Privacy Policy

Last Updated: 2025-08-05

1. Introduction

TechPayHub ("Company," "we," "us," or "our") is committed to protecting the privacy and security of personal and financial data. As a technology provider facilitating payment services, we comply with global data protection regulations, including GDPR, CCPA, and PCI DSS, ensuring that our clients and their customers' sensitive information remain secure.

2. Scope

This policy applies to all personal information collected or processed through our payment processing infrastructure, fraud detection systems, APIs, and related services. It covers data provided by payment providers, merchants, and end-users who interact with our services, either directly or indirectly.

3. Data We Collect

3.1. Personal Data of End Users

• Transaction Data – Payment card details (tokenized where applicable), billing addresses, transaction timestamps, and purchase details.
• Identification Data – Names, email addresses, phone numbers, and government-issued IDs (where required for compliance).
• Device & Behavioral Data – IP addresses, device IDs, geolocation, and transaction patterns for fraud detection.

3.2. Business & Merchant Data

• Corporate Information – Business names, legal entity data, tax identification numbers, and contact details.
• Financial Data – Linked bank accounts, settlement details, and reconciliation reports.

3.3. Technical & Log Data

• API Usage Logs – Requests, responses, and error logs for service optimization.
• Security Data – Authentication credentials, encryption keys (hashed), and access logs.

4. How We Use Data

• Payment Processing
• Fraud Prevention & Risk Management
• Regulatory Compliance
• Service Optimization
• Client Support & Dispute Resolution

5. Data Sharing & Third-Party Disclosure

We do not sell personal data. However, we may share data with authorized third parties under confidentiality obligations, including:

• Payment Networks & Financial Institutions
• Regulatory & Compliance Authorities
• Security & Fraud Prevention Services
• Cloud Infrastructure Providers

6. International Data Transfers

We rely on mechanisms such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), and adequacy decisions to ensure data protection in cross-border transfers.

7. Data Retention & Security Measures

Data is retained only as long as necessary for regulatory, operational, and security purposes. Security measures include:

• PCI DSS Level 1 Certification
• AES-256 Encryption & TLS
• Tokenization & Anonymization
• MFA & Access Controls

8. Data Subject Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict processing of your data. Requests will be honored as per legal timelines and frameworks.

9. Compliance with PCI DSS & Regulatory Frameworks

We adhere to applicable legal frameworks and industry standards to ensure lawful data handling and breach preparedness.

10. Policy Updates & Contact Information

We may update this policy periodically. Please direct questions or concerns to:

[email protected]

By using our services, you acknowledge and consent to this Privacy Policy.