Privacy Policy – Allefe Services

Effective Date: 4 December 2025
Allefe Services Private Limited

1. Introduction

Allefe Services Private Limited (“Allefe”, “we”, “our”, or “us”) is a technology-driven fintech infrastructure company that develops API-based digital payment systems, onboarding automation tools, compliance workflows, and fraud-monitoring technology. We operate strictly as a non-custodial technology provider, meaning we do not store, hold, process, manage, or control any customer funds.

This Privacy Policy explains how Allefe collects, uses, stores, discloses, and protects information when users interact with our website, APIs, SaaS platforms, SDKs, mobile interfaces, or any services offered by us (collectively, “Services”). By accessing our Services, you acknowledge and agree to the data practices described in this Privacy Policy.

We are committed to complying with applicable privacy regulations, including the Digital Personal Data Protection Act (DPDP Act 2023), ISO/IEC 27001, SOC 2 standards, and global best practices for information security.

2. Scope of This Privacy Policy

This policy applies to:

- Visitors to our website

- Users integrating our APIs or SDKs

- Businesses using our onboarding, verification, or compliance platforms

- Individuals interacting with our systems indirectly through our clients

- Partners, vendors, and prospective customers

This policy does not apply to third-party banks, payment aggregators, or financial institutions integrated with Allefe, as these entities manage their own data collection processes.

3. Information We Collect

We may collect and process the following categories of information:

3.1 Information You Provide Directly

- Name, email address, phone number

- Company name and designation

- Website or integration details

- Messages or details shared through forms

3.2 Information Collected Automatically

When you access our website or platform, we may automatically collect:

- IP address

- Browser type and device information

- Operating system

- Usage patterns, interaction logs

- API request logs, timestamps, session data

3.3 Information Processed on Behalf of Clients

Allefe may process data provided by merchants, fintechs, and enterprises for:

- Identity verification (KYC/AML)

- Transaction risk scoring

- Fraud-detection workflows

- Compliance assessment

This data may include government ID numbers, documents, biometric-like data representations (not raw biometrics), and supporting financial or identity information. Such data is processed only as instructed by the client and is not retained beyond the required operational period.

4. How We Use Your Information

We use collected information for:

4.1 Service Delivery

- Operating our APIs and payment infrastructure tools

- Providing onboarding and verification systems

- Delivering dashboards, analytics, and fraud-monitoring insights

4.2 Platform Security

- Monitoring API abuse or suspicious activity

- Ensuring uptime, reliability, and threat protection

- Debugging or resolving system issues

4.3 Compliance & Legal Obligations

- Supporting partner audits

- Ensuring adherence to DPDP Act 2023

- Generating logs required for financial ecosystem compliance

4.4 Communication

- Responding to inquiries

- Sending updates on integrations, security alerts, service improvements

We do not sell, rent, or trade your personal information.

5. Legal Basis for Processing

We process data under the following lawful bases:

- Consent — when explicitly provided

- Contractual necessity — to provide platform functionality

- Legitimate interest — improving performance, ensuring security

- Legal compliance — fraud prevention, audit logs, regulatory requirements

6. How We Share Data

Allefe may share information with:

- Authorized banks, aggregators, or partners (for validation workflows)

- Cloud service providers strictly compliant with ISO and SOC standards

- Verification partners used for document and identity processing

- Regulatory authorities upon lawful request

All sharing is governed by data-processing agreements.

7. Data Storage & Security

We implement industry-standard security safeguards, including:

- Encryption at rest and in transit

- Access control, RBAC, and multi-factor authentication

- Continuous monitoring and threat detection

- Secure API gateways

- Periodic internal audits and external compliance checks

We follow ISO/IEC 27001, SOC 2, and DPDP Act 2023 guidelines.

8. Data Retention

We retain personal data only for:

- The duration needed to provide Services

- The period mandated by applicable regulations

- The time required to resolve disputes or audit requests

KYC data, verification information, and risk logs are purged after the partner-defined retention period.

9. Your Rights

Depending on your jurisdiction and applicable law, you may have the right to:

- Access your personal data

- Request correction

- Request deletion

- Withdraw consent

- Object to certain processing

- Request data portability

You may contact info@allefe.services to exercise these rights.

10. Cookies & Tracking Technologies

We use cookies for:

- Session management

- Performance optimization

- Analytics

- Security and fraud-monitoring

Users may disable cookies via browser settings.

11. International Data Transfers

Allefe may store or process data in India or in cloud environments compliant with global security standards. All transfers follow legal safeguards and contractual security frameworks.

12. Third-Party Links

Our website may contain links to external platforms. Allefe is not responsible for their privacy practices or policies.

13. Children’s Privacy

Our services are not directed to individuals under 18. We do not knowingly collect their data.

14. Updates to This Policy

We may update this Privacy Policy periodically. Continued use of our Services means you accept the changes.

15. Contact Us

Allefe Services Private Limited

Email: privacy@allefe.services