PRIVACY POLICY

Effective Date: 01 December 2025

Company: Rimainda Technologies Private Limited

Registered Office: HD-311, WeWork – Prestige Atlanta, 7th Main, Koramangala 3rd Block, Bengaluru - 560 034

Rimainda Technologies Private Limited (“we”, “our”, “us”, “Lenda”), is a company registered in India which has developed and operates a reminder service platform named Lenda. We respect your (i.e., the Reminder Creator and the Reminder Recipient) (“you” or “your” or “User”) privacy and are committed to protecting your personal data. This privacy policy (“Privacy Policy”) explains how we collect, use, store, and protect your information when you use our services, including through messaging platforms such as WhatsApp, Telegram, WeChat, Line, or other supported channels, as well as through our web and mobile applications (“Services”). By using the Services, you agree to this Privacy Policy.

1. DEFINITIONS

1.1. “Reminder Creator” refers to the User who creates and sends a reminder or payment request.

1.2. “Reminder Recipient” refers to the User who receives the reminder.

1.3. “Personal Data” means any information relating to an identified or identifiable individual.

2. INFORMATION WE COLLECT

2.1. We collect only the information necessary to provide and improve Lenda’s reminder services effectively. This includes:

2.1.1. Contact Information you upload or share (e.g., names and phone numbers).

2.1.2. Reminder Details, such as amount, currency, due date, and frequency.

2.1.3. Communication Metadata, such as timestamps, delivery status, and response actions.

2.1.4. Device, Browser, and Log Data, including limited diagnostic information (e.g., IP address, error logs) for security, analytics, and troubleshooting.

2.1.5. Message Interactions - data intentionally sent to Lenda by the messaging platform (e.g., webhook payloads for replies, actions, or updates).

2.2. Lenda does not access message content beyond what is transmitted to us for reminder processing.

3. HOW WE USE YOUR INFORMATION

3.1. We use your information solely to deliver and improve Lenda’s reminder services. Specifically, we process your data to:

3.1.1. Send, manage, and track reminders between users.

3.1.2. Notify users of payments, disputes, or schedule changes.

3.1.3. Maintain service reliability and prevent misuse or spam.

3.1.4. Comply with applicable legal and regulatory obligations.

3.1.5. Improve features and product performance.

3.1.6. Generate aggregated or anonymized statistics (which do not identify individuals) for analytics and service optimization.

3.1.7. To evaluate or conduct a merger, divestiture, restructuring, reorganization, or dissolution.

3.2. We do not sell or rent user data to any third party. However, if you specifically request or authorize, we may collaborate with third party websites or applications which might offer you different services, which will require you link your Lenda account with such third party websites or applications. By linking you Lenda account with such third party websites or applications, you allow third parties to have access to your Personal Data. We do not control these third parties, and do not warrant any aspect of the third-party’s service. You agree that Lenda is not responsible, liable for anything which occurs on these third-party services.

4. INFORMATION SHARING

We may share limited personal information only as necessary to operate our services:

4.1. Shared Transactions: When both participants in a reminder need access to shared transaction details for transparency, Lenda shares relevant information including the Reminder Creator’s name and phone number with the Reminder Recipient. The phone number is shared only with the intended Reminder Recipient and is not used for any other purpose.

4.2. Optional Payment Information Sharing: Reminder creators may optionally add payment details (such as bank account numbers, UPI IDs, or other payment instructions) in their user settings. When enabled, these details can be viewed by recipients of reminders through a “View Payment Info” option. Lenda does not process payments or verify such information — it only displays what the creator has chosen to share.

4.3. Service Providers: We work with trusted cloud and communication providers to deliver our service securely. These providers are bound by strict confidentiality and data protection obligations.

4.4. Other Third Parties If you specifically request or authorize, we may collaborate with third parties whereby in order to access such third party services, you will need to link your Lenda account with such third party. Once you link your Lenda account with such third party, we may disclose such data as may be necessary for such services to such third party.

4.5. Legal and Compliance Requirements: We may disclose information when required by applicable law, regulation, or valid legal process.

4.6. Legal Basis for Processing (GDPR Compliance)

For users located in the European Economic Area (EEA), the United Kingdom, or jurisdictions with similar privacy laws, Lenda processes personal data only where a lawful basis applies under the General Data Protection Regulation (GDPR). Our legal bases include:

4.6.1. Performance of a Contract: To provide reminder services, manage reminders, and process responses.

4.6.2. Consent: When you voluntarily provide data, link third-party accounts, or choose to receive communications. You may withdraw consent anytime by sending a “STOP” message through the same channel.

4.6.3. Legitimate Interests: For legitimate interests, including to maintain service integrity, prevent fraud, improve reliability, and enhance customer support — provided these interests do not override your privacy rights.

4.6.4. Legal Obligations: When processing is necessary to comply with laws or respond to lawful requests.

We ensure that any processing based on legitimate interests is proportionate and respects user rights and freedoms.

5. DATA RETENTION

5.1. Reminder and transaction data are retained only as long as necessary to provide Services, for other legitimate purposes and to comply with legal and regulatory requirements. In case you choose at any time to deactivate your account or delete your Data, subject to Clause 5.2, we shall stop collecting data in relation to you.

5.2. Because reminders typically involve two or more parties, such shared data cannot be deleted unilaterally once transmitted. However, users can request access, correction, or account deactivation at any time. Please refer to Clause 8.6 below in this regard.

