Legal

Tazapay Privacy Policy

Last Updated:
May 1st, 2026

This privacy policy ("Policy") sets out the basis on which the applicable Tazapay Contracting Entity ("Tazapay", "we", "us" or "our") may collect, use, disclose or otherwise process Personal Data relating to you in connection with the Tazapay Services. The applicable Tazapay Contracting Entity is determined in accordance with section 2 (Definitions and Interpretation) of the General (Account Holder) Terms by your Tazapay Account Country and the Tazapay Services you use, and may be:

(a) Tazapay Pte. Ltd. (UEN: 202010604W), a corporation incorporated under the laws of Singapore, regulated by the Monetary Authority of Singapore as a Major Payment Institution; or

(b) Tazapay Canada Corp. (Incorporation number: BC1313641), a company incorporated under the laws of Canada, regulated by FINTRAC as a Money Service Business and by the Bank of Canada as a Payment Service Provider.

This Policy applies to Personal Data in the possession or under the control of Tazapay, including any organisation or Service Provider that Tazapay may engage to collect, use, disclose or process Personal Data for the purposes of providing the Tazapay Services.

This Policy applies to Account Holders, Users, Customers and Beneficiaries who access the Tazapay Services directly, as well as to the End Clients who access the Tazapay Services through a Provider's platform under the Tazapay Embedded Flow Terms. Where you are an End Client, your Provider acts as a primary data controller for your Personal Data and Tazapay processes your Personal Data as a data processor on behalf of the Provider. Section 1A of this Policy sets out additional terms applicable to End Clients. This Policy is designed to comply with applicable data protection laws, including the PDPA and PIPEDA, and any other applicable data protection or privacy legislations in the jurisdictions where Tazapay operates or processes Personal Data.

This Policy applies in conjunction with and is deemed to form part of the Agreement, as set out in section 12 (Data Protection, Privacy and Security Standards) of the General (Account Holder) Terms. For End Clients, this Policy is incorporated by reference into the Tazapay Embedded Flows Terms. Capitalised terms not defined herein shall have the meanings assigned to them in the General (Account Holder) Terms.

  1. Personal Data

    1. "Personal Data" means data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access. This includes "personal data" as defined under the PDPA, "personal information" as defined under PIPEDA.

    2. "Customer Personal Data" means any Personal Data relating to you, your users, Customers, Beneficiaries or End Clients that is collected, received or otherwise obtained by Tazapay in connection with the Tazapay Services, whether provided directly, obtained from third-party sources as described in section 2, or received from a Provider in connection with the Embedded Flow terms.

    3. If you are an individual User using Tazapay Services, Personal Data which Tazapay may collect includes your:

      1. name (including any alias used by you);

      2. gender;

      3. date of birth;

      4. nationality;

      5. country of residence;

      6. identification number (including NRIC, FIN, passport number, and any other government-issued identification);

      7. tax residency and tax identification number;

      8. proof of identity;

      9. proof of residence;

      10. employment information;

      11. financial information, including bank account details, payment account details, and payment card details;

      12. Transaction information (including date, time, amount, currency, product or service descriptions, and settlement details);

      13. proof of source of funds;

      14. phone number;

      15. email address;

      16. IP address and device information (including device IDs and location data);

      17. biometric data (where required for identity verification);

      18. beneficial ownership information;

      19. screening results and risk assessment outcomes;

      20. any other information required for CDD, KYC, KYB, or AML/CFT compliance purposes.

    4. If you are a corporate entity or organisation using the Tazapay Services, Customer Personal Data which we may collect from your directors, shareholders, beneficial owners, employees, Users, and any other individual authorised to act on your behalf (each a "Data Subject") includes such information as listed in paragraph 1.3 above in relation to each Data Subject.

