Privacy Policy

Effective Date: January 1, 2025 | Last Updated: May 2026

VePay Finance, Inc. ("VePay", "we", "us", or "our") respects your privacy and is committed to protecting your personal and business data. This Privacy Policy outlines our practices regarding the collection, use, processing, and disclosure of information when you use our website, payment infrastructure, and Shariah-compliant financial services (collectively, the "Services").

This Policy complies with applicable global data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

We collect information necessary to provide secure, compliant financial services and to meet our Know Your Business (KYB) and Anti-Money Laundering (AML) obligations.

  • Business Identity Data: Legal entity names, registration numbers, certificates of incorporation, and Shariah validation metrics (e.g., MCC codes).
  • Beneficial Owner Data: Names, residential addresses, government-issued IDs, and contact details for individuals owning 25% or more of the business entity.
  • Financial Data: Bank account details collected securely via our open-banking partner (Plaid). VePay does not store your raw banking login credentials.
  • Transaction Data: Payment histories, processing volumes, and customer payment details required to facilitate transactions.
  • Technical Data: IP addresses, browser types, device identifiers, and usage data collected automatically via cookies.

2. How We Use Your Information

We process your data strictly for legitimate business purposes:

  • To verify your business and owners as mandated by international AML/CTF regulations.
  • To evaluate your business model against VePay's Shariah compliance standards (prohibitions against Riba, Gharar, and Maysir).
  • To process payments, execute payouts, and generate settlement reports.
  • To monitor for fraudulent, suspicious, or illegal activity (including continuous OFAC and sanctions screening).
  • To comply with binding legal obligations and regulatory reporting.

3. Data Sharing and Disclosure

VePay does not sell your personal data. We may share information under the following strict conditions:

  • Service Providers: With trusted partners (e.g., Plaid for banking, AWS for encrypted hosting, compliance screening APIs) bound by strict Data Processing Agreements (DPAs).
  • Financial Intelligence Units (FIUs): When required by law to file Suspicious Activity Reports (SARs) or respond to lawful subpoenas and regulatory inquiries.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, subject to continued confidentiality.

4. Data Retention

In compliance with global financial regulations, VePay retains all KYB documents, transaction records, and compliance reports for a minimum of five (5) years following the closure of your account or your last transaction, whichever is later. After this period, data is securely erased or irreversibly anonymized.

5. Your Global Privacy Rights

Depending on your jurisdiction (e.g., EU/UK under GDPR, California under CCPA), you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data (subject to our overriding 5-year regulatory retention mandates).
  • Opt-out of non-essential cookies and marketing communications.
  • Lodge a complaint with your local data protection authority.

6. Security Measures

We implement enterprise-grade security, including AES-256 encryption at rest, TLS 1.3 in transit, regular penetration testing, and strict role-based access controls to safeguard your data against unauthorized access.

7. Contact Our Data Protection Officer

For privacy inquiries, data subject access requests, or to exercise your rights, please contact our Data Protection Officer at:

Email: privacy@vepay.io
Address: 1771 Robson St #1511, Vancouver, BC V6G 1C9, Canada