A-PAY PRIVACY POLICY

Effective Date: 30 May 2025

This Privacy Policy (“Policy”) explains how A-Pay.one (“A-Pay”, “we”, “our”, or “us”) collects, processes, stores, transfers, and discloses personal and business-related data (“Data”) when you use the A-Pay.one website, platform interfaces, APIs, and related services (collectively, the “Platform”). By engaging with the Platform in any capacity, you explicitly consent to the practices outlined herein. This Policy is an integral part of the A-Pay Terms of Service (“ToS”) and, in the event of any conflict, the ToS shall prevail.

1. Scope of Data Processing

This Policy applies to all Data collected through the Platform or in connection with your interactions with A-Pay. Data may include identifiers such as names, contact details, login credentials, business information, authentication records, transactional data including payment history, billing addresses, IP addresses, browser and device specifications, usage logs, system diagnostics, and compliance documentation including AML and KYC records.

2. Definitions

“Account” means the account established with A-Pay that gives User access to the Services. 

“Transaction” means a payment instruction, charge, refund, payout, or other payment-related action initiated via the Platform.

“Chargeback” means a claim by a cardholder or payment method issuer disputing a Transaction.

“Confidential Information” means non-public information marked or reasonably understood to be confidential.

“DPA” means the Data Processing Addendum incorporated by reference that governs A-Pay’s processing of personal data on behalf of the User.

“Applicable Law” means all applicable statutes, regulations, rules, guidance, card association rules, and binding government orders.

“Information” means any personal, business, technical, or transactional data collected, stored, processed, or shared in connection with the Platform.

“Cookies” means small data files or similar tracking technologies implemented to support essential Platform functions, user experience, analytics, or optional features.

“User Requests” means formal requests submitted by a User to review, update, modify, or delete Information, or to seek clarification regarding data handling and Platform operations.

“Internal Governance” means internal processes and controls implemented by Users to ensure proper management of credentials, access, and operational use of the Platform.

“Responsible Use” means the practice of using the Platform in accordance with intended functionality, security standards, and compliance with A-Pay operational policies.

“Security & Integrity Measures” means administrative, technical, and organizational measures employed by A-Pay or Users to protect Information, maintain Platform functionality, and prevent misuse.

3. Lawful Basis and Purpose of Processing

A-Pay processes Data as necessary for service delivery, account management, transaction processing, support services, legal compliance, fraud prevention, security, system diagnostics, performance analytics, customer relationship management, and dispute resolution. Processing may also occur based on explicit User consent for marketing communications, surveys, or cookies.

4. Data Retention and Archiving

Data is retained only as long as necessary to fulfill its collection purposes, comply with legal obligations, resolve disputes, and enforce agreements. Once retention periods expire, Data is securely deleted or anonymized.

5. Data Security Measures

A-Pay implements technical and organizational controls including encryption, secure network configurations, role-based access controls, multi-factor authentication, data loss prevention, vulnerability assessments, audits, and incident response planning. Users must also implement security best practices for their accounts and devices.

6. User Obligations

Users are expected to maintain high standards of data integrity and platform security. This includes ensuring all Information provided is accurate, complete, and up-to-date. Users must secure their credentials, API keys, devices, authentication methods, and access permissions, and promptly revoke access for unauthorized personnel. Users must use the Platform responsibly, in line with intended functionality, and refrain from bypassing security measures, extracting or scraping data, or interfering with Platform operations. Internal Governance practices should be established to oversee authorized personnel, credential storage, and all Platform activity. Users are required to cooperate with A-Pay for troubleshooting, verification, and any issue resolution impacting performance or continuity.

7. Cookies and Tracking Technologies

The Platform uses cookies and similar technologies to provide essential functionality, improve user experience, and collect usage analytics. Categories include essential cookies for authentication and security, functional cookies for preferences and workflow optimization, performance cookies for analytics, and optional cookies for personalization and marketing. Users may manage their cookie preferences through browser settings or Platform controls, although disabling some cookies may affect functionality.

8. Data Sharing and Third-Party Disclosures

Data may be shared with trusted service providers supporting operations, compliance, analytics, and communications. Third parties are contractually bound to process Data in accordance with A-Pay instructions and applicable laws. Data may also be disclosed to authorities or legal entities when required to protect safety, comply with legal obligations, or maintain Platform integrity. A-Pay does not sell user Data.

9. International Data Transfers

When Data is transferred outside the EEA, A-Pay ensures appropriate safeguards, such as Standard Contractual Clauses or binding corporate rules, to maintain protection and compliance.

10. User Rights and Data Subject Requests

Users may request access, correction, deletion, restriction, objection to processing, data portability, or withdraw consent. Complaints may be lodged with data protection authorities. Requests must be submitted in writing to [email protected] and verified appropriately.

11. Children’s Data

The Platform is intended for legal entities and professionals. A-Pay does not knowingly collect data from individuals under 18 and will delete any such data discovered.

12. Automated Decision-Making and Profiling

Automated systems may be used for transaction risk assessment, fraud detection, and compliance screening. Users can request human review and contest automated decisions.

13. Updates to this Policy

A-Pay may update this Policy to reflect changes in legal, regulatory, or operational requirements. Updates become effective immediately upon publication. Continued use of the Platform constitutes acceptance.

14. Notices and Contact Information

All inquiries or requests should be sent to: [email protected]. Users must maintain current contact information.

15. Governing Law and Jurisdiction

This Policy is governed by the laws of the EU and the Member State where A-Pay has its principal business. Disputes fall under the exclusive jurisdiction of the competent courts of that Member State.

16. Language

This Policy is drafted in English. Translations are for convenience only; the English version prevails.

17. Entire Agreement

This Policy, together with referenced guidelines, policies, and terms, constitutes the full understanding between Users and A-Pay regarding Data processing and supersedes any prior agreements or communications.