5.3. Backups containing any deleted data may persist temporarily as part of secure disaster recovery mechanisms before automatic purging.

6. SECURITY MEASURES AND DISASTER RECOVERY

6.1. We implement industry-standard security practices to protect user data from unauthorized access, alteration, or loss.Key measures include:

6.1.1. End-to-end encryption for all reminder messages in transit.

6.1.2. Encryption at rest within secure cloud infrastructure.

6.1.3. Strict access controls — internal access is role-based, logged, and limited to authorized personnel and automated systems.

6.1.4. Regular security audits, vulnerability scans, and penetration tests.

6.1.5. A defined incident response plan to handle security events.

6.1.6. Encrypted, geographically distributed backups and disaster recovery systems to ensure service continuity.

6.2. However, please understand that no transmission of data over the internet or any other public network can be guaranteed to be 100% secure. By using the Service, you agree that Lenda will have no liability for disclosure of your personal Data due to errors in transmission or unauthorized acts of third parties.

6.3. You will be contacted regarding any breach of the security, confidentiality, or integrity of your electronically stored Personal Data via email or any other feasible manner in the most expedient time possible and without unreasonable delay, insofar as consistent with the legitimate needs of law enforcement. All measures necessary to determine the scope of the breach and reasonably restore the integrity of the data system would be undertaken.

7. COOKIES

7.1. Like many websites, Lenda uses tracking technologies such as cookies and similar technologies to store your session information and to track the use of Services. We may also use these technologies to monitor traffic, improve the Services, and make it easier to use and more relevant.

7.2. Your browser or device may include “Do Not Track” functionality. Lenda’s information collection and disclosure practices, and the choices that we provide to customers, will continue to operate as described in this Privacy Policy, whether or not a Do Not Track signal is received.

7.3. You also have choices to limit some tracking mechanisms that collect information when you use our services. Many web browsers automatically accept cookies, but you can usually modify your browser’s setting to decline cookies if you prefer. If you choose to decline cookies, certain features of our service may not function properly or remain accessible to you.

8. USER RIGHTS AND CHOICES

8.1. We respect your rights regarding your personal Data and strive to maintain transparency and security in how it is managed.

8.2. You may:

8.2.1. Access or update your profile and contact information.

8.2.2. Withdraw consent to non-essential communications (for example, by sending a “STOP” message).

8.2.3. Request account deactivation or limitation of further processing.

8.3. However, complete deletion of user data is generally not possible due to the shared and transactional nature of Lenda’s service.

8.4. In case you choose to withdraw consent, you may not be able to access certain aspects of the Service. We will not be liable or responsible for the denial of Services to you due to not receiving necessary information from you. Each reminder or payment record involves at least two participants — a Reminder Creator and a Reminder Recipient — and forms part of both users’ legitimate records.

8.5. Once a reminder has been created or received, it cannot be unilaterally erased without affecting the integrity of another User’s data.

8.6. Accordingly:

8.6.1. Lenda does not delete reminder, payment, invoice, or receipt data once it has been shared or acted upon.

8.6.2. Account deactivation will disable future access and new reminder creation but retain existing transaction data for legal, operational, and fairness reasons (for example, to prevent manipulation of payment histories or any scores denoting reliability of repayment).

8.6.3. Only non-essential, unlinked, or auxiliary data (such as device metadata or notification preferences) may be deleted when feasible.

8.7. This policy ensures the continuity, auditability, and fairness of the Lenda ecosystem while maintaining compliance with applicable data protection laws.

9. DATA RESIDENCY AND INTERNATIONAL TRANSFERS

9.1. Lenda is committed to complying with applicable data residency and privacy laws in every region where we operate.

9.2. We aim to store and process user data in the data centers closest to the user’s country or region to ensure better compliance, performance, and reliability.

9.3. Data localization: Transaction and reminder information is primarily stored in the Reminder Creator’s regional data center.

9.4. Distributed architecture: We intend to maintain more than 20 data centers globally to meet regional privacy requirements and reduce cross-border data transfers.

9.5. Expansion commitment: Not all countries currently have reliable cloud infrastructure available to us. As our cloud service providers expand coverage, we will extend our regional data storage to additional jurisdictions.

9.6. In cases where cross-border data transfer is necessary, we use industry-standard safeguards such as contractual clauses and secure encryption protocols to ensure that user data remains protected and compliant with international privacy standards.

10. CHANGES TO THIS POLICY

10.1. We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

10.2. We may introduce additional features, such as transparency or credibility scores, in the future. If such features involve new types of data use, we will update this Privacy Policy and seek additional consent where required.

10.3. Users will be notified of significant updates through our official channels before such changes take effect.

11. DISPUTES

Any dispute, controversy, proceedings or claim of whatever nature arising out of or in any way relating to this Privacy Policy shall be governed by and construed in accordance with Indian law, and the courts of Bengaluru, Karnataka shall have exclusive jurisdiction to resolve any disputes between us relating to this Policy.

12. CONTACT US

If you have questions or grievances or concerns about this Privacy Policy or our data practices, please contact:

Rimainda Technologies Private Limited

HD-311, WeWork - Prestige Atlanta, 7th Main, Koramangala 3rd Block,

Bangalore - 560034, India

Email: privacy@lenda.in