1. Our Commitment to Privacy

At RCPAY, we take your privacy and data security seriously. This Privacy Policy outlines how we collect, use, disclose, and safeguard the personal and business information of our merchants and their customers when utilizing our payment infrastructure and API services.

2. Information We Collect

To provide a secure and compliant payment gateway, we collect the following categories of information:

• Account & Identity Information: Business name, owner's full name, email address, and encrypted passwords.
• KYC Documentation: Government-issued IDs, DTI/SEC registration certificates, and other documents required for Anti-Money Laundering (AML) verification.
• Financial Data: Bank account numbers, GCash/Maya mobile numbers, and settlement ledger histories.
• Transaction Data: Payment amounts, reference IDs, timestamps, and routing bank codes (e.g., GCASH, PMP).
• Technical Data: IP addresses, browser types, and API request logs to prevent scraping, fraud, and system abuse.

3. How We Use Your Data

We use the collected information strictly for the operation, security, and improvement of the RCPAY platform:

• To authorize and process payments, payouts, and API webhook transmissions.
• To verify merchant identities in accordance with Bangko Sentral ng Pilipinas (BSP) compliance standards.
• To detect and prevent fraudulent transactions, unauthorized access, and network abuse.
• To provide customer support and respond to tickets submitted via the Merchant Portal.

4. Data Sharing and Disclosure

RCPAY does not sell, rent, or trade your personal or business data to third parties for marketing purposes. We only share data under the following circumstances:

• Financial Partners: With e-wallet providers (e.g., GCash, Maya) and banking networks strictly to execute your requested transactions and withdrawals.
• Legal & Regulatory Compliance: With government authorities (such as the AMLC) if required by law, subpoena, or to protect the rights and safety of RCPAY and its users.

5. Data Security

We implement enterprise-grade security measures to protect your data. This includes cryptographic hashing for passwords (bcrypt), secure token generation for API keys, strict rate-limiting, and encrypted server-to-server webhook transmissions. However, no electronic transmission or storage system is 100% secure, and we cannot guarantee absolute security.

6. Data Retention and Your Rights

We retain transaction and KYC data for the duration required by Philippine financial regulations (typically 5 years). Merchants have the right to access, correct, or request the deletion of their profile data, subject to these legal retention obligations. You may exercise these rights by opening a ticket in the Support Center.

7. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how RCPAY handles your data, please contact our compliance team via the Support Center in your Merchant Dashboard.