Privacy Policy

Account Information

When you create a MagnetPay account, we collect your name, email address, company name, phone number, and billing information. For business accounts, we may also collect business registration details, tax identification numbers, and authorized representative information.

Transaction Data

We process and store data related to payments, payouts, card transactions, and crypto transfers facilitated through our platform. This includes transaction amounts, currencies, timestamps, payment methods, merchant and customer identifiers, and routing metadata.

Technical Data

We automatically collect information about your interaction with our services, including IP addresses, browser type, operating system, device identifiers, API request logs, authentication tokens, and usage patterns. We use server-side analytics and do not employ third-party tracking scripts.

KYC and Compliance Data

To comply with anti-money laundering (AML) regulations and know-your-customer (KYC) requirements, we may collect government-issued identification documents, proof of address, beneficial ownership information, and other documents required by applicable financial regulations.

Communications

We retain records of communications between you and our support team, including emails, chat transcripts, and phone call metadata, to improve our services and resolve disputes.

Service Delivery

We use your information to process payments, execute payouts, issue and manage cards, facilitate crypto transactions, and provide the core functionality of the MagnetPay platform. This includes intelligent provider routing, fraud detection, and transaction monitoring.

Security and Fraud Prevention

We analyze transaction patterns, device fingerprints, and behavioral signals to detect and prevent fraudulent activity, unauthorized access, and abuse of our platform. This processing is essential for the security of all platform participants.

Compliance

We process personal data as required by applicable laws, including AML/KYC regulations, tax reporting obligations, sanctions screening, and responses to lawful requests from government authorities.

Product Improvement

We use aggregated and anonymized usage data to improve our APIs, optimize provider routing algorithms, enhance platform reliability, and develop new features. Individual transaction data is never used for advertising purposes.

Communications

We use your contact information to send service-critical notifications (transaction alerts, security warnings, API status updates), and with your consent, product updates and developer newsletters. You may opt out of non-essential communications at any time.

Payment Providers

To process transactions, we share necessary data with our payment infrastructure partners (e.g., PhotonPay, Razorpay, Marqeta, WasabiCard, Wallester). Data shared is limited to what is strictly required for transaction processing and is governed by data processing agreements with each provider.

Financial Institutions

We share data with banks, card networks (Visa, Mastercard), and other financial institutions as required to settle transactions, comply with network rules, and fulfill regulatory obligations.

Service Providers

We engage trusted third-party service providers for infrastructure hosting, monitoring, analytics, and customer support. All service providers are bound by contractual obligations to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose information to law enforcement agencies, regulatory bodies, or other parties when required by law, subpoena, court order, or other legal process. We will notify you of such disclosures unless prohibited by law.

No Sale of Data

MagnetPay does not sell, rent, or trade your personal information to third parties for marketing or advertising purposes. We do not use your data for behavioral advertising.

Encryption

All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256-GCM. Sensitive credentials, including API secrets and card numbers, are encrypted with dedicated key management infrastructure. Webhook payloads are signed with HMAC-SHA256.

Access Controls

We implement strict role-based access controls (RBAC) for all internal systems. Access to production data requires multi-factor authentication and is logged for audit purposes. PII access is restricted to authorized personnel with a demonstrated business need.

Infrastructure

Our infrastructure is designed with defense-in-depth principles, including network segmentation, intrusion detection systems, regular penetration testing, and automated vulnerability scanning. We maintain PCI DSS compliance for all card data handling.

Incident Response

We maintain a documented incident response plan and will notify affected parties within 72 hours of discovering a data breach, in compliance with applicable data protection regulations. Our security team operates 24/7 monitoring.

Active Accounts

We retain your account and transaction data for as long as your account remains active and as needed to provide our services. API request logs are retained for 90 days. Detailed transaction records are retained for 7 years to comply with financial record-keeping requirements.

Account Closure

Upon account closure, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., tax records, AML documentation). Legally required data will be retained in encrypted, restricted-access storage for the minimum period mandated.

Aggregated Data

We may retain aggregated, anonymized data indefinitely for analytical and statistical purposes. This data cannot be used to identify individual users or transactions.

Access and Portability

You have the right to request a copy of the personal data we hold about you in a structured, machine-readable format. You can export your data via the MagnetPay dashboard or by contacting our privacy team.

Correction

You can update your account information directly through the MagnetPay dashboard. For data corrections that cannot be made through self-service, contact our privacy team.

Deletion

You may request deletion of your personal data, subject to legal retention requirements. Upon receiving a valid deletion request, we will delete your data within 30 days or inform you of any legal basis for continued retention.

Restriction and Objection

You may request restriction of processing or object to processing of your personal data in certain circumstances, as provided by applicable data protection laws (including GDPR, CCPA, and equivalent regulations).

Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing. This includes opting out of marketing communications and non-essential analytics.

Essential Cookies

We use strictly necessary cookies for authentication, session management, and security (e.g., CSRF protection). These cookies cannot be disabled as they are required for platform functionality.

Analytics

We use privacy-respecting, first-party analytics to understand platform usage patterns. We do not use third-party advertising trackers, social media pixels, or cross-site tracking technologies.

Transfer Mechanisms

When we transfer personal data across borders, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful transfer mechanisms. Payment data may be processed in the jurisdiction of the relevant payment provider to ensure optimal transaction routing.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email and/or a prominent notice on our platform at least 30 days before the changes take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, contact our privacy team: