Privacy Policy

Version 1.0

1. Introduction

This Privacy Policy ("Policy") sets out how Entroq Technologies Private Limited, a private limited company incorporated under the laws of India and having its registered office at 807–808, 8th Floor, IRIS Tech Tower, Sohna Road, Sector 48, Gurugram, Haryana – 122018, India (hereinafter "we", "us", "Company", or "our"), and its Platform "FlipItMoney" collects, records, stores, organizes, structures, adapts, retrieves, uses, processes, shares, transfers, discloses, retains, archives, anonymizes, erases and otherwise handles Personal Data relating to individuals who access, browse, register on, transact through, interact with, contribute content to, or otherwise use the Platform and Services made available by the Company (hereinafter "user", "you", or "your").

The Company recognizes the importance of privacy and is committed to ensuring that Personal Data is processed in a lawful, fair, transparent and secure manner. This Privacy Policy has been prepared in accordance with the:

  • Digital Personal Data Protection Act, 2023 ("DPDP Act"),
  • the Digital Personal Data Protection Rules, 2025 ("DPDP Rules"),
  • the Information Technology Act, 2000 ("IT Act"),
  • the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011,
  • the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021,

where applicable, and all other applicable laws relating to privacy, cybersecurity, information technology and data protection ("Applicable Laws").

By accessing our website (https://flipit.money/), mobile application, or any other service or platform belonging to the Company (collectively, the "Platform") or using any of our services or providing us information or data in any manner whatsoever, you consent to and agree to be bound by all the terms of this Policy.

By using or accessing our Platform and/or registering yourself at the Platform or any other web domain owned by us, you authorize us to contact you via email or phone call or SMS or WhatsApp or any other electronic medium and offer you the services you have opted for, based on your needs, impart any service-related knowledge and/or offer other promotional offers running on the Platform. You also authorize us to send messages/SMS/email alerts to you for your login details and any other service requirements or advertising messages from us.

We understand and believe that the information provided by you is correct. However, please understand that the provision of services may be discontinued to you, at our sole discretion, if any information provided by you is untrue, inaccurate, out of date, or incomplete.

This Privacy Policy applies to all users who access or use the Platform. Please read this Policy carefully to understand how we are going to collect, use, store, disseminate and deal with the information supplied by you to us in any form, and under which circumstances we share information collected from you with a third party.

2. Definitions

For the purpose of this Policy, the terms not defined herein specifically shall have the same meaning ascribed to them under relevant Applicable Laws, except the following:

  • "Affiliate" means any Person directly, or indirectly through one or more intermediaries, that Controls, is controlled by, or is under the common Control of the Company. Control, in reference to this definition, shall mean with respect to any Person the possession, directly or indirectly, of the power, through the exercise of voting rights, contractual rights or otherwise, to direct or cause the direction of the management or policies of the controlled Person.
  • "Data Fiduciary" means Entroq Technologies Private Limited.
  • "Data Principal" means the you, the user and shall include a parent or lawful guardian acting on behalf of a child or a person with disability where applicable.
  • "Data Processor" means any third party entity that processes Personal Data on behalf of the Company in accordance with its instructions.
  • "Person" includes any natural person, corporation, partnership, LLP, trust, unincorporated association, or any other entity.
  • "Personal Data" means any data about an individual who is identifiable by or in relation to such data.
  • "Personal Data Breach" means any unauthorized processing of Personal Data or accidental disclosure, acquisition, sharing, use, alteration, destruction, loss of access to, or compromise of Personal Data that affects the confidentiality, integrity or availability of such Personal Data.
  • "Platform" means the website, mobile application, software platform, portals, APIs, communication interfaces and all associated services.
  • "Processing" shall have the meaning assigned to it under the DPDP Act and includes any operation performed on Personal Data whether by automated means or otherwise.
  • "Sensitive Personal Data or Information (SPDI)" has the meaning assigned to it under the IT (SPDI) Rules, 2011, and includes passwords, financial information, health data, and biometric data.

