NxtGenAPI

    Privacy Policy

    Last Updated: 30-01-2026

    1. Overview

    NxtGenAPIs provides API-based technology services to Banks, NBFCs, and Microfinance Institutions (MFIs), including eKYC, identity verification, and compliance-related services. We are committed to safeguarding personal and sensitive data in accordance with RBI Master Directions, the Information Technology Act, 2000, and applicable data protection laws in India.

    We primarily act as a data processor on behalf of our regulated customers.

    2. Information We Process

    We may process personal and sensitive information strictly as instructed by our customers, including:

    • Identity and KYC-related information

    • Verification responses and compliance data

    • Technical data such as API logs, timestamps, and IP addresses

    We do not collect data directly from end users for our own purposes.

    3. Purpose of Processing

    Data is processed only to:

    • Provide contracted API services

    • Enable regulatory compliance (including KYC/AML)

    • Prevent fraud and misuse

    • Ensure system security, auditability, and reliability

    Data is never used for marketing or profiling.

    4. Legal & Regulatory Compliance

    Our data processing practices align with:

    • RBI Master Directions on KYC and IT Framework for NBFCs

    • Applicable RBI cybersecurity and outsourcing guidelines

    • Information Technology (Reasonable Security Practices) Rules, 2011

    • Digital Personal Data Protection Act, 2023 (where applicable)

    Customer institutions are responsible for obtaining end-user consent.

    5. Data Security

    We implement robust security controls including:

    • Encryption of data at rest and in transit

    • Access controls and audit logging

    • Secure infrastructure and monitoring

    • Periodic security assessments

    These controls are designed to meet regulatory and industry standards.

    6. Data Retention

    Data is retained only for:

    • The duration required to provide services

    • Compliance with legal and regulatory obligations

    • Contractual requirements with customers

    Data is securely deleted or anonymized after the retention period.

    7. Data Sharing

    Data is shared only:

    • With the concerned customer (Bank/NBFC/MFI)

    • With authorized service providers under confidentiality obligations

    • When required by law or regulatory authorities

    We do not sell or disclose data for commercial purposes.

    8. Cross-Border Data Handling

    Where applicable, any cross-border data processing is carried out in compliance with:

    • RBI guidelines

    • Customer instructions

    • Applicable Indian data protection laws

    9. End-User Rights

    End users should contact the Bank, NBFC, or MFI that collected their data to exercise rights related to access, correction, or deletion. We support our customers in fulfilling such requests as required by law.

    10. Contact

    For privacy or data protection queries:

    Data Protection / Privacy Officer
    NxtGen APIs
    Email: privacy@nxtgenapis.com

    Regulatory Note

    This platform operates as a technology service provider to regulated financial institutions. All KYC, customer due diligence, and consent obligations remain with the respective Bank, NBFC, or MFI in line with RBI Master Directions.

    ← Back to home