Effective Date: 2025-11-01
This Privacy Policy explains how Neufo Technologies Private Limited and/or its affiliates ("Neufin", "Neufo", "we", "our", "us") collect, use, disclose, process, and safeguard personal data when you access or use Neufin’s websites, software, mobile applications, ‘Lumen’ bill-analytics platform, microsites, and related services (collectively, the "Services").
By using our Services, you consent to this Privacy Policy.
1. Scope of this Policy
This Policy applies to information collected electronically, including onboarding, account creation, bill-fetching, payments, and customer support. It excludes offline collection or third‑party services beyond Neufin’s control.
2. Definitions
“Personal Data” means identifiable data under DPDP Act.
"Customer Data" includes bills, invoices, utility statements, payment confirmations, analytics results, energy/billing usage data, and any data uploaded or shared by you.
"Service Data" includes device, log, analytics, performance, error, security, and transactional metadata generated by your use of the Services.
"Payment Data" includes transaction identifiers, payment timestamps, amounts, payment method metadata, UPI VPA, gateway tokens, settlement data, refund records, chargeable items, and payment‑related logs.
"Credentials" includes OAuth tokens, API keys, login credentials or access tokens voluntarily provided to fetch third‑party bills.
3. Information We Collect
3.1 Information You Provide
Name, email, phone number, organisation, designation, and authentication details.
Registration details required to create an account on Lumen or associated Neufin platforms.
Uploaded bills, invoices, statements, energy usage records, financial data, and related metadata.
Credentials or authorisations for bill‑fetching from third‑party utilities, service providers, or payment systems.
Job application information including resumes, qualifications, certifications, and employment records.
Inputs submitted via contact forms, feedback channels, chatbot interactions, or service requests.
3.2 Information Collected Automatically
We automatically collect the following information through cookies, tracking pixels, analytics scripts, and logging systems:
Device details, OS, browser type, session identifiers.
IP address, location (approximate), language settings.
Usage behaviour, navigation paths, page logs, clickstreams.
Error logs, crash diagnostics, performance metrics.
UPI intent logs, payment‑attempt metadata, transaction routing patterns.
Mobile identifiers, advertising identifiers, notification tokens.
3.3 Information from Third Parties
Utility/biller data fetched using your authorised credentials.
Enterprise‑administered account information.
Payments or transaction confirmations processed by Razorpay‑like gateways.
Verification or risk‑screening inputs from third‑party compliance tools.
4. Legal Bases for Processing
We process personal data under:
· Consent – explicit consent to process bills, invoices, financial data, or account information.
· Contractual Necessity – to operate the platform, authenticate accounts, process payments, or fulfil service requests.
· Legitimate Uses – fraud detection, debugging, service optimisation, analytics, platform improvement.
· Legal Obligation – compliance with applicable laws, DPDP Act, tax laws, or government requests.
For EEA/UK users (if applicable), GDPR‑style bases such as legitimate interests, contractual necessity, and compliance obligations apply.
5. How We Use Information
We use collected information for the following purposes:
5.1 Core Platform Operations
Provide bill‑analytics, financial insights, dashboards, and visualisations.
Enable account creation, authentication, authorisation, and identity management.
Fetch bills, invoices, and payment confirmations via authorised integrations.
5.2 Billing, Payment & Transaction Processing (Razorpay‑aligned)
Process payments, renewals, subscriptions, refunds, reversals, and settlements.
Generate payment confirmations, receipts, invoicing records, statements, tax summaries.
Conduct payment‑risk checks, fraud detection, anomaly monitoring, and compliance screening.
Coordinate with gateways, banks, UPI networks, NPCI‑based systems, and settlement entities.
5.3 Analytics and Insights
Improve service performance, develop new features, and conduct product analytics.
Aggregate and anonymise usage data for statistical and benchmarking purposes.
5.4 Communications
Send updates, technical notices, alerts, OTPs, security emails.
Provide customer support and respond to inquiries.
Send marketing communications (with opt‑out options).
5.5 Security, Fraud Prevention & Compliance
Monitor platform usage for suspicious behaviours.
Prevent fraud, unauthorised access, or payment abuse.
Comply with regulatory or audit obligations.
6. How We Share Information
We do not sell personal data.