3. Description of Services

The Platform provides financial literacy and capital market intelligence and offers the following Services to its users:

  • The Platform delivers real-time financial, business, and capital market news, research editorials, market analysis, investment tutorials, and financial calculators including Systematic Investment Plans, Mutual Fund, Fixed Deposits, etc.
  • The Platform acts as an intermediary between the user and financial institutions to facilitate the lending process. The Company does not itself extend credit and just acts as an intermediary connecting the user with the concerned financial institutions.
  • The Platform allows facilitation of the credit card applications for users.

4. Notice to Data Principals

The Company hereby notifies all users that Personal Data may be collected and processed for lawful purposes connected with the provision of Services, operation of the Platform, compliance with legal obligations, protection of legitimate business interests, maintenance of security, fraud prevention, customer support, communication, analytics and such other purposes as are described in this Privacy Policy.

The Company shall process only such Personal Data as is reasonably necessary and proportionate for the purposes identified herein and shall not process Personal Data for purposes incompatible with those disclosed to the Data Principal except as permitted under Applicable Laws. Where consent is required under Applicable Laws, the Company shall seek free, specific, informed, unconditional and unambiguous consent through a clear affirmative action.

The Data Principal shall have the right to withdraw consent at any time in the manner prescribed under this Privacy Policy.

5. Categories of Personal Data Collected

The Company may collect and process the following categories of Personal Data:

  • Identity information including name, date of birth, age, photograph, government-issued identification information including Aadhar details and Permanent Account Number details, gender and other identifying particulars.
  • Contact information including postal address, residential address, email address, mobile number, alternate contact number and communication preferences.
  • Account information including username, password, login credentials, profile information, account settings and authentication information.
  • Financial and transaction information including bank account details, payment instrument details, transaction history, billing information, invoices and payment records.
  • Technical information including IP address, browser type, operating system, device identifiers, mobile device information, internet service provider information, language preferences and usage patterns.
  • Location information including precise location information, approximate location information and geolocation data where enabled by the User.
  • Communication information including emails, messages, customer support requests, feedback, complaints, surveys and correspondence.
  • Professional or employment-related information where relevant to the Services.
  • User-generated content including comments, reviews, posts, uploads, images, audio recordings, video recordings and other content voluntarily submitted by Users.
  • Log Data including access logs, error logs, crash reports, diagnostic information, device event information, and analytics data generated during your use of the Platform.
  • Lending and Credit Card application data including identity details, KYC information, contact information, income and employment details, financial information, credit-related information, and other information required for facilitating applications with financial institutions.
  • Any other Personal Data voluntarily provided by the User or lawfully obtained by the Company.

6. Sources of Personal Data

  • Personal Data may be collected directly from users during account registration, onboarding, customer support interactions, purchases, subscription processes, surveys, communications and other interactions with the Platform.
  • The Company may also collect Personal Data automatically through cookies, web beacons, software development kits, log files, analytics tools, device identifiers and similar technologies.
  • The Company may receive Personal Data from Affiliates, business partners, payment processors, verification agencies, publicly available sources, governmental databases and other lawful third-party sources.

7. Purposes of Processing

The Company may process Personal Data for the following purposes:

  • Creating and maintaining user accounts;
  • Authenticating users and verifying identity;
  • Providing, managing and improving Services;
  • Operating financial calculators and provide results;
  • Processing payments and transactions;
  • To show you ads that are relevant to you;
  • Delivering products and Services and sales and marketing;
  • Responding to inquiries, requests and grievances;
  • Communicating operational notices and service updates;
  • Undertaking analytics and business intelligence activities;
  • Personalizing user experiences;
  • Protecting the security and integrity of the Platform;
  • Preventing fraud, abuse and unauthorized activities;
  • Complying with legal and regulatory obligations;
  • Enforcing contractual rights;
  • Investigating disputes and legal claims; and
  • Any purpose reasonably related or incidental to the foregoing purposes.

