Reference

How y90 Handles Your Personal Data

At y90, we treat your personal data with the same care we put into our account experience — collected only for clear purposes, stored securely, and never sold…

No data sold to third partiesEncrypted account storageClear opt-out optionsIndia-region data practicesDirect contact for data requests
Browse lobby Read FAQ
y90 How y90 Handles Your Personal Data
DATA CONTACT PATHS

Reach Us About Your Privacy

If you want to access, correct, or delete your personal data, or if you have any questions about how we handle it, our support team is…

Email Support Send your data access or deletion request to our privacy email.
Live Chat Our live chat agents can log a formal data request on your behalf.
In-Account Request Form Head to the privacy section inside your account settings to submit a request directly.
HOW WE PROTECT YOU

Data Handling, Cookies and Account Security

We apply layered security measures across every part of your account — from login through to withdrawals.

Cookies and Tracking

We use session cookies to keep you logged in and preference cookies to remember your language and region settings. Analytics cookies are optional; you can adjust these any time from the cookie settings link in the site footer without affecting your account access.

Account Security Measures

Every account is protected by hashed passwords and optional two-factor authentication via SMS or an authenticator app. Login attempts from unrecognised devices trigger an additional verification step before access is granted to your wallet or history.

Data Retention Period

We keep your account data for as long as your account is active and for the period required by applicable financial and regulatory rules after closure. Once the retention window closes, data is deleted from live systems and removed from backup cycles within 90 days.

Third-Party Sharing

Your data is shared only with the payment processors — UPI, Paytm, PhonePe — who need it to complete your transactions, and with identity verification providers required under applicable Indian law. No marketing data brokers receive your information.

Your Right to Access and Correct

You can request a copy of all personal data we hold about you at any time. If any detail is inaccurate — a phone number, email address, or payment reference — you can ask us to correct it and we will update our records within five business days.

Right to Deletion

If you close your account and there is no outstanding financial obligation or legal hold, you can ask us to delete your personal data. We will confirm deletion in writing and provide a reference that the process has been completed on our systems.

Common Questions About This Privacy Policy

The questions below cover the situations most people ask us about — from what happens to your UPI details after a transaction, to how long we keep your chat history with our support team. If your question is not here, contact us directly and we will respond within two business days.

We collect your name, email address, mobile number, and the payment identifiers you link — such as a UPI handle or Paytm-registered number. We also log your device type and IP address to maintain session security and detect unauthorised access attempts.

We store only the reference token returned by the payment processor, not your full UPI ID or PhonePe PIN. This token is enough to match a transaction to your account but cannot be used to initiate a new payment without your active approval.

Yes. Submit a data access request through the privacy section of your account settings or by emailing our support team. We will prepare a structured copy of your data and send it to the verified email on your account within the period required by applicable law.

We retain your data for the minimum period required under applicable Indian financial and compliance rules after account closure. Once that window ends, your data is purged from live systems and removed from backup cycles within 90 days of the retention period closing.

Access is restricted to authorised team members who need it to process transactions, handle support queries, or maintain platform security. All internal access is logged, and we conduct regular audits to ensure access rights match current roles.

Once your account is closed and there is no outstanding balance or legal hold, send a deletion request via the in-account form or by emailing support. We will confirm deletion in writing with a reference number and complete the process within the required timeframe.

Session cookies are required for login and cannot be disabled, but analytics and preference cookies are optional. Use the cookie settings link in the site footer to adjust your choices at any time; your account access and transaction history will not be affected.

Related Pages

About Us Register y90 App Inca Gold