CardoPay (“we”) respects your privacy. This policy explains what personal information we collect, how we use, store, share, and protect it, and what rights you may have. It should be read together with our Terms of Service. If you do not agree, please do not use our services.
1. Information we collect
Depending on the features you use, we may process:
- Account information: email, credentials, display name, language preferences; in verification flows we may collect name, ID type and number, nationality, and similar KYC fields (as shown on screen).
- Transaction & service data: deposit orders, card issuance and closure, authorizations and settlements, refunds and disputes, and support conversations.
- Technical & device data: IP address, device identifiers, browser type, coarse location for risk and compliance, logs and crash reports.
- Information you voluntarily submit: messages via tickets, email, or surveys.
2. How we use information
We process personal information where lawful, fair, and necessary, typically to:
- Perform our contract: operate your account, process funding and card instructions, and provide support;
- Comply with law: AML/KYC, lawful requests from regulators and courts;
- Legitimate interests: detect and prevent fraud, abuse, and attacks, and improve security and reliability (balanced against your rights);
- With consent, for marketing or research where allowed (you may withdraw consent).
3. Sharing & processors
We do not sell your personal information. We may disclose information when:
- Issuing & payments infrastructure: to licensed issuers, card networks, and processors as needed to issue cards and settle transactions;
- Service providers: hosting, email/SMS, analytics and risk tools—bound by contract and limited to this policy’s purposes;
- Legal requirements: where required by law, litigation, or lawful government requests;
- Business transfers: in a merger, acquisition, or asset sale, we will require successors to honor this policy or notify you as appropriate.
4. International transfers
To support global payments, information may be transferred outside your country to jurisdictions where we or our partners operate. We use appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) where required and obtain consent when mandated.
5. Retention
We retain data only as long as needed for the purposes above or as required by law (for example AML record-keeping). After that period we delete or anonymize data so it can no longer identify you.
6. Security
We implement industry-standard technical and organizational measures (encryption in transit, access controls, security reviews). No system is perfectly secure; if an incident may affect you, we will notify and respond as required by law.
7. Your rights
Where applicable law provides, you may contact us to:
- Access, correct, or receive a copy of your personal information;
- Restrict or object to certain processing;
- Request deletion or account closure where conditions are met;
- Withdraw consent for processing based on consent (without affecting prior lawful processing).
8. Cookies & similar technologies
We use cookies and local storage to keep you signed in, remember language, and measure traffic. See our Cookie Policy in the legal bundle for categories and controls. Browser restrictions may degrade functionality.
9. Minors
Our services are intended for adults. If we learn a minor provided information without guardian consent, we will delete it and restrict the account where appropriate.
10. Updates
We may revise this policy from time to time. We will post updates with an effective date and, where changes materially affect your rights, provide additional notice when practicable. Please review periodically.