Effective Date: 01 February, 2026 

This Privacy Policy describes how Ryze India Advisory Solutions Private Limited (collectively, “Ryze,” “we,” or “us”), a company incorporated under the laws of India, having its registered office at Gala no. 329, 3rd floor, Linkway Estate, Chincholi, Malad West, Mumbai, Maharashtra, India, 400 064 collects, uses, discloses, and otherwise processes your personal information. This Privacy Policy applies to information we collect when you access or use our Site and/or Services, or when you otherwise interact with us, such as through our customer support channels or on social media. This Privacy Policy applies only to our processing activities and not to any other financial institution or other third party that you interact or contract with as part of the Services.  

This Privacy Policy is subject to and shall be read in consonance with our Terms of Service (“Terms”) available at https://zynecard.in/terms-of-use published on our Site. Any capitalised terms used herein but not defined, shall have the meaning ascribed to it in the Terms. 

By accessing, downloading and/or or using the Services or the Site, you expressly consent to the processing of your personal data by Ryze as per the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, you are requested to immediately cease your access to and use our Site and/or Service. Your continued use of the Site and/or Service indicates your acceptance of the terms set out in this Privacy Policy. 

BY ACCEPTING THE TERMS OF THE PRIVACY POLICY, YOU EXPRESSLY CONSENT TO RYZE’S COLLECTION, RETENTION, ANALYSIS, USE AND DISCLOSURE AND ANY OTHER PROCESSING OF YOUR PERSONAL DATA IN ACCORDANCE THEREOF. 

1. COLLECTION OF INFORMATION  

   The information we collect about you depends on how you use the Services or otherwise interact with us. To the extent permissible under applicable laws, we may collect, retain, analyse, use, disclose and process personal data about you to provide you with, or in connection with, access and use of our Services. In this section, we describe the categories of information we collect and the sources of this information. 

   1. Information You Provide to Us: We collect information you provide directly to us. For example, we collect information directly from you when you create an account, fill out a form, sign up to receive communications from us, request customer support, or otherwise communicate with us. The types of information that we collect directly from you include:  

      1. name and contact information, such as your name, email address, postal address, and phone number;  

      2. demographic Information, such as your date of birth;  

      3. financial information, such as the names of the financial institutions where you have accounts and the types of accounts you have, balances, transactions, as may be provided to us by account aggregators, subject to your explicit consent;  

      4. payment information, we engage a third-party payment processor to collect and process information such as payment method and related information like account number; and  

      5. other information you choose to provide directly to us, such as information about you contained in your communications with us. 

   2. Information We Collect Automatically: We automatically collect information about your interactions with us or the Services, including:  

      1. Transaction Information: When you complete a transaction through the Services, such as by using one of the card products, we collect information about the transactions, such as the merchant you transacted with, the merchant’s location, transaction amount, and date of the transaction.  

      2. Device, Usage, and Activity Information: We collect information about how you access the Services, including data about the device and network you use, , your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, app version, session data, biometric and mobile data (including images obtained from your camera, microphone, photo library, contacts, biometric authentication, or device advertising IDs (IDFA/GAID)).  

      3. Audio Recordings and Chat Content: If you contact customer service through our chat feature or by phone, we may monitor and retain those conversations. We also maintain digital communication logs that track information like your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls. 

      4. Precise Geolocation Information: With your consent, we may collect information about the precise location of your device. You may stop the collection of precise location information at any time.  

      5. Information Collected by Cookies and Similar Tracking Technologies: We use tracking technologies, such as cookies, pixels, SDKs, and session replay, to collect information about your interactions with the Services and our marketing communications.  

   3. Information We Collect from Other Sources: We obtain information from other sources. For example, we may collect information from credit reporting agencies; account aggregators that you use; technology service providers; service providers that support offers and rewards programs; payment processors; and fraud detection services, data analytics providers, our affiliates or business partners, based on information that has already been shared with or made available to them. By using our Service, you grant Ryze and our bank partners, the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. 

      Further, certain online service providers or business partners that associate with our services may implement technologies that allow for the collection of personal information over time and across websites. We recommend that you review each privacy policy posted on the websites that you visit to better understand privacy practices on those websites.  

