Payclave legal

Privacy Policy

Payclave privacy policy for merchant accounts, hosted checkout, wallet addresses, payment records, webhooks, support data, and website usage.

Version: 2026-05-23 Effective date: 2026-05-23

1. Introduction

This Payclave Privacy Policy ("Policy") explains how Payclave collects, uses, discloses, retains, and protects personal data when merchants, customers, visitors, developers, administrators, support contacts, and other users access or use Payclave.

Payclave is non-custodial crypto checkout orchestration software for merchants. Payclave helps merchants create hosted checkout sessions, invoices, payment records, payment status pages, onchain verification records, dashboard records, API keys, audit trails, webhook deliveries, and developer integrations so customers can pay merchant invoices directly from a customer wallet to a merchant settlement wallet.

The core payment flow is:

Customer wallet -> Merchant wallet

Payclave does not take custody of merchant or customer funds, does not manage private keys, does not create internal customer wallets, does not create internal stored-value records for funds, does not provide exchange services, and does not decide whether a merchant must fulfill, cancel, refund, replace, or support an order.

This Policy covers personal data processed through:

  • Payclave websites.
  • Merchant dashboard.
  • Hosted checkout pages.
  • Payment status pages.
  • Merchant onboarding and activation.
  • API key and webhook management.
  • Developer documentation and SDK interactions.
  • Customer checkout support.
  • Merchant support.
  • Payment verification, payment records, webhook delivery, audit trails, risk checks, and related operational systems.

By using Payclave, creating an account, visiting a hosted checkout page, submitting merchant onboarding details, connecting a wallet, scanning or copying checkout payment instructions, using Payclave APIs or SDKs, contacting support, or otherwise interacting with Payclave, you acknowledge this Policy.

2. Who We Are

Payclave is operated by Payclave, Inc., a corporation organized under the laws of Delaware ("Payclave", "we", "us", or "our").

Privacy notices and requests should be sent to:

privacy@payclave.com

Legal notices should be sent to:

Payclave, Inc.
legal@payclave.com

If Payclave appoints a data protection officer, EU/UK representative, Kenya representative, or other privacy representative, Payclave will publish the relevant contact details here or in a regional notice.

3. Related Documents

This Policy should be read together with:

  • Payclave Merchant Terms and Conditions.
  • Payclave Consumer Terms of Use.
  • Payclave Cookie Policy, if published separately.
  • Payclave Data Processing Addendum, if applicable.
  • Payclave API documentation, SDK documentation, webhook documentation, and checkout disclosures.
  • Merchant privacy policies and merchant terms for purchases made through Payclave checkout.
  • Third-party wallet, chain, token, bridge, payment orchestration, analytics, cloud, support, risk, sanctions, and service provider privacy policies where applicable.

If a signed agreement, data processing addendum, or enterprise order form applies to a merchant, that document may include additional privacy and security terms.

4. Important Roles

Payclave processes personal data in different roles depending on the context.

For merchant account, dashboard, onboarding, activation, risk, security, billing, support, product analytics, legal compliance, and platform operations, Payclave generally acts as an independent data controller or similar responsible party.

For some customer checkout data processed only to provide Payclave services to a merchant, Payclave may act as a service provider, processor, or subprocesser for the merchant, depending on applicable law and the merchant agreement. The merchant remains responsible for its customer relationship, order terms, fulfillment, refunds, merchant privacy notice, and any personal data it collects outside Payclave.

For public blockchain data, no single party controls all processing once a transaction is broadcast. Blockchain transaction data may be public, permanent, copied, indexed, analyzed, and processed by wallets, explorers, validators, RPC providers, analytics providers, law enforcement, regulators, researchers, and other third parties outside Payclave's control.

If you are a customer paying a merchant, review the merchant's privacy policy too. The merchant may receive checkout and transaction information from Payclave and may combine it with order, shipping, support, tax, fulfillment, and account information the merchant collects separately.

5. Personal Data We Collect

The personal data we collect depends on how you interact with Payclave.

