top of page
GIROPIE-R-04-23.png

PEPPERTREE.AI PVT. LTD. – PRIVACY POLICY

Last Updated: 19 May 2026

Introduction

 

This Privacy Policy (“Policy”) describes how Peppertree.AI Pvt. Ltd. (“Peppertree.AI”, “GIROPie”, “Company”, “we”, “our”, or “us”) collects, processes, stores, uses, shares, secures, and protects information when you access or use the GIROPie platform (“Platform” or “Services”).

This Policy applies to all GIROPie offerings including websites, applications, APIs, dashboards, integrations, workflows, reconciliation systems, financing enablement modules, payment orchestration systems, and related services.

 

This Policy shall be read together with:

  • Terms & Conditions

  • Service Agreements

  • Partner terms and policies, where applicable

 

In case of inconsistency, this Policy shall govern data-processing practices.

 

By accessing or using the Platform, you acknowledge and consent to the practices described herein in accordance with:

  • Information Technology Act, 2000

  • Digital Personal Data Protection Act, 2023 (“DPDP Act”)

  • RBI guidelines and applicable financial-sector regulations

  • Applicable data protection and cybersecurity laws

 

Nature of GIROPie Services

GIROPie operates as a technology-driven invoice-to-cash orchestration platform facilitating:

  • Accounts receivable and payable workflows

  • Invoice lifecycle management

  • Payment enablement and reconciliation

  • Mandate-based payment workflows

  • Financing and credit enablement through regulated partners

  • Data exchange between businesses and financial institutions

 

GIROPie:

  • Does not operate as a bank, NBFC, or payment system operator

  • Does not independently underwrite financial products

  • Does not custody or own customer funds

  • Does not directly settle payments

 

Payment processing and regulated financial services are provided through regulated partners including banks, payment aggregators, TSP/ASP providers, NBFCs, and financial institutions.

GIROPie acts solely as a technology orchestration and workflow platform.

 

Definitions

  • Platform means GIROPie websites, applications, APIs, dashboards, workflows, integrations, and related systems.

  • User / You means any individual or entity using the Platform.

  • Personal Data means information relating to an identifiable individual.

  • Business Data means invoice, transaction, reconciliation, operational, financial, and counterparty data processed through the Platform.

  • Transaction Data means payment, mandate, settlement, reconciliation, and transaction-related information processed through the Platform.

  • Partners means banks, payment aggregators, sponsor banks, acquiring banks, TSP/ASP providers, NBFCs, KYC verification providers, fraud-monitoring systems, and regulated financial entities integrated with GIROPie.

  • Applicable Laws means all applicable laws, regulations, RBI directions, NPCI guidelines, and regulatory requirements in force from time to time.

 

Principles of Data Processing

GIROPie follows a regulated fintech orchestration data-governance approach based on:

  • Data minimization

  • Purpose limitation

  • Security-by-design

  • Need-to-know access

  • Lawful processing

  • Auditability and traceability

  • Regulatory compliance

 

GIROPie does not sell personal or business data.

Data is processed strictly for:

  • Service delivery

  • Regulatory compliance

  • Fraud prevention

  • Payment enablement

  • Risk management

  • Operational security

 

Information We Collect

User & Business Information

  • Name, designation, and contact details

  • Business registration details

  • GST information

  • Authorized signatory information

  • Vendor, buyer, and counterparty details

 

KYC & Compliance Information

  • PAN, Aadhaar, or equivalent identifiers (where applicable and consented)

  • Business KYC documents

  • Board Resolution

  • CKYC/CKYCR related verification data

  • Bank account information

  • Compliance declarations and onboarding information

 

Invoice & Transaction Data

  • Invoices created, uploaded, or processed

  • Payment instructions and mandate information

  • Settlement and reconciliation details

  • Collection workflows and transaction logs

  • Buyer-seller interaction records

 

Technical & Usage Information

  • IP address and device information

  • Browser and operating system information

  • Log files and activity records

  • Cookies and analytics data

  • Session and usage patterns

 

