hazPay

Privacy Policy

Last Updated: December 16, 2025

1. Introduction

ShazPay ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment processing platform and services, including our FlexiFund feature, QR code generation, invoicing, and analytics tools.

By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We collect personal information you provide directly to us, including:

  • Account Information: Name, email address, phone number, business name, tax identification number
  • Identity Verification: Government-issued ID, passport, driver's license, business registration documents
  • Financial Information: Bank account details, routing numbers, payment method information
  • Profile Information: Business description, website URL, profile picture, business logo
  • Communication Data: Messages, support tickets, feedback, and correspondence

2.2 Transaction Information

For payment processing and FlexiFund services, we collect:

  • Payment Data: Transaction amounts, payment methods, currency, payment dates
  • Customer Information: Payer names, email addresses, billing addresses
  • FlexiFund Data: Payment plan configurations, installment schedules, milestone information
  • Invoice Data: Invoice details, line items, customer information, payment terms
  • QR Code Usage: QR code generation timestamps, usage analytics

2.3 Technical Information

We automatically collect technical information, including:

  • Device Information: IP address, browser type, device type, operating system
  • Usage Data: Pages visited, features used, time spent, click patterns
  • Performance Data: Error logs, system performance metrics, API usage
  • Location Data: General geographic location based on IP address
  • Cookies and Tracking: Session data, preferences, authentication tokens

2.4 Third-Party Information

We may receive information from third parties, including:

  • Payment Processors: Transaction data, fraud detection information, verification results
  • Identity Verification Services: Background checks, business verification, compliance data
  • Analytics Providers: Website usage statistics, user behavior patterns
  • Customer Reports: Dispute information, chargeback data, customer feedback

3. How We Use Your Information

3.1 Service Provision

We use your information to:

  • Process payments and manage payment links
  • Facilitate FlexiFund payment plans and installment processing
  • Generate and manage invoices
  • Create QR codes for payment links
  • Provide analytics and reporting features
  • Manage your subscription and billing
  • Deliver customer support and technical assistance

3.2 Security and Compliance

We use your information to:

  • Verify your identity and prevent fraud
  • Comply with anti-money laundering (AML) and Know Your Customer (KYC) requirements
  • Monitor for suspicious activities and security threats
  • Conduct risk assessments and due diligence
  • Respond to legal requests and regulatory requirements

3.3 Platform Improvement

We use aggregated and anonymized data to:

  • Improve our services and develop new features
  • Analyze usage patterns and performance metrics
  • Conduct research and data analysis
  • Optimize user experience and interface design
  • Test new functionality and features

3.4 Communication

We may use your contact information to:

  • Send transaction confirmations and receipts
  • Provide account notifications and updates
  • Send marketing communications (with your consent)
  • Deliver important service announcements
  • Respond to your inquiries and support requests

4. Information Sharing and Disclosure

4.1 Stripe Payment Processing

We share information with Stripe, Inc. for payment processing services. Information shared with Stripe includes:

  • Account Information: Business details, contact information, tax IDs
  • Identity Verification: Documents and information required for KYC compliance
  • Transaction Data: Payment amounts, customer information, transaction details
  • Banking Information: Account details for payouts and settlements
  • Risk and Fraud Data: Information used for fraud prevention and risk assessment

Stripe's use of this information is governed by Stripe's Privacy Policy. We encourage you to review their privacy practices.

4.2 Other Service Providers

We also share information with other trusted service providers, including:

  • Cloud Infrastructure: Hosting, storage, and computing services
  • Identity Verification: KYC and compliance verification services
  • Analytics Providers: Usage analytics and performance monitoring
  • Customer Support: Help desk and communication platforms
  • Security Services: Fraud detection and cybersecurity monitoring

4.3 Legal and Regulatory

We and Stripe may disclose information when required by law or to:

  • Comply with legal obligations and court orders
  • Respond to government requests and regulatory inquiries
  • Meet financial services regulations and compliance requirements
  • Cooperate with law enforcement investigations
  • Protect our rights, property, and safety
  • Prevent fraud and investigate security incidents
  • Enforce our Terms of Service and Stripe's terms
  • Comply with card network rules and regulations

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections. Note that your Stripe account and data are subject to Stripe's own terms regarding business transfers.

