This Privacy Policy explains our policy regarding the collection, use, disclosure, and transfer of your information by Catagrowth Technologies Private Limited (“Company”, “we”, “us”, “our”). The Company is committed to ensuring the privacy and security of data processed through our technology platform. This Privacy Policy outlines how we collect, use, process, store, and protect data in compliance with applicable Indian laws, including but not limited to the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (as may be made applicable), the Reserve Bank of India (RBI) Guidelines, and other relevant data protection and cybersecurity regulations.
The visitor/user confirms that they are of legal age (18 years+) to form a binding contract (or that they have duly received their parent’s or guardian’s consent and permission to use the Services and that they have agreed to these Terms on the visitor’s/user’s behalf). The Company also takes privacy requirements very seriously and does not knowingly collect or solicit personally identifiable information from children under the age of 13. To the extent we learn we have unknowingly collected personal information from a child under the age of 13, we will delete such information as soon as possible.
There are two main parts to this Privacy Policy, in addition to the General Terms provided herein.
Part A: applies to our proprietary B2B platform application/portal (“Platform”), which facilitates transactions, rewards, and data analytics between banks, NBFCs, merchants, and other financial institutions (collectively referred to as “Partners”). To this extent, no individual (end-user/customer) directly accesses or interacts with our Platform. All customer-related data pertinent to the Platform is received, processed, and stored in hashed form to ensure data security and privacy after obtaining consent to do so from our Partners. Having said that, the Company is committed to protecting the privacy and personal data of the users of our services, our customers, and Partners and to that extent, this Privacy Policy also outlines our ethos on the collection, usage, storage, disclosure, and processing of personal data in compliance with applicable law. Accordingly, this Privacy Policy also applies to anyone who visits our website or uses our platforms or services. We are not data controllers of the information shared with us.
Part B: explains how we collect, use and share information of end-users/customers (“End-Users”) when they use our rewards management platform and related services integrated into third-party Partner websites/platforms (“Services”), and our role as a data fiduciary specifically and solely in regard to the End-User data.
By using our website, Platform(s) or Services, you (as a Partner or End-User or visitor to our site, as relevant) consent to the processing of your data, including any personal data, in accordance with this Privacy Policy. Further, upon visiting our website/utilizing our Services/accessing our Platform, you automatically provide your acceptance of our terms and conditions and terms of use, and your acceptance to follow this Privacy Policy.
We only collect personal data directly from you when you voluntarily provide it, such as when you use our website’s Contact form or when End-Users provide their phone number and/or email address on our widgets to access offers and rewards. Consequently, any personal data collected by us will only be to provide or improve our services, including responding to any queries that we may receive through the Contact form, and the type of data collected will depend on your interaction with us. This may include contact information (name, email address, phone number; details of the location); any financial information required to undertake transactions on our platform; user account data – i.e., username and password relating to your user profile maintained with us; technical data – IP address, device type, etc., and usage data.
We undertake to process data only for lawful and legitimate business purposes and to provide the services and fulfil our contractual obligations to you; to analyze usage patterns or troubleshot issues; to enhance the user experience of our website and platforms; for communication, including important updates and notifications or responding to your queries; for security purposes (to prevent security or integrity breaches); and for legal compliance.
We process any personal data (if collected), only for legitimate purposes. We will seek your clear and affirmative consent for the processing of your personal data for a specific purpose. You have the right to withdraw your consent at any time, by writing to us through our contact us form available on the website : www.fealtyx.com
You will have the right to obtain confirmation as to whether your personal data is being processed, and to request access to such data along with a summary of processing activities. You also have the right to: (i) request the correction of inaccurate or incomplete personal data and to request the erasure of your personal data when the purpose for which it was collected is no longer served; (ii) have your grievances addressed (details of our grievance officer are provided below); and (iii) nominate another individual to exercise your rights under law in the event of your death or incapacity.
