Privacy Policy

Last updated: February 14, 2026

1. Introduction

ZAFA PAY (“ZAFA PAY”, “we”, “us”, or “our”) is committed to protecting the privacy of our merchants, their customers, and visitors to our website. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our payment processing services, website, and related technology (collectively, the “Services”).

By using the Services, you acknowledge that you have read and understood this Privacy Policy. This policy should be read in conjunction with our Terms of Service.

2. Data We Collect

We collect the following categories of personal data depending on your relationship with us:

Merchants (Account Holders)

  • Account information: name, email address, phone number, business name, and business address
  • Identity verification: government-issued identification documents, proof of address, and beneficial ownership information
  • Financial information: bank account details, transaction history, and settlement records
  • Technical data: IP addresses, device information, browser type, and usage logs

End Customers (Payers)

  • Payment information: card number, expiration date, and billing address
  • Transaction details: purchase amount, date, and merchant information

Website Visitors

  • Browsing data: pages visited, referral sources, and engagement metrics
  • Device information: IP address, browser type, operating system, and screen resolution

3. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Service delivery: Processing payments, managing accounts, facilitating settlements, and providing customer support
  • Security and fraud prevention: Detecting and preventing fraudulent transactions, unauthorized access, and other security threats
  • Identity verification: Verifying the identity of merchants and their representatives as required by applicable know-your-customer (KYC) and anti-money laundering (AML) regulations
  • Legal compliance: Meeting our obligations under applicable laws, regulations, and industry standards
  • Communication: Sending service-related notifications, updates, and responding to inquiries
  • Improvement: Analyzing usage patterns to improve our Services, develop new features, and enhance the user experience

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with the following categories of recipients:

  • Financial partners: Banks, payment processors, and card networks necessary to process transactions
  • Service providers: Third-party vendors who assist us in operating the Services, such as cloud hosting, analytics, and identity verification providers
  • Regulatory authorities: Government agencies, law enforcement, and regulators when required by law or to protect our legal rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction

All third-party recipients are contractually required to protect your data and use it only for the purposes for which it was shared.

5. Data Retention

We retain your personal data for as long as necessary to provide the Services and fulfill the purposes described in this policy. Following account closure, we may retain certain data for up to seven (7) years as required by applicable financial regulations, anti-money laundering laws, and tax requirements.

When data is no longer needed, it is securely deleted or anonymized in accordance with our data retention procedures.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our website and Services. These include:

  • Essential cookies: Required for the basic functionality of the website and Services
  • Analytics cookies: Help us understand how visitors interact with our website and measure performance
  • Fraud prevention: Device fingerprinting and activity monitoring to detect and prevent fraudulent activity

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Services.

7. Data Security

We implement appropriate organizational, technical, and administrative measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

While we strive to protect your data, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure that appropriate safeguards are in place, including standard contractual clauses and equivalent data protection agreements, to provide a level of protection consistent with applicable data protection laws.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data, subject to legal retention requirements
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to processing of your data based on legitimate interests
  • Withdrawal of consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact our support team. We will respond to your request within the timeframe required by applicable law.

10. Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Merchant Portal at least 30 days before the changes take effect. The “Last updated” date at the top of this page indicates when this policy was last revised.

12. Contact

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact our support team.