Terms of Usage
Rules for using PayMyQR responsibly
Effective Date: April 10, 2026 · Last updated: June 18, 2026
1. Agreement
By installing, accessing, or using PayMyQR, you agree to these Terms of Usage and to our Privacy Policy. If you do not agree, do not use the app. PayMyQR is provided by the publisher and operator of the PayMyQR app and this website.
These terms apply to all features in the app, including QR overlays, financial tracking, investment holdings and Net Worth views, Vault, backups, ads or paid tiers where offered, and optional integrations.
2. What PayMyQR is
PayMyQR is a local-first Android utility app. It is intended to help you show QR codes quickly, organize utility information, track money-related activity you choose to import, view optional investment holdings and Net Worth summaries on your device, and store sensitive content such as documents or passwords in Vault.
PayMyQR is not a bank, payment processor, insurer, broker, depository participant, mutual-fund distributor, investment adviser, research analyst, portfolio manager, or identity provider. Investment and Net Worth features are informational tools only. Features that reference payments, SMS, notifications, broker data, or autofill are tools to help you on your own device; they do not guarantee transaction outcomes, portfolio accuracy, regulatory compliance of third parties, account security at third parties, or uninterrupted availability.
3. Your responsibilities
- You are responsible for the accuracy of information you enter and for how you use overlays, exports, backups, and sharing features.
- You must comply with applicable law and with the terms of any third-party service you sign in to, pay through, or connect with while using PayMyQR.
- You must keep your device, Vault passcode, biometric settings, and backup destinations secure.
- By using PayMyQR you confirm that you are at least 18 years of age, or that a parent or guardian has reviewed and accepted these Terms and the Privacy Policy on your behalf. Users under 18 may use the app with parental consent; certain features (including ads) are restricted for users confirmed as minors at onboarding.
- You must not use PayMyQR to harass others, commit fraud, intercept credentials you do not own, import broker or CAS data you are not authorized to access, or circumvent security of other people’s accounts or systems.
- You must not use PayMyQR — including its PayChat, QR profile sharing, SMS dispatch, or any messaging feature — to transmit, distribute, or facilitate any content that is unlawful, fraudulent, malicious, deceptive, threatening, or that constitutes or facilitates a financial crime of any kind. This includes but is not limited to phishing, impersonation, cheating, extortion, criminal intimidation, money laundering, or any offence under the Bharatiya Nyaya Sanhita, 2023, Information Technology Act, 2000, Prevention of Money Laundering Act, 2002, or any other applicable statute. You are solely liable for all legal consequences arising from any such conduct.
4. Vault passwords, assisted capture, and Autofill
PayMyQR may offer Vault password storage and optional assisted capture. By using these features, you agree to the following:
- Your accounts only: save only login credentials for accounts you own or are authorized to manage. Do not use PayMyQR to collect or store other people’s passwords without permission.
- Explicit action required: assisted website capture reads login fields only in PayMyQR’s in-app browser when you tap an explicit save action (for example “Save login”). Assisted app capture relies on Android’s Autofill save flow or entries you confirm in Vault. PayMyQR does not support silent or background credential harvesting.
- Autofill is optional: you must enable PayMyQR as your Autofill provider in Android settings if you want fill or save prompts in other apps. You may disable Autofill at any time in system settings.
- No misuse of other apps: you must not use Vault or Autofill features to attack, phish, or impersonate others, or to automate logins in violation of another app’s or website’s rules.
- Multi-step sign-in: many sites show email and password on separate pages. You are responsible for completing the sign-in flow before saving. PayMyQR may show guidance when a password field is not yet available.
- Third-party providers: some services (including large identity providers) may block, limit, or change sign-in inside embedded browsers or through Autofill. PayMyQR does not guarantee that every website or app will work with assisted capture.
- Link-only entries: you may save an app-to-domain association without a password when offered. You remain responsible for adding or updating credentials later if you want autofill to work fully.
- Broker connections and saved broker logins: connecting an investment broker (such as Angel One) is read-only — PayMyQR reads holdings to track your portfolio and never places trades. You may optionally save your broker login, including client code, PIN, and TOTP secret, into your encrypted Vault to auto-fill it later. This is opt-in: it is saved only when you tick “Save to Vault,” it is protected by your Vault unlock, and you are responsible for safeguarding your device and Vault security. Use this only for your own broker account, and comply with your broker’s API and account terms. You can disconnect a broker or delete a saved login at any time.
