Legal
Privacy Policy
How Trile handles personal and payment data — for the businesses that build on us and the wallet holders who pay through them. Written for Nepal, under the Individual Privacy Act, 2075 (2018).
Last updated July 02, 2026
Trile Payments Pvt. Ltd. (“Trile”, “we”, “us”, or “our”) runs subscription-billing infrastructure for Nepal. Because Nepali banks and wallets do not support recurring card charges, a customer pre-funds a wallet and Trile deducts each billing cycle from that balance. Operating this service means we handle personal and payment data with care.
This policy explains what we collect, why, how long we keep it, who we share it with, and the rights you have. It is written to reflect the Individual Privacy Act, 2075 (2018), the Electronic Transactions Act, 2063 (2008), and the payment rules of Nepal Rastra Bank (NRB). By using the Service you agree to the handling of information described here.
Who this covers
Trile serves two kinds of people, and this policy applies to both:
- Merchants — the businesses that integrate Trile (through our API or dashboard) to bill their own customers.
- Wallet holders — the end customers who verify their phone, top up a wallet, complete KYC, and subscribe through a Trile-hosted checkout or a merchant’s integration.
For wallet-holder data that flows through a merchant’s integration, the merchant decides why that data is collected and is responsible for its own relationship with its customers; Trile processes that data to operate the payment service, prevent fraud, and meet its own legal obligations. Both parties have duties under the Individual Privacy Act.
What we collect
| Category | Examples |
|---|---|
| Account data | Name, email, phone number, business/registration details, dashboard login credentials, API key metadata. |
| Identity & KYC data | Phone verification (OTP), and the identity information a wallet holder submits to raise their KYC tier under NRB rules. |
| Wallet & payment data | Wallet balances (as integer paisa), top-ups, the payment rail used (eSewa, Khalti, IME Pay, bank transfer), ledger entries, subscription and invoice records, amounts, currency, status, timestamps, and transaction identifiers. |
| Technical & usage data | IP address, device and browser type, pages visited, timestamps, and diagnostic data generated by using the Service. |
| Communications | Support messages and correspondence you send to us. |
We collect this data directly from you, automatically as you use the Service, and — for wallet holders — from the merchant whose product you are paying for.
Why we use it
We use personal and payment data only for defined purposes:
- To run the Service — create and maintain accounts and API keys; hold wallet balances; charge the first cycle on subscribe and draw renewals from the wallet; issue invoices; move a subscription to
past_duewhen a balance is short and recover it on the next top-up. - To meet NRB rules — enforce KYC-tier wallet caps and per-transaction limits, and surface the applicable cap to wallet holders. A top-up that would exceed the cap is declined.
- To keep money correct and safe — reconcile each wallet balance against its ledger daily, detect and prevent fraud, and secure accounts.
- To meet legal and accounting obligations — record-keeping, tax, audit, and anti-money-laundering requirements that apply to payment services.
- To communicate — send security notices, service and billing updates, and respond to your requests.
- To improve the Service — understand usage trends in aggregate.
Under the Individual Privacy Act, we collect personal data with consent and use it only for the purpose it was collected for. Where we rely on a legal obligation or on performing our contract with you, we will not use your data for unrelated purposes without asking you first.
Cookies
We use only the cookies the Service needs to function:
- Essential cookies authenticate your session and help prevent fraudulent account use.
- Functional cookies remember choices such as your language preference (English / नेपाली).
You can set your browser to refuse cookies, but parts of the Service may then stop working. We do not use cookies to build advertising profiles of you.
Who we share it with
We do not sell personal data. We share it only where necessary:
- Service providers who host, secure, message (SMS/email), or analyze the Service on our behalf, under confidentiality obligations.
- Financial partners and payment rails — to the extent needed to move and settle the money you initiate.
- Authorities — where required by Nepali law or in response to a valid, lawful request, including NRB and law-enforcement requests.
- In a business transfer — if Trile is involved in a merger, acquisition, or asset sale, we will give notice before your data becomes subject to a different policy.
- With your consent — for any other purpose you agree to.
Where your data is stored
Trile is designed to keep payment data in Nepal. We store personal and payment data on infrastructure located within the country, consistent with Nepal Rastra Bank’s expectations for domestic payment data, and the platform is deliberately built to be hosted on a Nepal-eligible provider rather than tied to a foreign service. Where a limited service provider operates from outside Nepal, we take reasonable steps to ensure your data stays protected to the standard described here.
How long we keep it
We keep personal data only as long as needed for the purposes above. Payment and transaction records are kept for the longer periods required by accounting, tax, and anti-money-laundering law — so even after you close an account, some records must be retained. Trile’s event log is append-only by design: corrections are made by adding offsetting entries, not by deleting history.
How we protect it
Security is built into how the platform works, not bolted on:
- Every write carries an idempotency key, so a wallet is never double-charged on a retry.
- Webhooks are signed, so a merchant can verify an event genuinely came from Trile.
- The event log is append-only and safe to replay.
- Wallet balances are reconciled daily against their ledgers, and drift is flagged.
- Test traffic (
nep_test_keys) is isolated from live traffic (nep_live_keys), and access to production data is limited to what is necessary.
No system is perfectly secure, and we cannot guarantee absolute security — but we work to protect your data with commercially reasonable measures.
Your rights
Under the Individual Privacy Act, 2075 (2018), you may:
- Access the personal data we hold about you and ask how it is used.
- Correct data that is inaccurate or incomplete.
- Request deletion of your personal data — though we may need to retain records we are legally required to keep, in particular payment and transaction records.
- Withdraw consent where our use relies on it.
To exercise any of these, email support@trile.app. If you believe your privacy has been violated, the Act also lets you file a complaint with the relevant District Court, generally within three months of the incident. If you are a wallet holder paying through a merchant, you may also need to contact that merchant directly for data they control.
Children
The Service is not intended for anyone under 18, and we do not knowingly collect data from minors. If you believe a minor has given us personal data, contact us and we will remove it.
Links to other sites
The Service may link to sites we do not operate — including merchants’ own websites. We are not responsible for their content or privacy practices; please read their policies.
Changes to this policy
We may update this policy from time to time. We will post the new version here and update the “Last updated” date. Material changes will be communicated where appropriate.
Contact us
Questions about this policy or your data:
- Email: support@trile.app
- Trile Payments Pvt. Ltd., Kathmandu, Nepal
Questions? Email support@trile.app. See also our Privacy Policy and Terms & Conditions.
