality (login, payments, security), measure and improve performance, detect fraud, and—with your consent—deliver analytics and marketing.
Essential cookies required for authentication and payment cannot be disabled. For details on cookie categories, vendors, retention periods, and how to manage or withdraw consent, see our Cookie Policy and Cookie Preferences center.
We honor browser Do-Not-Track (DNT) and Global Privacy Control (GPC) signals for non-essential cookies where technically feasible.
Paymorz™ maintains a transparent and time-bound grievance redressal system to address privacy and data-protection concerns in accordance with:
We are committed to resolving all user complaints promptly, fairly, and lawfully.
Data Protection Officer: The Data Protection Officer can be contacted at support@paymorz.com. The DPO will acknowledge your request within 24 hours and provide a response within 15 working days. The DPO oversees overall compliance, internal audits, and engagement with regulators.
Grievance Officer: The Grievance Officer can be contacted at grievance@paymorz.com. The Grievance Officer will acknowledge your complaint within 24 hours and work towards resolution within 15 working days. The Grievance Officer is the first point of contact for all user complaints related to data protection, misuse, or unauthorized disclosure.
You may raise a concern by:
QUANTUMCONA LLP Survey No. 130P & 115/1P, WeWork Rajapushpa, Nanakramguda Main Road, Medchal Malkajgiri, Telangana 500032, India
Please include:
Our grievance handling process follows these stages:
Stage 1 - Acknowledge receipt: We will acknowledge your complaint within 24 hours of receipt.
Stage 2 - Internal investigation: We will conduct an internal investigation within 3 working days.
Stage 3 - Request for additional info / findings: We will request any additional information or share our findings within 7 working days.
Stage 4 - Final resolution / corrective action: We will provide final resolution or take corrective action within 15 working days.
Stage 5 - Closure confirmation: The entire process will be completed within 20 working days total.
If a complaint is complex or depends on third-party inputs, we'll inform you of any extended timeline.
If unresolved or unsatisfactory:
You may raise concerns about:
Operational or general service queries may be redirected to customer support.
Users who exercise their privacy rights or raise grievances in good faith are protected from any form of retaliation or discrimination. All complaints are handled confidentially and impartially.
This mechanism complements:
Together, these ensure a unified, transparent framework for user protection and accountability.
Paymorz™ keeps this Privacy Policy current with applicable laws, technologies, and operations. We may update it from time to time in line with:
No change will ever reduce the level of protection afforded to your personal data.
This Policy is reviewed at least annually or sooner if:
All revisions are approved by the Data Protection Officer (DPO) before publication.
Revisions may cover:
When we make significant updates, we will inform you through one or more of the following:
Users are encouraged to check this page periodically.
Version v1.0: Effective from March 2025, reviewed by QUANTUMCONA LLP. This was the initial release of the Privacy Policy.
Version v2.0: Effective from August 2025, reviewed by Data Protection Officer. This is the current update of the Privacy Policy.
Archived versions are retained for 8 years for audit reference.
By continuing to use the Platform after an updated Policy takes effect, you confirm that you have read and agree to the new terms. If any update materially alters your rights or our obligations, renewed consent will be sought as required under DPDP Act Section 6(1). You may withdraw consent or deactivate your account under Section 7 – Your Rights as a Data Principal.
We welcome feedback or clarification requests at support@paymorz.com. Enterprise clients may also participate in periodic compliance consultations. Your input helps us strengthen data-governance standards.
This Policy should be read with:
If inconsistencies arise, the provision offering greater user protection prevails.
By using Paymorz™, you acknowledge that you have reviewed and accepted the current version of this Privacy Policy and understand the rights, responsibilities, and protections described herein.