Privacy Policy

Information we collect

From you: your name, contact details, employer, and anything else you send us through forms or support requests. If you sign up for a regulated product, you or our partner banks will also collect identification and KYC information such as government ID, date of birth, taxpayer ID (SSN, ITIN, PAN, or last four of Aadhaar), beneficiary banking details, and the RBI purpose code for your transfer.

From your device: IP address, browser and device data, the pages you view, and approximate location, collected through cookies and similar tools.

From others: information from analytics and advertising platforms, business data providers, our partner banks, and the identity verification, sanctions screening, and fraud prevention vendors we use.

We do not knowingly collect personal information from children under 13 in the United States or under 18 in India.

How we use it

We use personal information to run and improve the Site, respond to inquiries, market our products, verify identity, prevent fraud and sanctions exposure, and meet our legal and regulatory obligations in the United States and India. We do not sell personal information, and we do not share it for cross-context behavioral advertising.

How we share it

We share personal information with:

• service providers that help us run the Site, communicate with you, verify identity, monitor for fraud, and similar functions, under written contracts;
• our U.S. partner bank, our Indian RDA partner bank, and the card networks and payment system operators they work with, where the information is needed to operate or supervise the regulated services;
• our auditors, lawyers, accountants, and similar advisors;
• regulators, law enforcement, and courts when required by law or legal process; and
• an acquirer or successor in connection with a financing, merger, or sale.

U.S. customers

If you are a customer of a regulated product offered through our U.S. partner bank, your nonpublic personal information is governed by that bank’s GLBA privacy notice, which you receive at account opening. We act as the bank’s service provider and are bound by GLBA confidentiality and information security standards. We do not share your information with unaffiliated third parties for their own marketing.

If you live in California or another state with a comprehensive privacy law, you have rights to access, delete, correct, and obtain a copy of your personal information, and to limit the use of sensitive personal information. Information we hold under GLBA is generally exempt from these state laws. To exercise your rights, email privacy@banyan.fi. You may use an authorized agent, and you may appeal a denial.

India customers

This section serves as the notice required of a Data Fiduciary under India’s Digital Personal Data Protection Act, 2023 (“DPDPA”). Banyan is the Data Fiduciary for personal data we collect through the Site; for the regulated India leg of a remittance, the Indian RDA partner bank acts as a separate Data Fiduciary.

We process the categories of personal data listed above for the purposes described above. We rely on your consent for marketing and on legitimate uses recognized by the DPDPA, such as compliance with law and the performance of services you ask us to provide. Aadhaar information, where collected, is limited to the last four digits and is tokenized.

Payment system data is stored in India in line with the Reserve Bank of India’s Storage of Payment System Data circular. We may transfer a copy of payment data abroad only as that circular permits.

You may access, correct, or erase your personal data, withdraw consent, and nominate someone to exercise your rights on your behalf. To raise a grievance, email privacy@banyan.fi. We will acknowledge within 24 hours and aim to resolve within 15 days. You may then escalate to the Data Protection Board of India once it is operational.

International transfers

Because we run a U.S. and India service, your personal information may be processed in either country and accessed by our personnel, our partner banks, and our service providers there. We handle transfers under appropriate contractual safeguards.

Cookies and analytics

We use necessary cookies to run the Site and analytics cookies to understand how visitors use it. You can control cookies through your browser. We do not use cookies for cross-context behavioral advertising. We honor Global Privacy Control signals where state law requires.

Communications

If you give us your phone number, we may send transactional and service messages about your account or transactions. With your opt-in, we may also send marketing texts; reply STOP to opt out. You can unsubscribe from marketing email at the link in any marketing message. Service and security messages will continue.

Identity verification

To meet our identification, sanctions, and fraud obligations, we and our partner banks use vendors and automated tools to check identity documents, biometrics (such as a selfie compared to your government ID), device signals, and transaction patterns. You can ask for human review of an automated decision that has a significant effect on you.

How long we keep information

We keep personal information for as long as we need it for the purposes described above and to meet our recordkeeping obligations under U.S. anti-money laundering, sanctions, tax, and Indian RDA, FEMA, and tax laws. Where an onboarding agreement sets a longer period, that period applies.

Security

We use administrative, technical, and physical safeguards designed to protect personal information. No system is perfectly secure, and we cannot guarantee absolute security.

Changes

We may update this Policy. The “Last Updated” date above shows the most recent revision.

Contact us

Banyan Tech LLC
1150 Chrysler Dr, Menlo Park, California 94025, United States

For all U.S. and India privacy questions, including DPDPA grievances and requests under U.S. state privacy laws, write to privacy@banyan.fi.