This Privacy Policy explains how GiganPay ("we", "us") collects, uses, shares and protects personal data when you visit our website, register as a merchant, or when payments are processed through our platform. We process personal data in accordance with applicable data-protection law.
Contents
1. Who we are
GiganPay operates a payment orchestration platform that routes card and cryptocurrency transactions between merchants and third-party payment providers. For merchant account data we act as a data controller; for cardholder data processed on behalf of merchants we generally act as a data processor.
2. Data we collect
- Merchant account data — name, business details, contact email, login credentials (passwords are stored hashed), time zone and settings.
- Transaction data — amounts, currency, timestamps, payment method, masked card details (BIN and last four digits only), payment status and routing history. We do not store full card numbers or CVV codes in our logs; sensitive values are redacted or masked before storage.
- Customer data supplied by merchants — such as the payer's name, email and country, to the extent required to process a payment.
- Technical data — IP address, approximate location derived from IP, device and browser information, and security logs.
3. How we use data
- To provide the Services: routing transactions, cascading fallbacks, settlement and reporting.
- To secure the platform: fraud screening, brute-force protection, audit logging and incident response.
- To meet legal obligations, including anti-money-laundering and sanctions screening where applicable.
- To communicate service notices and respond to support requests.
4. Legal bases
Where GDPR or similar law applies, we rely on: performance of a contract (providing the Services); legitimate interests (platform security, fraud prevention, service improvement); legal obligation (record-keeping, compliance); and consent where required (for example, non-essential cookies).
5. Sharing and processors
We share data with the payment providers, acquirers and networks needed to execute each transaction; with infrastructure and hosting suppliers; and with authorities where legally required. We do not sell personal data. Providers receive only the data necessary to process the specific transaction routed to them.
6. International transfers
Because payments are global, data may be transferred to providers outside your country. Where required, we use appropriate safeguards such as standard contractual clauses or rely on adequacy decisions.
7. Retention
Merchant and transaction records are retained for as long as your account is active and thereafter as required by financial-services record-keeping obligations. Technical request/response logs are pruned automatically on a rolling retention schedule. Backup archives are retained on a limited rotation.
8. Security
We apply technical and organisational measures including TLS encryption in transit, hashed credentials, masked card data (BIN and last four only), signed webhooks, access controls, login throttling and continuous monitoring. No system is perfectly secure; report suspected incidents to [email protected].
9. Your rights
Subject to applicable law, you may request access to, correction or deletion of your personal data, restriction of or objection to processing, and data portability. Where processing is based on consent you may withdraw it at any time. To exercise a right, contact [email protected]; we may need to verify your identity. You may also lodge a complaint with your supervisory authority.
If you are a customer of one of our merchants, we may refer your request to that merchant, who controls the purposes of the processing.
10. Cookies
Our use of cookies and similar technologies is described in the Cookies Policy.
11. Children
The Services are business tools and are not directed at children. We do not knowingly collect personal data from children.
12. Changes and contact
We may update this Policy from time to time; the "Last updated" date shows the current version. Material changes will be notified through the dashboard or by email. Contact for privacy matters: [email protected].