5.1 Merchant Account and Business Information

When a merchant creates an account, uses the dashboard, applies for live mode, creates API keys, configures webhooks, or receives support, we may collect:

  • Name.
  • Email address.
  • Phone number.
  • Login credentials or authentication tokens.
  • Business legal name.
  • Business display name.
  • Business type.
  • Country, state, city, postal code, and business address.
  • Website URL.
  • Support contact.
  • Industry and business description.
  • Registration number, tax ID, or similar business identifiers where requested.
  • Incorporation date or operating history.
  • Expected transaction volume.
  • Control person details.
  • Beneficial owner details.
  • Authorized user details.
  • Admin roles and permissions.
  • Merchant onboarding responses.
  • Live activation review information.
  • Settlement wallet addresses.
  • API key metadata.
  • Webhook endpoint URLs.
  • Risk flags, review notes, and internal compliance status.
  • Support messages and attachments.

We may request additional information if needed for business verification, fraud prevention, sanctions screening, legal compliance, security review, risk review, tax compliance, or account support.

5.2 Account Authentication and Google Sign-In Data

If you choose to sign in or sign up with Google, Payclave uses Google OAuth to authenticate you, create or link your Payclave account, and protect account access. Depending on what Google returns, we may collect or process:

  • Google account subject ID or similar Google account identifier.
  • Email address.
  • Email verification status.
  • Name.
  • Profile image URL.
  • OAuth authorization code and access token used temporarily to request Google user information.
  • Sign-in flow, callback, state, security, browser, device, IP address, and timestamp metadata.

Payclave requests Google user information scopes for basic profile and email authentication. Payclave does not ask for your Google password and does not request access to Google Drive, Gmail, Calendar, Contacts, or similar Google product content unless a future feature clearly asks for additional permission.

Payclave uses Google user data only to:

  • Authenticate you.
  • Create, link, and secure your Payclave account.
  • Confirm that the Google account email is verified.
  • Prevent duplicate accounts, account takeover, fraud, abuse, and unauthorized access.
  • Maintain account, session, security, audit, and support records.
  • Provide and improve user-facing Payclave account functionality.

Payclave does not sell Google user data. Payclave does not use Google user data for targeted advertising, interest-based advertising, credit-worthiness, lending, sale to data brokers, information-reseller services, unrelated profiling, or training general-purpose AI models. Payclave does not share Google user data except with service providers that help operate Payclave account, authentication, security, support, logging, and hosting systems; with your direction; or as otherwise described in this Policy for legal, safety, compliance, security, or business-transfer purposes.

Google OAuth access tokens are used temporarily during sign-in to retrieve the Google account profile information needed for authentication. Payclave stores account fields such as email address, Google account identifier, name, profile image URL, email verification status, and authentication provider metadata as account data. These records are retained according to Section 14. You may request access, correction, or deletion as described in Section 17, but deleting or unlinking Google account data may affect your ability to sign in with Google.

Payclave's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements, where applicable.

5.3 Customer Checkout Information

When a customer opens a Payclave checkout page, uses a payment status page, connects a wallet, scans or copies payment instructions, submits a transfer, downloads a receipt, or contacts support, we may collect:

  • Checkout session ID.
  • Public checkout ID.
  • Invoice number.
  • Merchant name.
  • Merchant order reference.
  • Customer email or contact details if provided by the merchant or customer.
  • Customer wallet address.
  • Connected wallet address.
  • Checkout address or payment address shown to the customer.
  • Transaction hash.
  • Chain ID.
  • Token contract.
  • Token symbol.
  • Amount due.
  • Amount attempted.
  • Amount received.
  • Payment status.
  • Invoice status.
  • Checkout expiry and timestamps.
  • Payment method selection.
  • Route, quote, fee, and payment orchestration metadata.
  • Browser, device, IP address, approximate location, and session data.
  • Support messages, screenshots, and issue details provided by the customer.
  • Receipt and status page activity.

We do not need and do not ask for customer seed phrases, private keys, wallet recovery phrases, wallet passwords, or unnecessary sensitive personal data. Do not send that information to Payclave.

