Privacy Policy

1. Introduction

Welcome to ZehaPay. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our cryptocurrency payment gateway services.

ZehaPay ("we", "us", or "our") operates as a payment service provider, enabling merchants to accept cryptocurrency payments. This policy applies to all users of our platform, including merchants, customers, and website visitors.

2. Information We Collect

2.1 Account Information

When you register as a merchant, we collect:

• Full name and email address
• Business information (company name, website, business type)
• Cryptocurrency wallet addresses for payment settlements
• API keys and integration settings

2.2 Transaction Data

For each payment transaction, we process:

• Payment amount (in fiat and cryptocurrency)
• Cryptocurrency type and blockchain network
• Sender's cryptocurrency address (publicly visible on blockchain)
• Transaction hash and blockchain confirmation status
• Transaction timestamps and payment status

2.3 Technical Data

We automatically collect:

• IP address and browser information
• Device type and operating system
• Referral source and website navigation data
• Cookies and similar tracking technologies

2.4 Communications

We store correspondence when you contact our support team, including email communications, support tickets, and feedback.

3. How We Use Your Information

We use your data for the following purposes:

• Service Delivery: Processing cryptocurrency payments, managing transactions, and settling funds to your wallets
• Account Management: Creating and maintaining your merchant account, authentication, and security
• Compliance: Meeting legal obligations including anti-money laundering (AML) and know-your-customer (KYC) requirements
• Communication: Sending transaction notifications, service updates, and responding to support requests
• Security: Detecting and preventing fraud, unauthorized access, and security threats
• Analytics: Improving our services, analyzing usage patterns, and optimizing performance
• Legal Protection: Enforcing our terms of service and protecting our rights and property

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

• Contractual Necessity: Processing payments and providing our services as agreed in our Terms of Service
• Legal Obligation: Complying with financial regulations, AML/KYC laws, and tax requirements
• Legitimate Interest: Fraud prevention, security monitoring, and service improvement
• Consent: Marketing communications and optional features (you can withdraw consent anytime)

5. Data Sharing and Disclosure

We may share your information with:

5.1 Service Providers

• Blockchain node providers for transaction verification
• Cryptocurrency exchange services for automatic conversions
• Cloud hosting providers (data storage and infrastructure)
• Email service providers for transactional notifications

5.2 Legal Requirements

We may disclose your information when required by law, court order, or government request, or to protect our legal rights and prevent fraud.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner under the same privacy protections.

We do NOT: Sell your personal data to third parties or use it for unrelated marketing purposes.

6. Blockchain Transparency Notice

7. Data Security

We implement industry-standard security measures:

• TLS/SSL encryption for data transmission
• Encrypted database storage for sensitive information
• Two-factor authentication (2FA) for merchant accounts
• Regular security audits and vulnerability assessments
• Access controls and employee confidentiality agreements
• Secure API key management with rate limiting

8. Data Retention

We retain your data for as long as necessary:

• Active Accounts: Data retained while your account is active and for up to 7 years after closure for legal compliance
• Transaction Records: Maintained for 7 years to comply with financial regulations and tax laws
• Marketing Data: Deleted within 30 days of unsubscribe request
• Technical Logs: Retained for 90 days for security and troubleshooting purposes

9. Your Privacy Rights

Under GDPR and other privacy laws, you have the right to:

• Access: Request a copy of your personal data we hold
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data
• Object: Opt-out of certain processing activities
• Withdraw Consent: Revoke consent for optional data processing
• Complain: Lodge a complaint with your local data protection authority

To exercise these rights, contact us at [email protected]

10. Cookies and Tracking

We use cookies and similar technologies to improve your experience. For detailed information, see our Cookie Policy.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure adequate safeguards are in place, including standard contractual clauses and data processing agreements, to protect your information in compliance with GDPR and other applicable laws.

12. Children's Privacy

ZehaPay is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal information, please contact us immediately.

13. Changes to This Policy

We may update this privacy policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email to registered merchants. Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, concerns, or to exercise your rights, contact us: