1. Corporate Identity & Application
This Privacy Policy governs the processing of personal and corporate datasets handled by Inovity India Paytech Private Limited (referred to as "Inovity India", "We", "Us", or "Our"). As an incorporated Private Limited entity under India's MCA (CIN: U67100BR2022PTC059239), we maintain our registered headquarters at:
Mithanpura, Muzaffarpur Bihar, India - 842002
Inovity India functions as a "Data Processor" when we integrate verifications on behalf of our enterprise B2B partners, who operate as "Data Fiduciaries" under current Indian law.
2. Endpoint Specific Data Handling
Our Unified APIs transmit data solely to generate real-time results from designated central registries. Here is how our individual API endpoints manage information:
PAN Verification API
Transmits PAN IDs directly to verified databases to return official name and seed status. No permanent local storage occurs post-validation.
RC Verification API
Connects to VAHAN central registry using registration numbers to return engine and vehicle insurance validity metrics.
E-Challan Fetch API
Pulls active challan counts, traffic violation details, and state penalties to assist commercial fleet mitigations.
CIBIL & Experian APIs
Pulls credit metrics, active loan balances, and payment profiles. Requires iron-clad client end-user consent verification prior to any query.
3. DPDPA Pillars of Fair Processing
Inovity India enforces compliance across all data principal rights defined by India's Digital Personal Data Protection standards:
Right to Access and Correction
Clients can retrieve real-time logs of their processing histories. Any structural inaccuracies reported to the partner (Fiduciary) will be reflected downstream in our system.
Consent Erasure & Right to Be Forgotten
Upon explicit withdrawal of consent from the user to our B2B partners, we trigger immediate, permanent erasure of processed cache payloads.
Purpose-Bound Processing
We do not combine, share, or sell user identity vectors. Every transactional request is strictly mapped to an active B2B contract and onboarding purpose.
4. Military-Grade Security Protocols
Because we support critical core banking and microfinance verification pipelines, we deploy end-to-end security layers:
- AES-256 Bit Encryption at Rest
- TLS 1.3 Encryption in Transit
- Automated IP Whitelisting Controls
- 24/7 Security Operations Monitoring
5. Structured Retention Schedules
We minimize processing liabilities by deleting verification parameters as soon as transactions conclude:
| API Category | Data Type | Retention Timeline |
|---|---|---|
| Government Verification | PAN, DL, Passport Details | Instant purge upon verification delivery |
| Credit Bureaus | Bureau Reports (CIBIL/Experian) | Immediate purge upon response render |
| Access Logs | Transaction Identifiers | 7 Years (Compliance requirement under PMLA) |
6. Grievance Redressal & Contacts
For questions regarding personal dataset access, consent revocations, or system processing protocols, please direct communications to our dedicated DPDPA Grievance Officer:
Inovity India Paytech Private Limited
Mithanpura, Muzaffarpur
Bihar, India - 842002
Expected resolution: Within 15 business days under DPDP guidelines.