Protect every UPI payment before it leaves your phone
SafeUPI analyzes transactions in real time, scores risk instantly, and alerts you before you hit send — so you stay in control, always.
Zero-trust architectureReal-time AI analysisInstant alerts
Our Story
The Origin of SafeUPI
Founded by a team of cybersecurity veterans and fintech engineers, SafeUPI was built around a single observation: while UPI payments reached hundreds of millions of Indians, the tools to protect those payments were still catching up. Fraud was rising, and users had little visibility into the risks of each transaction.
We set out to change that. SafeUPI layers AI-powered risk analysis and instant alerts on top of any UPI app — so users see a clear signal before confirming any payment, not after.
Our Values
Uncompromising Security
Security is not a feature; it is the foundation. We employ zero-trust architecture across all layers of our application to guarantee data integrity.
Absolute Clarity
We banish ambiguity. Every security status, warning, and transaction detail is presented with explicit clarity to prevent user error.
Proactive Defense
We don't wait for fraud to happen. Our systems are designed to intercept and flag anomalous patterns before a transaction is confirmed.
How it Works
Fraud protection that works before you tap send
Five steps — from the moment you initiate a payment to the instant you decide whether to proceed.
The 5-step protection flow
1
You initiate a UPI transaction
Open any UPI app and begin a payment as you normally would. SafeUPI runs silently in the background, monitoring the moment the transaction is initiated.
2
SafeUPI's AI analyzes the transaction in real time
Our on-device AI immediately checks the recipient UPI ID against a live fraud registry, evaluates transaction patterns, and cross-references behavioral baselines — all within milliseconds, entirely on your device.
3
A risk score is generated if suspicious activity is detected
When the AI identifies unusual signals — an unrecognized recipient, an atypical amount, or a flagged UPI ID — it calculates a risk score and classifies the threat level clearly.
4
You receive an instant alert before completing the payment
Before any money moves, SafeUPI surfaces a clear alert showing the risk score, the reason for the warning, and a plain-language explanation. The payment is held while you review.
5
You review the warning and decide whether to proceed
You stay in full control. Read the risk details and choose to cancel or continue. If it's a false positive, report it in one tap — improving detection for every SafeUPI user.
Support
How can we help?
Browse our FAQ or reach out directly.
Frequently asked questions
SafeUPI is a fraud protection layer for UPI transactions. It analyzes payments in real time, assigns a risk score, and sends you an instant alert before you confirm — all without replacing your existing UPI app.
Yes, the core SafeUPI protection layer is completely free. A SafeUPI Pro plan (coming soon) will include advanced analytics, family account monitoring, and priority dispute support.
No. SafeUPI works alongside PhonePe, Google Pay, Paytm, BHIM, and any other UPI app as a transparent security layer. You don't need to change how you pay.
No. Our threat analysis runs entirely on your device. Your transaction data is never sent to our servers in readable form. We use zero-knowledge proofs to validate risk without seeing the underlying data.
You remain in full control. SafeUPI shows you the risk reason and gives you the option to proceed anyway. False positives can be reported in-app, which improves the model for all users.
Tap "Report fraud" on any transaction in the SafeUPI app. Reports are reviewed within 2 hours and submitted to NPCI and the relevant bank automatically.
SafeUPI supports Android 8.0+ and iOS 14+. Biometric features require a device with fingerprint or Face ID hardware.
Go to Settings → Account → Delete account in the app. All your data is permanently deleted within 24 hours. You can also email privacy@safeupi.org to request deletion.
Get in touch
Email support
For account issues, fraud reports, or general questions. We respond within one business day.
SafeUPI's threat analysis runs on your device. Your transaction data is never sent to our servers in readable form. We do not sell your data — ever.
What we collect
Account information — name, phone number, and email used to create your SafeUPI account.
Device identifiers — anonymous device ID used to maintain your security model across sessions. Not linked to your identity.
Aggregate risk signals — anonymised, hashed transaction metadata (amount range, time-of-day, recipient hash) used only to update your on-device behavioural model.
Fraud reports — UPI IDs and amounts you voluntarily report as fraudulent. Shared with NPCI and partner banks.
What we never collect
Your UPI PIN or bank credentials — ever, under any circumstance.
Readable transaction amounts, recipient names, or bank account numbers.
