We use cookies for analytics. By clicking Accept, you agree to this use.

Disclaimer

UPSY Technologies is a Lending Service Provider (LSP) and technology platform. We do not provide loans. All loans are originated, underwritten, and disbursed by RBI-regulated NBFC/Entities.

Website Policies

(Upsy Technologies Pvt. Ltd.)

These policies govern your use of our website and services. They are provided as separate documents for clarity. By accessing or using our site, you acknowledge and agree to be bound by these Terms of Use and our Privacy and Data Protection Policy. If you do not agree with any of these policies, please discontinue use of the site immediately. All sections below comply with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000.

1. Terms of Use / Terms and Conditions

1.1 Acceptance and Updates

These Terms of Use constitute a binding agreement. By using our website or services, you agree to follow these. We may modify these Terms at any time by posting updates on the site; continued use after changes signifies acceptance. It is your responsibility to review the Terms periodically.

1.2 License and Access

Subject to these Terms, we grant you a limited, non-exclusive, non-transferable right to access and use this site for personal, commercial purposes. You may view and download content only for lawful and authorised use. All intellectual property on the site – including text, graphics, logos, images, audio/video clips, software and designs – is owned by us or our licensors. You agree not to reproduce, modify, distribute, sell or exploit any content without our written permission.

1.3 User Conduct

You must use the site in a lawful, respectful manner. You agree not to post or transmit any unlawful, infringing, defamatory, obscene, or harmful content. You must comply with all applicable Local, State or Central laws (for example, rules against hate speech, harassment or copyright infringement). Prohibited activities include hacking, introducing viruses or malware, sending spam, or interfering with the site's operation. Any violation of these rules may result in immediate termination of your access and possible legal action.

1.4 Disclaimer of Warranties

This site and its content are provided "as is" and "as available" for general information. We do not guarantee that the site will be error-free, uninterrupted, or secure. We disclaim all warranties, express or implied, to the maximum extent permitted by law. We do not warrant the accuracy or completeness of any information and are not responsible if content from this site causes any harm or damages to you.

1.5 Limitation of Liability

To the fullest extent permitted by law, we (and our affiliates) are not liable for any indirect, incidental, special or consequential damages arising from your use of the site. In particular, we are not responsible for any loss of data, profits, or business damages caused indirectly, incidentally or in any consequential way by the use of our website. As a Terms of Use example states, “we disclaim all liability for any damages arising out of your use of the website”. Our total liability for direct damages is limited to the amount you paid, if any, to access our services.

1.6 Third-Party Links

This site may contain links to third-party websites or resources. These links are provided for convenience only. We do not control or endorse any content on external sites and are not responsible for their accuracy, legality or safety. Any dealings you have with third-party sites (including downloads or purchases) are solely between you and that third party.

1.7 Data Fiduciary Roles by Category of the Applicant:

(a) For Category A (Institution-Referred Applicants):

  1. Institution acts as Data Fiduciary for initial data collection and consent capture
  2. Institution's Obligations:
    • a. Obtain valid DPDP-compliant consent from students before uploading data to Platform
    • b. Ensure accuracy of data provided
    • c. Maintain consent records as specified in DPA Clause 10
    • d. Inform students that data will be transmitted to Regulated Entities via UPSY's Platform
  3. UPSY acts as Data Processor processing data on Institution's documented instructions
  4. Governed by: This Agreement, including DPA Annexure A

(b) For Category B (Direct/Self-Registered Applicants):

  1. UPSY acts as Data Fiduciary for data collection, processing, and transmission to Regulated Entities
  2. UPSY's Obligations:
    • a. Obtain valid DPDP-compliant consent directly from students through Platform interface
    • b. Provide clear privacy notices per UPSY's Website Privacy Policy
    • c. Maintain consent records and logs
    • d. Process data in accordance with DPDP Act and RBI Guidelines
  3. Institution has no data fiduciary role for these applicants
  4. Governed by: UPSY's Website Policies (Terms of Use, Privacy & Data Protection Policy)

1.7.1 Students may enroll either individually or through their institution. However, there will be no separate institution login or ID. All students, whether coming individually or through an institution, will enroll only through the UPSY platform and will be governed by the UPSY platform Policies.

1.8 Governing Law

These Terms are governed by the laws of India. Any disputes arising under or in connection with these Terms will be subject to the exclusive jurisdiction of Indian courts or arbitration, as applicable. (Where applicable, you remain entitled to consumer protection rights under the Consumer Protection Act, 2019, which are not waived by these Terms.)