    5. End Client Personal Data (Embedded Flows)

      1. Where you are an End Client accessing the Tazapay Services through a Provider's platform, the Provider acts as the data controller for your Personal Data and Tazapay acts as a data processor on behalf of the Provider. Your Personal Data is shared with Tazapay by the Provider for the purpose of delivering the Tazapay Services, including COBO (collection of payments on your behalf) and POBO (disbursement of funds to you or on your behalf).

      2. The categories of Personal Data that Tazapay may process about End Clients, as received from or through the Provider, include:

        1. name and contact details;

        2. identification and verification information (including government-issued identification where required for compliance screening);

        3. Transaction details (including payment amounts, currency, dates, beneficiary details, and payment method information);

        4. bank account and financial details (as necessary for COBO or POBO processing);

        5. IP address, device information, and technical metadata;

        6. compliance screening data, including AML/CFT, CDD, and Sanctions screening results; and

        7. any other information provided by or through the Provider in connection with the Tazapay Services.

      3. Tazapay processes End Client Personal Data for the following purposes:

        1. to facilitate the processing of Transactions, including COBO collections and POBO disbursements, on behalf of the Provider;

        2. to conduct compliance screening, including AML/CFT, KYC, Sanctions screening, and fraud detection, as required by Applicable Laws;

        3. to fulfil regulatory reporting and record-keeping obligations;

        4. to maintain the security and integrity of the Tazapay Services; and

        5. to comply with any lawful instructions from the Provider in connection with the Tazapay Services.

      4. As an End Client, you do not have a direct contractual relationship with Tazapay. The Provider is responsible for: (a) informing you of the Processing of your Personal Data by Tazapay; (b) obtaining any necessary consents from you in accordance with applicable data protection laws; and (c) handling your data subject requests in the first instance. If you wish to exercise your data protection rights (as described in section 5), you should contact your Provider directly. If the Provider is unable to assist, you may contact Tazapay's Data Protection Officer at the details in section 11.

      5. Tazapay does not retain End Client Personal Data for longer than necessary to fulfil the purposes described in paragraph 1A.3 above, subject to any retention required by Applicable Laws (including AML/CFT record-keeping requirements). Upon termination of the Agreement between Tazapay and the Provider, Tazapay shall delete or return End Client Personal Data in accordance with the Data Processing Addendum.

    6. Collection, Use and Disclosure of Personal Data

      1. Customer Personal Data will be collected and used by Tazapay for any one or more of the following purposes:

        1. to assess and evaluate your eligibility for registering a Tazapay Account and for ongoing use of the Tazapay Services;

        2. to manage the relationship between you and Tazapay, including Account administration and User management;

        3. to enable Tazapay to perform its obligations under or in connection with the provision of the Tazapay Services, including the Payment Gateway, Global Collection Accounts, Payouts, Escrow, Institutional Account, and Virtual Asset Onramp and Offramp Services;

        4. to facilitate and process Transactions, Payments, settlements, reconciliation, and set-off in connection with the Tazapay Services;

        5. to conduct CDD, KYC, KYB, and AML/CFT screening and verification, and to fulfil Compliance obligations;

        6. to maintain legal and regulatory compliance in the jurisdictions in which Tazapay operates, including responding to lawful requests from Governmental Authorities;

        7. to monitor, detect, and prevent fraudulent Transactions and activities, and to conduct risk management and Compliance reviews;

        8. to enforce the terms and conditions of the Agreement, the Embedded Flows Terms (as applicable) and this Policy;

        9. to enable Tazapay to improve the Tazapay Services, and to enhance marketing and customer relationships;

        10. to send you updates on the Tazapay Services, benefits, promotions and other such promotional material from time to time at the email address and/or contact number provided by you;

        11. to verify your eligibility to use the Tazapay Services, establish any necessary accounts or credit with financial institutions, and monitor Transactions and other activity as described in section 12 (Data Protection, Privacy and Security Standards) of the General (Account Holder) Terms;

        12. where required under any Applicable Laws;

        13. where required under any order of court from a court of competent jurisdiction;

        14. for such purposes to which you have given your consent in writing.

