Privacy Policy for Mitra App

Terms of Use

These terms of use ("agreement") for the application (defined below) are a legal and binding agreement between you ("you", "your" or "yourself"), as the end user,and Fino Payments Bank ("our", "us", "we" or "Fino Payments Bank") which governs your use of the application and services (defined below) made available to you with the application by Fino Payments Bank (including through third parties) (collectively "services"). Please read this agreement carefully before using the application and the service.

By registering for or otherwise accessing or using the application / service, or any component thereof, in any manner whatsoever, you (a) acknowledge that you have read and understood this agreement and consent to become a party, (b) represent that you are in compliance with all requirements hereunder, and (c) agree to be bound by and comply with the terms and conditions in this agreement.

The application and the service is offered and made available only to users who are lawful owners. If you are not such a user, please do not access or use the application.

Fino Payments Bank's privacy policy ("privacy policy") mentioned below is incorporated in this agreement by reference and will also apply to your use and Fino Payments Bank's provision of the application and the services. Please read the privacy policy carefully. Your use of application will be considered as your acceptance of the privacy policy.

"Application" means the Fino Mitra mobile software application that Fino Payments Bank has provided to you.

"Customer(s)" means a Fino Payments Bank Business Correspondent who has (a) downloaded the Application on his or her Device for availing the Services for use in accordance with and as agreed with Fino Payments Bank, and (b) if applicable, has validly registered on the Service through the necessary registration process. 'Customers' include you. Customer should be minimum of 18 years of age for downloading the application.

"Device" means any mobile device (including handsets and tablets) on which Fino Payments Bank allows the downloading and use of the Application for providing the Services.

"Service(s)" means all services that Fino Payments Bank provides to Customers through the Application.

1. Customers use of the Application and the Service (a) must strictly be in accordance with this Agreement, and includes only the right to download, install and use the Application. The terms of this Agreement will govern any upgrades, updates, modifications or enhancements of the Application.

2. Customers may use the Application and the Service only in India, unless otherwise allowed by Fino Payments Bank.

3. To avail the Service you may provide username, password, shared by Fino Payments Bank. You are responsible to ensure that all information you provide in connection with the foregoing is correct and accurate. You will be solely responsible to ensure protection and confidentiality of all your username or passwords or account. The Customer shall take all necessary precautions to prevent unauthorised and illegal use and unauthorised access to his/ her account through the Application. Fino Payments Bank shall not be responsible for any misuse of the Customer's Device or unauthorised access to the Customer's account details by any third party. Fino Payments Bank expressly disclaims any and all liability, howsoever, arising out of the misuse of the Application downloaded by the Customer. FINO PAYMENTS BANK WILL NOT BE RESPONSIBLE FOR ANY UNAUTHORIZED, UNLAWFUL OR ILLEGAL USE OF THE SERVICE OR THE APPLICATION BY ANY CUSTOMER OR ANY OTHER PERSON WHO IS NOT A VALID USER.

4. Fino Payments Bank's Privacy Policy governs the use, storage and protection of any sensitive information that you provide. You hold Fino Payments Bank harmless in connection with your provision of any incorrect or incomplete information.

5. Access to and use of the Service may be internet based. You will be responsible for obtaining Internet connectivity and paying all fees in connection with it. In addition, you must procure all equipment necessary to ensure access to the Internet and to be able to use the Service. The Customer agrees and acknowledges that data charges will remain applicable for downloading and using the Application.

6. You agree and understand that use of the Application involves tracking your location and data pertaining to signal strength. This data will be used to deliver a better network experience.

7. By agreeing to use or continue to use the Application, the consumer agrees to allow Application and the app publisher, Fino Payments Bank access necessary information for provision of Services and continued use of the Application.

8. The Application and the Service and all copyrights, patents, trademarks, trade secrets and other intellectual property rights, including but not limited to Fino Payments Bank trademarks, service marks, logos and taglines, relating to the Application and the Service are, and shall remain, the exclusive property of Fino Payments Bank or the third party licensors, as the case may be.

