Privacy Policy

Epifi Technologies Private Limited (epiFi or Company) is a fintech company providing financial solutions and services.
We believe that our customers (You) deserve a ‘No Shenanigans’ approach to their personal data.
By and large, this policy has minimized the usage of legal jargon – unless absolutely required on a lawful basis – and explains how we treat your information.

We aim for the highest standards of safety, security and confidentiality when using your data, and this policy describes how we collect and use your information and discusses this in detail in the below mentioned sections:

Long story short, anytime you register on our website/app, you comply with our Privacy Policy.
We'll only use your data for legitimate purposes while safeguarding your privacy concerns.

  • This Privacy Policy describes how epiFi handles certain information it may collect and receive from a Customer via the use of its website (www.epifi.com). This includes its mobile application available on Android/iOS platforms (collectively referred to as website).
  • As a user of our website, you accept this Privacy Policy when you visit our website, sign up for, access, or use our products, services, content, features, technologies or functions offered on our website. It’s also applicable to all our related sites, applications, and services.
  • We might also use your data for our legitimate interests or for that of a third party – with whom we share your data after taking your consent. It means using your data for a reason which is in your, epiFi’s or a third party’s legitimate interest and which does not nullify or override your privacy rights.
  • It is imperative to read everything mentioned under this Privacy Policy in conjunction with our general terms and conditions available at the website.
  • If you do not agree to the terms of this policy, we would not be in a position to provide you with our services.

Definitions 📖

For purposes of this Policy, Personal Data refers to any piece of information that we, as a Company, can use to verify you as a real-life human being. For example, an e-mail ID linked to your social media accounts. Sensitive Personal Data translates to any highly confidential information – i.e. records not available in the Public Domain – that you provide to us. This data is stored and processed by us, with the utmost care, for lawful purposes alone. Collectively, both these terms become ‘personal data’ or ‘information’ throughout this Policy.

For additional reference -

Personal data means any information which relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such a person.

Sensitive personal data or information means such confidential details relating to:

  • Passwords.
  • Financial information such as Bank account, Credit card, Debit card or other payment instrument details.
  • Physical, physiological and mental health condition.
  • Sexual orientation.
  • Medical records and history.
  • Biometric information.
  • Any detail relating to the above clauses as provided to us, the Company, for offering services.
  • Any information received under the clauses mentioned above for processing or storing under lawful contract or otherwise.

Besides these, any information that is freely available, accessible in the public domain, furnished under the Right to Information Act, 2005 or any other law for the time being in force – shall not be regarded as sensitive personal data or information.

Applicability of This Policy ✅

By registering on our website, you are accepting this Privacy Policy. Our privacy policy tells you what we do with your information, why we use it, who we share it with and how long we keep it. By mere use of the website, you expressly consent to our use and disclosure of your personal information (including sensitive personal data) as per this Privacy Policy. As it's your data, you have the right to know how this applies to you.

By registering on our website, you are accepting this Privacy Policy. Our privacy policy tells you what we do with your information, why we use it, who we share it with and how long we keep it. By mere use of the website, you expressly consent to our use and disclosure of your personal information (including sensitive personal data) as per this Privacy Policy. As it's your data, you have the right to know how this applies to you.

  • This Policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.
  • epiFi handles data in our own right and also for and on behalf of our customers and users.
  • If, at any time, an individual provides data or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified.

What Data Do We Collect? 💾


We intend to provide services and features that meet your needs. To do so, when you use our website, we collect personal data required by law from time to time. Wherever possible, epiFi will indicate which of these data fields are either required or are optional. However, if you are unable to provide the information we need, we may not be able to provide you with the product or service you have requested.

For your reference, we would collect the following data from You -

  • Device Information such as device ID, pages you access, computer IP address, or unique identifier etc. We collect information relating to your mobile network and operating system so that we can analyse how our app works. It also helps us to fix any issues/problems, thereby ensuring a seamless experience for You. Your IP address and device ID gets collected for security reasons (we’ll link your mobile phone number with your device).
  • Cookies aid us in recognizing you as a Customer. It helps us to remember your preferences and personalize our services. Cookies are required to prevent fraud and ensure the security of websites we control.
  • You are free to decline our Cookies if your browser or browser add-on permits this. However, such actions may interfere with your use of our website. 
  • Personal identity information such as name, date of birth, residential status, postal address, e-mail address, mobile number, PAN details, Aadhar number, e-KYC through UIDAI, CKYC through CERSAI etc. We need to collect your personal details (mentioned above) to fulfil our legal duties and obligations as per the existing legal and regulatory norms which require us to confirm your identity.
  • Information relating to your income (salary) is collected so that we can provide you with a customized experience based on your financial appetite. 
  • Information regarding your location (if you have authorized tracking) would help us provide You with location-based services and help to protect you against fraud.
  • Information you give us through epiFi chat so we can help you.
  • Any other information that is required to be collected as per specific mandate from any bank or as a legal requirement in India.
  • The use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

How Is Your Information Used? 📁

epiFi primarily collects your personal data to provide you with a secure, smooth, and efficient experience on our website. Not only does this help us personalize and improve your experience, but the additional information also helps prevent illegal acts. Provided that we get your consent, we may also use your personal data for other lawful purposes which we will tell you about. By way of example, some of the uses of your personal data would include -

  • Providing services including customer support.
  • Processing transactions and verifying your identity (including during account creation and password reset processes).
  • Generating and maintaining your profile on the epiFi app.
  • Remedying fraud or other potentially prohibited or illegal activities and detecting/preventing violations of policies or applicable user agreements.
  • Contacting you through a voice call or SMS or email.
  • Providing you offers and customizing offers for you.

