1. Scope and Applicability

This Privacy Policy applies to:

• Visitors to our websites and applications
• Merchants and their authorized users
• End customers whose payment information is processed through our Services

This Policy does not apply to third-party websites, applications, or services that link to or

integrate with our Services but are governed by their own privacy practices.

2. Information We Collect

2.1 Personal Information

We may collect the following categories of personal information:

• Identification Information: Name, email address, phone number, business name,billing address
• Account Information: Merchant account credentials, user IDs, authentication data Transaction Information: Transaction amount, date, time, currency, payment status,and merchant identifiers

2.2 Payment Card Data

We collect and process payment card data strictly in accordance with PCI DSS requirements,

which may include:

• Primary Account Number (PAN)
• Card expiration date
• Card verification value (CVV/CVC)

Important: Sensitive authentication data (such as full magnetic stripe data, PINs, or PIN blocks) is never stored after authorization.

2.3 Technical and Usage Information

• IP address
• Device and browser information
• Log files, timestamps, and error reports
• API usage and performance metrics

3. How We Use Information

We use the information we collect for the following purposes:

• To process, authorize, settle, and reconcile payment transactions
• To provide, operate, maintain, and improve our Services
• To authenticate users and prevent unauthorized access
• To detect, prevent, and investigate fraud, security incidents, and illegal activities
• To comply with legal, regulatory, and card network obligations
• To communicate with merchants regarding service updates, security notices, and support matters

4. Legal Bases for Processing (Where Applicable)

Depending on jurisdiction, our processing of personal information is based on:

• Performance of a contract
• Compliance with legal or regulatory obligations
• Legitimate interests, including fraud prevention and network security
• Consent, where required by applicable law

5. Data Sharing and Disclosure

We do not sell personal information. We may share information only as necessar with:

5.1 Service Providers

Trusted third-party vendors who support our operations, such as:

• Payment processors and acquiring banks
• Cloud hosting and infrastructure providers
• Fraud monitoring and security services

All service providers are contractually required to maintain appropriate security controls and confidentiality obligations.

5.2 Financial Institutions and Card Networks

Information may be shared with card brands (e.g., Visa, Mastercard), issuing banks, acquiring banks, and payment networks as required to process transactions.

5.3 Legal and Regulatory Authorities

We may disclose information where required to comply with applicable laws, regulations, subpoenas, court orders, or lawful requests from authorities.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to confidentiality and security protections.

6. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal

information and payment card data, including:

• Full compliance with PCI DSS Level 1 requirements
• Encryption of cardholder data in transit and at rest
• Strong access control measures and role-based access
• Network segmentation and continuous monitoring
• Regular vulnerability scanning and penetration testing
• Security logging, auditing, and incident response procedures

Despite these measures, no system can be guaranteed to be 100% secure.

7. Data Retention

We retain personal information only for as long as necessary to:

• Fulfill the purposes described in this Policy
• Meet legal, regulatory, accounting, and PCI DSS requirements

Payment card data is retained only for the minimum time required and is securely deleted or irreversibly anonymized thereafter.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own.

Where required by law, we implement appropriate safeguards, such as standard contractual clauses or equivalent mechanisms, to protect personal information during international transfers.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your personal information
• Request correction or update of inaccurate data
• Request deletion of personal information
• Object to or restrict certain processing activities
• Withdraw consent where processing is based on consent

Requests can be made by contacting us using the details in Section 12.

10. Cookies and Tracking Technologies

We may use cookies and similar technologies to:

• Maintain session integrity
• Enhance platform security
• Analyze usage and performance

You may control cookies through your browser settings, subject to the functionality of the

Services.

11. Children’s Privacy

Our Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: Email: hello@paydeca.com

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be

communicated through appropriate channels, and the updated Policy will be effective as of the "Last Updated" date.