Privacy Policy

BloomXpe Services Pvt Ltd ("BloomXpe", "we", "us", or "our"), headquartered in India, is committed to protecting the privacy of our users, merchants, and partners. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment orchestration platform and related services.

BloomXpe operates as a technology enablement platform. We do not store payment card data, payment credentials, or any sensitive financial instrument details. All payment processing occurs directly between the Merchant and their chosen Payment Gateway or Banking Partner.

1. Information We Collect

1.1 Business Information

When you register for or use our services, we may collect the following business information:

• Full name, email address, and phone number of authorised representatives
• Business name, GSTIN, PAN, and registered address
• Bank account details as provided for onboarding with Payment Gateways and Banking Partners
• KYC documents as required by respective financial institutions
• Login credentials and authentication data for platform access

1.2 Transaction Routing Data

We collect data related to payment transaction routing through our platform, including:

• Transaction amount, currency, and routing status
• Payment gateway routing details and decisions
• Timestamps and order references
• Routing success and failure metadata

Important: BloomXpe does not store card numbers (PAN), CVV, card expiry dates, UPI PINs, net banking credentials, or any payment instrument credentials. All sensitive payment data is handled exclusively by the respective Payment Gateway or Banking Partner.

1.3 Technical Data

We automatically collect certain technical information when you access our services:

• IP address and device identifiers
• Browser type, operating system, and device type
• API usage logs and access patterns
• Cookies and similar tracking technologies

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our payment orchestration services
• To process transactions and route payments through optimal gateways
• To verify your identity and comply with KYC/AML regulations
• To send service-related notifications and updates
• To detect and prevent fraud, unauthorized access, and security threats
• To generate analytics and performance reports for your account
• To respond to customer support inquiries
• To comply with legal obligations and regulatory requirements

3. Information Sharing and Disclosure

We do not sell your personal information. We share your business information only with Payment Gateways and Banking Partners as necessary for onboarding and transaction routing. Specifically, we may share your information with:

• Payment Gateway Partners: Razorpay, Cashfree, PayU, Paytm, and other integrated gateways for merchant onboarding and transaction routing
• Banking Partners: For Connected Banking onboarding and service activation
• Regulatory Authorities: RBI, NPCI, and other bodies as required by law
• Service Providers: Cloud hosting, analytics, and communication services that assist our operations
• Legal Requirements: When required by law, court order, or governmental regulation

BloomXpe does not share, sell, or transfer payment card data or payment credentials, as we do not collect or store such information.

4. Data Security

We implement industry-standard security measures to protect your data:

• AES-256 encryption for data at rest and TLS 1.3 for data in transit
• PCI DSS Level 1 compliance for payment data handling
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Role-based access controls and audit logging

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Transaction records are retained for a minimum of 8 years as required by applicable Indian financial regulations. You may request deletion of your account data, subject to our legal and regulatory obligations.

6. Your Rights

Subject to applicable law, you have the right to:

• Access and review your personal information
• Correct inaccurate or incomplete data
• Request deletion of your personal data (subject to legal requirements)
• Withdraw consent for marketing communications
• Lodge a complaint with the relevant data protection authority

7. Cookies

We use cookies and similar technologies to enhance your experience. Please refer to our Cookie Policy for detailed information about our use of cookies.

8. Compliance with Indian IT Act 2000

BloomXpe complies with the Information Technology Act, 2000 and its amendments, including:

• Implementation of reasonable security practices and procedures as defined under Section 43A and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Compliance with intermediary guidelines under Section 79
• Adherence to the Digital Personal Data Protection Act, 2023
• Maintenance of appropriate security certifications (ISO 27001, PCI DSS Level 1)

9. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

BloomXpe Services Pvt Ltd
INDIA
Email: bloomxpe@gmail.com
WhatsApp: Chat on WhatsApp · Telegram: @bloomxpe