8. Consent

The Platform processes Personal Data only for lawful purposes and in accordance with the Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025 and other Applicable Laws. Where consent constitutes the legal basis for Processing, we shall obtain free, specific, informed, unconditional and unambiguous consent from the user through a clear affirmative action before collecting or Processing Personal Data. At the time of obtaining consent, we provide the user with a clear notice describing the categories of Personal Data sought to be collected, the purposes of Processing, the manner in which such Personal Data may be shared, the rights available to the User and the means through which such rights may be exercised.

By registering on the Platform, creating an account, submitting information, uploading documents, linking bank accounts, availing financial products or otherwise interacting with the Platform, the User expressly consents to the collection, use, storage, disclosure and Processing of Personal Data for the purposes set out in this Policy, including but not limited to identity verification, KYC compliance, fraud prevention, credit assessment, customer support, loan facilitation, transaction monitoring, regulatory compliance and provision of Services. You acknowledges that certain Services offered through the Platform may require the Processing of Personal Data by lending partners, regulated financial institutions, payment service providers, KYC agencies, credit information companies, verification agencies and technology service providers. By availing such Services, the User expressly authorizes us to share Personal Data with such entities to the extent necessary for the provision of the relevant Services and compliance with Applicable Laws.

We will maintain records evidencing consent and shall implement reasonable mechanisms enabling Users to review, manage and withdraw consent. Withdrawal of consent may be exercised through the Platform or by contacting the Grievance Officer. The user acknowledges that withdrawal of consent shall not affect the lawfulness of Processing undertaken prior to such withdrawal. Where the Processing of Personal Data is necessary for the provision of Services, compliance with legal obligations, fraud prevention measures, KYC requirements or contractual obligations, withdrawal of consent may result in suspension, limitation or termination of access to certain Services.

9. User Responsibilities

  • Users shall ensure that all Personal Data provided to the Company is accurate, complete, current and not misleading.
  • Users shall promptly update any Personal Data that becomes inaccurate, incomplete or outdated and shall ensure that documents submitted for KYC, verification or onboarding purposes remain valid and accurate throughout the duration.
  • Users shall not provide information relating to any third party unless they possess the lawful authority and necessary permissions to disclose such information. Where a user provides Personal Data relating to another individual, the user represents and warrants that such disclosure has been authorized and that the individual concerned has been informed regarding such disclosure where required under Applicable Laws.
  • Users shall cooperate with reasonable verification procedures implemented by the Company for security and compliance purposes.
  • Users shall maintain the confidentiality of account credentials, passwords, OTPs and authentication mechanisms and shall immediately notify us upon becoming aware of any unauthorized access, misuse, compromise or security incident relating to their account.
  • Any attempt to provide false information, impersonate another person, manipulate identity verification processes, circumvent security measures or engage in fraudulent conduct may result in suspension or termination of Services and may be reported to the appropriate authorities.

10. Children's Personal Data

The Services made available through the Platform are intended only for individuals who are legally competent to enter into binding contracts and avail financial products under Applicable Law. We do not knowingly collect, solicit, Process or permit the creation of accounts by children. Individuals below the age prescribed under Applicable Law are not permitted to register on the Platform, create accounts or avail Services. If we become aware that Personal Data relating to a Child has been collected or Processed without the requisite parental or guardian authorization or in violation of Applicable Law, we shall take reasonable steps to suspend the relevant account and delete or anonymize such Personal Data unless retention is required under Applicable Law. Where any Service offered through the Platform may involve the Processing of Personal Data relating to a Child, we will implement appropriate age-verification, identity-verification and parental consent mechanisms as may be required under Applicable Law. We do not knowingly undertake behavioural monitoring, tracking, profiling, targeted advertising or any other restricted form of Processing relating to children where prohibited under Applicable Law. Parents or lawful guardians who believe that a Child has provided Personal Data through the Platform may contact us through the contact details specified in this Policy for appropriate review and remedial action.

