Privacy Policy — InstaKYC

Last updated: March 2026

1. Introduction

InstaKYC ("we", "our", "us"), operated by Oriel Inc. (CIN: U74999HR2023PTC000000), is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our KYC verification platform at instakyc.in.

By using InstaKYC, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following categories of personal information:

Category	Examples	Purpose
Identity Data	Name, Aadhaar number (masked), PAN number	KYC verification
Contact Data	Mobile number, email address	Account management, alerts
Financial Data	Bank account number, IFSC code	Bank verification service
Usage Data	IP address, browser type, pages visited	Security, analytics
Transaction Data	Wallet top-ups, service usage history	Billing, audit trail
Business Data	Company name, GST number	B2B account profile

3. How We Use Your Information

To provide KYC verification services through our platform
To process wallet transactions and maintain billing records
To send service notifications, OTPs, and important alerts
To prevent fraud, unauthorized access, and abuse of our platform
To comply with legal obligations under Indian law (IT Act 2000, DPDP Act 2023)
To improve our platform and develop new features

4. Data Sharing & Third Parties

We share your data only in the following circumstances:

Surepass Technologies: Our KYC API provider processes verification requests. Their privacy policy applies to data processed through their systems.
Payment Processors: UPI transaction data is processed by your bank and UPI service provider.
Legal Requirements: We may disclose data when required by law, court order, or government authority.
Business Transfer: In case of merger or acquisition, data may be transferred to the acquiring entity.

We do not sell your personal data to third parties.

5. Data Storage & Security

All data is stored on servers located in India (Hostinger Mumbai datacenter). We implement the following security measures:

SSL/TLS encryption for all data in transit
Aadhaar numbers stored in masked form only (last 4 digits)
Passwords hashed using bcrypt (never stored in plaintext)
Access controls and role-based permissions
Regular security audits and vulnerability assessments

6. Data Retention

We retain your personal data for as long as your account is active, plus an additional period as required by law. KYC verification logs are retained for a minimum of 5 years as required under Indian AML/KYC regulations. You may request deletion of your account data subject to legal retention requirements.

7. Your Rights (DPDP Act 2023)

Under the Digital Personal Data Protection Act 2023, you have the right to:

Access the personal data we hold about you
Correct inaccurate or incomplete personal data
Nominate a person to exercise rights on your behalf
Grievance redressal through our Data Protection Officer

8. Cookies

We use essential session cookies for authentication and security. We do not use advertising or tracking cookies. You can disable cookies in your browser, but this may affect platform functionality.

9. Children's Privacy

InstaKYC is not intended for use by persons under 18 years of age. We do not knowingly collect personal information from minors.

10. Contact Us

For privacy-related queries or to exercise your rights, contact our Data Protection Officer:

Email: support@instakyc.in
Address: Oriel Inc., 599, 17B, Phase 1, Surat Nagar, Gurugram, Haryana – 122001
Response Time: Within 72 hours