4.5 Consent-Based Sharing

We may share information with your explicit consent for specific purposes, such as integrations with third-party services or marketing partnerships.

5. Data Security

5.1 Security Measures

We and Stripe implement comprehensive security measures, including:

  • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Access Controls: Role-based access, multi-factor authentication, regular access reviews
  • Infrastructure Security: Secure cloud hosting, firewalls, intrusion detection
  • Payment Security: Stripe's PCI DSS Level 1 certified infrastructure
  • Monitoring: 24/7 security monitoring and incident response
  • Compliance: SOC 2 Type II certification and financial services compliance
  • Fraud Prevention: Advanced machine learning fraud detection systems

Stripe maintains additional security certifications and undergoes regular security audits. Their security practices are detailed in Stripe's Security documentation.

5.2 Data Retention

We retain information for the following periods. Note that Stripe may have different retention periods governed by their policies:

  • Account Data: While your account is active and for 7 years after closure
  • Transaction Records: 10 years for compliance and tax purposes (may be longer per Stripe's requirements)
  • Payment Data: Retained by Stripe according to their data retention policies
  • KYC/Identity Data: As required by financial services regulations and Stripe's compliance requirements
  • Communication Data: 3 years for support and legal purposes
  • Technical Logs: 90 days for security and performance monitoring
  • Marketing Data: Until you withdraw consent or 2 years of inactivity

6. Your Privacy Rights

6.1 Access and Portability

You have the right to:

  • Access your personal information
  • Request a copy of your data in a portable format
  • Review how your information is used
  • Download your transaction history and analytics data

6.2 Correction and Updates

You can:

  • Update your account information through your dashboard
  • Correct inaccurate or incomplete information
  • Modify your communication preferences
  • Update your business and financial information

6.3 Deletion and Restriction

You may request to:

  • Delete your account and associated data (subject to legal retention requirements)
  • Restrict processing of your information
  • Object to certain uses of your data
  • Withdraw consent for marketing communications

6.4 California Privacy Rights (CCPA)

California residents have additional rights, including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising privacy rights

6.5 European Privacy Rights (GDPR)

EU residents have rights under GDPR, including:

  • Right to access, rectify, and erase personal data
  • Right to data portability
  • Right to object to processing
  • Right to lodge complaints with supervisory authorities

7. International Data Transfers

We and Stripe may transfer your information to countries outside your jurisdiction for processing and storage. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by regulatory authorities
  • Certification under approved frameworks
  • Explicit consent where required
  • Stripe's global compliance and data localization measures

Stripe processes payments globally and their international data transfer practices are detailed in their Privacy Policy and GDPR compliance documentation.

8. Cookies and Tracking Technologies

8.1 Types of Cookies

We use several types of cookies:

  • Essential Cookies: Required for basic platform functionality
  • Analytics Cookies: Help us understand how you use our services
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Used for targeted advertising (with consent)

8.2 Cookie Management

You can control cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may affect platform functionality.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated via email or platform notification at least 30 days before taking effect.

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:

Email: legal@shazpay.link

Postal Address:

ShazPay Privacy Team

UK Address:

85 Cole Bank Rd, Hall Green

Birmingham B28 8HG, United Kingdom

US Address:

7901 4th St N #16774

St. Petersburg, FL 33702, United States

12. Regulatory Compliance

Our privacy practices comply with applicable regulations, including:

  • GDPR: European Union General Data Protection Regulation
  • CCPA: California Consumer Privacy Act
  • PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
  • PCI DSS: Payment Card Industry Data Security Standards
  • SOX: Sarbanes-Oxley Act compliance for financial data

← Back to ShazPay