Privacy Policy

Effective Date: April 1, 2026

Last Updated: April 1, 2026

This Privacy Policy explains how Eazr Digipayments Private Limited and its affiliates, subsidiaries, and controlled entities operating under the EAZR brand (“EAZR,” “we,” “our,” or “us”) collect, use, store, share, and otherwise process personal data when you access or use our websites, applications, products, tools, communications, and AI-powered services, including Hibiscus (collectively, the “Services”).

EAZR is building an AI-native insurance intelligence and affordability layer focused on policy understanding, protection visibility, and insurance premium financing. Because of the nature of these Services, we may process personal data relating to identity, contact details, policy information, family coverage, payment context, communications, and documents you choose to provide.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope

This Privacy Policy applies to personal data processed by us in connection with:

  • the EAZR website and all linked pages;

  • account creation, onboarding, and authentication;

  • Hibiscus and other AI-enabled chat, analysis, and support interfaces;

  • policy upload, policy analysis, policy locker, protection scoring, and related workflows;

  • insurance premium financing, affordability, eligibility, waitlist, and related product journeys;

  • customer support, communications, surveys, and feedback;

  • any other online or offline interaction that links to or references this Privacy Policy.

This Privacy Policy does not apply to third-party websites, apps, or services that we do not control, even if they are linked from our Services.

2. Who We Are

Legal Entity: Eazr Digipayments Private Limited

Brand: EAZR

AI Engine: Hibiscus

Registered Office: PLOT- 841, TOWER 1C, JUPITER TEXTILE MILL COMPOUND, , SENAPATI BAPAT MARG, ELEPHINSTONE, DELISLE ROAD, Delisle Road, Mumbai, Mumbai, Maharashtra, India, 400013

Support Email: support@eazr.in

Privacy / Grievance Contact: manish.r@eazr.in

Website: https://eazr.life

Where a specific service is provided with or through a licensed partner, regulated intermediary, insurer, NBFC, financing partner, or other ecosystem participant, the relevant entity may also be identified in the applicable flow, consent notice, or terms.

3. The Data We Collect

We may collect personal data directly from you, automatically through your use of the Services, from documents you upload, from family-member information you add, and from third parties who support the Services lawfully.

3.1 Data you provide directly

This may include:

  • full name;

  • mobile number;

  • email address;

  • postal address;

  • city, state, and PIN code;

  • date of birth;

  • gender;

  • login credentials or authentication data;

  • profile information;

  • support messages, queries, and feedback;

  • declarations, forms, and information submitted during product or service flows.

3.2 Insurance and policy data

Because EAZR is an insurance-focused platform, we may process:

  • policy documents you upload;

  • insurer name and policy number;

  • policy type, tenure, renewal date, premium amount, and sum insured;

  • rider, exclusion, waiting period, and benefit details;

  • claim-related details you provide for guidance or support;

  • family-member and dependent policy information;

  • protection gaps, policy overlaps, and continuity signals generated from your uploaded information.

3.3 Financing and affordability data

Where relevant to premium financing or related eligibility workflows, we may process:

  • financing interest or application details;

  • payment and billing-related data;

  • repayment-related status data;

  • transaction metadata;

  • partner processing status;

  • information needed to assess or support financing workflows.

3.4 AI and conversation data

When you use Hibiscus or other AI-enabled features, we may process:

  • prompts, chat messages, and uploaded files;

  • extracted text and structured fields from documents;

  • generated outputs, summaries, comparisons, and insights;

  • conversation history and context;

  • feedback, corrections, ratings, and follow-up actions.

3.5 Data collected automatically

When you use the Services, we may collect certain technical and usage information automatically, such as:

  • IP address;

  • approximate location inferred from IP;

  • browser type and version;

  • device type and operating system;

  • language preference;

  • referring URLs;

  • app and site activity;

  • log data, timestamps, and crash diagnostics;

  • cookies, pixels, SDK data, and similar technologies.

3.6 Data from third parties

We may receive personal data from:

  • insurers and insurance ecosystem partners;

  • financing, underwriting, or affordability partners;

  • KYC and identity-verification providers;

  • payment processors and payment gateways;

  • cloud, analytics, security, communications, and support vendors;

  • lawful public or partner-provided sources where applicable.

3.7 Family-member or third-party data you add

If you upload or submit personal data relating to a spouse, parent, child, dependent, nominee, employee, or any other third party, you represent that you are authorized to provide that information and to permit us to process it for the relevant purpose.

4. How We Use Personal Data

We may use personal data for the following purposes:

4.1 To provide and operate the Services

We use data to create and manage accounts, authenticate users, provide Hibiscus and other product features, enable policy upload and storage, deliver policy analysis, organize policy records, and support premium financing and related workflows.

4.2 To generate insurance intelligence and protection insights

We use data to extract and structure policy information, identify coverage details, surface gaps or overlaps, provide reminders, generate summaries, improve protection visibility, and help users better understand insurance decisions.

