COMPLIANCE & DISCLOSURE
Information Security Policy
Capline Ventures Private Limited (operating as BlinkMoney) is committed to maintaining the confidentiality, integrity, and availability of all information assets. This policy outlines our approach to information security in compliance with the Information Technology Act, 2000, IT (Amendment) Act, 2008, and SEBI/AMFI/RBI guidelines.
| Entity | Capline Ventures Private Limited |
|---|---|
| Brand | BlinkMoney |
| Last Updated | 22 May 2026 |
1. Scope
- This policy applies to all data, systems, and personnel associated with the BlinkMoney platform.
- It covers user data, financial data, internal systems, third-party integrations, and cloud infrastructure.
2. Data Classification
- Public: Marketing material, product disclosures, regulatory filings.
- Internal: Business processes, internal communications, operational data.
- Confidential: User PII, financial data, KYC documents, authentication credentials.
- Restricted: Encryption keys, regulatory reports, audit logs.
3. Access Control
- Access to confidential and restricted data is granted on a need-to-know basis.
- All employees undergo identity verification and background checks before access is granted.
- Multi-factor authentication (MFA) is mandatory for all internal systems.
- Access rights are reviewed quarterly and revoked immediately upon employee exit.
4. Data Encryption
- All data at rest is encrypted using AES-256 or equivalent.
- All data in transit is encrypted using TLS 1.2 or higher.
- User passwords and authentication tokens are hashed using bcrypt or equivalent.
5. Infrastructure Security
- All servers are hosted on ISO 27001-certified cloud infrastructure within India.
- Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) are deployed.
- Regular vulnerability assessments and penetration testing are conducted.
- Anti-malware and endpoint protection solutions are deployed on all systems.
6. Incident Response
- A documented incident response plan is maintained and tested annually.
- Any data breach affecting user PII will be reported to CERT-In within 6 hours as mandated.
- Affected users will be notified of any breach that poses a risk to their rights and freedoms.
7. Third-Party Security
- All third-party vendors with access to user data are required to comply with this policy.
- Data sharing agreements with confidentiality clauses are executed with all service providers.
- Third-party security assessments are conducted as part of vendor onboarding.
8. Employee Responsibilities
- All employees and contractors are trained on information security policies annually.
- Employees must report any suspected security incidents to rishabh.roy@blinkmoney.in immediately.
- Unauthorised access, sharing, or misuse of user data is a disciplinary offence.
9. Regulatory Compliance
- All payment data is stored within India per RBI data localisation requirements.
- KYC and financial data is retained as mandated under PMLA, 2002.
- We comply with SEBI and AMFI guidelines on data protection for investor information.
10. Policy Review
- This policy is reviewed at least annually and updated to reflect regulatory, technology, or business changes.
- For queries, contact: rishabh.roy@blinkmoney.in
Capline Ventures Private Limited | G-502, Plot-6, Sec-9, Darave Enclave, AWHO, Darave, Thane - 400706, Maharashtra, India
Document last updated: 22 May 2026