Risk, Fraud & Security Data

  • Fraud-monitoring information

  • Transaction risk indicators

  • Authentication logs

  • Security alerts and audit trails

  • Suspicious activity analysis data

 

Purpose of Data Processing

GIROPie processes data for the following lawful purposes:

  • Providing invoice-to-cash workflows

  • Enabling payment processing and reconciliation

  • Facilitating collections and mandate workflows

  • KYC, AML, fraud prevention, and compliance checks

  • Financing enablement and credit facilitation through partners

  • Transaction monitoring and risk analysis

  • Cybersecurity monitoring and threat detection

  • Maintaining audit trails and operational logs

  • Regulatory reporting and compliance obligations

  • Platform analytics and service improvements

  • Dispute resolution and legal enforcement

 

Certain platform processes may involve:

  • Automated transaction validation

  • Fraud detection systems

  • Risk scoring mechanisms

  • Reconciliation engines

  • Compliance screening workflows

 

Lawful Basis & Consent

 

GIROPie processes data based on:

  • User consent

  • Legitimate use for service delivery

  • Compliance with legal and regulatory obligations

  • Fraud prevention and platform security requirements

 

By using the Platform, you:

  • Consent to data processing necessary for service delivery

  • Authorize GIROPie to share data with regulated partners

  • Acknowledge audit, compliance, and retention obligations

  • Consent to verification and validation processes required under Applicable Laws

 

Where required, separate consent may be obtained for:

  • Financing and credit services

  • Mandate registration

  • Sensitive personal data processing

  • Third-party integrations

 

KYC Verification & Regulatory Validation

Users authorize GIROPie and its regulated partners to:

  • Verify KYC information

  • Conduct onboarding validation

  • Perform fraud and risk checks

  • Access authorized KYC repositories including CKYCR systems where legally permitted

 

GIROPie may request additional documents or information to comply with:

  • RBI guidelines

  • Partner requirements

  • AML obligations

  • Fraud prevention standards

 

Third-Party Processing & Regulated Partner Ecosystem

GIROPie operates within a regulated fintech partner ecosystem.

Data may be processed, shared, validated, or accessed on a need-to-know basis with:

  • Payment Aggregators

  • Sponsor Banks

  • Acquiring Banks

  • NPCI-connected systems

  • Card networks and payment networks

  • TSP/ASP providers

  • NBFCs and financing institutions

  • KYC/AML verification providers

  • Fraud-monitoring and cybersecurity systems

  • Regulatory authorities and auditors

 

Such sharing shall occur only:

  • For lawful business purposes

  • For transaction processing

  • For compliance obligations

  • For fraud prevention and security

  • For settlement and reconciliation workflows

 

All partners are expected to maintain confidentiality, security, and regulatory compliance standards.

 

Transaction Monitoring & Fraud Prevention

 

GIROPie and its partners may:

  • Monitor transactions

  • Analyze payment behavior

  • Detect suspicious activity

  • Conduct fraud screening and risk assessment

  • Temporarily restrict or review transactions where necessary

 

This may include automated or manual review mechanisms.

 

GIROPie reserves the right to cooperate with:

  • Banks

  • Payment partners

  • Regulatory authorities

  • Law-enforcement agencies for fraud investigation, cybersecurity incidents, or regulatory compliance.

 

Data Storage & Localization

 

GIROPie endeavors to ensure that regulated financial and payment-related data processed through the Platform is stored and processed within infrastructure located in India, in accordance with applicable laws, RBI requirements, and partner obligations.

Cross-border processing, where required for lawful service delivery, shall be subject to applicable safeguards and legal requirements.

Data Retention

Data is retained only for:

  • Service delivery

  • Legal and regulatory compliance

  • Audit and reconciliation requirements

  • Fraud prevention and dispute resolution

  • Partner and banking obligations

 

Certain transaction, audit, security, and compliance records may be retained for extended durations as required under:

  • RBI guidelines

  • AML obligations

  • Financial regulations

  • Contractual partner requirements

  • Applicable laws

 

Even after account closure, certain records may continue to be retained where legally required.

