Privacy Policy

What we do with your data.

Last updated: April 1, 2026

Draft — pending counsel review. · The text below reflects intent and structure; the production version will be reviewed by a licensed attorney before publication. For questions: legal@payminty.app

At Payminty we take responsibility for your data seriously. This document explains what information we collect, how we use it, who we share it with, and your rights — in plain, readable language. We don't collect anything we're not legally required to, and we never sell your data.

Information we collect

Account information (name, email, phone, ID photo for KYC), transaction data (transfers, recipient, date, amount), device data (IP, device type, session), optional marketing preferences. Credit card details are processed on PCI DSS Level 1 compliant infrastructure — we don't see them, our partner payment services do.

How we use information

To provide service (execute transfers, manage your account), security (fraud detection, sanctions screening), legal obligations (KYC/AML), improvement (anonymous aggregate analysis), optionally marketing (only if you've explicitly opted in). We don't do ad profiling. We don't sell data to third-party advertisers — neither anonymous nor aggregate.

Who we share with

Service providers (hosting, analytics, payment rails, email) only with the minimum data necessary to provide the service. Under legal obligation (court order, regulator request). In a company merger or sale (60-day prior notice). We never sell. We never give to third-party advertisers.

Your rights

Right to access your data (downloadable export with one tap). Correction. Deletion (subject to our legal retention obligations). Portability (JSON/CSV). Marketing opt-out. Object to processing. Exclusion from automated decision-making. Additional rights may apply under GDPR (EU), KVKK (Türkiye), CCPA (California), LGPD (Brazil). Email legal@payminty.app — we respond within 30 days.

Data retention periods

Account data is retained while the account is active. After account closure: 90-day grace period, then deletion or anonymization. KYC data retained 5 years by law (AML regulation). Transaction records 10 years (tax/audit). Marketing data 30 days after opt-out.

Data security

End-to-end encryption (TLS 1.3 in transit, AES-256 at rest), biometric authentication, hardware security modules (HSM), 24/7 SOC monitoring. We're SOC 2 Type II and PCI DSS Level 1 certified. For detailed security architecture, see /security.

International data transfers

Data is primarily processed in the EU and Türkiye. Transfers outside the EU happen under Standard Contractual Clauses (SCC) or adequacy decisions. We've initiated the EU-US Data Privacy Framework certification process.

Children

Children aged 13+ can be included on a Payminty Family account with parent/guardian consent. Accounts cannot be opened for under-13s; if opened, they will be deleted. COPPA and KVKK child provisions apply.

Policy changes

Material changes are announced at least 30 days in advance via email + in-app notification. Minor changes are reflected on this page with the "Last updated" date.

For questions, requests, or concerns, email legal@payminty.app. Or reach us through other channels on the contact page — you'll get a response from our DPO (Data Protection Officer) team within an average of 5 business days.

All contact channels

Cookies

We use cookies to improve your experience. Pressing "Accept all" gives consent for analytics and marketing cookies. Details in our Privacy Policy.