Location data beyond city-level (used only for fraud pattern mapping).
Any biometric data — biometrics are processed by your device OS and never reach SafeUPI.
How we use your data
To maintain and improve the on-device fraud detection model.
To update the live fraud registry shared across the SafeUPI network.
To send security alerts and account notifications.
To comply with RBI and NPCI reporting obligations.
Data sharing
We share anonymised fraud signals with NPCI, RBI, and partner banks as required by law. We do not share any personally identifiable information with advertisers, data brokers, or third-party analytics providers.
Data retention
Account data is retained while your account is active and deleted within 24 hours of account deletion. Anonymised fraud signals are retained for up to 24 months for model training.
Your rights
Access or export your account data — Settings → Privacy → Export data.
Delete your account and all associated data — Settings → Account → Delete account.
Opt out of aggregate model training — Settings → Privacy → Opt out.
Last updated: October 26, 2024. Please read these terms carefully before using the SafeUPI service.
1. Acceptance of Terms
By downloading or using the SafeUPI application, you agree to be bound by these Terms and Conditions. If you disagree with any part, you may not use the service.
These Terms apply to all visitors, users, and others who access or use the Service.
Use of SafeUPI requires adherence to all applicable RBI, NPCI, and local financial regulations and compliance standards.
2. User Responsibilities
You are responsible for maintaining the confidentiality of your account and for all activities that occur under it.
You agree to accept responsibility for all activities or actions that occur under your account.
You must notify us immediately of any breach of security or unauthorised use of your account.
You must not attempt to reverse-engineer, tamper with, or circumvent SafeUPI's security mechanisms.
You must not use SafeUPI to facilitate or conceal fraudulent transactions.
3. Limitations of Liability
SafeUPI is a fraud detection and prevention tool. We do not guarantee that all fraudulent transactions will be intercepted. In no event shall SafeUPI be liable for any indirect, incidental, or consequential damages resulting from:
Inability to access or use the Service at any time.
Unauthorised access or alteration of your transmissions.
Transactions that bypass detection despite reasonable measures.
Service interruptions caused by third-party infrastructure.
4. Intellectual Property
The Service and its original content, features, and functionality are the exclusive property of SafeUPI and its licensors. The brand, code, and algorithms are protected under applicable intellectual property laws.
SafeUPI trademarks and trade dress may not be used without prior written consent.
5. Governing Law
These Terms are governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts of Bengaluru, Karnataka.
SafeUPI complies with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.
Security
Security Disclosure
Responsible disclosure policy · Last updated: October 2024.
SafeUPI takes security seriously. If you've found a vulnerability, we want to hear from you. Responsible disclosure is rewarded.
Our security architecture
Zero-trust model — every request is authenticated and authorised independently, regardless of network origin.
On-device processing — fraud analysis runs locally. Transaction data is never sent to our servers in readable form.
End-to-end encryption — all data in transit uses TLS 1.3. Data at rest is AES-256 encrypted.
Decentralised ledger — transaction hashes are written to a tamper-proof distributed ledger for auditability.
Biometric isolation — biometric data is processed by the device OS (Android Keystore / iOS Secure Enclave) and never accessed by SafeUPI.
Responsible disclosure policy
If you discover a security vulnerability in SafeUPI, please report it to us privately before public disclosure. We commit to:
Acknowledging your report within 48 hours.
Providing a status update within 7 days.
Patching confirmed vulnerabilities within 30 days (critical issues within 72 hours).
Publicly crediting you (with your permission) after the fix is released.
Rewarding significant findings through our bug bounty programme.
What to include in your report
A clear description of the vulnerability and its potential impact.
Steps to reproduce the issue.
Any proof-of-concept code or screenshots (please do not access real user data).
Your preferred contact method for follow-up.
Out of scope
Social engineering attacks against SafeUPI staff.
Physical attacks against infrastructure.
Denial-of-service attacks.
Vulnerabilities in third-party UPI apps or bank infrastructure.
Contact
Email your report to security@safeupi.org. For highly sensitive findings, request our PGP key at that address first.
Get the app
Download SafeUPI
Free to download. Works alongside any UPI app. Protection starts the moment you install it.
Free — no subscriptionAndroid 8.0+ · iOS 14+4.8 ★ on Play Store