        (collectively the "Purposes")

      2. For the avoidance of doubt, Tazapay does not sell, rent, or otherwise make available Customer Personal Data to any third party for the purposes of marketing, advertising, or promotion, except as expressly permitted under the Agreement.

      3. Tazapay collects Customer Personal Data on the basis of: (a) your consent; (b) contractual necessity; (c) legal/regulatory obligations (including AML/CFT); (d) any other basis available under applicable DP Laws, including deemed consent under the PDPA and implied consent or exceptions under PIPEDA. Where Personal Data is received from a Provider in connection with the Embedded Flows Terms, Tazapay processes such data on the lawful instructions of the Provider.

      4. You acknowledge and agree that any Customer Personal Data provided to Tazapay (whether electronically or otherwise):

        1. is done knowingly and voluntarily by you;

        2. is complete, true and accurate in all respects, in accordance with section 3 (Acceptance of Terms) of the General (Account Holder) Terms; and

        3. does not omit anything that affects or is likely to affect the meaning or significance of such Personal Data in any respect.

      5. In order to ensure that Customer Personal Data is complete, true and accurate in all respects, you acknowledge and agree that it is your sole responsibility to update Tazapay within reasonable time if there are any changes to such Customer Personal Data by informing the Data Protection Officer at the contact details provided below.

      6. In the event that you provide Personal Data relating to any individual (whether such an individual is a Data Subject or otherwise), you undertake that you have obtained the consent from such individual concerned for the disclosure of such Personal Data to Tazapay and for Tazapay to collect, use and disclose such Personal Data for the Purposes. This obligation is consistent with the Account Holder's obligations under sections 12 and 13 of the General (Account Holder) Terms to obtain all necessary consents and authorisations from Users and Customers.

      7. Tazapay reserves the right to request proof of notification and consent for the disclosure of Personal Data by an individual under paragraph 1.10 above.

      8. You agree that Tazapay may disclose Customer Personal Data to:

        1. any Governmental Authority of any jurisdiction properly exercising its powers;

        2. professional advisers of Tazapay;

        3. Service Providers providing services to Tazapay, including information technology services, KYC, KYB, AML/CFT compliance service providers, payment processing partners, and hosting providers;

        4. banks, payment providers, Card Schemes, APM Providers, and Payment Method Acquirers as necessary to facilitate the Tazapay Services, including as described in section 12 (Data Protection, Privacy and Security Standards) and section 15 (Data Sharing) of the relevant Appendix;

        5. Affiliates of Tazapay, including Tazapay Pte. Ltd. and Tazapay Canada Corp., for the purposes of providing the Tazapay Services and fulfilling Compliance obligations;

        6. Providers (as defined in the Embedded Flows Terms) and their End Clients, to the extent necessary for the delivery of COBO and POBO services and the fulfilment of Compliance obligations;

        7. entities that Tazapay is in discussions with for a merger or an acquisition of Tazapay by such other entities;

        8. entities that acquire the assets of Tazapay pursuant to any Applicable Law, including the laws of insolvency;

        9. entities pursuant to any order of court from a court of competent jurisdiction.

      9. You acknowledge that, as described in section 12 (Data Protection, Privacy and Security Standards) of the General (Account Holder) Terms, Tazapay may share information about your Tazapay Account with third parties as Tazapay reasonably believes necessary to verify your eligibility to use the Tazapay Services, establish any necessary accounts or credit with financial institutions, monitor Transactions and other activity, conduct risk management and Compliance reviews, and take any other actions as may be necessary to enable Tazapay to provide the Tazapay Services to you. You waive your right to bring any Claim against Tazapay arising from such sharing of information, including any inclusion on a terminated merchant list, as set out in the Agreement.

