Reference

Explore How c17 Handles Your Privacy

At c17, your personal data belongs to you — we collect only what we need to run your account, process payments via UPI, Paytm and PhonePe, and keep…

Data Minimisation ApproachEncrypted Account StorageUPI & Paytm Payment PrivacyRight to Access Your DataIndia-Applicable Law

Explore the Lobby Read FAQ

Browse the Scope of Our Data Practices

c17 Service availability depends on jurisdiction. It is the user's responsibility to check local law before access.

c17 processes personal data in line with applicable Indian data protection law, including provisions under the Information Technology Act and the Digital Personal Data Protection Act where enforced. We collect your name, contact details, payment identifiers linked to UPI, Paytm or PhonePe, device identifiers and session

1
logs. This data is used strictly to verify your identity, process transactions and deliver account services. We do not sell your data to third parties for marketing. Access to the platform depends on local law and is available where local law permits. If you reside in
2
a jurisdiction where data-transfer restrictions apply, those restrictions govern how we handle your records. Our retention schedule is tied to account activity and regulatory obligation — data is deleted when no longer necessary.

Service availability depends on jurisdiction. It is the user's responsibility to check local law before access.

PRIVACY CONTACT PATHS

Start a Privacy Request with Our Team

If you want to access, correct or delete your personal data, or raise a concern about how we process it, our privacy team is reachable around…

DATA HANDLING STANDARDS

See How We Protect and Retain Your Data

Every layer of our account infrastructure — from the moment you enter a UPI reference to the point a withdrawal clears — is covered by encryption in transit and at rest.

Encrypted Data Storage

All personal records, including payment identifiers from UPI, Paytm and PhonePe, are encrypted using AES-256 at rest. Access inside our systems is restricted to personnel with a verified operational need for that specific record.

Cookie Policy

We use session cookies to keep you logged in, preference cookies to remember your language and currency settings, and analytics cookies to understand page performance. You can adjust cookie preferences from the settings panel on any page.

Account Security Controls

Two-factor authentication is available for every account. Login attempts from unrecognised devices trigger a verification step. Suspicious session activity is flagged automatically and you receive an immediate notification on your registered contact.

Data Retention Schedule

We keep transaction records for the period required by applicable Indian financial regulations. Account profile data is retained while your account is active and deleted within 60 days of a verified account-closure request.

Third-Party Data Sharing

We share data only with payment processors — UPI rails, Paytm and PhonePe gateways — and identity-verification partners who are contractually bound to use your data solely for the purpose we specify. No data is sold.

How to Request Changes

Submit a data-correction or erasure request via email or live chat. We verify your identity, locate the relevant record and confirm the change or deletion in writing within 15 business days as required under applicable law.

Open Answers to Your Privacy Questions

These are the questions we receive most often about how c17 collects, uses and protects your data. If your question is not covered here, contact our privacy team directly.

We collect your name, email address, phone number, date of birth and the payment identifiers you use — UPI VPAs, Paytm wallet IDs or PhonePe numbers. We also log device type, IP address and session timestamps for security purposes.

Payment identifiers are encrypted during transmission and stored in an isolated data vault. We never store your full UPI PIN or Paytm MPIN — those remain on your device and within the respective payment app's own security layer.

Yes. Send a data-access request to our privacy email with your registered account address. We will compile your full data record and deliver it in a readable format within 15 business days of verifying your identity.

Profile data is deleted within 60 days of a confirmed account closure. Transaction logs are held for the period required by applicable Indian financial regulations, after which they are permanently removed from our systems.

Only with payment processors like UPI rails and PhonePe gateways, and identity-verification partners. All third parties sign data-processing agreements limiting use of your data to the specific service they provide. Your data is never sold.

Contact us via live chat or email, select the Data & Privacy topic and describe the correction or deletion you need. After identity verification, we process the change and send written confirmation within 15 business days.

We use session, preference and analytics cookies. Session cookies are essential for account access; the others can be managed in the cookie-settings panel found in the footer of every page, with changes taking effect immediately.

Explore How c17 Handles Your Privacy

Start a Privacy Request with Our Team

See How We Protect and Retain Your Data

Encrypted Data Storage

Cookie Policy

Account Security Controls

Data Retention Schedule

Third-Party Data Sharing

How to Request Changes

Open Answers to Your Privacy Questions

01 What personal data does c17 collect when I open an account?

02 How is my payment data protected when I use UPI or Paytm?

03 Can I request a copy of all the data c17 holds about me?

04 How long does c17 keep my account data after I close my account?

05 Does c17 share my data with any third parties?

06 How do I ask c17 to correct or delete my personal information?

07 Does c17 use cookies, and how can I manage them?

Related Pages