These terms are working drafts and have NOT been reviewed by qualified counsel. They must be reviewed before any production-facing rollout. Last updated 2026-05-08.

Privacy Policy

Last updated: 2026-05-08

This Privacy Policy explains how MALOPAY collects, uses, and protects personal data on the malopay.com Platform. It covers users of the Platform - merchants, merchant staff, and consumers applying for a financing offer.

1. Who is responsible

MALOPAY (the "controller") determines how your data is processed when you use the Platform. The financing partner that decides your application is a separate controller for their decisioning data.

2. What we collect

Account: name, email, role. Merchant onboarding: business details, beneficial owner information, uploaded KYB documents. Customer applications: name, address, date of birth, phone, financing choice, consent records. Operational: IP, user agent, access timestamps. We do not collect payment card numbers.

3. Why we process it

Operating the Platform; routing applications to regulated partners; complying with audit, anti-fraud, anti-money-laundering, and consumer-credit regulation; sending transactional and lifecycle emails; producing aggregated reporting.

4. Legal bases

Performance of contract for account and platform operation; legitimate interest for fraud prevention, audit, and aggregated analytics; legal obligation for regulatory record-keeping; consent for any optional marketing.

5. Who we share with

Financing partners (to deliver the application you initiated), email infrastructure (to deliver transactional email), hosting and database infrastructure (to operate the Platform), and government bodies where required by law. We do not sell personal data.

6. How long we keep it

Account data: while your account is active and for the audit window required by your jurisdiction. Application data: per partner agreement and applicable law (typically 6–7 years from the credit decision). Email and audit logs: retained per the platform's logging policy.

7. Your rights

You can access, correct, delete, or restrict processing of your personal data, and object to legitimate-interest processing. Submit requests to compliance@malopay.com. We respond within the period required by your local law (typically 30 days).

8. International transfers

Where data is transferred outside your country, we use the legal safeguards required (for example Standard Contractual Clauses for EU/UK transfers) and disclose this in your account region.

9. Security

We use industry-standard encryption in transit and at rest, role-based access controls, audit logging of every sensitive action, and regular review of partner data flows.

10. Complaints

Contact compliance@malopay.com first. You can also complain to the data protection authority of your country if you remain unsatisfied.