Skip to content Skip to footer
Need Help ?
Onboarding
Onboarding
Need Help ?
Onboarding
Get Started
Get Started
Get Started
Close

Compliance and Regulatory Policy
Effective Date: 01 July 2025

We are committed to operating with the highest standards of regulatory compliance, ethical conduct, and transparency. This Compliance and Regulatory Policy outlines the legal frameworks, data protection standards, and internal practices we adhere to for ensuring our operations remain secure, lawful, and trustworthy.

By using our platform, APIs, and services, you acknowledge and agree to the compliance measures described herein.

1. Purpose

This policy is designed to:

  • Define the legal and regulatory standards applicable to our business

  • Establish a transparent compliance framework for internal and client-facing operations

  • Mitigate risks related to financial crime, fraud, and regulatory violations

  • Ensure ethical business conduct, secure data handling, and ongoing regulatory alignment

2. Regulatory Frameworks

a. Indian Regulatory Compliance

We operate in full accordance with:

  • Information Technology Act, 2000: Governing cybersecurity, digital communication, and data privacy

  • Reserve Bank of India (RBI) Guidelines: Complying with IT governance, outsourcing norms, and FinTech payment frameworks

  • Prevention of Money Laundering Act (PMLA): For financial integrity and transaction monitoring

  • GST Act, 2017: Ensuring timely and accurate tax invoicing, collection, and filing

  • Companies Act, 2013: Adhering to statutory company reporting and governance obligations

b. International Compliance (Where Applicable)

We adopt globally recognized standards including:

  • ISO/IEC 27001: For establishing and maintaining an information security management system

  • GDPR (General Data Protection Regulation): For data protection and user rights in the European Economic Area (if international operations apply)

  • PCI-DSS (if applicable): For handling sensitive cardholder data during online payments

3. Anti-Money Laundering (AML) & Know Your Customer (KYC)

AML Measures

  • Continuous monitoring of transactions to detect suspicious behavior

  • Automated systems to flag and escalate red-flag indicators

  • Reporting of STRs (Suspicious Transaction Reports) to appropriate authorities

KYC Compliance

  • Mandatory identity verification of all clients prior to onboarding

  • Collection and validation of PAN, Aadhaar, company incorporation documents, bank verification, etc.

  • Periodic re-KYC checks in accordance with RBI’s directions

Failure to comply with KYC or AML obligations will result in service restrictions or termination.

4. Data Privacy and Security Practices

Data Handling

  • All personal and transactional data is processed with strict confidentiality

  • Encryption protocols (TLS 1.2+, AES 256-bit) are applied for secure storage and transmission

  • Role-based access control (RBAC) is enforced to limit internal data access

Data Retention Policy

  • Data is retained only as long as legally required or operationally necessary

  • Post-retention, data is securely deleted or anonymized using certified processes

5. Internal Compliance Mechanisms

Policies and Employee Training

  • Employees undergo annual training on information security, regulatory updates, and ethical standards

  • Awareness programs are held to reinforce zero tolerance for fraud, discrimination, or corruption

Monitoring and Audits

  • Internal and third-party audits are conducted quarterly to review controls and identify gaps

  • Non-compliance triggers root-cause analysis, correction, and preventive action plans (CAPAs)

6. Third-Party and Vendor Compliance

  • Vendors, partners, and affiliates must comply with our information security, privacy, and AML policies

  • All engagements are governed by service agreements including data protection, confidentiality, and audit rights clauses

  • High-risk vendors undergo additional due diligence and security assessments

7. Reporting Mechanisms and Ethical Oversight

Incident Reporting

  • Any breach of policy or regulatory requirement must be reported immediately to the Compliance Officer

  • A formal response plan is activated including risk containment, incident investigation, and authority reporting (if required)

Whistleblower Protection

  • Employees and stakeholders can confidentially report unethical behavior or regulatory breaches

  • Retaliation against whistleblowers is strictly prohibited

  • Verified reports are escalated to senior management for prompt action

8. Enforcement and Penalties

  • Any individual or entity found violating this policy will face disciplinary actions, ranging from warnings to termination of contract

  • In cases of legal violation, matters may be reported to law enforcement or regulators as necessary

  • Compliance is a continuous obligation; non-adherence will not be excused on grounds of unawareness

9. Policy Review and Updates

This Compliance and Regulatory Policy is reviewed annually, or upon:

  • Regulatory updates from RBI, MCA, or other relevant authorities

  • Changes in the nature of services or data handling mechanisms

  • Discovery of compliance gaps or internal audit findings

Policy changes will be posted on our website and communicated to relevant stakeholders.

10. Contact Us

For compliance-related inquiries, reporting, or documentation requests, please reach out to:

Level 5, ITPL Main Rd, Devasandra Industrial, Bengaluru, Karnataka 560048
Email: cbdo@dotpe.co
Phone: +447563009191