Privacy

Privacy Policy

This Privacy Policy explains how Way To Payments collects, uses, and protects information about merchants, end customers, and visitors.

Summary

Your data, handled with care

Enterprise-grade controls

Security PCI DSS Level 1 Infrastructure aligned with card data security requirements.

Compliance AML / KYC Verification and monitoring to meet regulatory obligations.

1. Scope

When this Privacy Policy applies

This Policy applies when you visit our websites, use the Way To Payments dashboard, interact with our APIs, or process payments through our platform as a merchant or as an end customer of a merchant.

We act as a controller for certain data about merchants and as a processor for end-customer data that merchants send to us for payment processing. In some cases we may act as a joint controller with financial institutions or card networks.

2. Information we collect

Data we receive from you and your customers

We collect information that you provide directly, such as account registration details, contact information, business documentation, support communications, and configuration settings for your integration.

When you process payments, we receive transaction data, including card network information, payment amounts, currency, device and browser metadata, and limited customer details such as billing information, shipping information, and contact details required to complete the payment.

We also collect technical data automatically, including IP address, device identifiers, usage logs, and diagnostic information to secure the platform and improve performance.

3. How we use information

Purposes for processing your data

We use information to provide and operate the services, including onboarding, payment authorization, clearing and settlement, reporting, invoicing, and customer support.

We also use data to monitor fraud and abuse, perform risk scoring, comply with legal and regulatory requirements, and maintain the stability and security of the platform.

Where permitted by law, we may use aggregated or de-identified information to improve our products, develop new features, and publish insights that do not identify you or your customers.

4. Legal bases

On what grounds we process data

Depending on your location and the relationship we have with you, we rely on one or more of the following legal bases: performance of a contract, legitimate interests (such as securing the platform and preventing fraud), compliance with legal obligations, and, where required, your consent.

5. Sharing & transfers

Who we share data with and why

We share information with acquiring banks, card networks, payment partners, identity verification providers, and fraud prevention services where necessary to process payments, comply with rules, and protect the ecosystem.

We may transfer data to other countries where our service providers or data centers are located. When we do so, we implement appropriate safeguards such as contractual protections or other mechanisms recognized by applicable law.

6. Data retention

How long we keep information

We retain information for as long as necessary to provide the services, comply with legal and regulatory requirements, resolve disputes, and enforce our agreements. Retention periods may vary depending on card network rules, tax and accounting obligations, or AML / KYC regulations.

7. Your choices & rights

Controls available to you and your customers

Depending on your jurisdiction, you and your customers may have rights to access, correct, update, or delete certain personal information, as well as to restrict or object to certain processing activities.

Requests can be submitted through our support channels. We may ask for additional information to verify identity and will respond in accordance with applicable law. Some data may need to be retained where we have overriding legal obligations.

8. Security measures

How we protect your data

We implement technical and organizational measures designed to protect information against unauthorized access, loss, misuse, or alteration. These controls include encryption in transit, access controls, logging, tokenization, and regular security assessments.

No system can be guaranteed to be completely secure, but we work continuously to improve our controls and respond to new threats.

9. Cookies & tracking

How we use cookies and similar technologies

We use cookies and similar technologies to provide core functionality, remember preferences, analyze usage, and support security features. Some cookies are strictly necessary for the services to function and cannot be switched off.

Where required, we present cookie notices or controls that allow you to manage non-essential cookies, such as analytics or advertising tags.

10. Changes & contact

How to reach us about privacy

We may update this Privacy Policy from time to time. Material changes will be communicated through the dashboard, by email, or by updating the “Effective date” at the top of this page.

If you have questions about this Policy, your privacy rights, or how we handle data, you can contact our team using the details provided on the Contact Sales and Support Center pages.