Privacy Policy

RupIt (“we”, “us”, “our”) provides a multi-tenant SaaS platform for microfinance companies, NBFCs, and cooperative societies in India. This Privacy Policy explains how we handle information collected through our website, applications, and services (collectively, the “Platform”).

We act as a data processor for information your finance company uploads about its borrowers, members, and transactions. Your organization is the data controller for that information and remains responsible for obtaining the consents required under Indian law.

Account data: name, email, phone, organization, role, and authentication credentials for users you create on the Platform.

Operational data: loan, savings, chitfund, investment, and ledger records that your organization stores on the Platform, including KYC identifiers such as Aadhaar and PAN numbers.

Usage data: IP address, device and browser metadata, pages visited, and diagnostic logs used to keep the Platform reliable and secure.

Payment data: billing contact, GSTIN, and subscription invoices. Card and UPI details are handled by PCI-DSS compliant payment processors; we do not store full card numbers.

To deliver the Platform, authenticate users, and provide tenant-level data isolation.

To generate reports, send operational notifications, and respond to support requests.

To monitor, investigate, and prevent fraud, abuse, or security incidents.

To comply with tax, accounting, and other legal obligations under Indian law.

We do not sell personal information. We share data only with sub-processors who support the Platform (cloud hosting, transactional email, SMS, payment gateways, analytics) under written confidentiality and data protection terms.

We may disclose information if required by a valid legal process from an Indian authority, or to protect our rights, users, or the public.

We retain tenant data for as long as your subscription is active. On termination, data is available for export for 30 days and then deleted from production systems within 60 days and from backups within 180 days, unless a longer retention period is required by law.

We apply administrative, technical, and physical safeguards including TLS in transit, encryption at rest, role-based access control, audit logging, and tenant isolation. See our Security page for details.

Where you are an end user of a RupIt customer, please contact that organization to access, correct, or delete your information. For requests related to RupIt’s own account holders, write to hello@propgic.com and we will respond within 30 days.

The Platform is intended for business use. We do not knowingly collect information from individuals under 18. If you believe a minor has provided information, contact us and we will delete it.

We may update this policy as the Platform evolves. Material changes will be announced in the product or via email. The “last updated” date above reflects the most recent revision.

Questions about this policy can be sent to hello@propgic.com.