Access tools and insights for your business
Merchant
Grow your business with our merchant solutions and tools
Partner With Us
Join our partner network and unlock exclusive benefits
Palmpay – Cybersecurity & Reasonable Security Practices
Issued by Palm Tech Technologies Private Limited
Effective Date: 06 February 2026
1. Introduction
This document outlines the cybersecurity controls, data protection safeguards, and regulatory compliance framework adopted by Palm Tech Technologies Private Limited ("Palmpay").
This policy supports compliance with the Information Technology Act, 2000; SPDI Rules, 2011; Digital Personal Data Protection Act, 2023; and CERT-In Directions dated 28 April 2022.
2. Scope
This policy applies to Palmpay mobile applications, backend servers, APIs, merchant dashboards, cloud infrastructure, and palm-vein authentication systems.
3. Security Controls
- Encryption in transit (TLS)
- Encryption at rest for sensitive data
- Role-based access control (RBAC)
- Strong authentication mechanisms
- Continuous monitoring and anomaly detection
- Log retention for a minimum of 180 days (CERT-In compliant)
4. Biometric Data Protection
Only derived biometric templates are processed. These templates are encrypted and securely segregated.
Raw palm images are not stored except where legally required or with explicit written consent. Biometric data is used solely for authentication and not for profiling or commercial use.
5. Incident Response
Palmpay maintains a structured incident response framework. Reportable incidents shall be reported to CERT-In within legally prescribed timelines (currently 6 hours from awareness).
6. Anti-Money Laundering & Regulatory Cooperation
Use of the platform for money laundering, fraud, identity theft, or unlawful activity is strictly prohibited.
The Company cooperates with banking partners, regulators, and law enforcement authorities as required under applicable laws.
7. Prohibited Use & User Responsibility
Users are fully responsible for unlawful or fraudulent activity conducted through their accounts.
Palm Tech Technologies Private Limited shall not be liable for losses arising from illegal misuse of the platform. The platform does not encourage or condone illegal activity.
8. Safe Harbour Positioning
Palmpay operates as a technology interface provider. To the extent permitted by law, the Company claims intermediary safe harbour protections subject to compliance with due diligence requirements.
9. Grievance Contact
Email: admin@Palmpay.co.in
This cybersecurity policy is intended to demonstrate reasonable security practices and compliance readiness under applicable Indian laws.