4.3 To process requests, applications, and transactions

We use data to process financing interest, partner-routing requests, payments, servicing flows, support requests, and related transactional activities.

4.4 To communicate with you

We use data to send service messages, alerts, reminders, support responses, security notifications, product communications, and, where permitted, marketing or promotional messages.

4.5 To improve, monitor, and secure the Services

We use data to maintain platform security, detect fraud or misuse, troubleshoot issues, monitor system performance, improve product quality, evaluate AI outputs, and conduct internal analytics, testing, and research.

4.6 To comply with law and protect rights

We may process data to comply with legal, regulatory, audit, tax, accounting, and reporting obligations, respond to lawful requests, enforce our terms, and protect our rights, users, partners, and systems.

India’s DPDP Act, 2023 sets out lawful grounds and obligations for the processing of digital personal data, and the DPDP Rules, 2025 specify phased commencement of several operational requirements.

5. Legal Basis / Ground of Processing

We process personal data only where we have a lawful basis to do so, including:

  • your consent;

  • performance of a contract or steps taken at your request before entering into a contract;

  • compliance with legal or regulatory obligations;

  • legitimate uses or other lawful purposes recognized under applicable law;

  • protection of our rights, systems, users, and services.

Under the DPDP Act, data principals have rights such as access to information, correction and erasure, grievance redressal, and nomination in certain circumstances.

Where consent is required, we will seek it through the relevant notice, interface, checkbox, upload flow, or similar affirmative mechanism.

6. Cookies and Similar Technologies

We and our service providers may use cookies, pixels, SDKs, local storage, and similar technologies to:

  • keep you signed in;

  • remember settings and preferences;

  • understand product usage and traffic patterns;

  • improve site performance and reliability;

  • measure communications and campaign effectiveness;

  • support security and fraud prevention.

You can manage cookies through your browser or device settings. Some functionality may not work properly if certain cookies are disabled.

7. AI, Hibiscus, and Automated Processing

Hibiscus is EAZR’s AI-native insurance intelligence engine. It may process prompts, uploaded documents, extracted content, account context, and interaction history to help generate policy understanding, structured insights, protection visibility, and related outputs.

7.1 What AI features may do

Hibiscus and related systems may:

  • read and analyze uploaded policy documents;

  • extract policy information and organize it into structured fields;

  • generate summaries, comparisons, reminders, and protection-related insights;

  • use limited account or session context to improve relevance and continuity;

  • support internal monitoring, reliability improvement, and safety controls.

7.2 Limits of AI outputs

AI-generated outputs are intended to assist understanding and navigation. They may not always be complete, current, or error-free. They do not replace the governing insurer-issued policy wording, formal underwriting decisions, or regulated advice where such advice is legally required.

7.3 Human review

Certain flows may involve human review for customer support, quality assurance, compliance, dispute handling, fraud prevention, or partner coordination.

7.4 Service improvement

Where permitted by law, we may use interaction data, error signals, feedback, and de-identified or aggregated data to improve the quality, safety, accuracy, and usefulness of our AI systems and Services.

8. When We Share Personal Data

We do not sell personal data in the ordinary commercial sense. We may share personal data only in the following circumstances:

8.1 Within our corporate group

We may share data within our affiliates, subsidiaries, and controlled entities for internal administration, support, security, product operations, and lawful business purposes.

8.2 With service providers

We may share data with vendors that support hosting, storage, analytics, document processing, communications, customer support, security, KYC, payment processing, CRM, and other core business operations.

8.3 With insurance and financing ecosystem partners

Where necessary for the services you request, we may share data with insurers, licensed intermediaries, TPAs, financing partners, NBFCs, underwriting or servicing partners, and payment or settlement partners.

8.4 For legal, regulatory, and safety purposes

We may disclose data when required by law, court order, regulator, law enforcement request, audit requirement, or where necessary to protect rights, safety, platform integrity, or investigate fraud or misuse.

8.5 In business transfers

If EAZR is involved in a merger, acquisition, restructuring, financing, insolvency, or sale of assets, personal data may be transferred as part of that transaction, subject to applicable law and confidentiality safeguards.

8.6 With your direction or consent

We may share data with third parties when you ask us to do so or otherwise provide consent.

9. Sensitive Data and Insurance Context

Because EAZR operates in the insurance domain, some data you provide may reveal financial details, family information, policy details, identity information, or health-related context. Under India’s SPDI Rules, categories such as passwords, financial information, health condition, medical records and history, and biometric information are treated as sensitive personal data or information.

We process such information only where necessary for the relevant service, where lawfully provided by you or an authorized person, or where otherwise permitted by law.

You should avoid entering unnecessary sensitive information into open-text fields unless it is directly required for the service you are using.

10. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

  • provide and maintain the Services;

  • manage your account and policy records;

  • support financing or servicing workflows;

  • comply with legal, audit, tax, accounting, and regulatory obligations;

  • detect fraud and maintain security;

  • resolve disputes and enforce our agreements.

Retention periods vary depending on the type of data, the nature of the product or interaction, legal requirements, and operational necessity.

We may retain de-identified, anonymized, or aggregated information for analytics, benchmarking, service improvement, research, and security purposes where permitted by law.

11. Security

We implement reasonable technical, administrative, contractual, and organizational safeguards designed to protect personal data from unauthorized access, disclosure, misuse, alteration, loss, or destruction.

These measures may include:

  • access controls and role-based permissions;

  • encryption in transit and, where applicable, at rest;

  • logging, monitoring, and audit trails;

  • secure development and deployment practices;

  • vendor due diligence and contractual controls;

  • backup, recovery, and incident response procedures.

No method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for using secure devices and networks.

CERT-In’s cyber security directions require covered entities to report specified cyber incidents within six hours of noticing them or being informed about them.

12. Cross-Border Transfers

Your personal data may be stored, processed, or accessed in jurisdictions other than the one in which you reside, including by affiliates or service providers supporting our infrastructure.

Where such transfers occur, we take reasonable steps to ensure that an appropriate level of protection applies, consistent with applicable law, including contractual protections, access restrictions, and security safeguards.

If any law restricts transfer to certain territories or requires specific controls, we will seek to comply with those requirements.

13. Your Rights

Subject to applicable law, you may have rights in relation to your personal data, including the right to:

  • request information about personal data processed by us;

  • request correction, completion, or updating of inaccurate data;

  • request deletion or erasure in appropriate cases;

  • withdraw consent where processing is based on consent;

  • manage communication preferences;

  • seek grievance redressal;

  • nominate another person to exercise rights in certain situations, where law provides for it.

The DPDP Act, 2023 expressly provides rights relating to access to information, correction and erasure, grievance redressal, and nomination.

To exercise your rights, contact us using the details in the “Contact Us” section below. We may need to verify your identity before acting on a request. We may also deny or limit a request where permitted or required by law.

14. Withdrawal of Consent

Where we rely on your consent, you may withdraw it at any time by using available settings, following the relevant opt-out mechanism, or contacting us directly.

Withdrawal of consent does not affect processing carried out before withdrawal. It may, however, affect our ability to provide certain features or Services.

15. Marketing Communications

We may send you communications about updates, launches, features, offers, content, and other EAZR-related information where permitted by law.

You may opt out of non-essential promotional communications by:

  • clicking the unsubscribe link in an email;

  • adjusting account or app settings where available;

  • contacting us directly.

Even if you opt out of marketing messages, we may still send transactional, legal, or service-related communications.

16. Children and Dependent Data

Our Services are generally intended for adults. However, certain features may allow policy management or record organization for children, dependents, or family members through a parent, guardian, or authorized adult.

If you submit data relating to a child or dependent, you represent that you are authorized to do so.

If we learn that personal data has been collected in a manner not permitted by law, we may delete, restrict, or take other appropriate action regarding that data.

17. Third-Party Services

Our Services may include links to or integrations with third-party platforms, APIs, tools, payment providers, insurer systems, or partner services. Those third parties operate under their own terms and privacy practices.

We are not responsible for the privacy practices of third-party services that we do not control. You should review their privacy policies before sharing data with them.

18. Account Closure and Deletion

You may request closure of your EAZR account by contacting us at [Insert Support Email].

Please note:

  • certain data may remain in backups for a limited period;

  • some records may need to be retained for legal, audit, anti-fraud, tax, accounting, dispute, compliance, or security reasons;

  • some information may be preserved in de-identified, anonymized, or aggregated form.

If your account is associated with active support cases, policy servicing, financing activity, or legal obligations, deletion may be delayed or limited as permitted by law.

19. Data Accuracy and Responsible Use

You agree not to submit false, misleading, fraudulent, forged, unauthorized, or unlawful information through the Services.

We may suspend, restrict, or terminate access if we detect fraud, misuse, abuse, security threats, or violations of our terms.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our products, AI systems, infrastructure, legal obligations, or business practices.

Where required, we will provide notice through the website, app, email, or another appropriate channel. The updated version will become effective on the date stated at the top of the policy.

21. Contact Us / Grievance Redressal

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact:

Privacy / Grievance Officer

Name: Manish R

Email: manish.r@eazr.in

Address: PLOT- 841, TOWER 1C, JUPITER TEXTILE MILL COMPOUND, , SENAPATI BAPAT MARG, ELEPHINSTONE, DELISLE ROAD, Delisle Road, Mumbai, Mumbai, Maharashtra, India, 400013

General Support

Email: support@eazr.in

Website: https://eazr.life

If required by applicable law, we will handle grievances within the timelines required by law or internal policy