Legal Document

Privacy Policy

We are committed to protecting your personal information and being transparent about how we collect, use, and safeguard your data.

Last Updated: January 1, 2026
Overview Data Collected How We Use It Data Sharing Cookies Security Your Rights Transfers Children Contact
📋

1. Overview & Scope

CLOUDYMSG SOFTWARE SOLUTIONS PVT. LTD. ("Cloudy msg", "we", "our", or "us"), registered in India (GST: 33AAMCC5428R1Z2), is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit cloudymsg.com or use our digital prepaid card services — including Gift Cards, Petrol Cards, Meal Cards, GPR Cards, and Mono Vouchers.

By accessing or using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our website and services immediately.

Applicable Law: This policy is governed by the Information Technology Act, 2000, the IT (Reasonable Security Practices) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA). We comply fully with RBI prepaid payment instrument guidelines.

🗄️

2. Data We Collect

We collect different types of information depending on how you interact with our platform:

CategoryExamplesPurpose
Identity DataFull name, date of birth, genderAccount registration & KYC
Contact DataEmail, mobile number, postal addressCommunication & support
Financial DataCard details (masked), transaction history, wallet balancePayment processing & fraud detection
Technical DataIP address, browser type, device ID, OSSecurity & analytics
Usage DataPages visited, clicks, session durationService improvement
Communication DataSupport tickets, chat transcripts, emailsCustomer service & dispute resolution
Location DataCity, state, country (approximate)Regional compliance & fraud prevention

How we collect this data:

  • Directly from you — when you register, purchase cards, or contact support
  • Automatically — via cookies and tracking technologies when you browse our site
  • Third parties — payment processors, KYC verification providers, and analytics platforms
  • Publicly available sources — government databases for verification purposes

We do not collect: We never store raw credit/debit card numbers, CVV, or banking passwords. All payment data is handled by PCI-DSS compliant payment gateways.

⚙️

3. How We Use Your Data

We use the personal information we collect for the following purposes, always ensuring a lawful basis for processing:

  1. Service Delivery: To create and manage your account, issue and activate prepaid cards, process transactions, and provide customer support.
  2. Identity Verification (KYC): To comply with RBI guidelines and the Prevention of Money Laundering Act (PMLA), 2002, we verify your identity before issuing certain card types.
  3. Payment Processing: To securely process top-ups, redemptions, and refunds through authorized payment gateways and banking partners.
  4. Fraud Prevention & Security: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and security breaches in real time.
  5. Legal Compliance: To meet our obligations under Indian law, respond to legal requests, and cooperate with regulatory authorities including RBI and law enforcement.
  6. Service Improvement: To analyze usage patterns, conduct A/B testing, and improve the user experience across our platform.
  7. Marketing & Communications: To send you relevant offers, product updates, and newsletters — only with your explicit consent and with an easy opt-out option.
  8. Dispute Resolution: To resolve complaints, chargebacks, and disputes related to card usage and transactions.

Legal Bases: We process your data based on (a) contractual necessity — to provide our services; (b) legitimate interests — for fraud prevention; (c) legal obligation — for regulatory compliance; and (d) your explicit consent — for marketing communications.

🔗

4. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the limited circumstances described below:

  • Payment & Banking Partners: Authorized payment gateways and banks process your financial transactions under their own PCI-DSS compliant privacy policies.
  • KYC & Verification Providers: Third-party KYC providers help us verify your identity as mandated by RBI regulations. These providers are bound by strict data protection agreements.
  • Technology Service Providers: Cloud hosting, customer support software, email delivery, and analytics platforms we use. Vendors are contractually obligated to protect your data.
  • Regulatory & Legal Authorities: We may disclose information to government agencies, courts, or law enforcement when legally required or to protect our legal rights.
  • Card Network Partners: Merchants and card networks where your prepaid card is accepted may receive transaction data necessary to process payments.
  • Business Transfers: In the event of a merger or acquisition, your data may be transferred to the acquiring entity, subject to continued protection under this policy.
  • Your Consent: We may share data with other third parties with your explicit, written consent for specific purposes communicated to you at that time.

No Data Sale: We never sell your personal data to advertisers, data brokers, or any third party for commercial gain without your prior informed consent.

🍪

5. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and gather analytics data:

TypeDescriptionDuration
Essential CookiesRequired for the website to function. Cannot be disabled.Session / 1 year
Preference CookiesRemember your settings like language and region.1 year
Analytics CookiesTrack page views and user behaviour (Google Analytics).2 years
Marketing CookiesUsed for retargeting ads on third-party platforms.90 days

You may control or disable cookies through your browser settings. Disabling essential cookies may affect website functionality. We also use web beacons in emails to measure open rates — you can disable this by setting your email client to not download images automatically.

🔒

6. Data Security

We implement stringent technical and organizational security measures to protect your personal information:

  • SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using 256-bit SSL/TLS encryption.
  • Data Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption.
  • Access Controls: Personal data is accessible only to authorized employees on a strict need-to-know basis. All internal access is logged and audited.
  • Two-Factor Authentication (2FA): We support and encourage 2FA for all user accounts to prevent unauthorized access.
  • Regular Security Audits: We conduct periodic vulnerability assessments, penetration testing, and third-party security audits.
  • PCI-DSS Compliance: Our payment processing infrastructure complies with the Payment Card Industry Data Security Standard.
  • Incident Response: We maintain a data breach response plan. In the event of a breach, we will notify you within 72 hours as required by applicable law.
  • Secure Data Deletion: Personal data that is no longer needed is securely deleted or anonymized per our data retention schedules.

Important: No method of transmission over the internet is 100% secure. You are responsible for keeping your login credentials and card PINs confidential. Report any suspected unauthorized access to support@cloudymsg.com immediately.

🛡️

7. Your Rights & Choices

Under the DPDPA, 2023 and applicable Indian data protection laws, you have the following rights with respect to your personal data:

  • Right to Access: You may request a copy of all personal data we hold about you at any time.
  • Right to Correction: You have the right to request correction of any inaccurate or incomplete personal information.
  • Right to Erasure: You may request deletion of your personal data, subject to legal and regulatory retention requirements.
  • Right to Withdraw Consent: Where processing is based on your consent (e.g., marketing emails), you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to Data Portability: You may request your personal data in a structured, machine-readable format to transfer to another service provider.
  • Right to Object: You may object to processing of your data for direct marketing purposes or where we rely on legitimate interests.
  • Right to Restrict Processing: You may request we restrict processing of your data in certain circumstances (e.g., while a dispute is being resolved).
  • Right to Nominate: Under DPDPA, 2023, you may nominate another person to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, email us at support@cloudymsg.com with the subject line "Data Rights Request". We will respond within 30 days. Identity verification will be required.

Opt-out of Marketing: Every marketing email we send includes an unsubscribe link. You can also email us directly or update preferences in your account settings.

🌏

8. International Data Transfers

Cloudy msg is headquartered in Chennai, Tamil Nadu, India. Your personal data is primarily stored and processed within India on secure servers located in Indian data centers.

In certain circumstances, your data may be processed outside India by our third-party service providers (e.g., cloud infrastructure providers, analytics platforms). When this occurs, we ensure that:

  • The recipient country provides an adequate level of data protection as recognized under applicable Indian law
  • We have entered into appropriate data transfer agreements with those third parties
  • The transfer is necessary for performance of a contract between you and us
  • Your explicit consent has been obtained where required under DPDPA, 2023

We do not transfer your data to countries that do not provide adequate data protection safeguards without your explicit consent.

👨‍👧

9. Children's Privacy

Our Services are not directed to individuals under the age of 18 years. We do not knowingly collect, solicit, or process personal data from minors.

If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that data from our records.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at support@cloudymsg.com.

Note: Under the DPDPA, 2023, processing of children's data requires verifiable parental consent. We are committed to full compliance with child data protection obligations.

✉️

10. Contact & Grievance Officer

For any privacy-related questions, data rights requests, or complaints, please contact our designated Grievance Officer as required under the IT (Amendment) Act and DPDPA:

👤

Grievance Officer — Cloudy msg

CLOUDYMSG SOFTWARE SOLUTIONS PVT. LTD.
1st Floor, W-115, 3rd Avenue, Anna Nagar,
Chennai – 600040, Tamil Nadu, India

📞 +91 93807 11234
✉️ support@cloudymsg.com
🕐 Response time: Within 30 days of receipt

We take all privacy complaints seriously. If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India once established, or approach the appropriate judicial forum.

Policy Updates: We may update this Privacy Policy periodically. The "Last Updated" date at the top reflects the most recent revision. Continued use of our Services after changes constitutes acceptance of the updated policy. We will notify you of material changes via email or prominent notice on our website.