Details about what data is processed and how it is stored appear in the Privacy Policy (Vault passwords section) and the Investment holdings, Net Worth, and CAS import section.
5. Investment holdings, Net Worth, and CAS import
By using portfolio, Net Worth, broker sync, or CAS import features, you agree to the following terms in addition to the rest of this document.
5.1 Informational use only — no investment advice
PayMyQR displays holdings, prices, NAVs, allocations, performance metrics (including estimated returns such as XIRR where shown), and aggregated Net Worth figures solely for your personal reference. Nothing in the app constitutes investment, legal, tax, accounting, or financial advice, a solicitation, or a recommendation to transact in any security or financial product. You are solely responsible for investment decisions and for verifying information with your broker, registrar, AMC, tax adviser, or other qualified professional before acting on it.
5.2 Your accounts and statements only
- You may connect or import data only for broker accounts, folios, or CAS statements that you own or are expressly authorized to access.
- You must comply with your broker’s, registrar’s, and statement issuer’s terms of use, API rules, and applicable securities, data-protection, and anti-fraud laws when using these features.
- You must not use PayMyQR to aggregate, scrape, or redistribute another person’s portfolio data without lawful authority.
5.3 Read-only broker connections
- Supported broker integrations are read-only for portfolio tracking. PayMyQR does not execute trades, place orders, transfer funds, change account settings, or operate as your agent at any broker.
- Broker tokens, sessions, and cached responses may be stored according to the Privacy Policy to provide sync and refresh functionality you request.
- Brokers may revoke access, change APIs, impose rate limits, or require re-authentication at any time. PayMyQR does not guarantee continuous sync or completeness of broker-supplied data.
- Optional saving of broker login credentials (including TOTP secrets) to Vault is governed by Section 4 above and remains entirely at your discretion.
5.4 CAS import
- CAS import requires you to upload a PDF and supply the decryption password required by the statement. You authorize PayMyQR to transmit that file and password over secure channels solely to parse the statement and return normalized holdings to your device.
- You represent that the PDF is authentic, relates to your holdings (or holdings you are authorized to view), and that providing the password for parsing is lawful.
- Supported CAS formats are limited to those implemented in the product (for example, mutual-fund CAS from supported registrars). Unsupported, password-protected non-CAS PDFs, corrupted files, or demat statements may fail to parse.
- PayMyQR is not responsible for parsing errors caused by issuer format changes, incorrect passwords, partial statements, or third-party library limitations.
5.5 Accuracy, timing, and display policies
- Displayed quantities, values, cost basis, market prices, NAVs, day change, currency conversion, and Net Worth totals may be delayed, rounded, estimated, or derived from last successful sync or import.
- Asset-class labels, grouping, and breakdowns are provided for organizational convenience and may not match regulatory, tax, or broker classifications.
- PayMyQR may update, limit, or discontinue support for specific brokers, asset types, metrics, or statement formats without prior notice where reasonably necessary for security, compliance, or product maintenance.
- You must not rely on PayMyQR as the sole record for tax filing, loan collateral, margin calculations, compliance reporting, or regulatory disclosures.
5.6 Prohibited conduct
You must not misuse holdings features to engage in market manipulation, unauthorized automated scraping of third-party systems, reverse engineering of parsing or broker proxy infrastructure, denial-of-service activity, circumvention of rate limits, or any activity that violates applicable law or third-party rights.
5.7 Family and household portfolios — tracking on behalf of others
PayMyQR lets you record and organize the holdings, plans, and tax details of family or household members alongside your own, grouped under each person you add in People. This is a personal record-keeping and organization feature only. PayMyQR is not a portfolio management service and does not provide portfolio management, investment management, or advisory services of any kind.
- Not a Portfolio Management Service (PMS). PayMyQR does not manage, hold, pool, custody, or exercise any discretion over any person's funds or securities, does not act as a portfolio manager, investment adviser, sub-broker, distributor, agent, or fiduciary for you or anyone else, and charges no fee for managing anyone's money. It is not, and does not purport to be, a "portfolio manager" under the SEBI (Portfolio Managers) Regulations, 2020, an "investment adviser" under the SEBI (Investment Advisers) Regulations, 2013, or any service requiring registration with SEBI or any regulator. Recording another person's holdings in the app is bookkeeping for your own reference — not management of their portfolio.
- No advice to anyone. Figures shown for any family member are informational only and are not investment, tax, legal, accounting, or financial advice to you or to that person (see Section 5.1). Each individual is responsible for their own financial decisions and should consult their own qualified professional.
