GiganPay ← Back to home
Legal

Privacy Policy

Last updated: July 2026

This Privacy Policy explains how GiganPay ("we", "us") collects, uses, shares and protects personal data when you visit our website, register as a merchant, or when payments are processed through our platform. We process personal data in accordance with applicable data-protection law.

1. Who we are

GiganPay operates a payment orchestration platform that routes card and cryptocurrency transactions between merchants and third-party payment providers. For merchant account data we act as a data controller; for cardholder data processed on behalf of merchants we generally act as a data processor.

2. Data we collect

3. How we use data

4. Legal bases

Where GDPR or similar law applies, we rely on: performance of a contract (providing the Services); legitimate interests (platform security, fraud prevention, service improvement); legal obligation (record-keeping, compliance); and consent where required (for example, non-essential cookies).

5. Sharing and processors

We share data with the payment providers, acquirers and networks needed to execute each transaction; with infrastructure and hosting suppliers; and with authorities where legally required. We do not sell personal data. Providers receive only the data necessary to process the specific transaction routed to them.

6. International transfers

Because payments are global, data may be transferred to providers outside your country. Where required, we use appropriate safeguards such as standard contractual clauses or rely on adequacy decisions.

7. Retention

Merchant and transaction records are retained for as long as your account is active and thereafter as required by financial-services record-keeping obligations. Technical request/response logs are pruned automatically on a rolling retention schedule. Backup archives are retained on a limited rotation.

8. Security

We apply technical and organisational measures including TLS encryption in transit, hashed credentials, masked card data (BIN and last four only), signed webhooks, access controls, login throttling and continuous monitoring. No system is perfectly secure; report suspected incidents to [email protected].

9. Your rights

Subject to applicable law, you may request access to, correction or deletion of your personal data, restriction of or objection to processing, and data portability. Where processing is based on consent you may withdraw it at any time. To exercise a right, contact [email protected]; we may need to verify your identity. You may also lodge a complaint with your supervisory authority.

If you are a customer of one of our merchants, we may refer your request to that merchant, who controls the purposes of the processing.

10. Cookies

Our use of cookies and similar technologies is described in the Cookies Policy.

11. Children

The Services are business tools and are not directed at children. We do not knowingly collect personal data from children.

12. Changes and contact

We may update this Policy from time to time; the "Last updated" date shows the current version. Material changes will be notified through the dashboard or by email. Contact for privacy matters: [email protected].