Donut Privacy Policy

Effective date “December 1, 2019“

Your Privacy Matters

Privacy is the fundamental human right and at Donut our core values are designed to keep this in mind. Donut’s mission is to make the customer a better spender by providing the right set of tools. Central to this mission is our commitment to being transparent about the data we collect about you, how it is used and with whom it is shared.

This Privacy Policy applies when you use our Services (described below). We offer our users choices about the data we collect, use and share as described in this Privacy Policy.

Table of Contents:

  • Introduction
  • Data We Collect
  • How We Use Your Data
  • Your Choices & Obligations
  • Other Important Information


Donut is a wrapper around your existing financial accounts. We call ourselves a hospitality layer around your existing banking/financial relationships. Our Privacy Policy applies to any Members of our Services.

Our registered users (“Members”) share their personal information, engage with Donut apps by securely storing their card information via Donut.


This Privacy Policy applies to your use of Donut’s Services.

This Privacy Policy applies to Donut-based apps, other Donut-related sites, apps, communications and services (“Services”).


Changes to the Privacy Policy apply to your use of our Services after the “effective date.”

Donut (“we” or “us”) can modify this Privacy Policy, and if we make material changes to it, we will provide notice through our Services, or by other means, to provide you the opportunity to review the changes before they become effective. If you object to any changes, you may request us to close your account.

You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that the collection, use, and sharing of your personal data is subject to the updated Privacy Policy.

1. Data We Collect

1.1 Data You Provide To Us

You provide data to create an account with us.


To create an account you need to provide data including mobile number, and the OTP we send you to the mobile number.


You have choices about the information on your profile, such as your name, email, and profile picture. You don’t have to provide additional information on your profile; however, profile information helps you to get more from our Services, including helping customer support to identify you and provide you a better service, and sending you Donut product updates occasionally.


Donut stores your card information privately under-payment Card Industry Data Security Standard v3.2.1 (PCI DS v 3.2.1) compliant vault. , which Donut has no direct access to it. You have to provide the cardholder name, card number, expiry month and year, bank name, and card type name. The card information helps you get more from Services, including rewards, card analytics, and usage insights. We use the bank name, and card type finds you the best rewards when you shop in an online store using Donut’s Google Chrome browser extension. We don’t use your card number or name or expiry month year to provide you a better service.

1.2 Service Use

We log your visits and use of our Services, including mobile apps and browser extensions.

We log usage data when you visit or otherwise use our Services, including our sites, mobile apps, and browser extensions, platform technology such as when you install or update one of our apps. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use.

1.3 Cookies

We don’t collect data through cookies. We are using cookies in our browser extension apps to store the access token, so that you can easily continue using the service without logging in and each and every time.

We will be using cookies to analyze your shopping patterns, we will add that feature in the future, please check back here for more cookie usage information.

1.4 Your Device and Location

We don’t use your location data.

1.5 Messages

If you communicate through our Services, we learn about that.

We collect information about you when you send, receive, or engage with messages in connection with our Services. For example, if you talk to our customer support team, we track whether you have acted on it and will send you reminders. We also use the information to train our customer support team and provide you a better service.

1.6 Other

We are improving our Services, which means we get new data and create new ways to use data.

Our Services are dynamic, and we often introduce new features, which may require the collection of new information. If we collect materially different personal data or materially change how we use your data, we will notify you and may also modify this Privacy Policy.

2. How We Use Your Data

We use your data to provide, support, personalize and develop our Services.

How we use your personal data will depend on which Services you use, how you use those Services and the choices you make. We use the data that we have about you to provide and personalize, including with the help of automated systems and inferences we make, our Services (including spend insights) so that they can be more relevant and useful to you and others.

2.1 Customer Support

We use data to help you and fix problems.

We use the data (which can include your communications) to investigate, respond to and resolve complaints and Service issues (e.g., bugs).

2.2 Aggregate Insights

We use data to generate aggregated insights.

We use your data to produce and share aggregated insights that do not identify you. For example, we may use your data to generate statistics about your spending patterns, industry or merchant, to calculate reward value, or to provide you card usage analytics and insights. We don’t share your spending patterns or insights with anyone, this information is private and only visible to you. Donut’s machine learning analyses your data and our AI recommendation engine automatically provides you the card insights.

2.3 Security and Investigations

We use data for security, fraud prevention, and investigations.

We use your data (including your communications) if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our User Agreement or this Privacy Policy.