9. Customer shall not (a) decompile, reverse engineer, disassemble, attempt to derive the source code of, or decrypt the Application, (b) make any modification, adaptation, improvement, enhancement, translation or derivative work of the Application, (c) violate any applicable laws, rules or regulations in connection with Customer's access or use of the Application, (d) remove, alter or obscure any proprietary notice (including any notice of copyright or trademark) of Fino Payments Bank or its affiliates, or the licensors of the Application, (e) use the Application for any other purpose for which it is not designed or intended. This provision shall survive the termination of License.

10. Customer may not rent, lease, lend, sublicense or transfer the Application, this Agreement or any of the rights granted hereunder to any third party. Any attempted transfer in contravention of this provision shall be null and void and of no force or effect.

11. The Application may include links to other websites or services of Fino Payments Bank. Your use of those sites and services is subject to the terms of use and privacy policies of each such site and service (in addition to this Agreement and the Privacy Policy).

12. YOU EXPRESSLY AGREE THAT THE DOWNLOAD, INSTALLATION AND USE OF THE APPLICATION AND THE SERVICE IS AT YOUR SOLE RISK. THE APPLICATION AND SERVICE ARE PROVIDED ON AN "AS IS" AND AN "AS AVAILABLE" BASIS. WE DO NOT MAKE, AND HEREBY DISCLAIM, ANY REPRESENTATIONS OR WARRANTIES REGARDING THE SERVICE AND THE APPLICATION, EXPRESS, IMPLIED OR STATUTORY, INCLUDING (WITHOUT LIMITATION) IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT OF THIRD PARTY RIGHTS, OR ANY WARRANTIES ARISING BY COURSE OF DEALING OR CUSTOM OF TRADE. WE MAKE NO REPRESENTATION OR WARRANTY THAT ANY MATERIAL OR CONTENT DISPLAYED ON OR OFFERED THROUGH THE SERVICE ARE ACCURATE, COMPLETE, APPROPRIATE, RELIABLE, OR TIMELY. WE ALSO MAKE NO REPRESENTATIONS OR WARRANTIES THAT THE APPLICATION OR THE SERVICE WILL MEET YOUR REQUIREMENTS AND/OR YOUR ACCESS TO AND USE THEREOF WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT THE APPLICATION WILL BE COMPATIBLE OR INTEROPERABLE WITH THE CUSTOMER's DEVICE.

13. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WHETHER UNDER LAW, CONTRACT OR TORT (INCLUDING NEGLIGENCE), FINO PAYMENTS BANK, ITS LICENSORS, SUPPLIERS, PARTNERS, AFFILIATES OR THIRD-PARTY SERVICE PROVIDERS SHALL NOT BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, AND/OR FOR LOSS OF PROFITS, REVENUES, DATA, BUSINESS, PRODUCTION OR GOODWILL, OR FOR ANY OTHER FORM OF DAMAGES IN ANY MANNER ARISING OUT OF OR IN CONNECTION WITH THE APPLICATION, THE SERVICES OR THIS AGREEMENT, REGARDLESS OF THE FORM OF ACTION OR THE BASIS OF THE CLAIM OR WHETHER OR NOT FINO PAYMENTS BANK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ALL OTHER DISCLAIMERS AVAILABLE OR ANY OF THE ASSOCIATED PAGES OR LINKS THEREIN, ARE DEEMED TO BE INCORPORATED HEREIN BY REFERENCE.

14. Customer may elect to discontinue using the Application and the Services, and may request Fino Payments Bank to deactivate the Customer's account from the Application / Service by giving a 30 days written notice or by informing Fino Payments Bank's customer care representative 30 days in advance. If the Customer's Device is stolen or lost, the Customer must immediately inform Fino Payments Bank's customer care representative to deactivate the Customer's account on the Service. Customer will remain responsible for any transactions made until the Application is blocked by Fino Payments Bank. Customer shall immediately uninstall the Application in case the Customer changes his/her Device.

15. Any dispute or claim (contractual or non-contractual) arising out of or in relation to this Agreement, including disputes as to its formation, will be governed by and construed in accordance with Indian laws, without regard to its conflict of laws rules, and the courts in Mumbai will have exclusive jurisdiction.

