Privacy Policy

Veepay, Inc. (“Veepay,” “we,” “us,” or “our”) provides virtual card, banking-style account, and business payment services to organizations and their authorized users. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our websites, applications, and related services (collectively, the “Services”).

By accessing or using the Services, you acknowledge that you have read this policy. If you do not agree, please do not use the Services. Where we process personal data on behalf of a business customer, that customer is typically the controller of end-user data; we act as a processor under their instructions and applicable data processing terms.

1. Information we collect

We may collect the following categories of information:

• Account and identity data: name, work email, phone number, company name, role, and credentials you provide when registering or administering a workspace.
• Transaction and product usage data: information related to cards, payments, balances, counterparties, and activity logs needed to operate, secure, and reconcile the Services.
• Technical and device data: IP address, device identifiers, browser type, language, time zone, and similar data from cookies and similar technologies as described in our Cookie Policy.
• Communications: content you send when you contact support, submit forms, or correspond with us.
• Compliance and risk data: information we collect as part of know-your-business, fraud prevention, sanctions screening, and regulatory obligations, which may include government identifiers or documentation where permitted by law.

2. How we use information

We use personal information to:

• Provide, maintain, and improve the Services;
• Authenticate users, prevent fraud, and protect security;
• Process transactions and comply with legal and contractual obligations;
• Communicate about the Services, including service notices and, where permitted, product information;
• Analyze usage in aggregated or de-identified form to improve performance and user experience;
• Enforce our Terms of Service and other agreements.

3. Legal bases (where applicable)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate legal bases such as contract performance, legitimate interests (e.g., security and product improvement, balanced against your rights), consent where required, and legal obligation.

4. How we share information

We may share personal information with:

• Service providers and partners who assist with hosting, analytics, communications, identity verification, card schemes, banking partners, and payment networks, subject to confidentiality and processing terms;
• Professional advisors (e.g., lawyers, auditors) where necessary;
• Authorities when required by law, regulation, legal process, or to protect rights, safety, and security;
• Business transfers in connection with a merger, acquisition, or sale of assets, with notice as required by law.

We do not sell personal information as that term is defined under U.S. state privacy laws.

5. International transfers

We may process and store information in the United States and other countries. Where we transfer personal data across borders, we implement appropriate safeguards such as standard contractual clauses or other mechanisms recognized under applicable law.

6. Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, meet legal, regulatory, tax, and accounting requirements, resolve disputes, and enforce agreements. Retention periods vary depending on the nature of the data and our obligations.

7. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal information, to object to certain processing, to data portability, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us using the details below. We may verify requests before responding.

8. Security

We implement administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we encourage you to use strong credentials and protect your devices.

9. Children

The Services are not directed to individuals under 16, and we do not knowingly collect personal information from children. If you believe we have collected such information, please contact us so we can delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Where changes are material, we will provide additional notice as required by law.

11. Compliance and enterprise commitments

Veepay maintains a security and compliance program appropriate to the nature of our Services, including controls aligned with industry practices for financial technology providers. Enterprise customers may request additional documentation, such as a data processing agreement (DPA) or responses to security questionnaires, subject to mutual execution and scope. Specific certifications or attestations (for example, SOC 2) are described in customer agreements or order forms when available.

Nothing in this policy modifies any obligation set forth in a signed agreement between you (or your organization) and Veepay. In case of conflict, the agreement governs regarding subject matter within its scope.

12. Contact

For privacy inquiries or requests, contact us at privacy@veepay.io or via our contact page. You may also write to: Veepay, Inc., 1200 Fintech Avenue, Suite 400, Wilmington, DE 19801, United States.