Privacy Policy

PRIVACY POLICY FOR DIAMETOR

Effective Date: April 15, 2026 Data Fiduciary: Diametor (A unit of Vendbout Pvt Ltd)

1. INTRODUCTION

Diametor ("we," "us," or "the Company") is committed to protecting the privacy of our users ("Data Principals"). This policy explains how we collect, process, and safeguard your digital personal data when you use our settlement cycle inside the diametor app.

2. DATA WE COLLECT

To facilitate the "Flow Through Me" settlement process, we collect:

  • Identity Data: Full name, phone number, and email address (verified via OTP).
  • Financial Flow Data: Details of debts and credits you manually enter, including counterparty identifiers (names/phone numbers) and transaction amounts.
  • Verification Data: Profile Photo, Govt ID - Photo for KYC verification.
  • Technical Data: IP address, Device type - for best delivery of the app
3. PURPOSE OF PROCESSING

We process your data strictly for the following Lawful Purposes:

  1. Cycle Matching: To allow our AI to identify circular debt loops between you and other users.
  2. The Handshake: To notify your counterparties of a pending debt/credit entry for their verification.
  3. Settlement Execution: To calculate and execute the simultaneous clearing of obligations.
  4. Originator Rewards: To calculate and disburse the 5% reward for onboarding new cycles.
  5. Legal Compliance: To fulfill KYC (Know Your Customer) and AML (Anti-Money Laundering) obligations under the PMLA, 2002.
4. CONSENT AND WITHDRAWAL
  • Specific Consent: By clicking "I Agree" and initiating a "Handshake," you provide free, informed, and unambiguous consent for us to share your identity with your specific counterparties for settlement purposes.
  • Right to Withdraw: You may withdraw your consent at any time via the App Settings. However, withdrawal will not affect the legality of settlements already "Locked" or completed.
5. DATA SHARING AND THIRD PARTIES

We do not sell your data. We share your data only with:

  • Counterparties: Only the specific individuals you have named in a debt/credit entry, to facilitate the "Handshake."
  • Service Processors: Secure cloud infrastructure (Render/Vercel) and database providers (MongoDB) that adhere to Indian data residency requirements.
  • Regulators: Government authorities only when mandated by Indian law (e.g., RBI or FIU-IND).
6. DATA RETENTION AND ERASURE
  • Retention: We retain your transaction data for as long as your account is active or as required by Indian financial record-keeping laws (typically 7 years).
  • Right to Erasure: You have the right to request the deletion of your personal data. We will fulfill this request within 30 days, provided there are no active, uncompleted settlement cycles linked to your account.
7. SECURITY MEASURES

We employ "Privacy by Design." Your data is protected using:

  • AES-256 Encryption for data at rest.
  • TLS 1.3 for data in transit.
  • Anonymized Mapping: Our AI processes "debt nodes" using unique identifiers rather than raw personal names whenever possible to find cycles.
8. YOUR RIGHTS AS A DATA PRINCIPAL

Under the DPDP Act 2023, you have the right to:

  1. Access: Request a summary of the personal data we hold about you.
  2. Correction: Update inaccurate or incomplete financial entries.
  3. Grievance Redressal: Contact our Grievance Officer regarding any privacy concerns.
  4. Nomination: Appoint an individual to exercise your rights in the event of your incapacity.
9. GRIEVANCE REDRESSAL

In accordance with the DPDP Act, if you have any questions or complaints, please contact our Data Protection Officer (DPO):

Email: support@diametor.com Location: Thrissur, Kerala, India.