5.4 Transaction, Verification, and Blockchain Information

To operate non-custodial checkout, Payclave may collect, create, or process:

  • Transaction hashes.
  • Public wallet addresses.
  • Recipient wallet addresses.
  • Checkout addresses.
  • Chain IDs.
  • Token contracts.
  • Amounts.
  • Timestamps.
  • Confirmation and finality data.
  • Reverted, failed, duplicate, underpaid, overpaid, expired, or late payment indicators.
  • Provider event IDs.
  • Provider payloads.
  • RPC responses.
  • Publicly available blockchain data.
  • Onchain logs and transfer events.
  • Risk and sanctions signals.
  • Audit events and state transition records.

Public blockchain data may be personal data if it can identify or be linked to a person. Blockchain data may also be publicly visible and difficult or impossible to delete because it is maintained by decentralized networks and third-party indexers.

5.5 API, SDK, Webhook, and Developer Data

When merchants, developers, or integrations use Payclave APIs, SDKs, webhooks, test tools, or documentation, we may collect:

  • API requests and responses.
  • API key identifiers and metadata.
  • Idempotency keys.
  • Request IDs.
  • Error codes and logs.
  • SDK version, browser, runtime, and device metadata.
  • Webhook endpoint URLs.
  • Webhook delivery IDs.
  • Webhook event names.
  • Webhook delivery attempts.
  • HTTP response codes and response bodies.
  • Signature verification metadata.
  • IP addresses and timestamps.
  • Developer support messages.
  • Documentation usage analytics.

Payclave stores secret API keys and webhook secrets hashed or otherwise protected. Payclave may not be able to retrieve plaintext values after issuance.

5.6 Website, Device, and Usage Data

When you visit Payclave websites, hosted checkout pages, status pages, dashboard pages, developer docs, or support pages, we may collect:

  • IP address.
  • Device type.
  • Browser type and version.
  • Operating system.
  • Referring URL.
  • Pages viewed.
  • Links clicked.
  • Approximate location derived from IP address.
  • Session identifiers.
  • Cookie identifiers.
  • Language, timezone, and display preferences.
  • Performance data.
  • Error logs and crash reports.
  • Security and fraud signals.

5.7 Communications and Support Data

When you contact Payclave, respond to messages, participate in a review, subscribe to updates, or interact with support, we may collect:

  • Name.
  • Email address.
  • Company name.
  • Role.
  • Message contents.
  • Attachments.
  • Screenshots.
  • Transaction hashes.
  • Wallet addresses.
  • Support ticket metadata.
  • Call or meeting notes where applicable.
  • Communication preferences.

5.8 Information From Third Parties

We may receive information from:

  • Merchants using Payclave.
  • Customers using hosted checkout.
  • Authorized users and account administrators.
  • Payment orchestration providers.
  • Wallet connection providers.
  • RPC providers and blockchain infrastructure providers.
  • Blockchain explorers and indexers.
  • Risk, fraud, and sanctions screening providers.
  • Identity, KYB, or business verification providers.
  • Cloud, analytics, email, logging, and support providers.
  • Public databases, business registries, sanctions lists, and publicly available sources.
  • Professional advisers, law enforcement, regulators, courts, and government authorities.

We may combine information from these sources with information collected directly through Payclave.

6. Sensitive Data We Try to Avoid

Do not provide Payclave with unnecessary sensitive information. Unless Payclave expressly requests it for a lawful purpose, do not submit:

  • Seed phrases.
  • Private keys.
  • Wallet recovery phrases.
  • Wallet passwords.
  • One-time codes.
  • Full payment card numbers.
  • Bank account passwords.
  • Health data.
  • Biometric data.
  • Children's data.
  • Unrelated government identifiers.
  • Unrelated financial account credentials.
  • Highly sensitive customer support details unrelated to checkout.

If you submit unnecessary sensitive data, we may delete, redact, restrict, or retain it as needed for security, legal, compliance, or evidence preservation purposes.

