ProfilePayProfilePay

Privacy Policy

Last updated: May 8, 2026

1. Our Role as a Routing Utility

Important Distinction: ProfilePay operates strictly as a technology service provider. We generate UPI deep links and QR codes to route users to their preferred UPI applications. We are not a payment gateway, payment aggregator, or bank. We do not participate in any flow of funds.

Because we do not participate in the flow of funds, we do not collect, process, hold, or store any payment data, bank account details, credit/debit card numbers, or transaction histories regarding the payments made between you and your clients. All financial transactions occur directly between the sender's UPI app and the receiver's bank via the NPCI UPI protocol.

2. Information We Collect

When you create an account with ProfilePay, we only collect the information strictly necessary to generate your public profile and UPI routing links:

  • Identity Data: Your name, username, email address, and optional profile photo.
  • Authentication Data: Your password (stored as a securely hashed value; we never store plaintext passwords) or OAuth tokens if you sign in via Google.
  • Public Routing Data: The UPI ID you provide (e.g., name@bank) to generate your QR codes and payment links, your display name, professional title, bio, and any social media links you choose to display on your public profile.
  • Verification Data: Links to professional portfolios, social media profiles, or websites provided voluntarily for our trust verification process.
  • Preference Data: Your chosen theme, button style, font, tip jar amounts, and other profile customization settings.

3. Information Collected Automatically

When you visit our website, we may automatically collect certain technical information, including:

  • Device & Browser Data: IP address, browser type, operating system, device type, and screen resolution.
  • Usage Data: Pages visited, time spent on pages, referral URLs, and click patterns.
  • Cookies: We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

4. How We Use Your Data

We use the collected information strictly to provide, maintain, and improve the ProfilePay platform. This includes:

  • Generating accurate UPI intent links and downloadable QR codes.
  • Displaying your customized public profile page at profilepay.in/yourname.
  • Authenticating your identity and securing your account.
  • Processing your premium subscription payments via Razorpay.
  • Providing customer support and responding to your queries.
  • Communicating important account updates, security alerts, and service changes.
  • Verifying your identity through our trust & safety process to protect the community against fraud.
  • Improving platform performance, fixing bugs, and analyzing usage patterns (in aggregate, anonymized form).

5. Data We Never Collect

To be explicitly clear, ProfilePay never collects, processes, or stores:

  • Bank account numbers, IFSC codes, or account balances.
  • Credit or debit card numbers (subscription billing is handled entirely by Razorpay).
  • UPI PINs or any transaction authentication credentials.
  • Transaction amounts, histories, or settlement details of peer-to-peer UPI payments.
  • Aadhaar numbers, PAN numbers, or government identification documents.

6. Third-Party Services

We integrate with the following third-party services, each governed by their own privacy policies:

  • Supabase: Our database and authentication infrastructure provider. Your account data is stored securely with Row Level Security (RLS) policies enforced at the database level.
  • Razorpay: Our billing partner for processing premium subscription payments. When you purchase a Pro plan, your billing information is handled directly by Razorpay. ProfilePay does not store your card or sensitive billing details on our servers.
  • Google OAuth: If you choose to sign in with Google, we receive only your name, email, and profile picture from Google. We do not access your Google contacts, drive, or any other Google data.

7. Data Security

We implement industry-standard security measures to protect your personal information:

  • Row Level Security (RLS): Database-level access controls ensuring users can only access their own data.
  • Encryption: All data in transit is encrypted via TLS/SSL. Passwords are hashed using bcrypt.
  • Secure Authentication: Sessions are managed via HTTP-only cookies with CSRF protection.
  • Input Sanitization: All user inputs are sanitized server-side to prevent XSS and injection attacks.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but we are committed to implementing best practices and promptly addressing any vulnerabilities.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., billing records for tax compliance, which may be retained for up to 7 years as required by Indian tax regulations).

9. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate information directly from your dashboard settings.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to any processing of your data that you believe is unlawful.

To exercise any of these rights, contact us at support@profilepay.in. We will respond within 30 days.

10. Children's Privacy

ProfilePay is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will promptly delete such information and terminate the associated account.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. Material changes will be communicated via email or a prominent notice on the platform. Your continued use of ProfilePay after any changes constitutes acceptance of the updated policy.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules thereunder, the Grievance Officer for the purpose of this Privacy Policy is:

We shall address your grievance within 30 days from the date of receipt.

13. Contact Us

If you have any questions about this Privacy Policy or how your data is handled, please contact our support team at support@profilepay.in.