16. Use of the Application / Service is unauthorised in any jurisdiction that does not give effect to all provisions of these terms and conditions, including without limitation this Section. You shall not use the Service in any manner contrary to local, state or national law. Fino Payments Bank expressly disclaims any and all responsibility or liability for any action by you that is contrary to such law(s) by you and reserves the right to terminate your Service immediately upon notice of your failure to comply with any such local, state or national law.

17. Fino Payments Bank's performance of this Agreement is subject to existing laws and legal process and the policies and business decisions of Fino Payments Bank, and nothing contained in this Agreement is in derogation of our right to comply with governmental, court and law enforcement requests or requirements relating to your use of the Service or information provided to or gathered by us with respect to such use.

18. No failure or delay in enforcing any provision, exercising any option or requiring performance, shall be construed to be a waiver of that or any other right in connection with this Agreement.

19. This Agreement, together with our Privacy Policy and any other rules, regulations, procedures and policies which we refer to and which are hereby incorporated herein by this reference, constitutes the entire agreement between you and us with respect to the Service and it supersedes all prior or contemporaneous communications and proposals, whether electronic, oral or written, between you and us with respect to the Service.

20. A printed version of this Agreement and of any notice given in electronic form shall be admissible in judicial or administrative proceedings based upon or relating to this Agreement to the same extent and subject to the same conditions as other business documents and records originally generated and maintained in printed form.

21. Fino Payments Bank may modify or amend the terms of this Agreement by posting a copy of the modified or amended Agreement on the Application. Customer will be deemed to have agreed to any such modification or amendment by Customer's decision to continue using the Application following the date on which the modified or amended Agreement is posted.

22. GAIDs - We utilize the Google advertising IDs or GAIDs for promotions and marketing campaigns so that target segment customers are reachable and their banking and payment needs are met. This will also help us in analysing the customer needs and cross-selling products basis customer engagement and daily needs.

Privacy Policy

1. Introduction

Fino Payments Bank ("the Bank") is committed to safeguarding the privacy and personal data of its customers, partners, employees, and other stakeholders. This Data Privacy Policy sets out the principles and practices the Bank follows to ensure the secure collection, processing, storage, use, and disposal of personal data in compliance with applicable legal and regulatory frameworks including:

Reserve Bank of India (RBI) Master Directions on Information Technology and Cyber Security

Information Technology Act, 2000 and its allied rules

ISO/IEC 27001 and ISO/IEC 27701 Standards

PCI DSS (Payment Card Industry Data Security Standard)

Guidelines issued by Google Play and Apple App Store for mobile apps

This policy applies to all products, services, platforms (web, mobile, APIs), and third-party processors engaged by Fino Payments Bank.

2. Scope

This policy applies to:

  • All personal data processed by the Bank through digital and physical means.
  • All customers (retail and corporate), users of digital platforms, vendors, employees, and visitors.
  • All departments, branches, service delivery units, and third-party processors engaged by the Bank.

3. Types of Data Collected

The Bank may collect and process the following categories of personal data:

a) Personal Identifiers:

  • Full name, gender, date of birth
  • Residential/communication address
  • Contact information (phone number, email ID)
  • Government-issued IDs (PAN, Aadhaar, Voter ID, Passport)

b) Biometric Data:

  • Facial images captured during eKYC or onboarding
  • Fingerprints or iris scans as part of biometric authentication (where permitted)

c) Financial Data:

  • Bank account numbers, IFSC, payment details, UPI handles
  • Transaction history and payment behavior
  • Cardholder information (processed as per PCI DSS requirements)

d) Device and Usage Data:

  • Device type, operating system, browser, time zone, IP address
  • Mobile app identifiers and activity logs
  • Unique device IDs for fraud monitoring

e) Employment-related Information (for employees and contractors):

  • Educational background, employment history, KYC documents, and internal assessments

f) Media Files (Photos and Videos):

  • Images and documents uploaded during onboarding, verification, or support interaction.
  • Photographs or scanned copies of identification documents submitted via the mobile app.

g) Cookies and Tracking Data:

  • Usage of cookies, beacons, and similar tracking technologies (detailed in Section 10)

 

4. Legal Basis for Data Collection and Processing

The Bank collects and processes personal data based on one or more of the following:

  • Consent: Provided explicitly or implicitly during onboarding or interaction with services
  • Legal Obligation: Compliance with RBI, regulatory or statutory mandates
  • Contractual Requirement: To fulfill obligations under customer or service agreements
  • Legitimate Interest: Fraud prevention, service improvement, analytics.