7. How We Use Personal Data

We use personal data to:

  • Provide Payclave websites, dashboard, hosted checkout, status pages, APIs, SDKs, and support.
  • Create and manage merchant accounts.
  • Review merchant onboarding and live activation.
  • Create checkout sessions and invoices.
  • Show customers checkout details and payment instructions.
  • Support wallet-connected checkout.
  • Support pay-without-connecting checkout addresses and QR codes.
  • Record payment attempts.
  • Verify payments independently onchain.
  • Maintain invoice, payment, webhook, audit, and reconciliation records.
  • Send signed merchant webhooks.
  • Retry and troubleshoot webhook deliveries.
  • Provide receipts and status pages.
  • Respond to support requests.
  • Debug, monitor, secure, and improve the Services.
  • Prevent, detect, investigate, and respond to fraud, abuse, security incidents, prohibited use, sanctions risk, payment risk, and legal risk.
  • Verify merchant identity, ownership, authority, risk, and eligibility.
  • Enforce Payclave terms, policies, and agreements.
  • Communicate about product, security, legal, support, account, and operational matters.
  • Send marketing or product updates where permitted.
  • Analyze aggregate usage and performance.
  • Maintain business, tax, accounting, legal, compliance, and audit records.
  • Comply with law, court orders, regulatory requests, law enforcement requests, sanctions obligations, tax obligations, and legal process.
  • Protect Payclave, merchants, customers, providers, and the public.

8. Legal Bases for Processing

Where a legal basis is required, we may process personal data based on:

  • Contract: to provide Payclave services, accounts, checkout, APIs, webhooks, support, and related features.
  • Legitimate interests: to secure Payclave, prevent fraud, verify payments, improve services, operate business systems, support merchants and customers, enforce terms, and protect rights.
  • Legal obligation: to comply with tax, accounting, sanctions, anti-money laundering, consumer, corporate, regulatory, court, law enforcement, and data protection obligations.
  • Consent: where you choose to receive marketing, enable optional cookies, connect a wallet where consent is required, submit optional information, or authorize a specific use.
  • Vital or public interests: only where applicable law recognizes such basis and the facts require it.

If Payclave acts as a processor or service provider for a merchant, the merchant is responsible for identifying the lawful basis for its own processing of customer personal data and for providing any required merchant privacy notice.

9. How We Share Personal Data

We may disclose personal data as described below.

9.1 Merchants

If you are a customer, we may share checkout and payment information with the merchant you are paying, including:

  • Checkout session ID.
  • Invoice number.
  • Merchant order reference.
  • Customer contact details if provided.
  • Wallet address.
  • Transaction hash.
  • Token, chain, amount, and payment status.
  • Payment method and route metadata.
  • Receipt and status information.
  • Support context needed to resolve checkout issues.

The merchant may use this information for order fulfillment, customer support, fraud prevention, tax, accounting, refunds, reconciliation, and its own legal obligations. Review the merchant's privacy policy for information about how the merchant uses customer data.

9.2 Authorized Users and Merchant Team Members

If you use Payclave for a merchant, other authorized users on that merchant account may access business details, checkout records, payment records, customer contact details, API key metadata, webhook logs, audit trails, support messages, activation status, wallet settings, and other account information according to their role.

9.3 Payment Orchestration, Wallet, Chain, and Infrastructure Providers

We may share data with providers that support wallet connection, route calculation, quotes, swaps, bridges, checkout address generation, transaction execution, transaction monitoring, RPC access, blockchain indexing, risk scoring, fraud prevention, sanctions screening, and exact-output payment flows.

This may include wallet addresses, transaction hashes, chain IDs, token contracts, route metadata, amounts, IP-derived risk signals, and device or session data needed to provide or secure checkout.

9.4 Service Providers

We may share personal data with vendors and service providers that help us operate Payclave, such as:

  • Cloud hosting providers.
  • Database providers.
  • Authentication providers.
  • Email providers.
  • Support and ticketing providers.
  • Analytics providers.
  • Error monitoring providers.
  • Logging providers.
  • Security providers.
  • Fraud and risk providers.
  • Sanctions screening providers.
  • Business verification providers.
  • Payment orchestration providers.
  • Legal, tax, accounting, audit, and professional advisers.

These providers may process personal data only for the services they provide to Payclave or as otherwise permitted by law and contract.