3. Your Choices & Obligations

3.1 Data Retention

We keep most of your personal data for as long as your account is open.

We retain your personal data while your account is in existence or as needed to provide you with Services. This includes data you or others provided to us and data generated or inferred from your use of our Services.

3.2 Rights to Access and Control Your Personal Data

You can access or archive your personal data. You have many choices about how your data is collected, used.

We provide many choices about the collection, usage of your data, from archiving or correcting data you include in your profile. We offer you settings to control and manage the personal data we have about you.

For personal data that we have about you:

  • Delete Data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you).
  • Change or Correct Data: You can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
  • Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
  • Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of the personal data you provided in a machine-readable form.

3.3 Account Closure

At this point, Donut doesn’t let the user close an account themselves, we will add this feature in coming months and will give you a detailed over-view of how this works. However, if you wish to close your account due to change in our Terms of Use or Privacy Policy, you may request us to close you account for you by writing us at the email address specified in the Contact Information below

4. Other Important Information

4.1. Security

We monitor for and try to prevent security breaches. Please use the security features available through our Services.

We implement security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

4.2. Cross-Border Data Transfers

We do not voluntarily transfer your data outside India. However, if you use our services for shopping online from websites and platformsoperated by foreign persons or entities, your data may get shared with such person or entities. 4.3 Third-Party Service Providers:

We engage third-party service providers to render certain services, thereby your Information will be used by such third-party service providers solely and strictly to provide the services to you. Sharing of Information is limited to the extent that is necessary for rendering such services and is shared under the strict obligation of confidentiality subject to the permitted disclosure provided under this Privacy Policy. Your Information will be used by following third-party service providers for purposes as stipulated under this Policy


4.3 Third-Party Service Providers:

We engage third-party service providers to render certain services, thereby your Information will be used by such third-party service providers solely and strictly to provide the services to you. Sharing of Information is limited to the extent that is necessary for rendering such services and is shared under the strict obligation of confidentiality subject to the permitted disclosure provided under this Privacy Policy. Your Information will be used by following third-party service providers for purposes as stipulated under this Policy.

  • Web Analytics: We use third-party service providers to monitor and use our Platform to track and report traffic on the Platform; thereby, the web analytics service providers such as Google Analytics, Facebook Pixels, and Twitter Pixels may use the collected data to contextualize and personalize advertisements of its own advertising network. Kindly refer to their respective privacy practices to understand the usage of your data by these service providers. You can access the Privacy Policy and Terms of use of these service providers on their respective websites.
  • Behavioural Remarketing: The Company uses remarketing services to advertise on third-party websites to you after you use our Platform. We and our third-party vendors, including Google, Twitter and Facebook use cookies to inform, optimize and serve ads based on your past usage of our Platform. You may choose to opt-out from receiving these by following the instructions on each website for it. The instructions for the same along with the Privacy Policy and the terms of use of these service providers can be accessed on their respective websites.
  • Card Vault: All the Financial Information collected by us is stored under payment Card Industry Data Security Standard v3.2.1 (PCI DS v 3.2.1) compliant vault. Infrastructure and is verified and audited quarterly for implementing and providing safe channels for availing such services on Donut.

    This card vault is operated by PayNext Private Limited, a Company incorporated under the provisions of Companies Act, 1956 and having its Registered A/006, Kanakia Western Edge II, Off Western Express Highway, Borivali East, Mumbai, India, pin 400066.
  • Gift Cards: The Gift cards made available to you on Donut is brought to you by Vouchagram India Private Limited, a company registered in India within the meaning of the Companies Act, 1956 having its registered office at 3rd Floor, B-11, Qutub Institutional Area, New Delhi 110016 and Qwikcilver Solutions Private Limited, a company incorporated under the Companies Act, 1956, having its regis-tered office at No. 111, 1st floor, “Brigade Manae Court”, Industrial Layout, Koramangala 5th Block, Bangalore – 560 095

Our Platform may link to third-party website and services that are outside our control. Such third-party websites may collect and store information and data about the user. The Company takes no responsibility for the privacy practices followed by these websites or the content available thereof. The company takes no liability for any loss or damage arising directly or indirectly for use of such a website by browsing or by transacting through it.


4.4. Minors

Donut was created exclusively for 18+ users. We don’t intentionally collect or solicit personal information from minors. If you are a minor under the age of 18, please refrain from sending us your personal information and/or registering for Donut’s products

4.5. Contact Information

You can contact us or use other options to resolve any complaints.

You can also reach us at