   4. Information We Derive: We may derive information or draw inferences about you based on the information we collect. We may aggregate such data and use it for our improving our services. For example, we may make inferences about your approximate location based on your IP address or infer which of the Services may be of interest to you. 

      
      

2. USE OF INFORMATION 
   
   

   1. Ryze will only collect your information for lawful purposes where the collection of your information is necessary in order to provide you with our Services. We process the information we collect to:  

      1. to validate a registered user of the Site; 

      2. provide, maintain, and improve the Services and develop new products and services;  

      3. provide and administer the rewards and offers program(s);  

      4. process payments that you authorize or initiate; 

      5. personalize your experience with us;  

      6. send you technical notices, security alerts, support messages, and other transactional or relationship messages;  

      7. to conduct credit checks; 

      8. to process grievances raised by you against Ryze and/or the Services; 

      9. to the extent necessary to ensure compliance with applicable laws; 

      10. send you marketing communications;  

      11. target advertisements to you on third-party platforms and websites;  

      12. monitor and analyse trends, usage, and activities in connection with the Services;  

      13. to enforce our Terms; 

      14. to respond to court orders, establish or exercise our legal rights, or defend ourselves against legal claims; 

      15. detect, investigate, respond to, prosecute, and help protect against security incidents and other malicious, deceptive, fraudulent, or illegal activity, and help protect the rights and property of Ryze and others; and  

      16. verify your identity and comply with our legal and financial obligations. This includes sharing information with our service providers and partners as necessary for them to fulfill their own legal compliance requirements, such as anti-money laundering (“AML”), know-your-customer (“KYC”), fraud prevention, and other regulatory reporting obligations.  

   2. We may continue to process your personal data until you withdraw your consent, or until the specified purpose has been achieved or deemed no longer served. Upon completion of the specified purpose, we may delete your data, provided, we will provide you with a prior notice of at least 48 (forty-eight) hours.  

   
   

3. CONSENT NOTICE 
   
   

   1. We will provide a notice whenever we request your consent for the processing of your personal data. This notice shall include: 

      1. an itemised description of the categories of personal data proposed to be collected and processed; 

      2. the specified purpose(s) and description of the services, or functionalities enabled by such processing; 

      3. link to our website/app and the other means available to you for: (a) withdrawing consent; (b) exercising your rights as specified under Section 10 of this Privacy Policy; and (c) making a complaint to the Data Protection Board of India (“Board”). 

   
   

4. DISCLOSURES OF INFORMATION  
   
   

   1. We may disclose personal information to third parties in the following scenarios:  

      1. Vendors and Service Providers. We disclose personal information to our vendors, service providers, contractors, and consultants who perform services for us, such as companies that assist us with web hosting, payment processing, fraud prevention, identity verification, customer service, professional advisors (e.g., legal, financial, and insurance advisors), analytics, and marketing.  

      2. Credit Bureaus. We may disclose and report information about you to credit reporting agencies in accordance with applicable laws, including to retrieve your credit report.  

      3. Account Aggregators. We disclose your information with account aggregators to link your bank accounts and enable us to gather and verify information about your financial accounts, including obtaining your authority and right to access these accounts, as well as managing and initiating transactions involving your accounts.  

      4. Financial Institutions. We disclose information about you to the financial institutions that provide you with financial products and services through us.  

      5. Board. We may share necessary information with the Board as part of reporting of security breaches, investigations, or compliance. 

      6. Law Enforcement Authorities and Individuals Involved in Legal Proceedings. We disclose personal information in response to a request for information if we believe that disclosure is in accordance with, or required by, any applicable law, regulation, or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.  

      7. To Protect the Rights of Ryze and Others. We disclose personal information if we believe that your actions are inconsistent with our Terms, Cardholder Agreement, other user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Ryze, our users, our third-party business partners, the public, or others.

      8.   Corporate Transactions. We disclose personal information in connection with, or during negotiations of certain corporate transactions, including the merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.  

      9. Corporate Affiliates. Personal information is disclosed between and among Ryze and our parents, affiliates, subsidiaries, and other companies under common control and ownership.  

