Legal

Privacy Policy

Last updated: 5/24/2026

1. Information We Collect

We collect information that you provide directly (name, email, country, phone), information about transactions (gift card details, payout methods), and technical data (IP address, device fingerprint) to prevent fraud.

2. How We Use Information

• To verify your identity and process payouts.
• To detect and prevent fraud, including AI-driven risk scoring.
• To comply with regulatory and AML/KYC requirements.
• To communicate with you about your transactions and product updates.

3. Data Security

Card data is encrypted in transit (TLS 1.3) and at rest (AES-256). Gift card numbers are masked in our database — we never store the full unmasked card number after verification.

4. Sharing of Information

We do not sell your data. We share information with payment processors, fraud-prevention vendors, and law enforcement only when legally required.

5. Cookies

We use httpOnly cookies for authentication and analytics cookies (with consent) to improve our service.

6. Your Rights

You have the right to access, correct, or delete your personal data and to opt out of marketing communications. Contact privacy@giftopay.com to exercise these rights.

7. International Transfers

Your data may be processed in the US, UK, UAE, or Canada. We apply appropriate safeguards for cross-border transfers.

8. Retention

Transaction records are retained for at least 5 years to meet AML obligations. Inactive accounts may be deleted after 24 months.

9. Children

Giftopay is not intended for users under 18.

10. Changes

We may update this Policy. Material changes will be communicated via email or in-app notice.