11. Sharing of Your Personal Information

  • We may disclose, share, transfer, provide access to, or otherwise make available Personal Data to its Affiliates, group entities, employees, directors, consultants, auditors, legal advisors, payment aggregators, payment gateways, banks, non-banking financial companies, regulated lending partners, credit information companies, account aggregators, KYC registration agencies, identity verification service providers, anti-fraud service providers, analytics providers, cloud hosting providers, customer support providers, collection agencies, technology service providers and other third parties engaged for the provision, operation, enhancement, administration and security of the Platform and Services.
  • Where information collected by us is required to be disclosed to comply with any Applicable Law, regulation, and legal process; in response to law enforcement authority or other government official request; to detect, prevent, or otherwise address fraud, cyber incidents, prosecution and punishment of offenses; for security or technical issues; to investigate a complaint or security threat and for any public interest.
  • Marketing purposes.
  • Communications via emails, messages or telecall to inform you about our Services or offers that may be of interest to you, push notifications.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of ourselves, our users, or others.

We will ensure that disclosures are limited to what is reasonably necessary for the relevant purpose and that recipients are subject to confidentiality, security and data protection obligations consistent with Applicable Law.

12. Data Processors and Vendor Management

We may engage third-party processors and service providers for hosting, cloud infrastructure, payment processing, fraud detection, customer support, analytics, communications, cybersecurity, document verification, identity authentication, collections management and other operational functions. Prior to engagement, We undertake reasonable diligence to assess whether such service providers maintain appropriate technical, organizational and security measures. All Data Processors engaged by us shall be contractually obligated to:

  • Process Personal Data solely in accordance with our instructions;
  • Maintain confidentiality and security of Personal Data;
  • Implement industry-standard safeguards against unauthorized access, disclosure, loss or misuse;
  • Return, erase or anonymize Personal Data upon completion of services, unless retention is legally required; and
  • Comply with all applicable privacy, cybersecurity and data protection requirements.

13. Cross-Border Transfers of Personal Data

The user acknowledges that certain technology infrastructure, cloud service providers, analytics providers, communication platforms and business partners utilized by us may be located outside India. Accordingly, Personal Data may be transferred to, stored in, processed in or accessed from jurisdictions outside India for the purposes set out in this Policy. We undertake such transfers only in accordance with Applicable Law and subject to any restrictions, prohibitions or conditions notified by the Government of India under the DPDP Act or any other Applicable Law.

14. Rights of Data Principals

Subject to Applicable Law, Data Principals may exercise rights including:

  • Right to access your Personal Data and the purposes and means of the Processing, the details of the Data Processor(s), and the parties to whom the data may be disclosed.
  • Right to obtain summary of processing activities.
  • Right to seek correction, completion, updating or rectification of Personal Data.
  • Right to erase/delete your Personal Data from our records.
  • Right to obtain Personal Data in an electronic format.
  • Right to seek redressal from Grievance Officer.
  • Right to object to Processing for direct marketing purposes.
  • Right to withdraw consent. Withdrawal will not affect the lawfulness of any processing carried out before you withdraw your consent.
  • Right to nominate another individual to exercise rights on your behalf and such other rights as may be provided under Applicable Law.

15. Security and Protection of your Personal Information

Protection of your information is of paramount importance to us. We adopt appropriate data collection, storage, and processing practices and reasonable security measures to protect against any unauthorized access, alteration, disclosure, or destruction of your information and data stored with us.

Such safeguards may include encryption of data in transit and at rest, access controls, role-based permissions, multi-factor authentication, security monitoring systems, vulnerability assessments, penetration testing, audit logs, disaster recovery mechanisms, business continuity planning, employee training and incident response procedures.

Notwithstanding the foregoing, no electronic transmission or storage system can be guaranteed to be completely secure and we do not warrant absolute security of Personal Data.

The information collected by us is stored on servers that are secured behind a firewall. Access to the servers is password-protected and strictly limited.

16. Retention Period

All information collected by us will be stored with us as long as it is necessary for us to fulfill our obligations in respect of the provision of the services and in accordance with the Applicable Laws, address disputes, enforce contractual rights, investigate fraud and protect legitimate business interests. Personal Data may be retained beyond account closure where retention is necessary for regulatory compliance, anti-money laundering obligations, fraud prevention requirements, tax compliance obligations, audit purposes or legal proceedings.

