All card payments to Ragi.design are processed by Razorpay Software Pvt Ltd, which is certified as a PCI DSS Level 1 service provider — the highest level of payment card security assessment under the Payment Card Industry Data Security Standard. Ragi.design does not itself store, process or transmit cardholder data on its own servers; the payment page is hosted and secured entirely by Razorpay's compliant environment.
Razorpay operates as an authorised Payment Aggregator under the RBI's Guidelines on Regulation of Payment Aggregators and Payment Gateways (originally issued March 2020, as periodically amended). Our merchant onboarding, transaction reconciliation and settlement follow these guidelines, including nodal-account settlement and prescribed transaction reporting.
Card payments are authenticated using 3D Secure 2.0 (3DS2) protocols where issued by the cardholder's bank. For payments originating from the European Economic Area and the United Kingdom, we apply Strong Customer Authentication as required by the revised Payment Services Directive (PSD2) — meaning a two-factor challenge combining something the customer knows, has or is, unless a valid regulatory exemption applies.
Cross-border payments received by Ragi Media Pvt Ltd for services rendered are handled in accordance with the Foreign Exchange Management Act, 1999 and directions issued by the RBI thereunder. Foreign inward remittances are received through authorised banking channels and reported under the appropriate purpose codes, with FIRC (Foreign Inward Remittance Certificate) or eBRC available to clients on request.
Ragi Media Pvt Ltd is registered under the Goods and Services Tax Act (GSTIN: [Add GSTIN]). Services delivered to clients in India attract GST at the applicable rate. Services delivered to clients outside India and paid for in convertible foreign exchange are treated as export of services and are zero-rated where the conditions of the IGST Act are satisfied.
Personal data collected from clients is processed under the Digital Personal Data Protection Act, 2023 (DPDP Act). Ragi Media Pvt Ltd acts as a Data Fiduciary and adheres to the principles of lawful purpose, notice, informed consent, purpose limitation, data minimisation, accuracy, storage limitation and reasonable security safeguards.
For clients based in the EEA or the United Kingdom, we process personal data under the EU General Data Protection Regulation (GDPR) and the UK GDPR. We rely on the lawful bases of consent, contract performance and legitimate interest, as appropriate. Standard Contractual Clauses are executed with any sub-processor that transfers EEA data outside the EEA.
For clients resident in California, we recognise the rights to know, delete, correct, opt out of sale (we do not sell personal data), and limit use of sensitive personal information under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
Razorpay conducts KYC on Ragi.design as a merchant under RBI norms. For high-value engagements or unusual transaction patterns, Razorpay may seek additional information from the payer. We cooperate fully with any legitimate anti-money-laundering enquiry from a regulated financial institution.
Baseline security controls we operate:
- TLS 1.2+ enforced across the site and all API endpoints
- HTTPS-only cookies and secure headers (HSTS, X-Content-Type-Options, Referrer-Policy)
- Least-privilege access to internal tools; MFA on all administrative accounts
- Encrypted backups with retention consistent with tax and contractual obligations
- Documented incident response process with defined breach-notification timelines
Personal data is retained only as long as required for the purpose collected and to meet statutory obligations (typically eight years for tax records in India). On expiry, data is either securely deleted or irreversibly anonymised. Deletion requests are actioned within thirty days, subject to legal-hold exceptions.
Data protection queries: privacy@ragimedia.com
Compliance and audit queries: compliance@ragimedia.com
Payment-related queries: accounts@ragimedia.com
This page is provided for reference and is updated as regulations evolve. It does not constitute legal advice.