Privacy Policy

1. Who We Are

PAYSERV LLC ("PayServ", "we", "us", or "our") is an Independent Software Vendor (ISV) and neutral payment orchestration middleware provider registered and operating as a software aggregator.

We do not hold merchant funds, act as a money transmitter, process raw cardholder data, or underwrite merchant risk. Our services are limited to software integration, routing configuration, test automation, and data normalisation.

2. Information We Collect

Account Registration Data: When you create a PayServ account, we collect your name, email address, company name, job title, and billing information.

Technical Usage Data: We collect API request metadata (endpoint, timestamp, response status, latency) for platform monitoring, debugging, and abuse prevention. We do not log raw cardholder data (PAN, CVV, expiry) at any point.

Payment Credentials (Encrypted): Merchant PSP API credentials submitted to PayServ are encrypted at rest using AES-256-GCM and transmitted to downstream PSPs over TLS 1.3 only. These credentials are never logged in plaintext.

Communication Data: If you contact us via email, support tickets, or live chat, we retain those communications to assist in resolving your queries.

Cookies & Analytics: We use first-party cookies for session management and analytics tools to understand platform usage patterns. We do not sell behavioural data to third parties.

3. How We Use Your Information

To provide, maintain, and improve the PayServ platform and its associated services.

To authenticate users and manage access controls across your organisation's PayServ account.

To route payment transactions through your configured PSP connectors using your credentials.

To send service notifications, security alerts, and product update communications.

To meet our legal obligations, including fraud prevention, anti-money-laundering (AML) checks, and regulatory compliance requirements.

4. Data Sharing & Third Parties

PSP Credential Passthrough: Your PSP API credentials are transmitted to your authorised downstream Payment Service Providers solely for the purpose of executing your payment transactions. We do not share credentials with any other party.

Infrastructure Providers: We use cloud infrastructure providers (such as AWS) to host and operate the PayServ platform. These providers are bound by data processing agreements and do not have access to unencrypted merchant data.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

5. Data Retention

Account data is retained for the duration of your active PayServ subscription plus 7 years to comply with financial record-keeping regulations.

API request logs are retained for 90 days for debugging and audit purposes, after which they are deleted or anonymised.

You may request deletion of your personal data by contacting privacy@payserv.com. Requests will be processed within 30 days, subject to legal retention obligations.

6. Your Rights

Depending on your jurisdiction, you may have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict processing; and request data portability.

To exercise any of these rights, contact privacy@payserv.com. We will respond within 30 days.

7. Security

PayServ implements industry-standard security controls including: TLS 1.3 for all data in transit; AES-256-GCM encryption for credentials at rest; role-based access controls; regular penetration testing; and a SOC 2-aligned security programme.

Despite these measures, no system is completely immune to risk. We recommend using strong API key management practices and rotating credentials regularly.

8. Contact

For privacy-related enquiries, contact our Data Protection team at privacy@payserv.com or write to: PAYSERV LLC, Attn: Privacy Team.