SpotPay (“SpotPay,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you access or use SpotPay's products, services, websites, applications, and related features (collectively, the “Services”).

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to personal information collected through our Services, including when you create an account, complete identity verification, add or receive funds, send payments, use a payment card, contact support, or otherwise interact with SpotPay.

This Privacy Policy does not apply to third-party websites, applications, or services that we do not control, even if they are linked through our Services.

2. Information We Collect

We collect personal information you provide directly, information we collect automatically when you use the Services, and information from third parties (such as identity verification vendors, payment partners, and financial institutions).

A. Information You Provide to Us

• Account registration information (such as your name, email address, phone number, date of birth, and password)
• Identity verification information (such as government-issued ID, selfie/photo, verification records, and related KYC/AML data)
• Financial information (such as payment method details, linked bank account information, card-related details, and transaction instructions)
• Profile and account preferences
• Communications with SpotPay (such as support requests, messages, and feedback)
• Any other information you choose to provide while using the Services

B. Information We Collect Automatically

• Device information (such as device type, operating system, app version, mobile network, and identifiers)
• Usage information (such as features used, interaction logs, and session activity)
• Log and diagnostic information (such as IP address, timestamps, crash reports, and performance data)
• Approximate location information derived from IP address or device settings, where permitted by law
• Security signals and fraud indicators (such as device reputation, velocity checks, and unusual access patterns)

C. Information from Third Parties

• Identity verification, sanctions screening, and fraud prevention results from service providers
• Payment and transaction data from banking partners, processors, card networks, and other financial institutions
• Information from referral programs, merchants, or counterparties in connection with transactions
• Information from public records or regulatory sources, where necessary for legal or compliance purposes

3. How We Use Your Information

We use personal information as necessary to operate, secure, and improve the Services, including to:

• Provide and maintain the Services and your account
• Process transactions, transfers, card activity, and related account functions
• Verify identity, perform KYC/AML checks, and comply with legal and regulatory obligations
• Detect, prevent, and investigate fraud, abuse, security incidents, and other prohibited activity
• Communicate with you about your account, transactions, updates, security alerts, support requests, and policy changes
• Troubleshoot, debug, monitor performance, and improve product functionality and user experience
• Enforce our Terms and other policies
• Conduct internal reporting, analytics, and business operations

We may also use information in aggregated or de-identified form for analytics, service improvement, and business planning, where permitted by law.

4. Legal Bases and Compliance (Where Applicable)

Depending on your jurisdiction and the nature of the Services, we may process personal information based on one or more of the following: performance of a contract, compliance with legal obligations, legitimate business interests, and your consent (where required by law).

SpotPay may process and retain personal information as required to comply with applicable financial, anti-money laundering, sanctions, consumer protection, and recordkeeping requirements.

5. How We Share Information

We do not sell your personal information. We may share personal information only as necessary to provide the Services, comply with legal obligations, protect rights and safety, or as otherwise permitted by law.

We may share information with:

• Service providers and vendors that perform services on our behalf (such as identity verification, fraud detection, cloud hosting, customer support, analytics, and communications)
• Banking partners, payment processors, card networks, liquidity providers, and other financial institutions needed to process transactions and operate the Services
• Regulatory authorities, law enforcement, courts, and government agencies when required by law, subpoena, court order, or regulatory request, or when we believe disclosure is necessary to prevent harm or illegal activity
• Corporate affiliates, advisers, auditors, and professional service providers under appropriate confidentiality obligations
• A buyer, investor, successor, or other relevant party in connection with a merger, acquisition, financing, reorganization, asset sale, or similar corporate transaction
• Other parties with your direction or consent

6. Financial Privacy and Sensitive Information

SpotPay treats financial and identity-related information with a high level of sensitivity. We use administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, alteration, and disclosure.

Access to personal information is limited to authorized personnel and service providers with a legitimate business need, subject to confidentiality and security obligations.

No method of transmission over the internet or method of electronic storage is completely secure. While we take reasonable measures to protect personal information, we cannot guarantee absolute security.

7. Data Retention

We retain personal information for as long as necessary to provide the Services, maintain your account, fulfill the purposes described in this Privacy Policy, resolve disputes, enforce agreements, and comply with legal, regulatory, tax, accounting, and reporting obligations.

Retention periods may vary depending on the type of information and applicable legal requirements. When personal information is no longer required, we will delete, de-identify, or securely dispose of it in accordance with applicable law and our internal policies.

8. Your Privacy Choices and Rights

Depending on where you live and subject to applicable law, you may have certain rights regarding your personal information, including the right to request access, correction, deletion, or portability, and the right to object to or restrict certain processing.

You may also have the right to withdraw consent where processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing before withdrawal and may limit your ability to use some Services.

We may need to verify your identity before processing privacy requests, and we may deny or limit requests where permitted by law, including where retention is required for legal, security, fraud prevention, or compliance purposes.

To submit a privacy request, contact us using the contact information below.

9. California Privacy Rights

If you are a California resident, you may have additional rights under California law, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), subject to applicable exemptions and limitations.

Depending on the circumstances and applicable law, California residents may have the right to request:

• Access to categories and specific pieces of personal information we have collected about you
• Information about the categories of sources from which personal information is collected, the business or commercial purposes for collection, and the categories of third parties to whom we disclose personal information
• Deletion of personal information, subject to legal and regulatory retention obligations and other exceptions
• Correction of inaccurate personal information
• Information about whether we disclose personal information for business purposes
• Non-discrimination for exercising applicable privacy rights

SpotPay does not sell personal information, and does not share personal information for cross-context behavioral advertising as those terms are defined under California law.

To submit a California privacy request, use the contact information in the “Contact Us” section below. We may need to verify your identity before processing your request. Authorized agents may submit requests on your behalf where permitted by law, subject to verification and authorization requirements.

10. Marketing Communications

We may send you service-related communications (such as transaction confirmations, security alerts, and account notices) that are necessary for operating your account and the Services.

We may also send promotional or marketing communications where permitted by law. You may opt out of marketing emails by following the unsubscribe instructions in those messages. Even if you opt out of marketing communications, you may still receive service-related messages.

11. Cookies and Similar Technologies

We and our service providers may use cookies, SDKs, pixels, and similar technologies to operate the Services, remember preferences, measure performance, prevent fraud, and improve user experience.

You may be able to control certain cookie or tracking preferences through your browser or device settings. Disabling certain technologies may affect functionality of the Services.

12. International Data Transfers

SpotPay may process and store information in the United States and other countries where we or our service providers operate. Data protection laws in those jurisdictions may differ from the laws in your jurisdiction.

Where required by law, we take appropriate measures designed to protect personal information transferred across borders.

13. Children's Privacy

The Services are not directed to individuals under 18 years of age, and SpotPay does not knowingly collect personal information directly from children under 18. If we learn that we have collected personal information from a child under 18 in violation of applicable law, we will take steps to delete such information, subject to legal retention obligations.

14. Security and Fraud Prevention Disclosures

To protect users and the integrity of the Services, SpotPay may monitor accounts, devices, access patterns, and transactions for fraud, abuse, security risks, sanctions concerns, and other suspicious activity. We may place holds, limit functionality, delay processing, or request additional verification where necessary for security, legal, or compliance reasons.

These measures are intended to protect users, SpotPay, and our financial ecosystem, and may be applied automatically or through manual review.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make changes, we will update the “Last Updated” date above and, where required by law, provide additional notice (such as through the app, website, or email).

Your continued use of the Services after the updated Privacy Policy becomes effective constitutes your acknowledgment of the revised policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at support@spotpay.com.

For compliance-related inquiries, please contact compliance@spotpay.com.