Privacy Policy
How ifenpay handles your information when you use the website, accounts, and API services.
Last updated: February 28, 2026
Plain-language summary
- We collect only data needed to run, secure, and improve services.
- We do not sell personal data.
- You can request access, correction, or deletion where applicable.
- Security controls exist, but no online system is risk-free.
- Policy updates are published on this page.
1. Scope
This Privacy Policy explains how ifenpay collects, uses, stores, shares, and protects information when you use the website, account features, APIs, and related services.
2. Data Controller / Service Operator Context
For the purposes of this site and service operations, ifenpay acts as the service operator responsible for determining how service-related data is processed, except where we act under customer instructions in dedicated contractual contexts.
3. Categories of Data We Collect
Depending on usage, we may collect account/profile data (such as email and auth metadata), service and API telemetry, security and abuse-prevention logs, support communications, and technical device/network data required for reliable operation.
4. Data Sources
Data may be collected directly from you (forms, account actions, support requests), automatically from system interactions (logs, API calls), and from trusted infrastructure/security providers where necessary.
5. Purposes of Processing
We process data to provide and secure services, operate accounts, enforce policy, detect and prevent abuse/fraud, respond to support requests, improve reliability/performance, and comply with legal and regulatory obligations.
6. Legal Bases (Where Applicable)
Where required by law, processing may rely on contractual necessity, legitimate interests (service security and reliability), legal obligations, and consent where specifically requested.
7. Data Sharing and Disclosure
We do not sell personal data. Information may be shared with service providers under confidentiality and processing restrictions, for legal compliance, for security/abuse mitigation, or in connection with legitimate corporate transactions.
8. International Transfers
Your data may be processed in jurisdictions different from your own. When required, appropriate safeguards are applied for cross-border transfers.
9. Data Retention
We retain data only as long as needed for service delivery, security, legal, audit, and dispute-resolution purposes. Retention periods vary by data category and legal requirements.
10. Security Measures
We apply reasonable organizational and technical safeguards, including access controls, monitoring, and logging practices. No method of transmission or storage is fully secure, and absolute security cannot be guaranteed.
11. Incident Response
We maintain security response procedures and investigate suspected incidents. Where legally required, affected parties and/or authorities are notified according to applicable obligations.
12. Cookies and Similar Technologies
We may use essential and analytics-related technologies for session continuity, security, and platform improvement. Browser-level controls may limit certain behaviors, though core functionality may be affected.
13. Your Rights
Depending on applicable law, you may have rights to access, correct, delete, restrict, object, or port your data, and to withdraw consent where consent is used. Requests may require identity verification and sufficient detail to locate relevant records.
14. Rights Request Handling
Requests are handled through official support channels. We may deny or limit requests where permitted by law (for example, legal hold, fraud prevention, security obligations, or disproportionate technical burden), with reasons provided where required.
15. Automated Decision Context
Security and abuse controls may include automated signals (for example, anomaly/risk indicators) to protect users and infrastructure. Final account actions may involve human review where appropriate.
16. Children’s Privacy
Services are not intended for children below the age where consent is legally valid in the relevant jurisdiction. If data from a child is identified, we will act to delete it in accordance with applicable law.
17. Third-Party Links and Integrations
Services may include links or integrations with third-party platforms. Their privacy and data practices are governed by their own terms and policies.
18. Data Accuracy and User Responsibilities
You are responsible for providing accurate account data and for promptly updating stale or incorrect information in your profile and integrations.
19. Policy Updates
We may update this Privacy Policy from time to time. Material changes are reflected on this page by updating the date above. Continued use after updates constitutes acceptance of the revised policy.