We may share information with:
Hosting providers (AWS, GCP, etc.)
Payment gateways (Razorpay or equivalent)
Data analytics partners
Customer support tools
KYC, verification, or compliance vendors
All providers are bound by confidentiality and data‑protection obligations.
Banks, NPAs, UPI switches, payment aggregators
Fraud‑monitoring networks
Settlement and reconciliation entities
For enterprise licensed users, administrators may access usage details.
We may disclose information to comply with:
Law‑enforcement requests
Court orders/subpoenas
Government/Regulatory instructions
In mergers, acquisitions, financings, restructurings, or asset transfers.
Any additional disclosure occurs only with explicit consent.
7. Security and Data Protection Measures
We use industry‑standard measures including:
Encryption (TLS, AES‑256)
Role‑based access controls (RBAC)
Two‑factor authentication (2FA)
Secure credential storage (no plaintext storage)
Zero‑trust access design
Routine penetration testing
Continuous monitoring of abnormal activity
You acknowledge that no online service can be 100% secure.
8. Retention
We retain data only as long as necessary for:
Service delivery
Billing and accounting compliance
Regulatory obligations
Fraud monitoring and legal defence
Upon request, personal data may be deleted or anonymised.
9. Cookies & Tracking Technologies
We use:
Strictly Necessary Cookies
Authentication Cookies
Analytics Cookies (Google Analytics, similar tools)
Performance & Error‑Tracking Cookies
Advertising Identifiers (where permitted)
Users may manage or disable cookies via browser settings.
10. Your Rights
Depending on jurisdiction:
Access, correction, erasure
Data portability
Consent withdrawal
Objection to processing
Grievance redressal
Nomination (DPDP Act requirement)
11. Third‑Party Integrations, APIs & Payment Links
Lumen integrates with:
Utility portals, billers, energy systems
Payment gateways and banking APIs
Identity verification tools
CRM, support, analytics systems
We are not responsible for third‑party privacy practices.
12. International Data Transfers
Where applicable, transfers occur under legally valid mechanisms and contractual safeguards.
13. Grievance Officer
Name: Rahool Gadkari
Email: rahool@neufin.co
Address: F-7, Grafikon Paradise, Plot No. 48/49, Kondwa,
Pune – 411048, Maharashtra, India
14. Changes to this Policy
We will post any adjustments to the Privacy Policy on this page, and the revised version will be effective when it is posted. If we materially change the ways in which we use or share information previously collected from you through the Services, we will notify you through the Services, by email, or other communication.
15. Contact
Email: contact@neufin.co
Phone:
Address: F-7, Grafikon Paradise, Plot No. 48/49, Kondwa,
Pune – 411048, Maharashtra, India
16. International Visitors
Our Services are hosted in the India and intended for visitors located within India. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from India law, then please note that you are transferring your information outside of those regions to the United States for storage and processing. We may transfer information from the EEA or the UK to the U.S. and other third countries based on European Commission-approved Standard Contractual Clauses, or otherwise in accordance with applicable data protection laws. Also, we may transfer your data from the United States to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Services. By providing any information, including information, on or to the Services, you consent to such transfer, storage, and processing.
17. Communications
You may receive email updates from us through our newsletters, surveys, offers, and other promotional materials related to our services. We hope you will find these updates interesting and informative. If you wish not to receive them, please click on the "unsubscribe" link or follow the instructions in each message. You may share your feedback and comments with us, including those relating to an issue or incident. To report an incident regarding your data, you may contact us using our contact details and inform us about such incidents.
18. Limitation Of Liability
We are not responsible for verifying the authenticity of the information supplied by you. In case of any erroneous data, our liability is limited to removal of such data from our system. We are not liable for any data loss or theft due to unauthorised access to your computer or device. We shall not be responsible for any breach of security or for any actions of any third parties that receive your personal data or events that are beyond our reasonable control including, acts of government, computer hacking, unauthorised access to computer data and storage devices, computer crashes, breach of security and encryption, poor quality of internet service or telephone service etc.
19. Derivative Data
We may generate derived data and anonymous statistical information based on the data available on the Neufin. Such derived data and anonymous statistical information shall not identify you at a personal level, and shall be exclusively our property. We may use such data or information for any legitimate purpose as we may determine, without any compensation to you.