- Your authority and consent. When you add, import, or store another person's data — including their name, PAN, holdings, plans, salary, statements, or tax details — you represent and warrant that you have that person's informed consent and the lawful authority to do so, and that you are entitled to provide it to PayMyQR for processing under the Digital Personal Data Protection Act, 2023 and other applicable law. You are responsible for honouring any request by that person to access, correct, or delete their data, and for any data concerning minors or persons under guardianship that you choose to record.
- You transact outside the app. Any actual investing, switching, redemption, settlement, or transacting in your own or a family member's accounts is carried out by you or them directly with the relevant broker, AMC, registrar, bank, or other institution, under that institution's terms and applicable law — never through PayMyQR. The app neither initiates, executes, nor facilitates any such transaction and never moves money or securities.
- PAN and identity data. A PAN you enter to designate a finance profile (yours or a family member's) is used only to organize and attribute holdings, plans, and tax estimates to the correct person on your device. It is stored encrypted on your device and is not required to be shared with us for these features to work, as described in the Privacy Policy.
- Your responsibility and indemnity. You are solely responsible for the lawful basis on which you add and process any other person's data. You agree to indemnify, defend, and hold harmless PayMyQR and its operator from and against any claim, demand, proceeding, loss, fine, or expense (including reasonable legal fees) arising from your adding, importing, sharing, or relying on another person's data without proper authority or consent, or from any financial decision you or any family member takes, in addition to the indemnity in Section 6.4.
6. Permissions, SMS, and PayChat
Certain features require Android permissions or sensitive access (camera, SMS, notifications, calendar, storage, microphone, overlay, or Autofill). You grant access only by enabling the related feature or permission. If you revoke access, related functionality may stop working.
SMS and notification features are intended for financial or payment-related detection and communication you enable. You agree not to repurpose those features for unrelated surveillance or data resale.
6.1 SEND_SMS, PayChat, and your responsibilities as sender
If you grant SEND_SMS permission, PayMyQR may send structured, app-originated SMS messages from your device and SIM to phone numbers you have stored for your contacts. By granting this permission and using PayChat features, you agree to all of the following:
- You are the sender. All SMS messages dispatched by PayMyQR are sent from your device, your SIM, and your phone number. PayMyQR acts as a technical mechanism; you bear legal responsibility for those messages under the Information Technology Act, 2000, TRAI regulations, and any other applicable law.
- Accuracy of phone numbers. You must ensure that phone numbers you store for contacts are correct. PayMyQR is not liable for messages that reach unintended recipients because you stored an incorrect number.
- Legitimate personal use only. You must use PayChat only for genuine personal payment communication with people you know. You must not use it to send unsolicited bulk messages, promotional or commercial spam, misleading financial claims, harassment, threats, or any content that violates applicable law or harms others.
- Structured messages only. PayChat sends only structured, app-originated messages. Freeform custom text cannot be sent as SMS directly through the app. If you need to send a custom message, you must use your own default SMS application manually.
- Split-request consent. Split-request SMSs are sent to friends you have added with their phone numbers. You are responsible for ensuring you have a reasonable basis or consent to message those people for payment purposes. PayMyQR does not independently verify recipient consent.
- No delivery guarantee. PayMyQR is not a telecommunications provider. SMS delivery depends on your carrier, network availability, recipient device, and TRAI regulations. We do not guarantee delivery, timeliness, or that recipients will receive or act on messages.
6.2 Personal data you share via SMS
SMS messages sent via PayChat may contain your personal payment details such as your UPI ID or pay link. Under the Digital Personal Data Protection Act, 2023 and applicable privacy law, you are responsible for the personal data you choose to transmit via SMS. You should verify that contact phone numbers are correct before sharing payment details. PayMyQR does not include the recipient's own personal data in outbound SMS content, as a deliberate safeguard against unintended data exposure.
6.3 Revoking SEND_SMS
You may revoke SEND_SMS permission at any time through Android Settings. After revocation, the app will not send direct SMS and will instead offer to open your default SMS app for manual sending, use WhatsApp where available, or copy content to clipboard. Your PayChat conversation history and financial tracking features are not affected by revoking SEND_SMS.
6.4 Unlawful, fraudulent, or malicious use — user liability
You are solely and fully liable for any unlawful, unsolicited, malicious, or fraudulent content you transmit or cause to be transmitted using PayChat, QR profile sharing, or any SMS or messaging feature in PayMyQR. By using these features, you expressly acknowledge and agree to all of the following:
- Sole originator liability. Every SMS dispatched through PayMyQR is sent from your device, your SIM, and your registered phone number. You are the originator of that communication in the eyes of applicable law. PayMyQR is a technical tool; it does not independently review, approve, or endorse the context in which you use sharing features. All legal consequences arising from an unlawful, deceptive, or harmful communication originate from and attach entirely to you, not to PayMyQR or its operator.