9.5 Legal, Safety, and Compliance

We may disclose personal data if we believe disclosure is necessary or appropriate to:

  • Comply with law.
  • Respond to court orders, subpoenas, warrants, legal process, regulators, law enforcement, tax authorities, or government requests.
  • Enforce Payclave terms and policies.
  • Protect rights, property, security, and safety.
  • Investigate fraud, abuse, prohibited activity, security incidents, sanctions risk, or illegal activity.
  • Prevent harm to Payclave, merchants, customers, providers, or the public.
  • Establish, exercise, or defend legal claims.

9.6 Business Transfers

We may disclose or transfer personal data in connection with a merger, acquisition, financing, corporate reorganization, sale of assets, bankruptcy, change of control, or similar transaction.

9.7 With Your Direction or Consent

We may share personal data when you direct us to do so, authorize a merchant or provider to receive it, connect a wallet, submit data through checkout, request support, or otherwise consent.

10. Public Blockchain Data

Blockchain networks are public or semi-public systems. When you authorize or submit a blockchain transaction, information may become visible to anyone who can inspect that network, including:

  • Wallet addresses.
  • Transaction hashes.
  • Token transfers.
  • Token balances.
  • Token approvals.
  • Smart contract interactions.
  • Gas fees.
  • Timestamps and block numbers.
  • Related wallet activity.

Payclave cannot delete, hide, modify, reverse, or control public blockchain records. Even if Payclave deletes or restricts data in its own systems, blockchain networks, explorers, indexers, analytics providers, wallets, and other third parties may continue to process public transaction data.

You should not use a wallet address with Payclave if you do not want that address to be associated with a merchant payment or public blockchain activity.

11. Cookies and Similar Technologies

Payclave may use cookies, local storage, pixels, tags, SDKs, and similar technologies to:

  • Keep you signed in.
  • Maintain dashboard and checkout sessions.
  • Remember preferences.
  • Secure accounts and checkout flows.
  • Prevent fraud and abuse.
  • Measure site and product usage.
  • Debug errors and improve performance.
  • Support analytics and product improvement.
  • Support marketing where permitted.

You can control cookies through your browser settings. If you disable cookies or storage, some features may not work correctly, including dashboard login, checkout state, wallet connection, security checks, and support tools.

If Payclave publishes a separate Cookie Policy or consent banner, that policy or banner will provide additional choices and details.

12. Analytics and Marketing

Payclave may use analytics to understand how merchants, customers, developers, and visitors use the Services. Analytics may include page views, clicks, device data, browser data, approximate location, referring pages, conversion events, checkout flow events, documentation usage, and aggregate usage trends.

Payclave may use merchant, developer, or visitor contact information to send product updates, security notices, onboarding messages, launch updates, educational content, or marketing communications where permitted. You can unsubscribe from marketing emails using the unsubscribe link or by contacting Payclave. Operational, security, legal, account, and transactional messages may still be sent.

Payclave does not use customer seed phrases or private keys because Payclave does not collect them.

13. Risk, Fraud, Sanctions, and Automated Processing

Payclave may process personal data and transaction data to identify fraud, abuse, security risk, sanctions risk, prohibited activity, payment anomalies, duplicate transactions, underpayments, overpayments, expired payments, wallet risk, merchant risk, and integration risk.

This processing may include automated rules, risk indicators, provider signals, wallet screening, sanctions screening, transaction monitoring, device and IP signals, manual review, and internal audit trails.

Payclave may use these signals to:

  • Block, delay, reject, investigate, or review transactions.
  • Request more merchant information.
  • Place a merchant account in review.
  • Restrict live activation.
  • Restrict API keys or webhooks.
  • Mark a payment as failed, duplicate, underpaid, overpaid, expired, or requiring manual review.
  • Comply with legal and provider obligations.
  • Protect Payclave, merchants, customers, providers, and the public.

Where applicable law grants rights related to automated decision-making or profiling, you may contact Payclave to request more information, request human review, or exercise applicable rights.

