Legal

Privacy Policy

Effective Date: January 1, 2025  |  Last Updated: February 1, 2025  |  Paaw Innovations Pvt. Ltd. ("Augmen")

1. Introduction

Paaw Innovations Pvt. Ltd., operating under the brand name "Augmen" (referred to as "we," "our," or "us"), is committed to protecting the privacy and personal data of all individuals who interact with our products and services. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the Reserve Bank of India (RBI) guidelines on data security and customer confidentiality.

2. Information We Collect

2.1 Information Collected During KYC

When financial institutions use our eKYC solution, the following data may be processed on their behalf:

  • Identity documents: Aadhaar (masked number only), PAN card, Voter ID, Passport
  • Video recordings during V-CIP sessions (as required by RBI V-CIP guidelines)
  • Live photographs with geo-tagged location data
  • Facial biometric data for face matching (processed on-device where possible)
  • GPS coordinates and IP address (for geo-tagging as mandated by RBI)

2.2 Information Collected During Loan Conversations

  • Voice recordings transcribed by our STT system (processed and stored on the client's infrastructure)
  • Document images uploaded during conversations
  • Borrower responses to loan application questions

2.3 Information We Do NOT Collect

  • We do not store unmasked Aadhaar numbers (masked per UIDAI Section 16 requirements)
  • We do not retain biometric data beyond the verification session
  • We do not collect data from end-users directly — we process data on behalf of our regulated entity (RE) clients

3. How We Use Your Information

All personal data is processed strictly for the purposes of:

  • Facilitating KYC verification as prescribed by RBI Master Direction — KYC Direction, 2016
  • Enabling loan origination conversations between borrowers and financial institutions
  • Document verification and data extraction for loan processing
  • Improving our AI models through anonymized, de-identified training data only

4. Data Storage & Localization

All data is stored on servers located within India. We comply with RBI's data localization requirements. No personal data of Indian customers is transferred, stored, or processed outside of India. V-CIP recordings and KYC data are stored in tamper-proof, encrypted storage within the regulated entity's infrastructure or on Indian cloud servers as per their data management policies.

5. Data Retention

  • KYC records: Retained for a minimum of 5 years from the date of transaction, as per RBI KYC Direction requirements
  • V-CIP video recordings: Retained as per the regulated entity's record retention policy (minimum 5 years)
  • Conversation transcripts: Retained as per client agreement, typically 3–5 years
  • AI training data: Anonymized and de-identified data may be retained indefinitely; all PII is removed before use in model training

6. Data Security

We implement industry-standard security measures including:

  • End-to-end encryption (AES-256) for all data in transit and at rest
  • ISO 27001 certified information security management system
  • Regular Vulnerability Assessment and Penetration Testing (VAPT) by accredited agencies
  • Role-based access controls with multi-factor authentication
  • Encrypted audit logs with tamper detection
  • On-device processing for liveness detection and anti-spoofing (data never leaves the device for these checks)

7. Data Sharing

We do not sell, rent, or trade personal data. Data may be shared only:

  • With the regulated entity (bank/NBFC) on whose behalf we process the data
  • With UIDAI for Aadhaar OTP-based e-KYC authentication (banks only)
  • With Central KYC Records Registry (CKYCR) for KYC record upload
  • With law enforcement or regulatory authorities when required by law

8. Your Rights Under DPDP Act, 2023

As a Data Principal under the DPDP Act, you have the right to:

  • Access: Request information about what personal data we process
  • Correction: Request correction of inaccurate personal data
  • Erasure: Request deletion of your personal data (subject to regulatory retention requirements)
  • Grievance Redressal: File a complaint with our Data Protection Officer
  • Nomination: Nominate an individual to exercise your rights in case of death or incapacity

9. Cookies & Website Analytics

Our website (augmen.io) uses essential cookies for functionality and anonymous analytics to understand site usage. We do not use third-party advertising cookies or tracking pixels. You may disable cookies in your browser settings.

10. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly process personal data of children. Financial services facilitated through our platform require users to be of legal age for financial transactions.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated version will be posted on this page with a revised "Last Updated" date.

12. Contact Us

For privacy-related inquiries or to exercise your rights under the DPDP Act:

Data Protection Officer
Paaw Innovations Pvt. Ltd.
SINE IIT Bombay, Powai, Mumbai 400076
Email: privacy@augmen.io