 

5. Purpose of Data Collection and Use

  1. The Bank may use your personal data for the following:
  2. To identify and verify customers during onboarding and transactions
  3. To deliver banking services, customer support, and operational functions
  4. To maintain transaction logs and meet audit/regulatory requirements
  5. For fraud prevention, risk assessment, and cybersecurity monitoring
  6. To communicate with you via alerts, notifications, or transactional messages
  7. To personalize and improve the quality of services through analytics
  8. To comply with laws, court orders, and regulatory directions
  9. To maintain internal logs, reports, or data analysis for internal audits and MIS
  10. To conduct digital KYC and eKYC activities including image/document submission through authorized platforms
  11. To enable customer service functions, including submission of images or screenshots for issue resolution
  12. To support regulatory re-verification processes (e.g., re-KYC) through collection of updated user images or documents
  13. To enable domain redirection or logins to bank-authorized portals

6. Data Retention and Disposal

Personal data shall be retained only as long as necessary for the purpose it was collected or as mandated by regulatory authorities. Data disposal is performed securely through de-identification, anonymization, or secure deletion in accordance with the Bank’s [Data Retention and Disposal Policy].

 

7. Data Sharing and Disclosures

The Bank may share personal data:

  • With regulatory bodies (e.g., RBI, FIU-IND) as required by law
  • With authorized service providers, under strict data protection agreements
  • With government authorities during KYC, fraud, or legal investigations
  • Internally among departments with appropriate access controls

The Bank does not sell personal data to third parties.

Data Subject Rights

Under applicable privacy laws, you have the following rights:

  • Right to access and review your personal data
  • Right to rectify incorrect or outdated information
  • Right to withdraw consent (where applicable)
  • Right to request data deletion (subject to legal obligations)
  • Right to data portability (where technically feasible)
  • Right to lodge a complaint with the Data Protection Officer (DPO)

8. Security Controls

The Bank employs robust security measures to protect personal data:

  • Encryption in transit and at rest
  • Role-based access control and segregation of duties
  • Data access via privileged access management (PAM) tools
  • Multi-level logging, monitoring, and anomaly detection through SIEM tools
  • Regular vulnerability assessments, penetration testing, and security drills
  • DR (Disaster Recovery) and BCP (Business Continuity Plan) with biannual drills

9. Use of Cookies and Tracking Technologies

The Bank uses cookies and beacons to improve user experience and deliver services effectively.

Cookies: These are small files placed on your browser to help recognize repeat visitors and customize interactions. We use both session and persistent cookies.

 

Beacons: Embedded tracking technologies in emails or web pages that notify us when emails are opened or pages are visited.

You may disable cookies in your browser settings, but some functionalities may be affected.

Mobile App Permissions

When using mobile applications provided by the Bank, the following permissions may be requested to enable secure, compliant, and personalized service delivery:

  • Camera Access: For KYC processes, cheque deposits, video verification, and document capture.
  • Microphone Access: For video KYC or support-related calls.
  • Location Data: To determine service eligibility, enable location-based features, and support fraud detection.
  • Storage Access (Photos, Media, and Files): Access may be required to upload images or documents from the device’s gallery. This supports identity verification, document re-submission for re-KYC, or when attaching relevant visuals for customer support and service requests
  • Contacts Access: Only if explicitly authorized by the user, to facilitate features such as UPI payments or contact-based services.

Permissions are requested contextually and only after user consent.

 

10. Cross-border Data Transfer

The Bank processes and stores personal data within India in compliance with RBI’s data localization norms. In exceptional cases requiring cross-border transfer, such actions shall be governed by legal contracts and applicable Indian regulations.

Write to us