      10. Successors in Interest. If we undergo a merger, acquisition, reorganization, business transfer or sale of assets, your information may be transferred to the successor entity as part of that transaction.  

      11. De-Identified and Aggregated Data. We may also share de-identified or aggregated information (such as usage trends or analytics) with third parties for research, analytics, and business purposes, provided such information cannot reasonably be used to identify you 

      12. With Your Consent and at Your Direction. We make personal information available to third parties when we have your consent, or you intentionally direct us to do so. For example, when you participate in any of the offers and rewards programs, you direct us to disclose information about you and your transactions to offers and rewards programs partners, payment card networks, and merchants.  

   2. We do not sell or rent your personal information for third parties’ independent marketing purposes. If you provide a publicly available product review or otherwise post publicly available content through the Services, the public will be able to see this information. We also disclose aggregated or de-identified information that cannot reasonably be used to identify you. 

   
   

5. ARTIFICIAL INTELLIGENCE  
   
   

   1. We may use automated systems, including AI and machine learning technologies, to help us deliver and improve our Services. These systems may:  

      1. Profile Users. Analyze user data to create financial profiles and segment users for insights, product recommendations, or service optimization.  

      2. Assess Creditworthiness. Evaluate financial information to determine levels of financial risk.  

      3. Determine Eligibility. Automatically assess eligibility for our Services and products.  

   2. These processes enable us to provide faster and more consistent decisions, enhance user experience, and tailor the Services to your needs. Human review of automated decisions is generally not available, unless required by applicable law. Where such rights apply, you may request an explanation of the logic involved in the decision-making process and, if applicable, request human intervention.  

   
   

6. PROTECTION OF INFORMATION  
   
   

   1. Ryze implements security policies and practices designed to protect the confidentiality and security of personal information associated with your account, which includes the information you provide to register for the Services and other personal information we collect about you and associated with your account. Ryze uses and employs all reasonable technical, organisational, logical and physical security practices and procedures to protect your personal information against any unauthorised access, damage, modification, disclosure, or misuse. This may include: 

      1. encryption, obfuscation, masking and tokenisation of personal data; 

      2. access control measures to protect computing resources; 

      3. logging, monitoring and review of access to detect unauthorised access; 

      4. backup systems to ensure continued processing in the event of a compromise; and 

      5. retention of logs for at least 1 (one) year. 

   2. Ryze implements measures designed to limit access to this information to personnel that have a business reason to know it and prohibits its personnel from unlawfully disclosing this information. 

   
   

7. INTERNATIONAL TRANSFERS  

   To the extent permitted under applicable law, Ryze and our service providers may process and store personal information on servers located outside India. By using the Services, you acknowledge that such transfers of information outside India may occur. In compliance with applicable laws, we don’t store any payment data.  

   
   

8. DATA RETENTION  
   
   

   1. We retain personal information for as long as necessary to fulfill the business purposes for which it was collected, including providing our Services, meeting our contractual obligations, complying with legal and regulatory requirements, resolving disputes, and enforcing our agreements.  

   2. We shall retain logs, traffic data and associated information for at least 1 (one) year, or for longer if required under applicable law. 

   3. You may request deletion of certain data sets either through the Site or by contacting our support team. We will inform you once your personal data has been deleted or anonymised. We may not delete information if we are required to retain such information under applicable laws.  

   
   

9. SECURITY BREACH 

   In the event of a personal data breach, we will: 

   1. notify the Board; and 

   2. notify you along with the details of the breach, affected personal data, and remedial actions recommended. 

   
   

10. YOUR RIGHTS 
    
    

    1. Under certain circumstances and subject to applicable laws and the Terms, you may have certain rights in respect of your personal data such as: 

       1. request to know more about and access your personal information, including a summary of the personal data processed by us and the identity of all entities to whom data has been shared;  

       2. request deletion of your personal information;  

       3. request that we stop processing your personal information;  

       4. request correction of inaccurate, outdated or incomplete personal information; 

       5. withdraw consent for processing of data; and 

       6. in the event of your death or incapacity, appoint a nominee to exercise your rights, under this Privacy Policy. 

    2. If you wish to exercise any of the rights set out above, please write an email to the grievance redressal officer, whose details are mentioned under Section 14 of this Privacy Policy.  

    3. In the event you withdraw your consent, note that you will be responsible for non-availability of the Services. Upon withdrawal, we will cease processing your personal data within a reasonable time, unless such processing is permitted under applicable law. 

    
    

11. THIRD PARTY WEBSITE 
    
    

    1. Our Site includes links to other websites whose privacy practices may differ from those of Ryze. We have no control over such third party links present on the Site, which are provided by persons or companies other than us. You acknowledge and agree that we are not responsible for any collection or disclosure of your information by any external sites, applications, companies or persons thereof. The presence of any third party links on our Site, cannot be construed as a recommendation, endorsement or solicitation for the same, or any other material on or available via such links. 

    2. If you submit personal information to any of those websites, their privacy policies govern your information. We encourage you to carefully read the privacy policies of any website you visit. 

    3. You further acknowledge and agree that we are not liable for any loss or damage which may be incurred by you as a result of the collection and/or disclosure of your information via such third party links, as a result of any reliance placed by you on the completeness, accuracy or existence of any advertising, products services, or other materials on, or available via such third party link. This will include all transactions, and information transmitted therein, between you and any such third party sites or applications or resources, such transactions are strictly bi-partite. We shall not be liable for any disputes arising from or in connection with such transactions between you and the aforementioned third parties. 

    
    

12. COOKIE POLICY AND OTHER TRACKING TECHNOLOGIES 
    
    

    1. Cookies: We, or our third-party service providers, may place cookies (or browser cookies) on your computer to collect information to compile aggregated statistics for us about visitors to our Site. We use cookies mostly to improve our Site and to deliver a better and more personalized service. We do not automatically collect personal information using cookies. We do not collect or keep any other personal information or personal financial information in cookies. You may refuse to accept browser cookies by activating the appropriate settings on your browser. However, if you select this setting, you may be unable to access certain parts of our Site. 

    2. Analytics: We may use analytics software to gather information about how you and others use our Site. For example, we will know how many users access a specific page and what links they clicked on. We use this aggregated information to understand and optimize how our Site is used. 

    3. Web Beacons: Pages of our Site and our emails may also contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email, and for other related website statistics like recording the popularity of certain website content and verifying system and server integrity. 

    4. Do Not Track Signals: At this time, Ryze does not respond to automated signals regarding tracking mechanisms, including “do not track” instructions from your browser. However, you can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. Unless you have adjusted your browser setting so that it will refuse cookies, our system may issue cookies when you direct your browser to our Site. If you disable or refuse cookies, please note that our Site may then not function properly or may be inaccessible to you. 

    5. Third Party Use of Cookies: Some content or applications, including advertisements, on the Site may be served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies, alone or in conjunction with web beacons or other tracking technologies, to collect information about you when you use our Site. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioural) advertising or other targeted content. We do not share your personal information with these parties. 

    6. We do not control these third parties’ tracking technologies or how they may be used. If you have questions about an advertisement or other targeted content, you should contact the responsible provider directly. 

    
    

13. CHANGE OF LAW 
    
    

    1. We may modify, update, or amend this Privacy Policy, if required to comply with any applicable laws, regulations, governmental orders, or regulatory guidelines. Such changes may include updates necessary to align with the Digital Personal Data Protection Act, 2023 (“DPDPA”) and directions issued by the Board. 

    2. Please note that the DPDPA has come into force, and we are in the process of incorporating its requirements into our systems, policies, and procedures. By continuing to use our services, you acknowledge and agree that: (i) we may implement process changes to comply with the DPDPA and related regulatory obligations; and (ii) you provide your consent, to the extent required, to enable us to comply with the DPDPA, including lawful processing of your personal data in accordance with the Act. 

    
    

14. MODIFICATION 

    We may change this Privacy Policy from time to time and the same are effective once published here. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. If we make material changes, we will provide you with additional notice (such as by adding a statement to the Services or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you. 

    
    

15. CONTACT US  

    If you have any grievance or complaint, questions, comments, concerns or feedback in relation to the processing of information or regarding this Privacy Policy or any other privacy or security concern related to the Site, you can send an e-mail to our grievance redressal officer: support@zyne.cards