Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, username, password, and authentication credentials
• Payment Information: Payment method details, transaction history, mandate configurations, and spending limits
• Business Information: Company name, business registration details, merchant information, and compliance documentation
• Communication Data: Messages, support tickets, and other communications with us

1.2 Automatically Collected Information

• Usage Data: IP address, browser type, device information, access times, pages viewed, and navigation patterns
• Technical Data: Log files, error reports, performance metrics, and system diagnostics
• Cookies and Tracking: Session cookies, authentication tokens, and analytics identifiers

1.3 Third-Party Information

We may receive information about you from third-party services, including:

• Payment processors and financial institutions
• Identity verification and compliance services
• Cloud infrastructure providers (e.g., Google Cloud Platform, Cloudflare)
• Analytics and monitoring services

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide, maintain, and improve the APTO platform and related services
• Authentication and Security: To verify identity, prevent fraud, detect security threats, and enforce access controls
• Payment Processing: To process transactions, manage mandates, verify payment authorizations, and handle disputes
• Compliance and Risk Management: To comply with legal obligations, conduct risk assessments, and maintain audit trails
• Communication: To send service notifications, respond to inquiries, and provide customer support
• Analytics and Improvement: To analyze usage patterns, optimize performance, and develop new features
• Legal Compliance: To comply with applicable laws, regulations, court orders, and government requests

3. Data Sharing and Disclosure

We may share your information in the following circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who assist in operating our Service, including:

• Cloud hosting and infrastructure providers
• Payment processors and financial institutions
• Security and fraud prevention services
• Analytics and monitoring tools
• Customer support platforms

3.2 Legal Requirements

We may disclose information when required by law, including:

• Compliance with court orders, subpoenas, or legal processes
• Response to government or regulatory requests
• Protection of our rights, property, or safety, or that of our users
• Investigation of potential violations of our Terms of Service

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

3.4 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption: End-to-end encryption for sensitive data in transit and at rest
• Access Controls: Multi-factor authentication, role-based access controls, and least-privilege principles
• Infrastructure Security: Secure cloud infrastructure, network segmentation, and DDoS protection
• Compliance Standards: PCI-DSS Level 1 compliance, SOC 2 Type II (target), and ISO 27001 (target)
• Monitoring and Auditing: Continuous security monitoring, intrusion detection, and audit logging
• Incident Response: Established procedures for detecting, responding to, and mitigating security incidents

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to:

• Provide and maintain the Service
• Comply with legal obligations (e.g., tax, accounting, and regulatory requirements)
• Resolve disputes and enforce agreements
• Maintain security and prevent fraud

Transaction records and audit logs may be retained for extended periods as required by financial regulations and compliance standards. When information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request transfer of your data in a structured, machine-readable format
• Objection: Object to processing of your information for certain purposes
• Restriction: Request restriction of processing in certain circumstances
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@apayg.ai. We will respond to your request within the timeframes required by applicable law.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by relevant data protection authorities
• Adequacy decisions by relevant authorities
• Other legally recognized transfer mechanisms

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and improve our Service. You can control cookies through your browser settings. However, disabling cookies may limit certain functionality of the Service.

For more information about our use of cookies, please refer to our Cookie Policy or contact us.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

12. Regional Addendums

12.1 European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR. Our legal basis for processing includes:

• Performance of a contract
• Compliance with legal obligations
• Legitimate interests
• Your consent

12.2 California, United States

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt-out of the sale of personal information. We do not sell your personal information as defined under the CCPA.

12.3 Australia

If you are located in Australia, we comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. You have the right to access and correct your personal information, and to make a complaint to the Office of the Australian Information Commissioner (OAIC).