Privacy Policy

Last updated: April 2026

1. Introduction

This Privacy Policy describes how HAYO PAY LIMITED (“HayoPay,” “we,” “our,” or “us”) collects, uses, stores, and protects your personal information when you use our website at hayopay.app, mobile applications, and all related services (collectively, the “Platform”).

We are committed to protecting your privacy and handling your data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable. Our Data Protection Officer can be reached at dpo@hayopay.app.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email address, phone number, date of birth, nationality
• Identity documents: government-issued ID, proof of address, selfie for KYC verification
• Financial information: wallet addresses, transaction history, card details, funding sources
• Communications: messages sent through support channels, feedback, and survey responses

2.2 Information Collected Automatically

• Device information: IP address, browser type, operating system, device identifiers
• Usage data: pages viewed, features used, session duration, navigation paths
• Location data: approximate location derived from IP address (not precise GPS)
• Cookies: session cookies, analytics cookies, and preference cookies

2.3 Information from Third Parties

• Identity verification results from KYC providers
• Sanctions and PEP screening data
• Credit and fraud risk information

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: provide, maintain, and improve our Platform, including prepaid card issuance, wallet management, and currency conversion
• Identity verification: verify your identity in compliance with KYC/AML requirements
• Transaction processing: process payments, top-ups, and currency conversions
• Communications: send account notifications, security alerts, and service updates
• Security: detect and prevent fraud, unauthorized access, and security incidents
• Legal compliance: meet regulatory obligations and respond to lawful requests
• Improvement: analyze usage patterns and feedback to improve user experience

4. Data Sharing

We do not sell your personal information. We may share information with the following categories of recipients:

• Financial partners: licensed financial institutions and card issuers that provide payment services through the Platform
• KYC/AML providers: third-party identity verification and compliance screening services
• Service providers: cloud hosting, analytics, customer support tools, and email delivery services, all operating under strict data processing agreements
• Law enforcement: regulatory authorities and law enforcement agencies when required by applicable law or valid legal process
• Professional advisors: legal, accounting, and audit professionals under confidentiality obligations

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. After account closure, we may retain certain data as required by applicable laws, including:

• Transaction records: minimum 5 years (as required by AML regulations)
• KYC documentation: minimum 5 years after the end of the business relationship
• Communication records: 3 years for support-related correspondence

Data that is no longer required is securely deleted or anonymized.

6. Security

We implement industry-standard security measures to protect your personal information, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Multi-factor authentication for account access
• Role-based access controls for internal systems
• Regular security audits and penetration testing
• Incident response procedures and breach notification processes

While we take every reasonable precaution, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your data.

7. Your Rights (GDPR)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure: request deletion of your personal data (subject to legal retention requirements)
• Right to restrict processing: request that we limit how we use your data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact our Data Protection Officer at dpo@hayopay.app. We will respond within 30 days.

8. Cookies

We use the following types of cookies:

• Essential cookies: required for the Platform to function (e.g., session management, authentication)
• Analytics cookies: help us understand how you use the Platform to improve our services
• Preference cookies: remember your settings and preferences (e.g., language, theme)

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated through the Platform or via email at least 30 days before they take effect. Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related inquiries or to exercise your data rights:

• Data Protection Officer: dpo@hayopay.app
• General support: support@hayopay.app
• Company: HAYO PAY LIMITED
• Website: hayopay.app