14. Data Retention

Payclave retains personal data for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Retention periods depend on the type of data and the reason it is processed, including:

  • Account data: retained while the account is active and for a reasonable period after closure.
  • Merchant activation and KYB data: retained as needed for legal, compliance, audit, fraud prevention, and dispute purposes.
  • Checkout, invoice, payment, webhook, and audit records: retained as needed for reconciliation, tax, accounting, legal, fraud prevention, dispute, security, and operational purposes.
  • API logs and security logs: retained for security, debugging, abuse prevention, and compliance needs.
  • Support records: retained as needed to resolve issues, maintain history, improve support, and defend legal claims.
  • Marketing data: retained until you unsubscribe, object, or the data is no longer needed.
  • Backup data: retained according to backup rotation and disaster recovery schedules.

When data is no longer needed, Payclave may delete, de-identify, aggregate, archive, or restrict it. Some data may remain in backups for a limited period. Public blockchain data may remain available outside Payclave's systems indefinitely.

15. Security

Payclave uses technical, organizational, and administrative safeguards designed to protect personal data, including measures such as access controls, encryption where appropriate, secret hashing where appropriate, logging, monitoring, least-privilege access, review processes, and security controls for production systems.

No system is perfectly secure. We cannot guarantee that personal data will never be accessed, disclosed, altered, or destroyed. You are responsible for securing your wallet, devices, browser, email account, passwords, API keys, webhook secrets, and merchant systems.

Payclave will never ask for your seed phrase or private key.

If you believe your Payclave account, API key, webhook secret, wallet, checkout link, or personal data has been compromised, contact Payclave promptly at security@payclave.com.

16. International Transfers

Payclave, its merchants, customers, service providers, and infrastructure providers may be located in different countries. Personal data may be processed, stored, or transferred outside your country, including to countries that may have different data protection laws.

Where required, Payclave will use appropriate safeguards for cross-border transfers, such as contractual protections, data processing agreements, standard contractual clauses, adequacy decisions, consent, necessity for contract performance, legal obligations, or other mechanisms recognized by applicable law.

17. Your Privacy Rights

Depending on your location and applicable law, you may have rights to:

  • Request access to personal data.
  • Request correction of inaccurate personal data.
  • Request deletion of personal data.
  • Request restriction of processing.
  • Object to processing.
  • Request portability of personal data.
  • Withdraw consent where processing is based on consent.
  • Opt out of certain marketing.
  • Opt out of certain sales, sharing, targeted advertising, or profiling where applicable.
  • Limit use or disclosure of sensitive personal data where applicable.
  • Appeal a denied request where applicable.
  • Lodge a complaint with a data protection authority.

These rights may be limited by law, security, fraud prevention, legal obligations, public blockchain immutability, tax obligations, accounting obligations, dispute needs, or the rights of others.

To exercise rights, contact privacy@payclave.com. We may need to verify your identity and authority before responding. If you make a request through an authorized agent, we may require proof of authorization and may verify your identity directly.

If Payclave processes your data only as a processor or service provider for a merchant, we may direct you to the merchant or cooperate with the merchant in responding to your request.

18. California Privacy Notice

This section applies to California residents where the California Consumer Privacy Act, as amended, applies.

18.1 Categories Collected

Payclave may collect the following categories of personal information:

  • Identifiers, such as name, email address, phone number, IP address, device identifiers, account identifiers, wallet addresses, transaction hashes, and business identifiers.
  • Customer records information, such as contact details, business details, support details, account information, and transaction records.
  • Commercial information, such as checkout sessions, invoices, payment records, merchant order references, payment amounts, payment statuses, receipts, and support interactions.
  • Internet or electronic network activity, such as device data, browser data, page views, clicks, logs, API activity, SDK activity, and checkout activity.
  • Geolocation information, such as approximate location inferred from IP address.
  • Professional or employment-related information, such as merchant role, business title, ownership information, and authorized user role.
  • Inferences, such as fraud, risk, sanctions, activation, and security indicators.
  • Sensitive personal information where necessary, such as account login credentials, government identifiers, or ownership details requested for merchant verification. Payclave does not use sensitive personal information to infer characteristics unless permitted by law.

18.2 Sources

We may collect personal information from you, merchants, customers, authorized users, wallets, payment orchestration providers, service providers, blockchain networks, public sources, risk providers, sanctions providers, business verification providers, support providers, and analytics providers.

