Privacy Policy

Privacy is foundational to running a payments platform. This policy describes the personal data Paytone handles in connection with our services, the purposes for which we use it, and the rights you have under applicable data-protection laws.

1. Introduction

Paytone provides a payment orchestration platform used by businesses to accept, route, and reconcile electronic payments. This Privacy Policy applies to information we handle in connection with our websites, dashboards, APIs, and supporting services. It does not apply to merchants' own privacy practices, which are governed by their respective policies.

The controller of personal data processed under this Privacy Policy is NEW WAGE TECHNOLOGIES LTD (registration number HE 449912), a company incorporated in the Republic of Cyprus, with its registered office at Pavlou Valdaseridi 2A, Floor 1, 6018 Larnaca, Cyprus, trading as "Paytone". References to "Paytone", "we", "us", and "our" mean NEW WAGE TECHNOLOGIES LTD. References to "you" and "your" mean the individuals whose personal data is described in this policy.

Where Paytone processes personal data on behalf of a customer (for example, end-user data routed through the Platform as part of a Transaction), that customer acts as the controller and Paytone acts as a processor under the relevant order form and data-processing addendum.

2. Information we collect

2.1 Information you provide

When you create an account, request a demo, or otherwise contact us, we collect information you share directly with us, including contact details, professional information, account credentials, and the contents of your communications.

2.2 Automatically collected information

When you use our websites, dashboards, or APIs, we automatically collect technical information such as device and browser identifiers, IP address, log data, approximate location, pages and features accessed, and timestamps of access.

2.3 Information from third parties

We receive information about you from third parties involved in providing or supporting the services, including identity-verification providers, sanctions and PEP screening services, payment networks, acquirers and Providers, marketing partners, and publicly available sources.

3. How we use information

Paytone uses personal data to deliver, maintain, and improve the services. Specifically, we use it to:

• Provide, secure, and administer customer accounts.
• Authenticate users and manage access to dashboards and APIs.
• Process payment instructions, route Transactions, and support reconciliation.
• Conduct due diligence, screening, fraud prevention, and risk monitoring.
• Communicate operational notices, product updates, and service announcements.
• Comply with applicable laws, regulations, and lawful requests from authorities.
• Improve product performance, reliability, and user experience.

4. Legal bases for processing

As a controller established in the Republic of Cyprus, Paytone processes personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and the Cyprus Law Providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018). Where the UK GDPR or other comparable laws apply, we rely on the equivalent lawful bases under those regimes. The legal bases on which we typically rely are: performance of a contract, compliance with legal obligations (including anti-money-laundering, sanctions, and tax requirements), legitimate interests (such as securing the platform and preventing fraud), and consent where required. Where we rely on legitimate interests, we balance those interests against the rights and freedoms of the individuals concerned.

5. Sharing & disclosure

We share personal data only as needed to provide the services and comply with the law. Recipients may include:

• Acquirers, payment networks, banks, and other Providers necessary to route and settle Transactions.
• Service providers we engage to host infrastructure, perform analytics, send communications, screen for risk, or support customers.
• Regulators, law-enforcement bodies, and other authorities where disclosure is required by law.
• Professional advisers and parties involved in actual or contemplated corporate transactions, subject to confidentiality.

We do not sell personal data and we do not share it with third parties for their independent marketing purposes.

6. International transfers

Paytone operates globally, and personal data may be transferred to, stored in, or accessed from countries other than your own. When we transfer data across borders, we rely on appropriate safeguards such as European Commission adequacy decisions, Standard Contractual Clauses, the UK International Data Transfer Agreement, or other lawful mechanisms.

7. Data retention

We retain personal data for as long as needed to fulfil the purposes set out in this policy, to provide the services, and to meet legal, accounting, and regulatory obligations. Retention periods vary based on the nature of the data and the legal context — for example, Transaction records may be retained for several years under financial-services rules.

8. Your rights

Depending on where you live, you may have the following rights in respect of your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Deletion — request erasure where there is no legal basis to retain the data.
• Restriction — request that we limit the processing of your data in certain situations.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests or direct marketing.

You may also have the right to withdraw consent at any time and to lodge a complaint with a supervisory authority. The lead supervisory authority for Paytone is the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (Γραφείο Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), Iasonos 1, 1082 Nicosia, Cyprus — www.dataprotection.gov.cy. You may also lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of the alleged infringement. We will respond to verified requests within the time frames required by law.

9. Cookies & tracking

We use cookies and similar technologies on our websites for purposes including authentication, preference storage, analytics, and limited marketing. You can manage cookies through the controls in our cookie banner or through your browser settings. Disabling some cookies may affect site functionality.

10. Security

Paytone maintains technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, and destruction. These include encryption in transit and at rest, least-privilege access controls, network segmentation, continuous monitoring, and a documented incident-response programme.

11. Children's privacy

Our services are intended for businesses and their authorized users, not for children. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has provided personal data to us, please contact us and we will take appropriate steps to remove it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will, where appropriate, notify customers through the dashboard or by email to a designated contact. We encourage you to review the policy periodically.

13. Contact

The data controller is NEW WAGE TECHNOLOGIES LTD, registration number HE 449912, with its registered office at Pavlou Valdaseridi 2A, Floor 1, 6018 Larnaca, Cyprus.

Questions, requests, or concerns about this policy can be sent to privacy@paytone.io, or by post to NEW WAGE TECHNOLOGIES LTD at the address above. We may verify your identity before responding to substantive requests.