Privacy Policy

Last Updated: December 16, 2025

Privacy at a Glance

Security First

Bank-level AES-256 encryption, multi-factor authentication, and 24/7 monitoring protect your data

Privacy First

You control your data. We collect only what's necessary to serve you and never sell your information

Consent-Based Sharing

No data is shared with third parties without your explicit consent. You can revoke access anytime

Industry Standards

We comply with DPDP Act 2023, pursue ISO 27001 and SOC 2 certifications, and follow RBI guidelines

1. Introduction

Ziliqon Labs Private Limited ("we", "our", or "us") protects your privacy and secures your personal and financial information. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Platform, including the Rupie application. We comply with the Digital Personal Data Protection Act (DPDP Act), 2023 and other applicable Indian data protection laws.

Company Details:

  • Company Name: Ziliqon Labs Private Limited
  • CIN: U62011KA2025PTC209760
  • Registered Address: S-205, 2nd Floor, Crystal Arc, Balmatta Road, Mangalore - 575001, Karnataka, India
  • Data Protection Officer: dpo@ziliqonlabs.com

2. Information We Collect

2.1 Personal Information

Identity Information: We collect your full name, date of birth, PAN (Permanent Account Number), email address, and phone number to verify your identity and create your account. Aadhaar is optional and collected only with your explicit consent for identity verification purposes

Financial Information: With your consent, we collect financial data including compensation details, salary and income information, bank account details for transactions, tax-related data for compliance and calculations, investment information, and other financial account details necessary to provide our services

Employment Information: We collect details about your current and previous employers, job titles, roles, and employment dates to provide context for our services

2.2 Technical and Usage Data

Technical Data: We automatically collect IP addresses, device identifiers, browser type and version, operating system, and login timestamps to secure your account, detect fraud, and troubleshoot issues

Usage Data: We collect information about how you interact with our Platform, including features accessed, pages visited, time spent, search queries, button clicks, and navigation patterns. This helps us understand user needs and improve our services. We also collect error reports and diagnostic information to fix bugs and enhance performance

Cookies and Tracking: We use cookies and similar technologies for authentication, security, preferences, and analytics. You can control cookie settings through your browser

2.3 Third-Party Data

With your explicit consent via secure integrations, we collect financial data from Account Aggregator-enabled financial institutions (bank accounts, investments, insurance), payroll service providers (salary, tax deductions), tax filing platforms (ITR data, tax liability), and HR systems. All third-party data collection is consent-based and uses secure, encrypted channels

3. How We Use Your Information

Core Service Delivery: We use your information to provide our financial services. This includes creating and maintaining your account, processing subscriptions and payments, providing customer support, generating calculations and reports, and delivering personalized insights based on your unique situation

Personalization & Recommendations: We analyze your financial data to provide customized recommendations, insights, and guidance tailored to your circumstances. This helps you make informed financial decisions. All personalization is done to enhance your experience and help you achieve your financial goals

Third-Party Integrations: With your explicit consent, we use your information to connect with third-party financial services. This enables seamless data flow and comprehensive service delivery

Product Improvement & Analytics: We analyze anonymized usage patterns and service performance to identify issues, improve features, enhance user experience, and develop new capabilities. We use aggregate, non-identifiable data to understand how users interact with our Platform and make it better

Research & Benchmarking: We create anonymized industry benchmarks, market insights, and research reports using aggregated data. This data cannot identify individual users and helps provide context for your financial decisions

Communications: We send you important account notifications, service updates, educational content about financial planning and equity compensation, product announcements, and occasionally promotional offers. You can opt out of non-essential communications at any time

Security & Fraud Prevention: We use your information to detect and prevent fraud, unauthorized access, account compromise, suspicious activities, and other security threats. This protects both you and our Platform

Legal Compliance: We process your data to comply with applicable laws and regulations, including tax laws (7-year retention requirements), RBI and SEBI guidelines, anti-money laundering requirements, and KYC (Know Your Customer) regulations

Algorithmic Processing: We use algorithms and automated analysis to generate personalized insights, perform calculations, create projections and scenarios, and deliver relevant information to help you make informed decisions

4. Legal Basis for Processing

We process your data based on: your explicit consent, contractual necessity, legal obligations (RBI, SEBI, tax compliance), and legitimate business interests (fraud prevention, product improvement)

5. How We Share Your Information

Important: We never sell your personal information to anyone. All data sharing is done to provide you with better services, comply with legal obligations, or with your explicit consent.

Service Providers (Data Processors): We work with trusted third-party service providers who help us operate our Platform. This includes cloud hosting providers for secure data storage, payment processors for subscription and transaction processing, email and communication service providers for notifications, analytics and monitoring tools for performance tracking, customer support platforms for helping you, and security services for fraud detection. All service providers are carefully vetted, bound by strict data protection agreements, and process data only as we instruct them. They cannot use your data for their own purposes

Financial Partners (With Your Consent): With your explicit consent obtained through secure consent flows, we share relevant data with banks and financial institutions, tax filing and compliance platforms, and other financial service providers you choose to connect with for service delivery. You control which partners receive your data and can revoke access at any time through your account settings

Legal and Regulatory Authorities (Legal Obligation): We may disclose your information when required by law or to protect rights and safety. This includes complying with valid legal obligations under Indian law, responding to court orders, subpoenas, or government requests, fulfilling regulatory inquiries from RBI, SEBI, or the Income Tax Department, cooperating with law enforcement investigations, and enforcing our Terms of Service or protecting against fraud. We carefully review all legal requests and share only the minimum necessary information

Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and ensure that the acquiring entity maintains the same level of privacy protection. Your rights and choices regarding your data will remain unchanged

Anonymized and Aggregated Data: We may share aggregated, anonymized, or de-identified data that cannot be used to identify individual users. This data is processed to remove all personally identifiable information before sharing

With Your Direction: We may share your information with third parties when you explicitly direct us to do so through features and controls provided in our Platform

6. Data Security Measures

Encryption & Access: We use bank-level AES-256 encryption (data at rest) and TLS 1.3 (data in transit), multi-factor authentication, role-based access controls, and secure OAuth 2.0 APIs

Protection & Monitoring: We maintain firewalls, intrusion detection, DDoS protection, 24/7 security monitoring, and conduct regular third-party audits and penetration testing

Compliance: We are committed to ISO 27001, SOC 2 Type II, RBI guidelines, and DPDP Act compliance

Breach Notification: If a breach occurs, we will notify affected users within 72 hours, report to regulatory authorities, provide breach details, and offer protective services if appropriate

7. Data Retention and Deletion

Retention Periods: We retain account and financial data for 7 years (Income Tax Act requirement), communication logs for 2 years, and marketing data until you opt out. Anonymized data is retained indefinitely

Account Deletion: When you delete your account, we permanently delete personal data within 90 days (except financial records retained for 7 years by law). You can request a data copy before deletion

Inactive Accounts: After 3 years of inactivity, we send deletion notice. You have 90 days to reactivate; otherwise, we delete your data (subject to legal requirements)

8. Your Privacy Rights

Under the DPDP Act, you have the right to:

  • Access: Request a copy of your personal data (provided within 30 days)
  • Correction: Update or correct your information through account settings or by contacting us
  • Deletion: Request deletion of your data (completed within 90 days, subject to legal requirements)
  • Data Portability: Receive your data in a machine-readable format (JSON, CSV)
  • Withdraw Consent: Withdraw consent at any time (may limit access to certain features)
  • Object: Object to data processing for marketing or legitimate interests
  • Restrict Processing: Request temporary processing restrictions
  • Grievance Redressal: File a complaint with our Data Protection Officer or the Data Protection Board of India

How to Exercise Your Rights: Use your account settings, contact our Data Protection Officer, or submit a request through our website. We respond within 30 days

9. Cookies and Tracking Technologies

We use essential cookies (authentication, security), performance cookies (usage tracking), functional cookies (preferences), and analytics cookies (Google Analytics, anonymized)

You can control cookies through your browser settings, our cookie consent banner, or third-party opt-out tools. Note: Blocking essential cookies may limit functionality

10. Third-Party Services and Links

Our Platform integrates with third-party services (Account Aggregators, payment processors, tax platforms, investment platforms, analytics providers). These services have their own privacy policies, and we are not responsible for their data practices. Please review their policies before sharing information

11. Children's Privacy

Our Platform is not intended for users under 18. We do not knowingly collect data from children and will delete it immediately if discovered. If you believe your child has provided us information, please contact us

12. International Data Transfers

Your data is primarily stored in India. Some service providers may process data internationally (e.g., cloud hosting). We ensure adequate safeguards (standard contractual clauses), comply with DPDP Act requirements, and maintain the same protection level. We will notify you and seek consent when required by law

13. Account Aggregator Framework

We use the RBI-regulated Account Aggregator (AA) framework for secure, consent-based financial data sharing. You provide explicit consent through the AA interface, and data is fetched directly from your financial institutions. You control what data is shared, duration, and can revoke consent anytime

Data Accessed: Bank statements, investment holdings, insurance policies, and tax information

Security: End-to-end encryption, consent-based time-limited access, no password storage, and RBI regulatory oversight

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, new features, applicable laws, or user feedback. We will notify you of material changes via email, prominent platform notice, or in-app notification. Material changes take effect 30 days after notification; continued use constitutes acceptance

15. Contact Us

For questions, concerns, or requests about this Privacy Policy:

Data Protection Officer: dpo@ziliqonlabs.com or contact@ziliqonlabs.com (Response within 30 days)

Company: Ziliqon Labs Private Limited
CIN: U62011KA2025PTC209760
Address: S-205, 2nd Floor, Crystal Arc, Balmatta Road, Mangalore - 575001, Karnataka, India
Website: www.ziliqonlabs.com

If not satisfied with our response, you may file a complaint with the Data Protection Board of India (contact details to be published upon formation)

16. Consent and Acknowledgment

By using our Platform, you acknowledge that you have read and understood this Privacy Policy, consent to the collection and use of your information as described, understand your rights, and agree to provide accurate information and keep your credentials secure

For sensitive personal data (financial information, Aadhaar), we obtain your explicit consent through separate mechanisms within the Platform