Privacy Policy

Last updated: April 21, 2026

Privacy Policy – RubiPay

Effective Date: April 21, 2026

RubiPay (“RubiPay,” “we,” “our,” or “us”) is a manual currency exchange application that facilitates INR to RUB and RUB to INR exchanges. We value your privacy and are committed to protecting your personal information in compliance with applicable laws, including India's Digital Personal Data Protection Act, 2023 (DPDP Act), and global standards like GDPR where relevant. This Privacy Policy (“Policy”) explains how we collect, use, disclose, store, and safeguard your data when you download, register for, or use the RubiPay app (“App”). By using the App, you consent to these practices.

1. Information We Collect

We collect only the data necessary for manual currency exchanges, KYC verification, and app functionality. Data is collected directly from you or generated during use.

  • Personal Information: Name, email address, phone number, date of birth, and residential address (provided during registration or KYC).
  • Identity Verification (KYC) Data: Government-issued ID details (e.g., passport number, Aadhaar number if applicable in India, driver's license), passport or ID images, selfies for liveness checks, and proof of address.
  • Financial Information: Bank account details (account number, IFSC code for INR; phone number for RUB), UPI ID, or wallet details (used solely for manual transaction processing).
  • Transaction Data: Exchange amounts (INR to RUB or RUB to INR), transaction history, timestamps, exchange rates applied, recipient details, and status updates.
  • Device and Usage Data: IP address, device ID, OS version, app interactions, crash logs, and location data (approximate, for fraud detection during transactions).
  • Support Data: Communications with our support team, including emails or in-app chats.

We do not collect sensitive data like full card numbers or passwords (we use secure tokens).

2. How We Use Your Information

We use your data strictly for App operations and legal compliance:

  • To verify your identity via manual KYC checks before approving exchanges.
  • To process manual currency exchanges (e.g., matching buyers/sellers, confirming funds, and coordinating transfers).
  • To provide customer support, resolve disputes, and send transaction confirmations.
  • To analyze usage patterns, improve App features (e.g., faster matching), and personalize exchange rates.
  • To detect fraud, prevent money laundering, and ensure security (e.g., monitoring unusual transaction volumes).
  • To comply with legal requirements, such as anti-money laundering (AML) reporting under RBI/PFRDA guidelines or international sanctions.

3. Data Security

We prioritize your data's safety with industry-standard measures:

  • Encryption: All data in transit uses HTTPS/TLS 1.3; stored data is encrypted at rest (AES-256).
  • Access Controls: Role-based access for our team; multi-factor authentication (MFA) required.
  • Regular Audits: Vulnerability scans, penetration testing, and compliance with ISO 27001 standards.
  • No 100% Guarantee: Internet transmissions carry risks; we cannot guarantee absolute security.

In case of a data breach, we will notify affected users and authorities within 72 hours as required by law.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your data. Sharing occurs only in limited cases:

  • Service Providers: Trusted third parties for KYC (e.g., manual reviewers), payment gateways (UPI, bank transfer for INR), cloud storage (e.g., AWS with DPA), or analytics (anonymized only). They are bound by strict contracts.
  • Legal Requirements: To comply with court orders, RBI/FSRB regulations, law enforcement, or to report suspicious activities under PMLA 2002.
  • Business Transfers: In mergers/acquisitions, with notice to you.
  • International Transfers: Data may be processed in India or Russia (for RUB exchanges); we use Standard Contractual Clauses (SCCs) for adequacy.

No sharing for marketing without explicit opt-in consent.

5. User Rights

You have control over your data. Contact us to exercise these rights (response within 30 days):

  • Access: Request a copy of your data.
  • Correction: Update inaccurate information.
  • Deletion: Request account/data erasure (subject to legal retention; e.g., transaction records kept 7 years for AML).
  • Portability: Receive data in a structured format.
  • Objection/Restriction: Opt out of processing for non-essential uses.
  • Withdraw Consent: At any time, though this may limit App use.

For India users: Rights under DPDP Act via grievance officer. For EU/UK: GDPR rights including DPO contact.

6. Manual Exchange Disclaimer

RubiPay is not an automated bank, wallet, or financial institution—it's a manual P2P exchange platform:

  • Transactions are reviewed and processed by our team (typically 24-48 hours).
  • We match INR sellers with RUB buyers (or vice versa) based on your details.
  • User Responsibility: Double-check amounts, recipient info, and rates before submission. Errors are not reversible.
  • No guarantees on exchange rates (market-based); no liability for rate fluctuations.
  • Complies with RBI forex guidelines for non-residents/manual exchanges.

7. Children's Privacy

The App is not for children under 18. We do not knowingly collect data from minors. If we discover such data, we delete it promptly. Parents/guardians: Contact us to request removal.

8. Cookies and Tracking

The App uses essential cookies for sessions/security. No third-party trackers. You can manage device permissions (e.g., location) in settings.

9. Data Retention

Data is retained only as needed:

  • Transaction/KYC data: 7 years for legal/AML compliance.
  • Support logs: 1 year.
  • Inactive accounts: Deleted after 2 years of inactivity (with notice).

Deleted data is securely wiped (no recovery).

10. Contact Information

Questions? Reach us:
Email: rubipay55@gmail.com

11. Changes to This Policy

We may update this Policy (e.g., new features). Changes post-date apply immediately. We'll notify via in-App banner, email, or Play Store update. Continued use = acceptance.