Information We Collect
We collect information necessary to provide our payment gateway services. This includes business information (company registration, beneficial ownership, licence details), transaction data (amounts, payment method, timestamps, counterparty identifiers), and technical information required for fraud prevention and compliance (device fingerprints, IP addresses, user-agent strings, session tokens). We also collect information you submit directly via application forms, sales enquiries, and support tickets.
How We Use Information
Your information is used to:
- Process payments and settlement instructions accurately and on time.
- Prevent fraud, detect account compromise, and block sanctioned transactions.
- Comply with regulatory requirements — AML/CFT, PCI DSS, SOC 2, GDPR, local payment regulations.
- Improve service quality through aggregated, de-identified analytics.
- Communicate with you about your account, operational changes, and compliance matters.
We never sell your data to third parties. We share information only with acquirers, banks, card networks, regulators, and authorised auditors where it is necessary to deliver the service or to meet a legal obligation.
Data Security
We protect information with defence-in-depth controls — AES-256 encryption at rest, TLS 1.3 in transit, multi-factor authentication on all administrative access, and a 24/7 security operations centre. All production environments are subject to independent third-party security audits on an annual cadence, covering PCI DSS, SOC 2, and ISO 27001 scopes.
Data Retention
Transaction data is retained for the period required by applicable financial and tax regulations in the jurisdictions where we operate — typically 5–10 years depending on the rail and region. Non-transactional account data is retained for the duration of the commercial relationship and for a reasonable period thereafter to meet audit and legal hold requirements.
Your Rights
Depending on your jurisdiction (GDPR, UK DPA, LGPD, CCPA, and analogous regimes), you may have rights to access, correct, port, or delete personal information we hold about you, and to object to certain processing. Where these rights are subject to regulatory exceptions (for example, information retained for AML/CFT purposes), we will explain the grounds clearly and provide whatever portion of the data we are permitted to share.
International Transfers
FalconPay operates globally. Where personal information is transferred across jurisdictions, we rely on standard contractual clauses, adequacy decisions, or equivalent mechanisms as appropriate. Intra-group transfers are governed by our Binding Corporate Rules and the data-processing agreements in place with each group entity.
Cookies and Tracking
Our website uses a minimal set of cookies — strictly necessary cookies for session state and security, and optional analytics cookies where you have consented. We do not run third-party advertising pixels or cross-site trackers on the marketing site.
Changes to This Policy
We update this policy when our practices change or when required by law. Material changes are communicated directly to account holders. The "last updated" date at the top of this page reflects the most recent revision.
Contact
Data Protection Officer: [email protected]
Please include enough detail for us to locate your account or enquiry. We respond to most requests within 14 business days.