Privacy Policy

Welcome to the iPayBill Privacy Policy. At iPayBill ("we", "our", or "us"), we are committed to protecting your privacy and ensuring the security of your personal and financial information.

This Privacy Policy outlines our practices concerning the collection, use, processing, and sharing of personal data when you use our website, payment gateway, acquiring services, and related applications (collectively, the "Services").

We collect various types of information to provide and improve our Services:

• Personal Identification Information: Name, email address, phone number, date of birth, and government-issued ID (for KYC/AML purposes).
• Financial Information: Bank account details, credit/debit card numbers (tokenized and encrypted), billing address, and transaction history.
• Technical Data: IP address, browser type, device information, operating system, and log data.
• Usage Data: Information about how you interact with our website and Services, including pages visited and time spent.

We utilize the collected data for the following purposes:

• To process transactions and provide our payment acquiring services.
• To verify identity and comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations.
• To detect, prevent, and mitigate fraud, unauthorized transactions, and other security risks.
• To communicate with you regarding account updates, security alerts, and customer support.
• To analyze and improve our Services, ensuring high performance and reliability.

We do not sell your personal data. We may share your information only in the following circumstances:

• With Service Providers: Card networks (e.g., Visa, Mastercard), acquiring banks, and fraud prevention partners (e.g., Verifi, Ethoca) necessary to process transactions.
• For Legal Compliance: When required by law, subpoena, or regulatory authorities to comply with financial regulations.
• Business Transfers: In connection with a merger, acquisition, or sale of company assets, subject to confidentiality agreements.

We implement robust security measures to protect your data. As a PCI-DSS Level 1 certified provider, we utilize end-to-end AES-256 encryption, secure tokenization, and strict access controls.

Your data is stored on secure servers with 99.99% uptime guarantees. We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law (e.g., financial record-keeping laws).

Depending on your jurisdiction (e.g., under the GDPR or CCPA), you may have the following rights:

• The right to access the personal data we hold about you.
• The right to request correction of inaccurate or incomplete data.
• The right to request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
• The right to restrict or object to certain data processing activities.
• The right to data portability.