k
kerapay

Privacy Policy

Effective Date: January 1, 2025

Last Updated: January 1, 2025

1. Introduction

KeraPay, Inc. ("KeraPay", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment processing services and website.

By using our services, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our services.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Business Information: Company name, EIN/Tax ID, business address, website, industry type
  • Contact Information: Name, email address, phone number, mailing address
  • Financial Information: Bank account details, processing history, transaction data
  • Identification Information: Government-issued ID, SSN (for verification purposes)
  • Account Information: Username, password, security questions
  • Communication Data: Customer service inquiries, feedback, correspondence

2.2 Information Collected Automatically

When you use our services, we automatically collect:

  • Transaction Data: Payment amounts, dates, times, merchant information
  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, interaction with our services
  • Location Data: Geographic location based on IP address
  • Cookies and Tracking: Session cookies, analytics data, preferences

2.3 Information from Third Parties

We may receive information about you from:

  • Credit bureaus and identity verification services
  • Banking partners and financial institutions
  • Card networks (Visa, Mastercard, etc.)
  • Business verification services
  • Fraud prevention services

3. How We Use Your Information

3.1 Providing Services

  • Process payment transactions
  • Verify your identity and business legitimacy
  • Manage your merchant account
  • Provide customer support
  • Send transaction receipts and notifications

3.2 Risk Management

  • Detect and prevent fraud
  • Manage chargebacks and disputes
  • Comply with anti-money laundering (AML) requirements
  • Assess and manage credit risk
  • Monitor for suspicious activities

3.3 Legal and Compliance

  • Comply with legal obligations and regulations
  • Respond to legal requests and court orders
  • Enforce our Terms of Service
  • Protect our rights and property
  • Meet card network requirements

3.4 Business Operations

  • Improve our services and develop new features
  • Analyze usage patterns and trends
  • Personalize your experience
  • Send marketing communications (with consent)
  • Conduct research and analytics

4. How We Share Your Information

4.1 Service Providers

We share information with third-party service providers who help us operate our business:

  • Payment processors and banking partners
  • Identity verification services
  • Cloud storage and hosting providers
  • Customer support platforms
  • Analytics and monitoring services
  • Professional advisors (lawyers, accountants)

4.2 Business Partners

With your consent, we may share information with:

  • Referral partners
  • Integration partners
  • Resellers and distributors

4.3 Legal Requirements

We may disclose information when required by law:

  • To comply with subpoenas, court orders, or legal process
  • To cooperate with law enforcement or regulatory authorities
  • To protect against fraud or security threats
  • To protect our rights and safety or that of others

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of such changes.

4.5 Aggregated Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, marketing, or other business purposes.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: TLS/SSL encryption for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication, regular access reviews
  • PCI Compliance: PCI DSS Level 1 certified environment
  • Security Monitoring: 24/7 monitoring, intrusion detection, vulnerability scanning
  • Incident Response: Documented procedures for security incidents
  • Employee Training: Regular security awareness and privacy training

Despite our efforts, no security measures are perfect. We cannot guarantee absolute security of your information.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our services
  • Comply with legal obligations (typically 7 years for financial records)
  • Resolve disputes and enforce agreements
  • Maintain business records

After termination of services, we may retain certain information for legal and business purposes as described above.

7. Your Rights and Choices

7.1 Access and Correction

You have the right to access and correct your personal information. Contact us to request access or make corrections.

7.2 Marketing Communications

You can opt-out of marketing emails by clicking "unsubscribe" or contacting us. Note that you cannot opt-out of transactional communications.

7.3 Cookies and Tracking

You can manage cookie preferences through your browser settings. Disabling cookies may affect functionality.

7.4 Data Portability

You may request a copy of your data in a structured, machine-readable format where technically feasible.

7.5 Deletion

You may request deletion of your personal information, subject to legal and contractual obligations to retain certain data.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Privacy Shield certification (where applicable)
  • Adequate data protection agreements

9. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

  • Right to Know: Request information about data collection and sharing
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
  • Non-Discrimination: Exercise rights without discrimination

To exercise these rights, contact us at privacy@kerapay.com or 1-888-555-0123.

10. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under GDPR:

  • Access: Obtain confirmation and copies of your data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion under certain circumstances
  • Restriction: Limit processing of your data
  • Portability: Receive data in a portable format
  • Object: Object to certain processing activities
  • Automated Decision-Making: Not be subject to solely automated decisions

Our legal basis for processing includes consent, contract performance, legal obligations, and legitimate interests.

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.

12. Third-Party Links

Our services may contain links to third-party websites. We are not responsible for the privacy practices of these sites. Review their privacy policies before providing information.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our services. The "Last Updated" date reflects the most recent revision.

14. Contact Us

For privacy-related questions or to exercise your rights, contact us:

  • Email: privacy@kerapay.com
  • Phone: 1-888-555-0123
  • Mail: KeraPay, Inc.
  • Attn: Privacy Officer
  • 123 Payment Plaza, Suite 100
  • Wilmington, DE 19801

Data Protection Officer: For GDPR-related inquiries, contact our DPO at dpo@kerapay.com

15. Compliance Certifications

KeraPay maintains the following compliance certifications:

  • PCI DSS Level 1
  • SOC 2 Type II
  • ISO 27001:2013
  • GDPR Compliant
  • CCPA Compliant