18.3 Purposes

We collect and use personal information for the purposes described in this Policy, including providing Payclave, operating checkout, verifying payments, onboarding merchants, securing systems, preventing fraud, complying with law, supporting users, and improving the Services.

18.4 Disclosures

We may disclose personal information to merchants, authorized users, service providers, payment orchestration providers, wallet and blockchain infrastructure providers, risk and sanctions providers, business verification providers, professional advisers, authorities, and business transfer recipients as described in this Policy.

18.5 Sale or Sharing

Payclave does not sell personal information for money. Payclave does not knowingly sell or share personal information of children under 16.

Some analytics, advertising, or cookie activities may be considered "sharing" or "targeted advertising" under certain privacy laws. If Payclave uses such tools, Payclave will provide required notices and choices.

18.6 California Rights

California residents may have rights to know, access, correct, delete, opt out of sale or sharing, limit certain sensitive personal information uses, and not be discriminated against for exercising privacy rights. To exercise rights, contact privacy@payclave.com.

19. EEA, UK, and Switzerland Notice

If GDPR, UK GDPR, Swiss privacy law, or similar law applies, this section provides additional information.

Payclave's controller details are:

Payclave, Inc.
privacy@payclave.com

Legal bases are described in Section 8. Recipients are described in Section 9. International transfers are described in Section 16. Retention is described in Section 14.

You may have rights to access, correction, deletion, restriction, objection, portability, withdrawal of consent, and complaint to a supervisory authority. You may contact privacy@payclave.com to exercise rights.

If Payclave must appoint an EU representative, UK representative, Swiss representative, or data protection officer, the relevant details should be added before publication.

20. Kenya Notice

If Kenya's Data Protection Act or related regulations apply, this section provides additional information.

Payclave will process personal data lawfully, fairly, transparently, for explicit and legitimate purposes, with data minimization, accuracy, retention limits, security safeguards, and appropriate safeguards for transfers outside Kenya where required.

Depending on applicable law, you may have rights to be informed, access personal data, object to processing, request correction, request deletion, request restriction, and lodge a complaint with the Office of the Data Protection Commissioner or other competent authority.

To exercise privacy rights, contact privacy@payclave.com.

21. Children

Payclave is not directed to children and is intended for users who are at least 18 years old or the age of legal majority in their jurisdiction, whichever is higher.

We do not knowingly collect personal data from children. If you believe a child has provided personal data to Payclave, contact privacy@payclave.com so we can review and take appropriate action.

22. Third-Party Links and Services

Payclave may link to or interoperate with third-party websites, merchants, wallets, exchanges, payment apps, chains, bridges, token issuers, explorers, payment orchestration providers, analytics providers, cloud providers, support providers, and other services.

This Policy does not apply to third-party privacy practices. Review third-party privacy policies to understand how they collect, use, disclose, and retain personal data.

23. Merchant Responsibilities

Merchants using Payclave must:

  • Provide their own privacy notices where required.
  • Obtain all consents and rights needed to share customer data with Payclave.
  • Avoid sending unnecessary personal data to Payclave.
  • Avoid putting sensitive personal data in metadata, webhook URLs, order descriptions, support messages, or logs.
  • Protect API keys and webhook secrets.
  • Respond to customer privacy requests where the merchant controls the data.
  • Use Payclave only for lawful purposes and according to Payclave terms.
  • Enter into a data processing addendum if required.

Merchant metadata and webhook payloads should not include private keys, seed phrases, passwords, payment card data, health data, biometric data, children's data, or unrelated sensitive information.

24. Changes to This Policy

Payclave may update this Policy from time to time. We will update the version date and, where required, provide additional notice for material changes.

Continued use of Payclave after an updated Policy takes effect means you acknowledge the updated Policy. If you disagree with the updated Policy, stop using Payclave and contact us if you need to exercise privacy rights.

25. Contact

Privacy questions and requests should be sent to:

privacy@payclave.com

Security reports should be sent to:

security@payclave.com

Legal notices should be sent to:

Payclave, Inc.
legal@payclave.com