Teopay

Get started
Menu
Get started

Privacy Policy

This Privacy Policy explains how TeoPay collects, uses, discloses, and protects personal data when you visit our website, interact with us, use our services as a merchant or partner, or when TeoPay processes your payment on behalf of a merchant. It also describes your privacy rights and how to exercise them.

Who we are

TeoPay is a payment solutions provider operating under a bank license. We enable merchants and platforms to accept and settle payments via card, bank transfer, and other payment methods, and we provide related onboarding, support, and risk management services.

Scope

This Policy applies to:

  • Visitors to our websites and online properties.
  • Prospective and existing merchants, partners, and their representatives.
  • Shoppers whose transactions are processed by TeoPay when paying a TeoPay-enabled merchant.

Our role in data processing

Depending on the context, TeoPay acts as:

  • controller when we determine the purposes and means of processing, such as for our websites, marketing, merchant onboarding, fraud/risk checks, compliance, and acquiring services.
  • processor when we process data strictly on a merchant’s documented instructions for providing specific payment services. In many payment flows, TeoPay also operates as an independent controller for fraud monitoring, sanctions screening, and scheme/network obligations.

If you have questions about our role for a particular processing activity, contact us using the details in the “Contact us” section.

Personal data we collect

We may collect the following categories of personal data, depending on your interaction with us:

  • Identification and contact: name, business role/title, postal address, email, phone.
  • Merchant onboarding/KYC: date of birth, nationality, government-issued ID details, tax information, beneficial ownership and control information, and related due diligence records.
  • Account and usage: account credentials, authentication logs, preferences, support tickets, communications, and survey responses.
  • Transaction and payment: masked or tokenized card number, card expiry month/year, authorization data, IBAN and SWIFT/BIC, transaction amount and currency, timestamps, merchant category and identifier, payment status and risk signals.
  • Technical and device: IP address, device and browser type, operating system, language, referrer/exit pages, session duration, performance metrics, and marketing identifiers such as a Google Analytics ID.
  • Cookies and tracking: information captured through cookies, tags, pixels, SDKs, and similar technologies as described in our Cookie Policy.
  • Social media interactions: information you choose to share when you click social plugins or interact with embedded content.

Sources of data

We collect personal data from:

  • You directly when you browse our site, fill out forms, sign agreements, or contact support.
  • Your employer or colleagues when your organization engages TeoPay.
  • Merchants and payment partners involved in your transaction.
  • Financial institutions, card schemes, and payment networks.
  • KYC/AML vendors, sanctions and watchlist providers, identity verification services, fraud prevention services, and public databases.
  • Cookies, analytics, and marketing tools.

How we use personal data and legal bases

We process personal data for the following purposes and, where applicable, on these legal bases:

  • Provide and improve our services: set up merchant accounts, integrations, settlement, support, troubleshooting, and service optimization. Legal bases: performance of a contract; legitimate interests.
  • Payments acquiring and processing: obtain authorizations, route and settle transactions, handle chargebacks, disputes, and refunds. Legal bases: performance of a contract; legitimate interests; legal obligations and scheme/network requirements.
  • Risk, fraud, and security: monitor transactions, detect and prevent fraud, abuse, and DDoS attacks; secure our systems and services. Legal bases: legitimate interests; legal obligations.
  • Compliance and governance: KYC/AML/CFT checks, sanctions screening, reporting to authorities, audits, and recordkeeping. Legal bases: legal obligations; public interest where applicable.
  • Website analytics and performance: measure visits, improve usability and content, and diagnose issues. Legal bases: legitimate interests; consent where required.
  • Personalized content and marketing: tailor content and offers to your interests, send service updates and marketing communications when permitted. Legal bases: consent where required; legitimate interests for B2B marketing consistent with applicable law.
  • Legal and claims management: exercise or defend legal rights, respond to lawful requests. Legal bases: legitimate interests; legal obligations.

Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, you may object as described in “Your rights.”

Cookies and tracking technologies

We use cookies, tags, beacons, SDKs, and similar technologies to:

  • Operate and secure the site.
  • Measure performance and usage.
  • Personalize content and, with your prior consent where required, deliver targeted advertising.
    You can manage your preferences via your browser settings and our Cookie controls. We only set tracking/advertising cookies with your consent, where required by law.

When you visit our website

We process your IP address, device/browser details, language, referring/exit pages, pages viewed, time spent, and identifiers like a Google Analytics ID to:

  • Deliver and secure the site, including DDoS mitigation and troubleshooting.
  • Understand usage patterns and improve features and content.
  • Provide personalized content or offers subject to your consent where required.
    Retention:
  • Session data is kept for the duration of your visit.
  • Analytics and marketing-related data is typically retained for up to 12 months, unless a shorter or longer period is required to meet legal, security, or operational needs.

