Privacy Policy

1. Introduction

JustSwitch ("we", "us", "our") operates an API aggregation and fintech enablement platform that lets authorised partners integrate verification, payment, utility and messaging services into their products. This Privacy Policy explains how we process personal data when you visit our website, register for an account, use our dashboard, or consume our APIs.

By accessing the platform you acknowledge this policy. If you integrate our APIs into your own application, you remain responsible for providing appropriate notices and obtaining lawful consent from your end-users as required under applicable law, including the Digital Personal Data Protection Act, 2023 (India) and RBI/UIDAI guidelines where relevant.

2. Data we collect

We may collect the following categories of information:

Account & KYC data: name, email, mobile, business name, GST/PAN, address, documents submitted during onboarding.
Technical data: IP address, API keys, request logs, user-agent, device identifiers, whitelisted IPs, session tokens.
Transaction metadata: API call timestamps, endpoint names, status codes, reference IDs, wallet balances and commission records.
End-user data processed via APIs: only as submitted by you (e.g. Aadhaar, PAN, bank account, mobile number) strictly to fulfil the API request.
Support & communications: emails, tickets, call notes and audit trails.

3. How we use data

Provision, billing and support of API services and dashboard features.
Identity verification, fraud prevention, risk scoring and regulatory compliance.
Logging, monitoring, debugging and service improvement (aggregated/anonymised where possible).
Communicating service updates, security alerts and policy changes.
Enforcing our Terms, Acceptable Use Policy and partner agreements.

4. Sharing & subprocessors

We share data only as necessary to deliver the service you request: authorised upstream API providers (banks, KYC bureaus, BBPS, telcos, etc.), cloud hosting, payment gateways, and professional advisers bound by confidentiality. We do not sell personal data.

Regulated APIs (Aadhaar, BBPS, UPI, etc.) are routed through licensed partners. Data shared with them is limited to what is required for the specific API transaction.

5. Retention & security

We retain data for as long as your account is active and as required by law, audit and dispute resolution. API logs and transaction records may be kept for a minimum period defined in your agreement or applicable regulation.

We implement encryption in transit (TLS), access controls, IP whitelisting, role-based permissions, audit logs and periodic security reviews. No method of transmission over the Internet is 100% secure; you must safeguard your API credentials.

6. Your rights

Subject to applicable law, you may request access, correction, deletion or restriction of your personal data, or withdraw consent where processing is consent-based. Contact privacy@justswitch.in. We will respond within timelines prescribed by law.

If you are an end-user of a partner application, please contact that organisation first; we act as a processor for many API calls initiated by our partners.

7. Contact & grievance

Data protection queries: privacy@justswitch.in · Grievance officer: grievance@justswitch.in · General support: support@justswitch.in