Lenda
Change type: minor

Version 0.3.0 | Last Updated on November 07, 2025

Privacy Policy

Effective Date: November 1, 2025

Company: Rimainda Technologies Private Limited

Jurisdiction: Bangalore, India

Lenda (“we”, “our”, “us”) is a reminder service developed and operated by Rimainda Technologies Private Limited, a company registered in India. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services (“Services”), including through messaging platforms such as WhatsApp, Telegram, WeChat, Line, or other supported channels, as well as through our web and mobile applications. By using Lenda, you agree to this Privacy Policy.

Definitions

“Reminder Creator” refers to the user who creates and sends a reminder or payment request.

“Reminder Recipient” refers to the user who receives the reminder.

“Personal Data” means any information relating to an identified or identifiable individual.

“Data Controller” means the entity that determines the purpose and means of processing personal data — in this case, Rimainda Technologies Private Limited.

“Data Processor” means a third-party service provider that processes data on behalf of the Data Controller.

Information We Collect

We collect only the information necessary to provide and improve Lenda’s reminder services effectively. This includes:

  • Contact Information you upload or share (e.g., names and phone numbers).
  • Reminder Details, such as amount, currency, due date, and frequency.
  • Communication Metadata, such as timestamps, delivery status, and response actions.
  • Device, Browser, and Log Data, including limited diagnostic information (e.g., IP address, error logs) for security, analytics, and troubleshooting.
  • Message Interactions - data intentionally sent to Lenda by the messaging platform (e.g., webhook payloads for replies, actions, or updates).

Lenda does not access message content beyond what is transmitted to us for reminder processing.

How We Use Your Information

We use your information solely to deliver and improve Lenda’s reminder services. Specifically, we process your data to:

  • Send, manage, and track reminders between users.
  • Notify users of payments, disputes, or schedule changes.
  • Maintain service reliability and prevent misuse or spam.
  • Comply with applicable legal and regulatory obligations.
  • Improve features and product performance.
  • Generate aggregated or anonymized statistics (which do not identify individuals) for analytics and service optimization.

We do not sell or rent user data to any third party.

Information Sharing

We may share limited personal information only as necessary to operate our services:

Shared Transactions: When both participants in a reminder need access to shared transaction details for transparency, Lenda shares relevant information — including the reminder creator’s name and phone number — with the recipient. The phone number is shared only with the intended recipient of the reminder and is not used for any other purpose.

Optional Payment Information Sharing: Reminder creators may optionally add payment details (such as bank account numbers, UPI IDs, or other payment instructions) in their user settings. When enabled, these details can be viewed by recipients of reminders through a “View Payment Info” option. Lenda does not process payments or verify such information — it only displays what the creator has chosen to share.

Service Providers: We work with trusted cloud and communication providers to deliver our service securely. These providers are bound by strict confidentiality and data protection obligations.

Legal and Compliance Requirements: We may disclose information when required by applicable law, regulation, or valid legal process.

Legal Basis for Processing (GDPR Compliance)

For users located in the European Economic Area (EEA), the United Kingdom, or jurisdictions with similar privacy laws, Lenda processes personal data only where a lawful basis applies under the General Data Protection Regulation (GDPR).

Our legal bases include:

Performance of a Contract: To provide reminder services, manage reminders, and process responses.

Consent: When you voluntarily provide data, link third-party accounts, or choose to receive communications. You may withdraw consent anytime by sending a “STOP” message through the same channel.

Legitimate Interests: To maintain service integrity, prevent fraud, improve reliability, and enhance customer support — provided these interests do not override your privacy rights.

Legal Obligations: When processing is necessary to comply with laws or respond to lawful requests.

We ensure that any processing based on legitimate interests is proportionate and respects user rights and freedoms.

Data Retention

Reminder and transaction data are retained only as long as necessary to provide services or comply with legal and regulatory requirements.

Because reminders typically involve two or more parties, such shared data cannot be deleted unilaterally once transmitted. However, users can request access, correction, or account deactivation at any time.

Backups containing deleted data may persist temporarily as part of secure disaster recovery mechanisms before automatic purging.

Security Measures and Disaster Recovery

We implement industry-standard security practices to protect user data from unauthorized access, alteration, or loss.

Key measures include:

  • End-to-end encryption for all reminder messages in transit.
  • Encryption at rest within secure cloud infrastructure.
  • Strict access controls — internal access is role-based, logged, and limited to authorized personnel and automated systems.
  • Regular security audits, vulnerability scans, and penetration tests.
  • A defined incident response plan to handle security events.
  • Encrypted, geographically distributed backups and disaster recovery systems to ensure service continuity.

In the unlikely event of a data breach, we will promptly notify affected users and regulators as required by applicable law.

User Rights and Choices

We respect your rights regarding your personal data and strive to maintain transparency and security in how it is managed.

You may:

  • Access or update your profile and contact information.
  • Withdraw consent to non-essential communications (for example, by sending a “STOP” message).
  • Request account deactivation or limitation of further processing.

However, complete deletion of user data is generally not possible due to the shared and transactional nature of Lenda’s service.

Each reminder or payment record involves at least two participants — a Reminder Creator and a Reminder Recipient — and forms part of both users’ legitimate records.

Once a reminder has been created or received, it cannot be unilaterally erased without affecting the integrity of another user’s data.

Accordingly:

  • Lenda does not delete reminder, payment, invoice, or receipt data once it has been shared or acted upon.
  • Account deactivation will disable future access and new reminder creation but retain existing transaction data for legal, operational, and fairness reasons (for example, to prevent manipulation of Lenda Score or payment histories).
  • Only non-essential, unlinked, or auxiliary data (such as device metadata or notification preferences) may be deleted when feasible.

This policy ensures the continuity, auditability, and fairness of the Lenda ecosystem while maintaining compliance with applicable data protection laws.

Data Residency and International Transfers

Lenda is committed to complying with applicable data residency and privacy laws in every region where we operate.

We aim to store and process user data in the data centers closest to the user’s country or region to ensure better compliance, performance, and reliability.

Data localization: Transaction and reminder information is primarily stored in the Reminder Creator’s regional data center.

Distributed architecture: We intend to maintain more than 20 data centers globally to meet regional privacy requirements and reduce cross-border data transfers.

Expansion commitment: Not all countries currently have reliable cloud infrastructure available to us. As our cloud service providers expand coverage, we will extend our regional data storage to additional jurisdictions.

In cases where cross-border data transfer is necessary, we use industry-standard safeguards such as contractual clauses and secure encryption protocols to ensure that user data remains protected and compliant with international privacy standards.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

We may introduce additional features, such as transparency or credibility scores, in the future. If such features involve new types of data use, we will update this Privacy Policy and seek additional consent where required.

Users will be notified of significant updates through our official channels before such changes take effect.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Rimainda Technologies Private Limited

HD-311, WeWork - Prestige Atlanta, 7th Main, Koramangala 3rd Block,

Bangalore - 560034, India

Email: privacy@lenda.in

© 2024 Rimainda Technologies Private Limited. All rights reserved.