We do not sell, trade, or disclose data to third parties, except under the following conditions:
With respect to our B2B Platform, we do not collect personal data directly from individuals. Instead, we process transactional and anonymized customer data shared by our Partners. The types of data we handle include:
Purpose of Data Processing
We process data to:
In dealing with any sensitive or personal data or information (through our Contact form or otherwise), we will adhere to the following key principles of applicable law:
All customer-related data is stored in hashed format using industry-standard encryption techniques. We comply with RBI’s data localization guidelines, ensuring all transaction data remains stored in servers located in India. Role-based access controls (RBAC) and multi-factor authentication (MFA) are enforced to prevent unauthorized access. Regular audits and security assessments are conducted to identify and mitigate vulnerabilities. Data backup policies ensure recovery in case of a security breach or system failure.
Partners are responsible for ensuring that they collect and share customer data in compliance with applicable privacy laws. Partners must obtain the necessary consent from their customers before sharing data with us. Partners can request reports, insights, or modifications related to their data, subject to authentication and verification.
Transactional and hashed customer data is retained for a period specified under RBI guidelines or applicable laws. Upon expiration of the retention period, data is securely deleted or anonymized. Partners may request data deletion, provided it does not conflict with legal obligations
In case of a data breach, we will notify the affected Partners within 48 hours of detection. Incident response teams will work to contain, assess, and mitigate risks associated with the breach. Reports will be submitted to regulatory authorities as per legal requirements.
Use of Cookies: To the extent of our B2B Platform that does not allow direct individual logins, our use of cookies and tracking technologies is limited to system functionality, security, and performance monitoring. We do not use cookies for individual user profiling, targeted advertising, or personal data collection directly.
Types of Cookies Used: We utilize the following types of cookies and tracking technologies:
Third-Party Tracking & Analytics: We may use third-party analytics services (such as Google Analytics or similar tools) to collect aggregated, non-personal insights about platform usage, ensuring compliance with Indian data protection laws. However, all customer-related data remains hashed and anonymized before being processed.
Cookie Control & Consent: Since the platform is used exclusively by registered partners (banks, NBFCs, merchants), cookie policies are part of contractual agreements with our partners. Partners may configure their browser settings to block or restrict cookies, but this may impact platform functionality.
By using our rewards management and ancillary services, End-Users agree to the collection and use of their information in accordance with this policy.
Information we collect: We collect information directly from End-Users when you use our Services, and automatically, when you interact with our website. When you use or interact with our Services, we collect the following:
How we use your information: We use the information we collect:
Opt-Out As stated in our Terms of Use, providing your phone number constitutes your express consent to receive promotional and operational text messages (SMS) from us. If you wish to stop receiving marketing text messages, you can reply STOP to any promotional message. Please note that if you opt out of marketing messages, you may still receive essential operational messages (like account alerts or verification codes) required for maintaining your account.
How we share your information We do not sell your information. We may share your information only in the following limited circumstances:
We implement reasonable administrative, technical, and physical safeguards to protect your information against unauthorized access, use, alteration, or destruction. However, no security system is impenetrable, and we cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us. We retain your personal information, including your phone number and reward history, for as long as your account is active or as needed to provide you with the Services. We will also retain information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Your rights and choices as an End-User: As an End-User, you have the following rights regarding your personal information:
We may update this Privacy Policy periodically to comply with new laws, regulatory requirements, or changes in our business practices. Any changes will be posted on this page, and the “Last Updated” date will be revised. We encourage you to review this policy periodically to stay informed about how we are protecting your data.
In the event you have any grievance relating to the processing of information provided by you, you may contact our Grievance Department, at the coordinates provided below.
Email:care@fealtyx.com
Address: Catagrowth Technologies Private Ltd Plot No 7F, Phase 1, Raj Pinnacle, 1st Floor, 6th Cross Rd, Behind Teleradiology solutions, Doddanakundi Industrial Area 2, Bengaluru, Karnataka 560048
We will respond to your request within the timeframe stipulated by law.
In case of general queries, including to exercise opt-out or other rights, please use our Contact Form available on the websitewww.fealtyx.com
Last Updated on 1st November 2025