Privacy guide

Razorpay checkout: what a payment gateway can see.

A plain-English look at payment-gateway privacy in India using Razorpay checkout: what data passes through, what is shared, and what to check.

The simple answer

Razorpay is a widely used payment gateway. When you pay through it, your payment details, contact information and order context can pass through the checkout flow so the transaction can complete.

A payment gateway needs some data to work. The privacy question is what is kept beyond the transaction, what the store sees, and whether any of it feeds marketing or analytics.

What to check

1
Separate payment processing from marketing reuse.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2
Check whether the store names its payment gateway.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3
Look at what contact details the checkout collects.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4
Read consent text shown during checkout.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

Checkout sits close to identity.

State of Privacy flags checkout and payment tools because they sit near phone numbers, addresses and purchase intent, which makes them both useful and sensitive.

What to do next

1
Use checkout only on stores you trust.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2
Avoid saving details unless necessary.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3
Ask brands what the payment flow shares beyond completing the payment.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

Is Razorpay safe?

Payment gateways are built for secure transactions. This guide is about privacy: what data is collected and reused around the payment.

Does the store see my card details?

Gateways are designed so sensitive card data is handled by the payment layer, but stores still see order and contact context.

What should I check at checkout?

Check what contact data is collected, what consent text appears and whether marketing is bundled in.

If you are a company
Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →
Your right under Indian law
Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →
Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the reportTry the experience