 

User Responsibilities

 

Users are responsible for:

  • Providing accurate information

  • Obtaining necessary consents from customers, employees, vendors, or counterparties before sharing data through the Platform

  • Maintaining confidentiality of login credentials

  • Promptly reporting unauthorized access or suspicious activity

 

Users agree to cooperate with GIROPie, banks, payment partners, regulators, and law-enforcement authorities in relation to:

  • Fraud investigations

  • Chargebacks and disputes

  • Security incidents

  • Compliance reviews

 

Data Security

 

GIROPie implements industry-standard security measures, including:

  • Encryption in transit and at rest

  • Role-based access controls

  • Authentication and authorization controls

  • Monitoring and audit mechanisms

  • Security logging and risk detection systems

  • Incident response procedures

 

GIROPie regularly reviews and updates security controls in accordance with applicable standards and operational requirements.

 

Payment Card & Sensitive Data Handling

 

GIROPie does not intentionally store full payment card information unless specifically permitted under applicable law and compliant with applicable security standards.

 

GIROPie expects all integrated users and partners to comply with:

  • PCI-DSS requirements

  • RBI guidelines

  • Applicable payment-security standards

 

Security Incidents & Breach Notification

In the event of any actual or suspected:

  • Unauthorized access

  • Cybersecurity incident

  • Data breach

  • Fraudulent activity

  • Security compromise

 

GIROPie may:

  • Investigate and mitigate the incident

  • Notify affected users

  • Inform banks, payment aggregators, regulators, or law-enforcement authorities where required

  • Temporarily suspend access or processing activities where necessary

 

Users shall promptly report any suspected security incident involving the Platform.

 

Audit, Inspection & Regulatory Disclosure

 

Certain operational, transactional, reconciliation, and compliance records may be:

  • Reviewed during audits

  • Inspected by partners or regulators

  • Disclosed during investigations or compliance reviews

 

GIROPie may cooperate with:

  • Regulatory authorities

  • Payment networks

  • Sponsor banks

  • Financial institutions

  • Cybersecurity auditors

 

where required under Applicable Laws or contractual obligations.

 

Cookies & Analytics

 

GIROPie uses cookies and analytics technologies for:

  • Essential platform functionality

  • Security and authentication

  • Performance monitoring

  • Analytics and usage optimization

  • Limited personalization

 

Users may disable cookies through browser settings, although certain functionalities may be affected.

 

Third-Party Platforms

 

Interactions with third-party platforms, partner portals, or external integrations are governed by the respective third-party policies and terms.

 

Certain payment or financing services may additionally be governed by the privacy and compliance policies of the respective regulated partner facilitating such services.

 

GIROPie is not responsible for third-party data practices outside its operational control.

 

Prohibited Activities

Users shall not:

  • Upload unlawful or fraudulent content

  • Misuse payment workflows

  • Attempt unauthorized system access

  • Circumvent security measures

  • Use the Platform for prohibited activities under Applicable Laws

 

GIROPie may suspend or restrict access in case of suspected violations.

Limitation of Liability

GIROPie acts solely as a technology orchestration platform.

GIROPie shall not be liable for:

  • Actions or omissions of banks or payment partners

  • Financing or credit decisions

  • Delays caused by external financial systems

  • Regulatory actions beyond GIROPie’s control

  • Indirect or consequential losses

 

GIROPie does not hold customer funds on its own balance sheet.

 

Governing Law & Dispute Resolution

This Policy is governed by the laws of India.

Disputes shall be resolved through arbitration in Bengaluru, Karnataka, under applicable Indian laws.

 

Grievance Redressal

Grievance Officer:
Krishna Kumar B S
Peppertree.AI Pvt. Ltd.
No. 1139, Maruthi Complex, 3rd Floor,
BEML Layout, 3rd Stage, Raja Rajeshwari Nagar,
Bengaluru – 560098, Karnataka, India

Email: legalquery@peppertree.ai

Legal Positioning

GIROPie is a technology platform facilitating invoice, payment, reconciliation, financing enablement, and operational data workflows through regulated partner ecosystems.

GIROPie does not independently operate regulated payment systems or custody customer funds.

bottom of page