Privacy
Policy

At Epay Financial Technologies, we believe privacy is a fundamental right — not a checkbox. This policy explains exactly what data we collect, why we collect it, and how we protect it.

We process payments for thousands of businesses, which means we handle sensitive financial data every day. We take that responsibility seriously.

We collect information you provide directly: account registration details (name, email, phone number), business information, and payment credentials required to process transactions.

We also collect data automatically when you use our services: device identifiers, IP addresses, browser type, and usage patterns. This helps us detect fraud and improve performance.

We do not sell your personal data. Ever.

Your data powers the core of our service: processing payments, verifying identities, preventing fraud, and keeping your account secure.

We use aggregated, anonymized analytics to improve our platform. We may send you transactional emails and, with your consent, product updates.

We never use your data for advertising or share it with third-party marketers.

We share data only with partners essential to delivering our service: payment networks (Visa, Mastercard), banking partners for settlement, and infrastructure providers under strict data processing agreements.

We may disclose data when required by law, court order, or to protect the rights and safety of our users and the public.

All third parties are contractually bound to handle your data with the same level of care we apply.

We use AES-256 encryption at rest and TLS 1.3 in transit. Our infrastructure is PCI-DSS Level 1 certified — the highest standard in payment security.

Access to production systems is restricted, logged, and audited. We conduct regular penetration tests and third-party security audits.

In the event of a data breach, we will notify affected users within 72 hours as required by applicable regulations.

You have the right to access, correct, or delete your personal data at any time. You can export your data in a machine-readable format.

You may withdraw consent for non-essential data processing, opt out of marketing communications, and request restriction of processing while a dispute is resolved.

To exercise any of these rights, contact our Data Protection Officer at privacy@epay.com. We respond within 30 days.

We use strictly necessary cookies to keep you logged in and secure your session. We use analytics cookies (with your consent) to understand how our platform is used.

We do not use advertising or cross-site tracking cookies. You can manage your cookie preferences at any time through your account settings.

We retain transaction records for 7 years to comply with financial regulations. Account data is kept for the duration of your relationship with us, plus 2 years.

When you close your account, we delete or anonymize personal data within 90 days, except where retention is required by law.

Questions about this policy or how we handle your data? Reach our Data Protection Officer directly.

Email: privacy@epay.com Address: Epay Financial Technologies, 123 Finance Street, Nairobi, Kenya Response time: Within 30 business days