Confidentiality Policy

1. Purpose

This Confidentiality Policy ("Policy") sets out the principles and rules for safeguarding confidential, proprietary, and sensitive information belonging to Upsy Technologies Pvt. Ltd. (hereinafter referred to as "Upsy"), its employees, clients, partners (including Regulated Entity (RE) Partners), and users. The objective is to ensure compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), Information Technology Act, 2000 (IT Act), RBI Digital Lending Guidelines, and industry best practices for information security and confidentiality.

1.2 Scope

This Policy applies to:

  • 1.2.1 All employees, consultants, contractors, vendors, and service providers engaged by Upsy.
  • 1.2.2 All dealings with Regulated Entity (RE) partners, regulatory authorities, and users of our platform.
  • 1.2.3 All information (digital, physical, verbal, or otherwise) disclosed to or generated by Upsy.

1.3 Definition of Confidential Information

"Confidential Information" includes but is not limited to:

  • 1.3.1 Business Information: Contracts, agreements, financial data, strategies, pricing, technical processes, algorithms, product roadmaps, proprietary software, trade secrets.
  • 1.3.2 User Information: Personal data, financial details, KYC documents, loan application details, credit assessment data, repayment history, etc. (as defined under DPDP Act and IT Act).
  • 1.3.3 Partner Information: Operational procedures, internal policies, fee arrangements, and non-public lender data.
  • 1.3.4 Regulatory & Legal Information: RBI compliance reports, audit findings, dispute resolution records.
  • 1.3.5 Any information marked confidential and is deemed as non-public information under the RTI Act or which, by its nature, ought reasonably to be treated as confidential.

1.4 Obligations of Confidentiality

All employees, contractors, vendors, and partners must:

  • 1.4.1 Use Limitation: Use confidential information strictly for authorised business purposes only.
  • 1.4.2 Non-Disclosure: Not disclose confidential information to any unauthorised third party, unless:
    • 4.2.1 Required by law/regulatory authority, or
    • 4.2.2 Expressly permitted in writing by Upsy.
  • 1.4.3 Data Protection: Implement appropriate security measures (encryption, passwords, restricted access) when handling confidential information.
  • 1.4.4 Return/Destruction: Upon termination of employment, contract, or engagement, return or securely destroy all confidential information (digital and physical).
  • 1.4.5 Third-Party Sharing: Ensure that any third-party vendor or service provider handling confidential information signs a confidentiality undertaking and complies with this Policy.

1.5 Data Handling Standards

  • 1.5.1 Storage: Confidential information must be stored on secure servers located within India, per RBI and DPDP mandates. Primary data storage is in India. Transient processing through global email/communication networks may involve temporary cross-border transfer in encrypted form, as permitted under IT Act for necessary business operations.
  • 1.5.2 Access Controls: Access to confidential information is role-based and granted only on a need-to-know basis.
  • 1.5.3 Transmission: Sensitive data must only be shared via encrypted channels (e.g., SSL/TLS, VPN, encrypted emails).
  • 1.5.4 Physical Records: Hard copies (if any) of confidential documents must be stored in locked cabinets with limited access.
  • 1.5.5 Remote Work: Employees working remotely must use company-approved secure devices and networks.

1.6 Exclusions

Information shall not be considered confidential if it:

  • 1.6.1 Is or becomes public knowledge (other than through unauthorised disclosure).
  • 1.6.2 Is lawfully obtained by Upsy from a third party without restriction.
  • 1.6.3 Is independently developed by Upsy without reference to confidential information.

1.7 Duration of Confidentiality

  • 1.7.1 Obligations under this Policy continue during employment/engagement and for a minimum of three (3) years after termination, unless extended by contract or law.
  • 1.7.2 User data is retained only for the duration necessary under RBI and DPDP rules, after which it is securely deleted/anonymised.

1.8 Breach & Consequences

  • 1.8.1 Employees/Contractors: Violation of this Policy may result in disciplinary action, including termination of employment/contract and legal action.
  • 1.8.2 Vendors/Partners: Any breach will result in immediate termination of engagement, indemnification claims, and possible legal proceedings.
  • 1.8.3 Legal Liability: Breaches may also attract penalties under the DPDP Act, IT Act, and RBI Digital Lending Guidelines.

1.9 Governing Law & Dispute Resolution

These policies and all user agreements are governed by the laws of India. Any dispute or claim arising out of or relating to our services or these policies will be resolved by arbitration under the Arbitration and Conciliation Act 1996. The arbitration shall be conducted in English, and the seat (venue) of the arbitration shall be Pune, Maharashtra, India (where our company is headquartered). The award rendered by the arbitrator will be final and binding on the parties. All courts in Pune shall have exclusive jurisdiction to enforce any arbitration award or interim measures.

Last Updated: October 27, 2025

© 2025 Upsy Technologies Pvt. Ltd. All rights reserved.