Upon expiry of the applicable retention period and subject to legal requirements, We will erase, anonymize or permanently delete Personal Data in accordance with its internal retention policies.

17. Third-Party Websites, Applications and Services

The Platform may contain links to third-party websites, applications, products, services, social media platforms, payment gateways, lending partner portals, account aggregator platforms, identity verification services and other external resources that are not owned, operated or controlled by us. The inclusion of any such link, integration or redirection does not constitute an endorsement, recommendation or approval by us of such third-party websites or services.

Users acknowledge and agree that once they leave the Platform or are redirected to a third-party website, application or service, the collection, processing, storage and disclosure of Personal Data shall be governed by the privacy policies, terms and practices of such third parties and not by this Policy.

Our Company does not exercise control over and shall not be responsible or liable for the privacy practices, security standards, content, accuracy, availability or data handling activities of any third party. Users are encouraged to carefully review the privacy policies and terms of use of all third-party websites and services before providing any Personal Data or engaging in any transaction. Any interaction, transaction or relationship between a User and a third party shall be solely between the User and such third party, and Flipit Money shall not be liable for any loss, damage, claim or dispute arising therefrom.

18. Limitation of Liability

To the maximum extent permitted under Applicable Law, Our Company shall not be liable for any indirect, incidental, special, consequential, exemplary or punitive damages arising out of or relating to the collection, processing, storage, use, disclosure, transmission, transfer or protection of Personal Data. Without prejudice to the foregoing, we shall not be liable for any loss, damage or injury arising from:

  • Unauthorized access to or use of Personal Data resulting from circumstances beyond the reasonable control of Company;
  • Cyberattacks, hacking attempts, malware infections, denial-of-service attacks, ransomware attacks or other malicious activities conducted by third parties;
  • Interruption, failure or unavailability of telecommunications networks, internet services, cloud infrastructure or third-party systems;
  • Inaccurate, incomplete, outdated or misleading information provided by users;
  • Acts or omissions of third-party service providers, payment processors, lending partners, credit information companies, account aggregators or other independent third parties;
  • Any disclosure of Personal Data made by the user voluntarily through public portions of the Platform; or
  • Events constituting force majeure.

19. Indemnity

The User agrees to indemnify, defend and hold harmless us, our Affiliates, group companies, directors, officers, employees, agents, consultants, successors and assigns from and against any and all losses, liabilities, damages, penalties, costs, expenses, claims, actions, proceedings and demands, including reasonable legal fees and expenses, arising out of or relating to:

  • Any breach of this Policy by the user;
  • Any violation of Applicable Law by the user;
  • Any infringement of privacy, intellectual property or other rights of any third party by the user; or
  • Any misuse of the Platform or Services by the user.

The obligations contained in this Clause shall survive termination of the User's relationship with Company.

20. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any dispute, controversy or claim arising out of or relating to this Privacy Policy, including any question regarding its existence, validity, interpretation, performance or termination, shall be subject to the exclusive jurisdiction of the courts located at Gurugram (Haryana). Nothing contained herein shall restrict the right of Company to seek interim, injunctive or equitable relief before any court, tribunal or regulatory authority having competent jurisdiction.

21. Grievance Officer

If you have any complaints, discrepancies or grievances concerning our Platform, this Policy, the manner in which your personal information is processed by us or any other complaints or concerns, you can contact our Grievance Officer at:

  • Name: Mr. Sagar Das
  • Contact Number: +91 – 9818417273
  • Email Address: sagar@delente.in
  • Organisation: Entroq Technologies Private Limited
  • Address: 807–808, 8th Floor, IRIS Tech Tower, Sohna Road, Sector 48, Gurugram, Haryana – 122018, India

We acknowledge and address grievances within one month from the date of receipt of grievance. Where the user is dissatisfied with the resolution provided, the user may avail remedies available under the Applicable Laws.

22. Amendment in the Policy

We reserve the right to amend or modify this Policy at any time, as and when the need arises. We request you to regularly check this Policy from time to time to keep yourself apprised of changes made. Your continued use of the Platform gives your unconditional acceptance to such changes in the terms of this Policy.