With Whom Do We Share Your Data? 🔑

Your personal data is only accessible to those with a legitimate need-to-know clearance. All such information remains safeguarded as per the Data Protection Rules, and ISO norms. If you would like to know more details regarding whom all we share your personal data with, please feel free to email us at privacy@epifi.com.

For further insight, we will be sharing your information with the following -

  1. Members of epiFi (including our affiliates/subsidiaries and business partners) for services such as providing content, products, customer support etc.;
  2. Financial institutions and partner banks;
  3. Credit bureaus (which helps us to support responsible lending and assist consumers in understanding where they stand with their credit) and collection agencies;
  4. Law enforcement, government officials, or other third parties pursuant to a subpoena/ summon, court order, or other legal process or requirement applicable to the Company or one of its affiliates/subsidiaries; when we need to do so to comply with law;
  5. Where necessary to exercise, establish or defend legal rights, including to enforce our agreements and policies;

We take care to allow your personal data to be accessed only by those who really need it in order to perform their tasks and duties and to third parties who have a legitimate purpose for accessing it and with your consent. Personal data will be transferred only to a third party that ensures the same level of data protection that is mandated under the Information Technology Act 2000 (IT Act) and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (Data Protection Rules).

If we go through a corporate sale, merger, reorganization, dissolution or similar event, personal data we gather from You may get transferred in connection with such an event. Any acquirer or successor of the Company may continue to use the information as described in this Policy. The aforementioned successor remains bound by appropriate agreements or obligations and may only use or disclose your personal data in a manner consistent with the use and disclosure provisions of this Policy, or unless you consent otherwise.

How Long Do We Retain Your Personal Data?

As long as you have an account with us, your personal data remains safeguarded by us. Upon permanent account deactivation, the information remains retained for 12-24 months before deletion, anonymization or archival. For your reference -

  • The Company will keep your personal data for as long as is needed to carry out the purposes we've described above, or as otherwise required by law. Generally, this means we will keep your personal data as long as your account is active or as needed to provide our services.
  • We shall retain and use the information collected by us as necessary to comply with our legal obligations, resolve disputes or for other business purposes. If you cancel/ deactivate/ unsubscribe your account with us, we are not under any obligation to retain your information.
  • However, we may retain your information for twenty-four (24) months after you cancel/ deactivate/ unsubscribe your account with us, as our business practice.

Where we have no continuing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

How Do We Secure Your Data? 🔐

We are dedicated to guarding the security of your information. We use several industry-standard security technologies and procedures devised to help protect your data from unauthorized access, use, or disclosure. For specifics, please read below -

  • We use appropriate technical and organizational security measures to protect the security of your personal data both online and offline including the implementation of access controls, implementation of firewalls, network intrusion detection and use of anti-virus software. 
  • Please note that no system is completely secure. So, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

How Do You Update Your Personal Data? 💻

The information contained in our records must be both accurate and current. If you wish to update data about you which is inaccurate or incorrect, we shall provide self-help tools for you to directly review or update certain aspects of your personal data in our records.

  • If your personal data changes during the course of your engagement with us, please use these self-help tools to update that data, or email us at privacy@epifi.com.
  • However, epiFi shall be entitled to refuse access to personal data or information, including sensitive personal data or information in certain cases; for instance, where providing access to such information may infringe the privacy of another individual.

Know your rights 🔗

In addition to being able to update and correct your personal data, you may also have other Data Protection Rights. This revolves around what you can let us do (or not do) with your information.

  • For example, if we have collected and processed your personal data with your consent, then you have the right to withdraw your consent at any time.
  • Withdrawing your consent will not affect the lawfulness of any processing we carried out before your withdrawal, nor will it affect processing of your personal data carried out in reliance on other lawful grounds other than consent.
  • You also have a right to ask for a copy of your personal data in a portable (machine-readable) format. You can also say no to us using your personal data for direct marketing and in certain other ‘legitimate interest’ circumstances.
  • You can make any of these requests by contacting us at privacy@epifi.com. We will respond to all requests in accordance with the applicable laws.
  • As per the existing legal regulations, specific data fields (such as name, Aadhar number, address etc.) would be locked once you enter that information in our website. There would be a separate procedure to modify such information (such as after giving a self-declaration), you can find out further details by contacting us at privacy@epifi.com.

Policy upgrades and changes ✍

Please note this Privacy Policy may change at any time without prior notification. To make sure that you are aware of any changes, kindly review the policy periodically. The revised version will be effective as of the published effective date. We welcome your comments or questions regarding this Privacy Policy. Please email us at privacy@epifi.com.