EPaySe
Your Privacy Matters

Privacy Policy

Last updated: April 2, 2026

EPaySe Inc. ("EPaySe," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our payment gateway platform and related services.

1. Information We Collect

Account Information

When you register for an EPaySe account, we collect your legal business name, business registration number, registered address, contact person name, email address, phone number, and business website URL. For Know Your Business (KYB) verification, we may also collect copies of business registration documents, identification documents of authorized representatives, and proof of address.

Payment Data

As a PCI-DSS Level 1 certified payment processor, we handle payment card data under strict security controls. Card numbers are tokenized at the point of entry and are never stored in their complete form on our systems. We process transaction amounts, currency, payment method type, and transaction metadata necessary for processing.

Transaction Data

For each transaction processed through our platform, we record the transaction amount, currency, status, timestamp, payment method used, PSP routing information, fraud screening results, and associated merchant and buyer identifiers.

Usage Data

We automatically collect information about how you interact with our dashboard and API, including IP addresses, browser type, device information, pages viewed, features used, and API call logs. This data helps us improve our platform and detect suspicious activity.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: Processing payment transactions, managing merchant accounts, providing settlement reports, and delivering customer support.
  • Fraud Prevention: Operating our AI-powered fraud detection system, monitoring for suspicious transaction patterns, enforcing velocity checks, and maintaining chargeback management processes.
  • Regulatory Compliance: Meeting KYB/KYC requirements, anti-money laundering (AML) obligations, tax reporting, and responding to lawful requests from regulatory bodies.
  • Platform Improvement: Analyzing usage patterns to improve our dashboard, API, and payment routing algorithms. All analytics are performed on aggregated, de-identified data where possible.
  • Communications: Sending service updates, security alerts, and (with your consent) product announcements. You can opt out of non-essential communications at any time.

3. Data Sharing

We never sell your personal data. We share information only in the following circumstances:

  • Payment Service Providers (PSPs): Transaction data is shared with our PSP partners (e.g., AirWallex, JPay, PinddPay, GenioPago) as required to process payments. All PSP partners operate under data processing agreements (DPAs) that mandate equivalent data protection standards.
  • Fraud Prevention Services: We share transaction risk signals with third-party fraud prevention networks to protect all parties from fraudulent transactions.
  • Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request, including compliance with anti-money laundering (AML) and sanctions screening requirements.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction, subject to the same privacy protections described in this policy.

4. Data Retention

We retain your data for the following periods:

Data TypeRetention PeriodBasis
Account dataDuration of account + 7 yearsFinancial regulation
Transaction records7 yearsPCI-DSS & AML requirements
KYB documentsDuration of account + 5 yearsAML/CTF regulations
API & access logs90 daysSecurity monitoring
Analytics data24 months (aggregated)Product improvement

5. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data, subject to legal retention obligations.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Restriction: Request that we limit processing of your data in certain circumstances.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

6. Cookies

We use the following categories of cookies:

  • Essential Cookies: Required for platform functionality, including session management, CSRF protection, and authentication. These cannot be disabled.
  • Analytics Cookies (opt-in): Help us understand how visitors interact with our website. We use privacy-respecting analytics that do not track individual users across sites.
  • Marketing Cookies (opt-in): Used to deliver relevant content and measure campaign effectiveness. Only set with your explicit consent.

You can manage your cookie preferences through the cookie consent banner displayed on your first visit, or by adjusting your browser settings.

7. International Transfers

As a global payment platform operating in 173+ countries, your data may be processed in jurisdictions outside your home country, including the United States. When transferring data outside the EEA, we rely on:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries recognized as providing adequate data protection
  • Binding Corporate Rules for intra-group transfers where applicable

All international transfers are subject to appropriate safeguards to ensure your data receives equivalent protection regardless of where it is processed.

8. Security

We implement comprehensive security measures to protect your data:

  • Encryption in Transit: All data is transmitted using TLS 1.3, the latest transport security protocol.
  • Encryption at Rest: Sensitive data is encrypted using AES-256 encryption at rest.
  • PCI-DSS Level 1: Our infrastructure meets the highest level of payment card data security requirements.
  • SOC 2 Type II: Independent verification of our security, availability, and confidentiality controls.
  • ISO 27001: Certified information security management system.
  • Penetration Testing: Annual third-party penetration testing and continuous vulnerability scanning.
  • Access Controls: Role-based access control, multi-factor authentication, and audit logging for all system access.
  • Employee Training: Regular security awareness training for all team members.

9. Children's Privacy

EPaySe's services are designed for businesses and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via email to your registered account address and a prominent notice on our dashboard. Non-material changes (such as clarifications or formatting updates) may be made without prior notice. The "Last updated" date at the top of this policy indicates when it was last revised.

11. Contact Us

For privacy-related inquiries or to exercise your data rights:

EPaySe Inc. — Data Protection

Email: [email protected]

Address: 1 Raffles Place, Singapore 048616, Singapore

Response time: Within 30 days of receipt