Privacy Policy

We collect information you provide directly: name, email address, company name, billing details, and API credentials when you register or use our services.

We automatically collect technical data including IP addresses, browser type, device identifiers, pages visited, and API request logs.

We may collect KYC/AML verification data (government ID, proof of address) as required by applicable financial regulations.

To provide, operate, and improve the dptcay payment gateway and API services, process transactions, and send service-related communications.

To comply with legal obligations including anti-money-laundering (AML), counter-terrorism financing (CTF), and tax reporting requirements.

To analyze usage patterns, prevent fraud, detect security incidents, and send product updates or marketing communications (with your consent where required).

We use strictly necessary cookies for session management and authentication, functional cookies for preferences, and analytics cookies (e.g., anonymized usage metrics) to improve our platform.

You may manage or withdraw cookie consent at any time via our Cookie Preferences panel or your browser settings. Disabling essential cookies may affect service functionality.

We do not serve third-party advertising cookies or sell your browsing data.

We share data with vetted sub-processors (cloud infrastructure, fraud detection, KYC providers) under strict data processing agreements that prohibit independent use of your data.

We may disclose information to law enforcement, regulators, or courts when legally required or to protect the rights, safety, or property of dptcay and its users.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

Under GDPR (EU/EEA residents) you have the right to: access, rectify, erase, restrict processing, data portability, and object to processing. You may also lodge a complaint with your local supervisory authority.

Under CCPA (California residents) you have the right to know, delete, and opt-out of the sale of personal information. We do not sell personal information as defined by CCPA.

Submit rights requests to [email protected]. We respond within 30 days (GDPR) or 45 days (CCPA).

We retain account and transaction data for a minimum of 5 years following account closure to comply with financial regulatory requirements.

API logs and analytics data are retained for 90 days. Marketing consent records are retained for 3 years after the last interaction.

You may request earlier deletion where permitted by law.

We implement industry-standard safeguards including AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, and regular third-party penetration testing.

In the event of a personal data breach affecting your rights and freedoms, we will notify relevant supervisory authorities within 72 hours and affected users without undue delay.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors.

If you believe a minor has provided us with personal data, contact [email protected] and we will delete it promptly.

We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice on our platform at least 14 days before they take effect.

Continued use of dptcay services after the effective date constitutes acceptance of the revised policy.

Data Controller: dptcay Ltd., registered in accordance with applicable law.

Data Protection Officer: [email protected]

General privacy enquiries: [email protected] | Response time: within 5 business days.