# Privacy Policy ## Privacy Policy **Last updated:** May 18, 2026 For website access and use rules, see the [Terms & Conditions](/arvopay-docs/legal/terms-and-conditions.md). ### Scope This Privacy Policy explains how ArvoPay collects, uses, discloses, stores, and otherwise processes personal data when you: * visit the ArvoPay website * request information, join a waitlist, or contact us * apply for, access, or use U Card products or related services * interact with support, onboarding, compliance, or marketing channels Additional product notices may apply where required by law or by regulated partners. ### Who controls your data ArvoPay acts as the controller for personal data covered by this policy, except where a banking partner, card issuer, program manager, employer, distributor, or another third party independently controls certain data under its own notice. ArvoPay's legal entity name and contact details are listed in the **Contact** section below. ### Personal data we collect We collect personal data directly from you, automatically from your devices and interactions, and from trusted third parties. #### Information you provide Depending on how you interact with ArvoPay, this may include: * name, username, title, date of birth, and contact details * business details, employer details, billing details, and account preferences * government ID data, verification data, selfies, and other KYC materials * payment card, bank account, or transaction-related information where relevant * support requests, survey responses, marketing preferences, and communications #### Information collected automatically This may include: * IP address, device identifiers, browser type, operating system, and language * usage data, page views, clickstream data, timestamps, and referring URLs * cookie, SDK, or similar technology data * approximate location inferred from IP address or device settings where allowed #### Information from third parties This may include: * identity, sanctions, fraud, and AML screening results * banking, card issuing, payment processing, and risk data * marketing lead data and analytics insights * public records and information from regulators or law enforcement where permitted ### How we use personal data We use personal data to: * provide and operate the website and related services * process inquiries, applications, onboarding, and customer support * verify identity, assess eligibility, and meet KYC, AML, sanctions, and fraud obligations * enable transactions, card operations, reporting, and account management * secure our systems, detect abuse, and investigate incidents * send service communications and, where allowed, marketing communications * improve products, analytics, performance, and user experience * comply with legal, regulatory, audit, and reporting obligations * establish, exercise, or defend legal claims ### Legal bases for EEA, UK, and Swiss users If GDPR, UK GDPR, or Swiss data protection law applies, ArvoPay relies on one or more of these legal bases: * **Contract** — to take steps at your request or perform a contract with you * **Legal obligation** — to meet compliance duties, including financial crime controls and regulatory recordkeeping * **Legitimate interests** — to secure services, improve operations, prevent fraud, manage risk, and market our services where permitted * **Consent** — where required, including certain cookies, direct marketing, or specific categories of processing * **Vital interests or public interest** — where exceptionally required by applicable law Where we rely on legitimate interests, we balance those interests against your rights and interests. ### Sensitive data ArvoPay may process sensitive or special-category data only where necessary and permitted by law. This may occur, for example, during identity verification, fraud prevention, accessibility support, dispute handling, or compliance with legal obligations. Where required, ArvoPay will rely on an appropriate legal basis or obtain your explicit consent. ### Cookies and similar technologies ArvoPay uses cookies and similar technologies to operate the website, remember preferences, measure performance, prevent fraud, and support marketing where permitted. Where required by law, ArvoPay asks for consent before using non-essential cookies. You can manage cookies through the consent tool on the website or through your browser settings. Blocking some cookies may affect website functionality. ### How we share personal data ArvoPay may share personal data with: * affiliates and group companies * banking partners, card issuers, program managers, and payment processors * identity verification, fraud prevention, sanctions screening, and compliance providers * cloud hosting, analytics, customer support, CRM, communications, and security providers * professional advisers, auditors, insurers, and corporate transaction counterparties * regulators, courts, law enforcement, and public authorities where required or permitted by law ArvoPay does not sell personal data for money. ArvoPay does not share personal data for cross-context behavioral advertising except as disclosed in the cookie and US privacy sections below, and only where permitted by law. ### International data transfers ArvoPay may transfer personal data to countries other than the country where you live. Where required by law, ArvoPay uses appropriate safeguards for international transfers. These may include: * adequacy decisions * Standard Contractual Clauses * the UK International Data Transfer Agreement or Addendum * other lawful transfer mechanisms You may request more information about the safeguards that apply to your data. ### Data retention ArvoPay keeps personal data only for as long as necessary for the purposes described in this policy, including to provide services, comply with law, resolve disputes, enforce agreements, and maintain required business and compliance records. Retention periods depend on the data type, the service, legal requirements, and risk considerations. Where data is no longer needed, ArvoPay deletes, anonymizes, or securely archives it in line with applicable law. ### Your privacy rights #### EEA, UK, and Switzerland Subject to legal limits, you may have the right to: * access your personal data * correct inaccurate data * delete data in certain cases * restrict processing in certain cases * object to processing based on legitimate interests or direct marketing * receive a portable copy of certain data * withdraw consent at any time where processing is based on consent * lodge a complaint with your local supervisory authority #### United States Residents of certain US states may have rights under applicable state privacy laws, including rights to: * know whether we process personal data and access that data * correct inaccuracies * delete personal data, subject to exceptions * obtain a portable copy of certain data * opt out of targeted advertising, sale, or certain profiling where applicable * appeal a denied privacy request where required by law ArvoPay will not discriminate against you for exercising privacy rights, except as allowed by law. #### How to exercise rights You can submit a privacy request through the contact channel listed in the **Contact** section below once it is published. ArvoPay may need to verify your identity before fulfilling a request. You may also authorize an agent where allowed by law. ArvoPay may require proof of the agent's authority and additional verification. ### California notice If you are a California resident, California law may give you additional rights. In the previous 12 months, ArvoPay may have collected the categories of personal information described in this policy, including identifiers, customer records, commercial information, internet activity, geolocation data, professional information, sensitive personal information, and inferences. ArvoPay collects and uses these categories for the purposes described in this policy, including service delivery, analytics, security, compliance, fraud prevention, customer support, and marketing where permitted. ArvoPay retains each category for as long as reasonably necessary for those purposes and to comply with law. If ArvoPay uses cookies or similar tools for targeted advertising or analytics in a way that constitutes a sale or sharing under California law, ArvoPay will offer the required opt-out mechanism on the website. ### Marketing communications ArvoPay may send service messages without marketing consent where permitted because those messages are necessary for the service or relationship. ArvoPay sends promotional messages only where there is a lawful basis to do so. You can opt out of marketing emails at any time by using the unsubscribe link or the contact channel listed in the **Contact** section. ### Security ArvoPay uses technical, administrative, and organizational measures designed to protect personal data. No method of transmission or storage is completely secure. ArvoPay cannot guarantee absolute security. If ArvoPay becomes aware of a personal data breach, it will take steps required by applicable law, including notifications where legally required. ### Children The website and U Card services are not directed to children, and ArvoPay does not knowingly collect personal data from children except where strictly necessary and legally permitted for a specific product or support scenario. If you believe a child has provided personal data unlawfully, use the contact channel listed in the **Contact** section. ### Third-party websites The website may link to third-party websites or services. ArvoPay is not responsible for their privacy practices. You should review the privacy notices of those third parties. ### Changes to this policy ArvoPay may update this Privacy Policy from time to time. If changes are material, ArvoPay may post a prominent notice, update the date above, or provide additional notice where required by law. ### Contact Legal contact: * Contact email: --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://arvopay.gitbook.io/arvopay-docs/legal/privacy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.