Privacy guide

Cashfree checkout: what your payment flow reveals.

Cashfree checkout privacy explained: what a payment-gateway flow can collect from Indian shoppers, what is shared, and the questions worth asking.

The simple answer

Cashfree is a payment gateway used by many Indian businesses. Like other gateways, it processes payment, contact and order details so a purchase can go through smoothly.

The payment may be secure, but privacy is a separate question: what is retained after the transaction, what the merchant receives, and whether your details are reused for anything else.

What to check

1
Check what details checkout asks for beyond payment.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2
Look for the payment gateway in the privacy policy.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3
Separate transaction needs from marketing consent.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4
Read any consent shown during payment.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

The payment is one step, the data is another.

In the investigation, checkout tools were treated as sensitive infrastructure because they handle high-intent data like phone numbers, addresses and purchases.

What to do next

1
Avoid storing details on stores you do not trust.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2
Keep promotional consent separate from paying.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3
Ask merchants what payment-flow data they keep and why.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

Is Cashfree safe to pay with?

Gateways are built for secure payments. The privacy question is about data collection and reuse around the payment.

What does the merchant see?

Merchants typically see order and contact context, while sensitive card data is handled by the payment layer.

What should I watch for?

Watch for bundled marketing consent and extra data fields that the payment does not really need.

If you are a company
Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →
Your right under Indian law
Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →
Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the reportTry the experience