Anton Payments

Legal

Privacy Policy

Last updated: January 2024

1. Introduction

At Anton Payments, we are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment processing services, website, and related platforms (collectively, the "Services").

This policy applies to all users of our Services, including merchants, payees, referral partners, and visitors to our website. By using our Services, you consent to the data practices described in this policy.

We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, phone number, password, and other account registration details
  • Business Information: Company name, business type, tax identification number (EIN/TIN), business address, incorporation documents, and business registration information
  • Identity Verification: Government-issued identification documents (driver's license, passport), proof of address, social security number (where required), and other KYC/KYB documentation
  • Financial Information: Bank account details, routing numbers, account numbers, credit card information, payment method details, and financial statements
  • Payee Information: Recipient names, addresses, bank account details, tax identification numbers, and other information necessary to process payouts
  • Communication Records: Support tickets, emails, chat logs, phone call recordings, and other communications with us
  • Profile Information: Preferences, settings, and other information you choose to provide

2.2 Information We Collect Automatically

When you use our Services, we automatically collect certain information, including:

  • Device Information: IP address, browser type and version, operating system, device identifiers, mobile network information, and device settings
  • Usage Data: Pages visited, features used, time spent on pages, clickstream data, search queries, and navigation patterns
  • Transaction Data: Payment amounts, dates, currencies, recipient information, transaction status, fees, and related metadata
  • Technical Data: Log files, error reports, performance data, API usage statistics, and system configuration information
  • Location Data: General geographic location based on IP address (we do not collect precise GPS location without your consent)
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixel tags, and similar technologies (see our Cookie Policy for more details)

2.3 Information We Collect from Third Parties

We may collect information about you from third-party sources, including:

  • Identity Verification Services: Information from credit bureaus, identity verification providers, and KYC/KYB service providers
  • Payment Providers: Transaction status, payment confirmations, and related information from our payment processing partners
  • Financial Institutions: Bank account verification, account status, and related financial information
  • Public Records: Business registration information, sanctions lists, and other publicly available information
  • Referral Partners: Information shared by referral partners who referred you to our Services
  • Social Media: If you connect your social media accounts, we may collect information from those platforms

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • Create and manage your account
  • Process payments and transactions
  • Provide customer support and respond to inquiries
  • Send transaction confirmations, receipts, and notifications
  • Manage your account balance and funding
  • Provide API access and technical support

3.2 Compliance and Risk Management

  • Verify your identity and conduct KYC/KYB checks
  • Comply with anti-money laundering (AML) and sanctions screening requirements
  • Detect, prevent, and investigate fraud, money laundering, and other illegal activities
  • Comply with legal obligations and regulatory requirements
  • Maintain audit trails and compliance records
  • Report to regulatory authorities as required by law

3.3 Service Improvement

  • Analyze usage patterns and trends to improve our Services
  • Develop new features and functionality
  • Conduct research and analytics
  • Test and optimize our Services
  • Monitor and improve security and performance

3.4 Communication

  • Send you service-related communications (transactional emails, account updates)
  • Send you marketing communications (with your consent, where required)
  • Notify you about changes to our Services or policies
  • Respond to your comments, questions, and requests
  • Send you security alerts and important notices

3.5 Legal and Business Purposes

  • Enforce our Terms of Service and other agreements
  • Protect our rights, property, and safety, and that of our users and others
  • Respond to legal process, court orders, and government requests
  • Facilitate business transfers (mergers, acquisitions, asset sales)
  • Establish, exercise, or defend legal claims

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal bases:

  • Contract Performance: To perform our contract with you and provide our Services
  • Legal Obligation: To comply with legal and regulatory requirements (e.g., AML, KYC, tax reporting)
  • Legitimate Interests: To operate our business, prevent fraud, improve our Services, and ensure security (where our interests are not overridden by your rights)
  • Consent: Where you have provided consent (e.g., for marketing communications, cookies)

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Payment processors and financial institutions
  • Identity verification and KYC/KYB service providers
  • Cloud hosting and infrastructure providers
  • Customer support and communication platforms
  • Analytics and data processing services
  • Security and fraud prevention services
  • Legal, accounting, and professional services

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Payment Providers and Networks

We share transaction and payee information with payment providers and networks (e.g., banks, ACH networks, wire transfer services) to process your payments. These entities have their own privacy policies governing how they use your information.

5.3 Legal Requirements

We may disclose your information when required by law, court order, or government regulation, including:

  • Responding to subpoenas, warrants, or other legal process
  • Complying with AML, KYC, and sanctions screening requirements
  • Reporting to tax authorities and regulatory bodies
  • Cooperating with law enforcement investigations
  • Protecting our rights and preventing illegal activities

5.4 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity or successor organization.

5.5 With Your Consent

We may share your information with third parties when you have given us explicit permission to do so.

5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, analytics, and business purposes.

6. Data Security

We implement comprehensive technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption: Data encryption in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access controls, multi-factor authentication, and least-privilege principles
  • Network Security: Firewalls, intrusion detection systems, and DDoS protection
  • Security Monitoring: Continuous monitoring, logging, and incident response procedures
  • Compliance: PCI DSS Level 1 compliance, SOC 2 Type II certification, and ISO 27001 standards
  • Employee Training: Regular security awareness training and background checks
  • Vulnerability Management: Regular security assessments and penetration testing

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

In the event of a data breach that may affect your personal information, we will notify you and relevant authorities as required by applicable law.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary based on:

  • Legal Requirements: We retain financial and transaction records as required by law (typically 5-7 years, or longer in some jurisdictions)
  • Business Needs: We retain account information while your account is active and for a reasonable period thereafter
  • Compliance: We retain KYC/KYB documentation and compliance records as required by regulatory requirements
  • Dispute Resolution: We retain information relevant to disputes, claims, or legal proceedings

When we no longer need your information, we will securely delete or anonymize it, subject to our legal obligations.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

8.1 Access and Portability

  • Request access to your personal information
  • Request a copy of your data in a portable format
  • Review the personal information we hold about you

8.2 Correction and Deletion

  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal information (subject to legal and compliance requirements)
  • Request restriction of processing in certain circumstances

8.3 Objection and Opt-Out

  • Object to processing of your information for certain purposes (e.g., direct marketing)
  • Opt out of marketing communications (you can unsubscribe using the link in our emails)
  • Withdraw consent where processing is based on consent

8.4 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA, including:

  • Right to know what personal information we collect, use, and disclose
  • Right to delete your personal information
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

8.5 Exercising Your Rights

To exercise your rights, please contact us at [email protected]. We will respond to your request within the timeframes required by applicable law (typically 30 days, or 45 days for complex requests).

We may need to verify your identity before processing your request. In some cases, we may be unable to fulfill your request due to legal or compliance obligations (e.g., we cannot delete transaction records required by law).

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and use personal information about you. For detailed information about how we use cookies, the types of cookies we use, and how to manage them, please see our Cookie Policy.

10. Children's Privacy

Our Services are not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your country.

We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules where applicable
  • Other legally recognized transfer mechanisms

By using our Services, you consent to the transfer of your information to countries outside your country of residence.

12. Third-Party Links and Services

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information to them.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other reasons. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification (for material changes)
  • Displaying a notice in our platform

Your continued use of our Services after such modifications constitutes your acceptance of the modified Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Anton Payments, Inc.
Privacy Officer
Email: [email protected]
General Inquiries: [email protected]

If you are located in the EEA or UK and have concerns about our data practices, you also have the right to lodge a complaint with your local data protection authority.