top of page
GIROPIE-R-04-23.png

PEPPERTREE.AI PVT. LTD. – PRIVACY POLICY

Last Updated: 23-03-2026

​

Introduction

This Privacy Policy describes how Peppertree.AI Pvt. Ltd. (“Peppertree.AI”, “GIROPie”, “Company”, “we”, “our”, or “us”) collects, processes, stores, uses, and shares data when you access or use the GIROPie platform (“Platform” or “Services”).

This Policy applies to all GIROPie offerings, including websites, applications, APIs, dashboards, and integrations.

This Policy is to be read in conjunction with our Terms & Conditions and Service Agreements. In case of conflict, the Service Agreement shall prevail for commercial terms, and this Privacy Policy shall govern data practices.

By using the Platform, you acknowledge and consent to data processing in accordance with applicable laws, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.

 

Nature of GIROPie Services

GIROPie operates strictly as a technology and orchestration platform facilitating invoice workflows, payment enablement, and data exchange between businesses and regulated partners.

GIROPie:

  • Does not act as a bank, NBFC, or payment system operator

  • Does not hold, store, or custody funds

  • Does not independently underwrite credit or financing

All financial services are provided by regulated partners.

 

Definitions

  • Personal Data: Data relating to an identifiable individual

  • Business Data: Invoice, transaction, counterparty, and operational financial data

  • User / You: Any individual or entity using the Platform

  • Partners: Banks, NBFCs, payment aggregators, TSP/ASP providers, and regulated financial entities

 

Principles of Data Processing

GIROPie follows a data minimisation-first approach.

  • Only necessary data is collected and processed

  • Data is used strictly for defined purposes

  • Personal or business data is not sold

  • Data sharing is limited to service delivery needs

 

Data We Collect

 

User & Business Information

  • Name, designation, contact details

  • Business registration details, GST information

  • Authorized signatories

 

KYC & Compliance Data

  • PAN, Aadhaar (where applicable and consented)

  • KYC documents

  • Bank account details (masked or tokenized where applicable)

 

Transactional & Invoice Data

  • Invoice data (created or uploaded)

  • Buyer and supplier details

  • Payment status and reconciliation records

 

Technical & Usage Data

  • IP address, device and browser details

  • Logs, cookies, and analytics data

  • Platform usage patterns

 

Purpose of Processing

Data is processed for:

  • Delivering invoice-to-cash workflows

  • Enabling payment processing through partners

  • Reconciliation and audit trail maintenance

  • KYC, AML, and fraud prevention

  • Facilitating financing and credit services via partners

  • Improving platform performance and user experience

  • Legal and regulatory compliance

 

Lawful Basis and Consent

Data processing is based on:

  • User consent

  • Legitimate use for service delivery

  • Compliance with legal and regulatory obligations

By using the Platform, you:

  • Consent to data processing necessary for service delivery

  • Authorize sharing with regulated partners

  • Acknowledge statutory data retention requirements

Explicit consent may be obtained separately for financing, credit services, or sensitive personal data where required.

 

Data Sharing Framework

Data is shared strictly on a need-to-know and transaction-specific basis.

  • With Banks and Financial Institutions

For settlement, reconciliation, and compliance purposes.

  • With Payment Aggregators and TSP/ASP Providers

For collections, payouts, mandates, and transaction validation.

  • With Financing and Credit Partners

For underwriting, invoice financing, and credit assessment.

  • With Regulators or Authorities

When required by law or regulatory directives.

 

Important Clarification

GIROPie:

  • Does not control partner decisions such as credit approvals or settlement timelines

  • Acts only as a data transmission and orchestration layer

All partners are contractually required to maintain confidentiality, security, and regulatory compliance.

 

Data Retention

Data is retained only for as long as necessary to:

  • Provide services

  • Meet legal and regulatory requirements

  • Support audits and dispute resolution

Certain data may continue to be retained even after account closure where required by law.

 

User Rights

Users may:

  • Request access to personal data

  • Request correction or updates

  • Withdraw consent

  • Request deletion, subject to legal and regulatory limitations

Requests can be made to the Grievance Officer.

 

Data Security

GIROPie implements industry-standard security practices, including:

  • Encryption of data in transit and at rest

  • Role-based access controls

  • Secure authentication mechanisms

  • Monitoring and audit systems

Users are responsible for safeguarding their login credentials.

 

Cookies and Tracking

Cookies are used for:

  • Essential platform functionality

  • Performance and analytics

  • Limited personalization

Users may disable cookies through browser settings, which may impact platform functionality.

 

Third-Party Platforms

Interactions with third-party platforms (such as social media) are governed by their respective privacy policies. GIROPie does not control third-party data practices.

Prohibited Activities and Compliance

Users shall not upload, transmit, or share unlawful or harmful content.

Upon receiving valid notice of violations, GIROPie may take appropriate action within prescribed timelines and preserve records where required by law.

 

Limitation of Liability

GIROPie shall not be liable for:

  • Actions or omissions of partner institutions

  • Credit decisions, financing approvals, or rejections

  • Payment delays caused by banks, networks, or regulators

  • External system failures

  • Indirect or consequential losses

GIROPie operates solely as a technology facilitator and does not handle customer funds.

 

Cross-Border Data Processing

Where necessary for service delivery, data may be processed outside India in compliance with applicable legal and security safeguards.

 

Governing Law and Dispute Resolution

This Privacy Policy is governed by the laws of India.

Disputes shall be resolved through arbitration in Bengaluru, Karnataka, under the Arbitration and Conciliation Act, 1996.

 

Grievance Redressal

Grievance Officer:
Name: Mr. Krishna Kumar B S
Address: No. 1139, Maruthi Complex, 3rd Floor,
BEML Layout, 3rd Stage, Raja Rajeshwari Nagar,
Bengaluru – 560098, Karnataka, India
Email: getinfo@peppertree.ai

Phone: +81 89510 65761

 

Legal Positioning: GIROPie is a technology platform facilitating invoice, payment, and data workflows and does not store or process funds directly.

bottom of page