ValueExchange is committed to protecting personal data and ensuring transparency. This policy applies to https://valueexchange.in and is designed in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and globally accepted data protection practices.
Personal Data
Any data about an individual who is identifiable by or in relation to such data
Processing
Collection, storage, use, sharing, or deletion of data
Data Principal
The individual to whom the personal data relates
Data Fiduciary
ValueExchange, determining the purpose and means of processing
2
Scope of Data We Collect
Identity & Contact Data
Name, email address, phone number, organization name, designation
Financial & Business Data
Revenue, invoices, payments and transaction metadata; bank, payment and accounting integrations via APIs; financial workflows and operational data processed through the platform
Technical & Usage Data
IP address, device identifiers, browser type, operating system, access logs, session behavior
Consent-Based Data
Additional categories processed strictly based on explicit user consent
3
Lawful Basis for Processing
Consent
For onboarding, integrations, and communications
Legitimate Use
Platform functionality, fraud prevention, security
Legal Obligation
Compliance with regulatory and tax requirements
Contractual Necessity
Delivering agreed services
Delivering and improving financial operations infrastructure
Enabling integrations with third-party financial systems
Providing analytics, reconciliation, and reporting
Communicating product updates and support
Preventing fraud, abuse, and unauthorized access
Meeting legal and regulatory requirements
We do not process personal data for purposes incompatible with those listed above.
We collect only data that is necessary for specified purposes. Where possible, we use:
Aggregation
Pseudonymization
Minimization techniques
6
Data Sharing & Disclosure
We do not sell personal data.
Data Processors
Cloud infrastructure, payment processors, analytics and monitoring tools — all bound by contractual data protection obligations
Integration Partners
Where you explicitly connect third-party services (e.g., banking APIs, accounting tools), data is shared strictly to enable those integrations
Legal & Regulatory Authorities
Where required by applicable law, court order, or government request
Corporate Transactions
In case of merger, acquisition, restructuring, or asset sale, subject to confidentiality obligations
7
Cross-Border Data Transfers
Your data may be transferred outside India to jurisdictions permitted under applicable law. We ensure adequate safeguards, contractual protections, and compliance with government-notified restrictions for all cross-border transfers.
We retain data only for as long as necessary to fulfil contractual obligations, comply with legal or regulatory requirements, and for legitimate business purposes such as audits and dispute resolution. Upon expiry, data is deleted or anonymized.
✓Encryption in transit (TLS 1.2+)
✓Encryption at rest
✓Role-based access control
✓Secure key management
✓Continuous monitoring
✓Periodic security audits
Despite best efforts, no system can guarantee absolute security.
10
Your Rights (Data Principal Rights)
📂Access
View your personal data we hold
✏️Correct
Fix inaccurate or incomplete data
🗑️Erase
Request deletion of your data
↩️Withdraw
Withdraw consent at any time
📣Grievance
Seek redressal for concerns
Submit a request
Email us at support@valueexchange.in
In compliance with the DPDP Act, we have appointed a Grievance Officer. We aim to respond within timelines prescribed under applicable law.
We use cookies and similar technologies to maintain sessions, understand usage patterns, and improve product performance. You may manage cookie preferences through your browser settings.
Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.
14
Significant Data Fiduciary
If designated as a Significant Data Fiduciary under applicable law, we will comply with additional obligations including:
Data Protection Impact Assessments (DPIA)
Independent audits
Appointment of a Data Protection Officer (DPO)
We may update this Privacy Policy periodically. Material changes will be notified via the Platform or email.