KirayaPe Logo

Privacy and Information Security Policy

Effective Date: June 23, 2026

KirayaPe Fintech Private Limited ("Company", "we", "us", "our") is committed to protecting the privacy, confidentiality, and security of the personal and financial data of our users. This Privacy Policy outlines our data management practices in strict compliance with Section 43A of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the "SPDI Rules"), and the Digital Personal Data Protection (DPDP) Act, 2023.

1. Collection of Information

To deliver high-scale rental discovery, payment routing, and loan matching services, we collect the following categories of information:

  • Personal Identity Data: Name, age, email address, physical address, and contact numbers.
  • Sensitive Personal Data (SPDI): Bank account numbers, IFSC codes, Aadhaar details, PAN cards, credit scores, transaction histories, and digital signatures.
  • Documents and Contracts: Rental agreements, PG rules documents, police NOC verification records, and utility bills.
  • Device and Location Data: Device IP address, operating system, geolocation (with permission, to optimize AI matching), and application logs.

2. Legal Ground and Purpose of Processing

We process your personal and sensitive data under explicit consent and for legitimate business purposes:

  • Completing KYC checks as mandated by RBI Anti-Money Laundering (AML) instructions.
  • Securing and routing rent payments to the correct landlord accounts.
  • Evaluating creditworthiness and forwarding application documents to partner NBFCs for Rent Loans.
  • Generating real-time property matches using our AI Flat & PG Finder algorithms.
  • Complying with statutory tax reporting (TDS details) and accounting rules.

3. Reasonable Security Practices & AES-256 Storage

We implement bank-grade security protocols, including AES-256 encryption for data at rest and TLS 1.3/SSL for data in transit. Sensitive payment credentials (like credit card numbers and CVVs) are tokenized and processed through PCI-DSS compliant partner payment gateways. We never store raw PINs or raw card numbers in our database. All data is housed inside secure cloud instances located in localized data regions within India to ensure sovereign compliance.

4. Sharing and Disclosure of Information

We do not sell, rent, or trade your PII with third-party advertisers. We share information only with:

  • **Banking Partners and Payment Gateways** to settle payment transactions.
  • **RBI-registered NBFC Partners** to process, underwrite, and disburse Rent Loans.
  • **Credit Information Companies** (Experian, CIBIL, Equifax) for rent payment reporting.
  • **Law Enforcement and Judiciary** when requested under legal mandates, warrants, or orders issued by the Government of India or courts.

5. User Rights, Consent Withdrawal, and Data Erasure

In accordance with the DPDP Act, 2023, you hold the right to access, rectify, or request complete erasure of your personal data from our databases. To withdraw consent or request account deletion, please email our Grievance Officer at privacy@kirayape.com. Your data will be deleted within 30 business days, subject to legal compliance retentions (such as historical transaction records required for tax audits).