Last updated: 01 January 2026
This Privacy Policy describes how 1NR, operated by 1NR ("we", "us", "our"), collects, uses, stores and protects your personal data when you use our website, mobile application and related services (collectively, the "Services").
We collect the following categories of personal data:
We process your data for the following purposes:
We share data only with: (a) regulated payment partners we use to settle transactions; (b) KYC verification providers operating under contract; (c) cloud-hosting infrastructure providers; and (d) law enforcement or regulators where compelled by law.
Passwords and MPINs are stored as bcrypt hashes — we never see the plaintext. OTPs are encrypted in your session with AES-256-GCM and never written to disk. All HTTP traffic is served over TLS. Sessions are bound to device fingerprint, browser user-agent and (optionally) IP address. Bad-MPIN attempts trigger automatic lock-outs.
You may exercise the following rights at any time:
We use first-party session cookies strictly necessary to operate the Services (login, CSRF protection, theme preference). We do not run third-party advertising or cross-site tracking cookies.
Transaction records are retained for the period mandated by RBI (presently 10 years from transaction date). KYC documents are retained for 8 years after account closure. Audit logs are retained for 7 years. Inactive non-KYC accounts are purged after 18 months.
Grievances and privacy questions: please use our contact form.