      10. You acknowledge and agree that Tazapay may continue to use and disclose Customer Personal Data for a reasonable period following the termination of the relationship between you and Tazapay, in accordance with section 19 (Suspension and Termination) of the General (Account Holder) Terms, for any one or more of the following purposes:

        1. to allow Tazapay to fulfil its outstanding obligations to you under the Agreement;

        2. to allow Tazapay to enforce its rights under the Agreement;

        3. to fulfil Compliance obligations, including AML/CFT record-keeping requirements;

        4. for such purposes to which you have given your consent in writing;

        5. where required under any Applicable Laws;

        6. where required under any order of court from a court of competent jurisdiction.

  2. Information from Third-Party Sources

    1. From time to time, Tazapay may obtain information about you and/or your Data Subject(s) from third-party sources as required or permitted by Applicable Laws, including from:

      1. public databases;

      2. credit bureaus;

      3. ID verification partners;

      4. social media platforms;

      5. Sanctions screening services and lists maintained by public authorities (including but not limited to FATF, United Nations, United States, and European Union); and

      6. Service Providers engaged by Tazapay for the purposes of CDD, KYC, KYB, and AML/CFT compliance.

      7. Providers, in connection with the Embedded Flows Terms, who may share End Client Personal Data with Tazapay for the purposes of processing Transactions and fulfilling Compliance obligations.

    2. ID verification partners may use a combination of government records and publicly available information about you to verify your identity, including the following information:

      1. name;

      2. address;

      3. employment information;

      4. public employment profile (where applicable);

      5. credit history; and

      6. status on Sanctions lists maintained by public authorities (where applicable).

    3. Tazapay obtains such information from third-party sources to comply with its legal and compliance obligations, including applicable AML/CFT laws, Sanctions screening, and to ensure that the Tazapay Services are not used fraudulently or for other illicit activities.

  3. Retention of Customer Personal Data

    1. Subject to any Applicable Laws, Tazapay may retain Customer Personal Data for as long as it is necessary to fulfil the Purposes or in accordance with paragraph 1.14 above (as the case may be). Where required by Applicable Laws, Tazapay may retain minimal data necessary for statutory purposes beyond service termination, including data retained to fulfil Compliance obligations such as AML, KYC, KYB, and CFT record-keeping requirements.

    2. Tazapay maintains a retention schedule as follows:

      1. transaction, AML, and KYC/KYB data: retained for minimum five (5) years from the date of the Transaction or the end of the relationship, whichever is later;

      2. account information: retained for the duration of the relationship plus the applicable retention period under Applicable Laws; and

      3. marketing preferences: retained until consent is withdrawn by the Data Subject.

    3. Tazapay shall cease to retain Customer Personal Data or otherwise remove the means by which such Customer Personal Data can be associated with Data Subjects as soon as, in the opinion of Tazapay, it is reasonable to assume that such retention no longer serves the Purposes for which the Customer Personal Data was collected and is no longer necessary for legal, regulatory, or Compliance purposes.

    4. Tazapay is committed to collecting and processing only the Personal Data necessary for the specified Purposes. Where feasible, Tazapay implements anonymisation or pseudonymisation techniques.

  4. Protection of Customer Personal Data

    1. To safeguard Customer Personal Data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, Tazapay has introduced appropriate administrative, physical and technical measures (including up-to-date antivirus protection, encryption, access controls, regular security assessments, PCI DSS compliance where applicable, and use of privacy filters) to secure all storage and transmission of Customer Personal Data.

    2. Any disclosure of Customer Personal Data (whether internally or otherwise) will only be carried out on a need-to-know basis.

    3. You acknowledge and agree that no method of transmission over the internet or method of electronic storage is completely secure and Tazapay makes no representation and/or warranty (whether express or implied) that there will be no unauthorised:

      1. access to the Customer Personal Data;

      2. copying of the Customer Personal Data; and/or

      3. disposal of the Customer Personal Data.

    4. You agree that, save for any wilful default or fraud on the part of Tazapay or its directors, officers, employees, representatives and/or agents (each a "Relevant Person"), no Relevant Person shall be liable to you for any Losses arising from or in connection with this Policy.