- Absolute prohibition — unlawful content. You must not use any PayChat, QR profile sharing, or SMS feature in PayMyQR to transmit, distribute, solicit, or facilitate: (a) fraudulent, deceptive, or misleading financial information or payment instructions designed to induce any person to part with money, property, or financial credentials; (b) impersonation of any person, institution, authority, bank, or payment provider for financial gain or to cause harm; (c) phishing, vishing, smishing, or social-engineering content intended to obtain OTPs, PINs, card numbers, UPI credentials, passwords, or other sensitive financial or personal data from any person; (d) communications constituting cheating, criminal breach of trust, fraud, or forgery under the Bharatiya Nyaya Sanhita, 2023 or any other applicable law; (e) criminal intimidation, extortion, wrongful demands, or threatening communications of any kind; (f) unsolicited commercial or promotional bulk messaging (spam) in violation of TRAI's Telecom Commercial Communications Customer Preference Regulations or any successor rule; (g) content that aids, abets, or facilitates money laundering, terrorist financing, or offences under the Prevention of Money Laundering Act, 2002 or the Unlawful Activities (Prevention) Act, 1967; or (h) any other communication that is unlawful, tortious, or harmful under the laws of India or any jurisdiction in which the message is received.
- Criminal and civil consequences. Sending fraudulent, threatening, or otherwise unlawful SMS messages is a cognizable offence under multiple Indian statutes including the Bharatiya Nyaya Sanhita, 2023, the Information Technology Act, 2000 (including sections 66, 66C, 66D, 67, and related provisions), TRAI regulations, and the Prevention of Money Laundering Act, 2002. You expressly understand and accept that such conduct may result in criminal prosecution, imprisonment, fines, attachment of assets, civil liability for damages, regulatory action by TRAI or SEBI or RBI or other competent authorities, or any combination of the above. These consequences originate entirely from your own conduct. PayMyQR bears no liability for any offence you commit using its features.
- Indemnification. You agree to indemnify, defend, and hold harmless PayMyQR, its operator, officers, directors, employees, and agents from and against any and all claims, demands, investigations, proceedings, judgements, damages, losses, fines, penalties, costs, and expenses (including reasonable legal fees) arising from or related to: (a) your use of PayChat, QR profile sharing, or SMS features in breach of these Terms or applicable law; (b) the content you send using those features; (c) your violation of any applicable law, regulation, or third-party rights; or (d) any financial fraud, harm, or loss caused to any third party through your use of the app. This indemnification obligation survives termination of your use of the app.
- Cooperation with lawful authorities. If PayMyQR receives a lawful request, court order, summons, or direction from any competent authority — including law-enforcement agencies, cybercrime units, financial intelligence units, tribunals, or regulators — in connection with your use of PayChat or SMS features, PayMyQR may disclose information in its possession, including app usage records and available metadata, to the extent required or permitted by applicable law and without prior notice to you where prior disclosure is prohibited, impractical, or could prejudice a lawful investigation.
- Right to suspend and report. PayMyQR reserves the right to disable, restrict, or permanently terminate your access to PayChat and SMS features without prior notice if we have reasonable grounds to believe you are using them for unlawful, fraudulent, or malicious purposes. In cases of credible evidence of financial fraud, harassment, or serious criminal misuse, PayMyQR may proactively report relevant information and available evidence to the appropriate law-enforcement or regulatory authorities to the extent permitted or required by applicable law.
6.5 Bank account verification and Account+IFSC payments
PayMyQR may mark a bank account you add as "verified" when it detects, on your device, a genuine transaction SMS matching that account's last-4 digits and bank. Verification confirms only that your device receives that account's SMS; it is not proof of ownership, identity, or KYC, and PayMyQR does not perform KYC. Because one mobile number is often registered for several family members' accounts, you must accurately label each account as your own or as a family/other account. You are responsible for the accuracy of any account you add and for the lawfulness of adding and sharing a family member's account details.