When you are a TeoPay customer or partner

If you sign with TeoPay, we process:

  • Contact and business details to establish and perform the contract and provide onboarding, integration, and support.
  • KYC/AML information to verify identity, ownership, and regulatory eligibility.
  • Account and usage information to provide support, billing, and service improvements.
    Retention:
  • Contract and KYC/AML records are retained in line with applicable financial regulations and limitation periods.
  • Support and operational logs are retained as necessary to operate, secure, and improve the services.

When we process shopper transactions

As an acquirer/payment service provider, we process transaction-related data to:

  • Request authorization from relevant schemes (e.g., Visa, Mastercard, local methods) and route to your bank for approval.
  • Reconcile and settle funds to the merchant’s bank.
  • Detect and prevent fraud and manage disputes/chargebacks.
  • Comply with AML/CFT, sanctions, and other financial regulations.
    Data elements may include:
  • Encrypted or tokenized card number, card expiry month/year.
  • Bank account identifiers such as IBAN and SWIFT/BIC.
  • Transaction amount, currency, date, time, merchant category and identifier, and limited location/context where relevant to risk.
    Security and standards:
  • Card data is protected in line with PCI DSS and industry best practices, including encryption, tokenization, and access controls.
    Retention:
  • Transaction records are retained as required by financial regulations, card scheme rules, and applicable limitation periods.

Social media features and embeds

Our site may include plugins and embeds from platforms such as LinkedIn, X/Twitter, Facebook, and video players. These features are inactive until you click them. Once activated, they may collect information directly from your device and process it under their own privacy policies. Review the relevant provider’s policy for details.

Sharing and disclosure

We share personal data only as needed for the purposes described above:

  • Service providers: IT hosting, cloud, analytics, CRM, customer support, KYC/AML screening, fraud prevention, marketing support, professional advisors, and auditors. We contractually require appropriate safeguards.
  • Payment ecosystem: acquiring/issuing banks, card schemes and payment networks, payment method providers, and payout partners.
  • Corporate transactions: prospective buyers, investors, or successors in connection with a merger, sale, or reorganization under appropriate confidentiality protections.
  • Legal and compliance: competent authorities, regulators, courts, and law enforcement where required or permitted by law.
    We do not share personal data with third parties for their independent marketing without your consent.

International data transfers

Where data is transferred across borders, we implement appropriate safeguards recognized by applicable law, such as standard contractual clauses, and we assess the legal environment of destination countries. We also apply technical and organizational measures designed to protect data in transit and at rest.

Data retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Contractual and operational needs.
  • Compliance with legal, tax, and regulatory obligations (including KYC/AML and financial record retention).
  • Resolution of disputes and enforcement of agreements.
    Specific retention periods may vary by data category, legal requirements, and business needs. When retention is no longer required, we securely delete or irreversibly anonymize data.

Security

We protect personal data through layered technical and organizational measures, including:

  • Encryption in transit and at rest, and tokenization for sensitive payment data.
  • Access controls, least-privilege permissions, multi-factor authentication, and logging.
  • Network security, DDoS mitigation, and vulnerability management.
  • Secure development practices, change control, and vendor due diligence.
  • Employee training and confidentiality obligations.
    While no method is completely risk-free, we continually improve our controls to keep your data safe.

Your rights

Subject to applicable law, you may have the right to:

  • Access your personal data and receive a copy.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data.
  • Restrict or object to processing, including profiling based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent.
  • Data portability for certain information you provided to us.
  • Lodge a complaint with a supervisory authority.
    We may be unable to fulfill certain requests where legal obligations require retention or where disclosure would infringe the rights of others. To exercise your rights, contact us as set out below.

Automated decisions and profiling

We may use automated systems and scoring to help detect fraud, assess risk, and protect transactions and our services. These processes analyze signals such as transaction patterns, device/behavioral indicators, and sanction lists. You can request human review and contest a decision where required by law.

Children’s privacy

Our services are not directed to children, and we do not knowingly collect personal data from individuals under the age required by applicable law to use payment services without appropriate consent. If you believe a child has provided us personal data, contact us so we can take appropriate action.

Changes to this Policy

We may update this Policy to reflect changes in our practices, technologies, or legal requirements. Material changes will be indicated by an updated “Last updated” date and, where appropriate, additional notice.

Contact us

Questions, requests, or complaints regarding this Policy or our data practices can be addressed to:

You also have the right to contact or file a complaint with your local data protection authority.