Privacy Policy

CoFee Fintech Private Limited ( "we", "us", or "our") is committed to protecting the privacy and personal data of users who interact with the CoFee application ("CoFee"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the CoFee mobile application, website, or related services.
By using CoFee, you agree to the terms outlined in this Privacy Policy. If you do not agree with these terms, we kindly recommend refraining from using our services.

This Privacy Policy applies to personal data processed through the CoFee platform, including its mobile and web interfaces. CoFee is a platform that enables Customers to streamline the collection, tracking and management of fees for their institution.

Depending on the service model, we may collect personal data:

1. As part of onboarding KYC process
2. As part of services provided to Customers using CoFee for fee collection

We implement appropriate organizational and technical measures to protect all collected data.

The personal information we collect depends on your interaction with CoFee.

Mandatory Data

1. Full Name
2. Contact Number (mobile)
3. Address
4. EmailID
5. Bank Account Number & IFSC
6. PAN (Permanent Account Number)
7. GSTIN (if applicable)
8. KYC and KYB Documents (including but not limited to documents such as AADHAAR, PAN, Business Licence, GST certificate required for KYC (Know Your Customer) and KYB (Know Your Business))

Optional Data

1. Institution Website, if any
2. Additional self declarations as applicable for KYB

We use personal data only for legitimate business purposes, including:

1. Verifying identity and compliance (e.g., KYC, KYB, PAN and Bank Account validation)
2. Setting up payment configuration
3. Responding to support requests and service inquiries
4. Delivering personalized experiences, analytics and communications
5. Complying with financial and legal regulations
6. Improving platform security and performance

We do not use your data for advertising or marketing purposes, without your consent.

We do not sell your personal information. We may share your personal data only to the extent necessary to provide you the service and in accordance with applicable law in the following circumstances:

1. Service Providers
   We may share personal data with third-party service providers who support our operations (such as hosting providers, cloud service providers, and payment gateways), strictly on a need-to-know basis and subject to contractual confidentiality and data protection obligations.
2. Business Entity
   Where your use of CoFee is facilitated, sponsored, or managed by a business entity (such as an educational institution or enterprise), your personal data may be shared with or made accessible to such entity in accordance with the applicable contractual arrangements, user permissions, and the agreed scope of us
3. Legal Compliance
   We may disclose personal data where required to comply with applicable laws, regulations, court orders, governmental or regulatory requests, or where such disclosure is necessary to enforce our rights, investigate or prevent fraud or security issues, or protect the rights, property, or safety of CoFee, our users, or others.

We implement industry-standard technical and organizational measures to safeguard personal data, including:

1. Encryption of data in transit (TLS) and at rest (AES)
2. Role-based access controls (RBAC) and secure login mechanisms
3. Multi-factor authentication for privileged users
4. Application-layer firewalls and DDoS protection
5. Periodic vulnerability scans and patch management
6. Secure software development lifecycle (SSDLC) practices
7. Data masking and tokenization for sensitive fields
8. Regular security training for employees
9. Incident response and escalation procedures
10. Separation of production, development, and test environments
11. Audit logging and security monitoring

We retain personal information only as long as necessary:

1. For the purposes for which it was collected
2. To comply with legal, regulatory, or contractual obligations

Personal data is securely deleted or anonymized when retention is no longer required.

Depending on applicable laws, you may have the following rights:

1. Right to Access: Obtain confirmation and a copy of your personal data
2. Right to Rectification: Correct inaccurate or incomplete data
3. Right to Erasure: Request deletion of your personal data, subject to applicable laws, statutory or regulatory retention requirements, court orders, and lawful directions of competent authorities, and to the extent such data is required for compliance, dispute resolution, or enforcement of legal rights.
4. Right to Restrict Processing: Limit how your data is used
5. Right to Object: Object to data use based on legitimate interest

To exercise these rights, please fill out and submit the Data Subject Access Request (DSAR) form available on our website. If you have further queries or require assistance, you can contact us at: privacy@cofee.life.
If your data was submitted to CoFee by any Business entity, please reach out to that entity directly.

The CoFee website and app may use cookies or similar tools to:

1. Recognize returning users
2. Track usage trends for optimization

We do not use cookies for advertising purposes. You can control cookie preferences through your browser or device settings.

We may transfer personal data across borders, including to countries where data protection laws may differ from those in your jurisdiction. To ensure an adequate level of protection, we implement appropriate safeguards such as:

1. Standard Contractual Clauses (SCCs) or similar legal mechanisms.
2. Vendor contracts and periodic assessments to validate compliance with privacy standards.

We rely on the appropriate legal basis to support such transfers and take reasonable steps to ensure continued protection of your data.

CoFee is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that personal data of a child has been collected without verifiable parental or guardian consent, we will take appropriate steps to delete such information, subject to applicable laws, statutory retention requirements, and lawful directions of competent authorities.
Where personal data of a child has been provided by misrepresenting that such individual is above the age of 16, and CoFee has implemented reasonable measures to prevent such access and is unable to identify such misrepresentation at the time of collection, CoFee shall not be responsible or liable for such collection, processing, or use of the data prior to such discovery.

For questions, concerns, or privacy-related requests:

CoFee Fintech Pvt. Ltd.
Door No. XXIV/527, Meda Commercial Hub, Near T.V Station, Seaport-Airport Road, CSEZ P.O, Kakkanad, Ernakulam, Kerala, India, 682037
Email: privacy@cofee.life

If you wish to report a data breach or exercise your data protection rights, please contact our Data Protection Officer (DPO) using the same email address.