  5. Access and Correction of Customer Personal Data

    1. You may make any one or more of the following requests in writing or via email to our Data Protection Officer at the contact details provided below:

      1. an access request for access to a copy of the Customer Personal Data or information on the ways in which we use or disclose the Customer Personal Data;

      2. a correction request to correct or update any Customer Personal Data which is inaccurate or incomplete;

      3. where permitted by applicable data protection laws, and subject to Tazapay's legal and regulatory obligations (including AML/CFT record-keeping), a request for erasure or restriction of processing of your Customer Personal Data.

    2. Please note that depending on the request that is being made, Tazapay may only need to provide you with access to the Customer Personal Data contained in the documents requested, and not to the entire documents themselves, in which case it may be appropriate for Tazapay to instead provide you with a confirmation of the Customer Personal Data that Tazapay has on record if the record of the Customer Personal Data forms a negligible part of the document.

    3. Where Tazapay is unable to comply with any request under paragraph 5.1 above, Tazapay shall inform you of the reason(s) for being unable to do so in writing.

    4. Tazapay shall respond to Data Subject access and correction requests within the timeframes stipulated by the applicable data protection laws in the relevant jurisdiction.

    5. If you are an End Client, you should direct any data subject access, correction, or other requests to your Provider in the first instance, as the Provider is the primary data controller for your Personal Data. If the Provider is unable to assist, or if your request relates specifically to Tazapay's processing of your data, you may contact Tazapay's Data Protection Officer at the details in section 11.

  6. Cross Border Transfer of Customer Personal Data

    1. In the event that Tazapay and/or its Service Providers store, transfer or otherwise process Customer Personal Data outside of Singapore, Tazapay shall take steps to ensure that the Customer Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. Where PIPEDA applies, Tazapay shall use contractual or other means to provide comparable protection per PIPEDA Principle 4.1.3, and the transferring Tazapay entity shall remain accountable for Personal Data in the custody of third parties.

    2. Tazapay and its Affiliates may transfer Personal Data globally as necessary to provide the Tazapay Services. This includes transfers to Tazapay's data centres and Sub-processors in various jurisdictions, including between Tazapay Pte. Ltd. in Singapore and Tazapay Canada Corp. in Canada. Tazapay commits to ensuring that such transfers comply with applicable data protection laws by implementing appropriate safeguards, such as legally enforceable contractual obligations or other approved Data Transfer Mechanisms.

    3. Tazapay's affiliate in India may process Personal Data on Tazapay's behalf in connection with the Tazapay Services. Where Personal Data is transferred to Tazapay's affiliate in India for operational processing, Tazapay ensures appropriate safeguards including contractual obligations requiring the affiliate to maintain protection consistent with the PDPA and PIPEDA, as described in the Data Processing Addendum.

    4. Where Regional Terms apply pursuant to section 21 of the General (Account Holder) Terms, any additional data transfer or localisation requirements specified in those Regional Terms shall supplement the provisions of this section.

    5. End Client Personal Data received from Providers may be transferred across borders as necessary to process Transactions and fulfil Compliance obligations in connection with the Tazapay Services. Such transfers are subject to the same safeguards described in this section 6.

    6. In the event that you provide Personal Data relating to any individual (whether such an individual is a Data Subject or otherwise), you undertake that you have obtained the consent from such individual concerned for the transfer of Personal Data relating to such individual outside of Singapore or any other relevant jurisdiction.

    7. Tazapay reserves the right to request proof of notification and consent for the transfer of Personal Data by an individual under paragraph 6.4 above.

  7. Consent and Withdrawal of Consent

    1. In providing any Customer Personal Data, you acknowledge and agree that you have read, understood and agreed to this Policy and consent to the use, disclosure and/or processing of the Customer Personal Data for the Purposes ("Consent").

    2. Your Consent shall remain valid until such time as withdrawn by you in writing or, subject to paragraph 1.14 above, following the termination of the relationship between you and Tazapay in accordance with section 19 (Suspension and Termination) of the General (Account Holder) Terms.

    3. You may withdraw your consent (whether in part or in whole) at any time in writing or via email to the Data Protection Officer at the details below ("Withdrawal Request"). Tazapay acknowledges its obligation to honour Data Subject requests to withdraw consent, as required by applicable data protection laws including the PDPA and DPDPA.

    4. Upon receipt of a Withdrawal Request, Tazapay will inform you of the likely consequences of withdrawing your Consent (whether in part or in whole), which may include Tazapay's inability to continue providing some or all of the Tazapay Services to you. Tazapay will cease collecting, using or disclosing Customer Personal Data save in accordance with this Policy and any Applicable Laws.

    5. If you are an End Client, your consent to the processing of your Personal Data by Tazapay is provided through your acceptance of the Embedded Flows Terms. Any request to withdraw consent should be directed to your Provider in the first instance.

  8. Cookies and Tracking Technologies

    1. Tazapay may use cookies, web beacons, and similar tracking technologies on the Tazapay Website and Dashboard to collect information about your browsing behaviour, device information, and usage patterns. This information is used to improve the Tazapay Services, enhance user experience, and for analytics purposes.

    2. Tazapay uses the following categories of cookies:

      1. Essential cookies: required for the operation of the Tazapay Website and Dashboard, including authentication and security;

      2. Analytics cookies: used to understand how visitors interact with the Tazapay Website, to improve functionality and user experience;

      3. Marketing cookies: used to deliver relevant content, subject to your consent where required by applicable DP Laws.

    3. You may manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Tazapay Services.

  9. Automated Decision Making

    1. Tazapay may use automated systems for fraud detection, risk assessment, and compliance screening. These automated processes assist Tazapay in fulfilling its Compliance obligations and protecting the integrity of the Tazapay Services. This includes automated screening of End Client Transactions processed through Providers.

    2. Where automated Processing significantly affects you, you may request human review by contacting the Data Protection Officer at the details below (or, for End Clients, through your Provider in the first instance).

  10. Breach Notification

    1. In the event of a Data Incident meeting notification thresholds under applicable DP Laws, Tazapay will notify affected individuals as soon as practicable, providing information about the nature of the incident, types of Personal Data involved, and steps individuals can take to protect themselves.

    2. Tazapay will also notify the relevant data protection authorities as required, including the Personal Data Protection Commission (PDPC) in Singapore and the Office of the Privacy Commissioner of Canada, in accordance with the timeframes and requirements specified under the applicable DP Laws.

    3. Where a Data Incident affects End Client Personal Data, Tazapay will notify the relevant Provider without undue delay, and the Provider will be responsible for notifying affected End Clients in accordance with the Provider's own notification obligations and procedures.

  11. Data Protection Officer

    1. You may contact the Data Protection Officer ("DPO") of Tazapay for any enquiries or feedback, or as stated in this Policy, at:

      Email: [email protected]

  12. Changes to Policy

    1. This Policy applies in conjunction with any other notices, contractual clauses, and consent clauses that apply in relation to the collection, use and disclosure of Customer Personal Data by Tazapay, including the Data Processing Addendum and the General (Account Holder) Terms.

    2. Tazapay may revise this Policy from time to time. In accordance with section 1 (Contractual Framework) of the General (Account Holder) Terms, Tazapay will take reasonable efforts to notify Account Holders of material changes to this Policy. It is your sole responsibility to keep up to date with any revisions to this Policy.

    3. Your continued use of any Tazapay Service shall constitute your acknowledgement and acceptance of any revisions to this Policy.

Tazapay logo
Security Standard with
PCI DSS logo
© YEAR Tazapay. All right reserved.
Privacy PolicyTerms of Service
Facebook iconLinkedin footer icon