PayMyQR may let you pay a bank account using the NPCI Account+IFSC virtual address format by constructing a standard upi://pay request and handing it to a UPI app you choose. PayMyQR is not a payment system, payment aggregator, payment gateway, or money-transfer service; it does not hold, route, or settle funds. Support for this address format varies between UPI apps and may be declined; PayMyQR makes no warranty that any payment will succeed and is not liable for failed, delayed, mis-directed, or duplicated payments, which are governed by your bank, the UPI app, and NPCI. You are responsible for confirming the beneficiary (including any holder name returned by the UPI app) before authorising a payment.
6.6 Verified-account signals over PayChat
Where this feature is available, you may transmit, inside an encrypted PayChat message, a signal that your own verified account passed on-device SMS verification. You may transmit such a signal only for an account you own and have labelled as your own; transmitting a family or other person's account data as your own verified account is prohibited. A "verified" indicator displayed for another user means only that their app asserts their own account passed on-device SMS verification — it is not an identity, ownership, creditworthiness, or trustworthiness guarantee, and you must not rely on it as such when deciding to send money. You remain solely responsible for verifying any beneficiary before paying. The indemnification, liability, and lawful-use obligations in section 6.4 apply equally to these signals.
7. Purchases, ads, and third-party services
Paid features, subscriptions, and restorations may be handled through Google Play Billing or other platform stores under their terms. Ads, where shown (and only for users aged 18 or above), are provided by Google AdMob under Google's policies.
PayMyQR uses the following third-party data processors to deliver certain features. By using those features you acknowledge that your data may be processed by these parties under their own privacy terms:
- Firebase / Google Cloud (US): cloud sync for Splits (split-expense sharing) uses Firebase Firestore and Firebase Authentication. Data is stored on Google Cloud servers in the United States. Google's data-processing terms apply.
- Cloudflare (USA): the PayMyQR backend (BBPS bill payments, DigiLocker integration, Claim Connect) runs on Cloudflare infrastructure. BBPS order records, DigiLocker session and audit records, and Claim Connect records are stored on Cloudflare's platform.
- PhonePe: BBPS bill payments route through PhonePe's payment infrastructure. Your mobile number (hashed) and bill-payment details are transmitted to PhonePe to process the collect request.
- Google Sheets API: if you enable the optional Google Sheets export feature, PayMyQR connects to the Google Sheets API using an OAuth token you authorise. Your exported data is written to the Google Sheet you select under your Google account.
- Google Play Billing / App Store: purchase and subscription management is handled by the platform store you use. PayMyQR does not receive or store your payment card details.
Exports, backups, sharing, and cloud destinations you select are governed by the third-party provider you choose. PayMyQR is not responsible for outages, data loss, or security incidents at those providers except where liability cannot be excluded under applicable law.
8. Intellectual property
PayMyQR, its branding, and materials we provide are owned by us or our licensors unless stated otherwise. You may not copy, reverse engineer, or redistribute the app except as permitted by applicable law.
9. Disclaimers and limitation of liability
PayMyQR is provided “as is” and “as available.” To the fullest extent permitted by law, we disclaim warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant uninterrupted operation, error-free parsing of SMS or notifications, successful autofill on every app or website, accurate or complete broker or CAS holdings data, timely market prices or NAVs, or correctness of Net Worth, XIRR, or other calculated metrics.
To the fullest extent permitted by law, PayMyQR and its operator will not be liable for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, data, goodwill, investment losses, missed trading opportunities, tax penalties, or reliance on displayed portfolio values, arising from your use of the app. Our aggregate liability for claims relating to the app will not exceed the greater of (a) the amount you paid us for the app or subscriptions in the twelve months before the claim, or (b) one hundred U.S. dollars (or local equivalent), except where such limits are not allowed by law.
Nothing in these terms excludes liability that cannot be excluded under applicable law, including certain consumer rights.
The aggregate-liability cap described above does not apply to: (a) your indemnification obligations under Section 6.4; (b) damages or losses you cause to third parties through unlawful, fraudulent, or malicious use of PayChat or SMS features; or (c) any liability arising from your own wilful misconduct or fraud. PayMyQR's liability for its own wilful misconduct or gross negligence is not limited where such limitation is not permitted by law.
10. Changes, termination, and contact
We may update these Terms of Usage to reflect product, legal, or operational changes. The updated version is effective when posted here unless a different date is stated. Continued use after an update means you accept the revised terms.
We may suspend or discontinue features, or restrict access, if we reasonably believe you violated these terms or applicable law.
For complaints, grievances, or data-rights requests under the Digital Personal Data Protection Act, 2023 or any other applicable law, contact our Grievance Officer. We endeavour to acknowledge grievances within 48 hours and resolve them within 90 days of receipt.