Paydoly - Zero Fee money Transfers to the Dominican Republic

Paydoly Privacy Policy

Effective Date: October 23, 2025

Scope: This Privacy Policy applies to the services of Paydoly Inc., a company registered in Atlanta, GA, USA, and Paydoly Dominicana SRL, registered in the Dominican Republic (collectively referred to as “Paydoly,” “we,” “us,” or “our”). It governs how we collect, use, disclose, and protect personal information of all our users, whether you are located in the United States, the Dominican Republic, or elsewhere. Paydoly is committed to handling personal data in accordance with applicable U.S. data protection and privacy laws (including federal law and state laws like the California Consumer Privacy Act (CCPA)) and we voluntarily apply these high standards to all users, including those in the Dominican Republic. In jurisdictions that lack specific privacy regulations (such as the D.R.), we still provide the protections and rights described in this Policy to ensure consistency and transparency.

By using Paydoly’s services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services. We may update this Policy from time to time (see Section 9 on changes).

1. Information We Collect

Paydoly must collect certain information about you to provide our digital payment services securely and effectively. We limit our collection to what is relevant and necessary. The categories of data we collect include:

Personal Information: This is information that identifies you as an individual or relates to an identifiable person. It includes: your full name, contact details (email address, telephone number, mailing address), date of birth, social security number or other government‑issued identification number (such as a passport or national ID number), nationality and country of residence, and any other information you provide on identity verification documents. For example, when you sign up, we ask for your name, address, and may collect a copy of your ID or your social security number for Know Your Customer purposes. Personal information also encompasses account credentials (username, password) and any photograph or profile picture you might upload to our app.

Transactional Data: This refers to information about the financial transactions you conduct through Paydoly. It includes details such as the amounts you transfer or receive, the currency used, the dates and times of transactions, the recipients or senders (which may include identifiers like email or phone number if you’re sending to another user), and payment methods used (e.g. which bank account or card is linked, though Note: Paydoly does not store full bank account numbers or card numbers on our servers except possibly the last 4 digits or a token, since such sensitive financial info is handled by our payment processor). We also keep records of transaction history including bills paid or mobile top‑ups etc., any fees charged, and reference notes or descriptions you add to payments. Transactional data may also include information about device or location from which the transaction was initiated, as part of the log.

Behavioral Data: We collect data on how you interact with our services, essentially usage information. This can include: your app or website usage patterns (such as features you use, pages or screens you visit, the time spent on certain functions), your clicks, navigation paths, and how you respond to in‑app prompts. It also includes logs of your communications with us, for instance, if you contact customer support or respond to surveys, we will have records of that correspondence. Behavioral data helps us understand user engagement and improve our services. Additionally, if we send marketing emails or notifications, we may collect data on whether you opened them or clicked links, to gauge interest (you have controls over marketing; see Section 5 on opt‑out).

Biometric Data: In certain cases, we may collect biometric identifiers or information. Specifically, as part of identity verification (KYC) processes, you might be asked to provide a selfie photograph or a live facial scan, which we compare to your government ID (this is a form of biometric verification). We treat this biometric data with a high level of security and confidentiality, and we only use it to verify your identity and prevent fraud. Another form of biometric data could be voice if you call our support and we use voice identification, though currently we do not employ voice biometrics. We do not collect fingerprints or DNA or such; our biometric focus is on photographs for identity verification. Biometric information is considered sensitive personal data, and we will obtain your consent where required by law before collecting it. (For example, some U.S. state laws like Illinois’s BIPA require consent for biometric capture; we will comply with applicable requirements.)

Device and Technical Data: When you use Paydoly, we collect information about the devices and networks you use to access our services. This includes:

Device identifiers and attributes: such as your device’s type (e.g. iPhone, Android, desktop), operating system and version, unique device ID, mobile network, and hardware model.
Internet Protocol (IP) address: which can give a general idea of your location (city/region level) and is used for fraud detection and account security.
Device event information: like crashes, system activity, and hardware settings.
Browser information: if you use a web interface, we collect your browser type, language, and cookies (if applicable; see Section 7 on Cookies).
App analytics: if you use our mobile app, we may collect app version, installation ID, and event logs of how the app is performing on your device.
Location data: If you have location services enabled and grant permission, we may collect precise geolocation data of your device to enable certain features (for example, finding nearby service points) or as an anti‑fraud measure (to ensure a login isn’t coming from an unexpected location). You will be asked explicitly for permission if we ever start collecting precise GPS location; otherwise, location use is inferred from IP address as mentioned.

We obtain most of this information directly from you (e.g. information you input during registration or transactions). Some information is collected automatically through your use of the service (like device and usage data). In addition, we may receive information about you from third parties such as verification services and business partners: for example, Stripe (our KYC provider) may return a verification result or risk score about you after checking your provided identity details; or if you link a bank account, we might use a service that provides us confirmation of account ownership. If we expand to use credit bureaus or fraud databases, we might collect relevant info from them too (such as flags or identity verification questions). We treat any such third‑party‑sourced data according to this Policy as well.

2. How We Use Your Information

We use the collected information to operate, provide, improve, and protect Paydoly’s services. The following are the purposes for which Paydoly processes your data (with examples):

To Provide Services: First and foremost, we use personal and transactional data to create and manage your account, to process your payments and transfers, and to facilitate any other features you use. For example, we use your provided information to verify your identity when you sign up, enabling you to send money to others. We use recipient data you provide (like a friend’s email or phone number) to route payments to that person. If you set up recurring transactions, we use your stored data to execute those as instructed. Essentially, without your info, we cannot perform the contract of providing you Paydoly services.

Verification and Security: We use personal and biometric data to verify your identity and fulfill our legal obligations for KYC/AML (Know Your Customer/Anti‑Money Laundering). Your government ID and selfie are used to confirm you are who you claim, often through our third‑party verification provider (Stripe). We also use information to authenticate your access to the account (for instance, we may use your phone number or email to send verification codes, or your device info to recognize trusted devices). Device and network data, as well as behavioral signals, are used for fraud prevention and security monitoring. For example, if a login occurs from a new device or location, we might flag the account for verification. We may also employ automated systems to analyze transactions and usage for suspicious patterns to protect our users and the platform from fraud, hacking, or money laundering.

Compliance with Legal Obligations: There are various laws requiring us to collect and use certain data. For example, financial regulations require us to maintain records of transactions and identity information (as described in our KYC/AML Policy). We will use your data to comply with court orders, subpoenas, lawful requests by government authorities (including tax reporting requirements or sanctions screening), and to satisfy anti money laundering controls (monitoring transactions and possibly reporting to regulators if necessary). If you are a user in the Dominican Republic, note that we apply U.S. standards here too, meaning we treat your data with confidentiality but will use it to fulfill any U.S. or Dominican reporting obligation where applicable.

Service Communications: We use contact information to communicate with you about your account and transactions. This includes sending you confirmations of transactions, alerts about account activity (like login alerts or password change notifications), and notices about updates to our terms or policies. These service‑related communications are necessary for us to keep you informed of important information regarding the services and your security; you cannot generally opt out of these essential communications without closing your account.

Customer Support: If you reach out for support, we will use your information to assist you. This might involve reviewing your account details, transaction history, or technical info (like app version, device) to diagnose issues. We keep records of support inquiries and our responses.

Improvement and Analytics: We use usage and device data to analyze how our services are used and to improve performance and develop new features. For instance, we might analyze which features are most popular or where users encounter errors, so we can optimize those areas. We may use aggregated data (which does not identify individuals) to understand trends and user demographics. This helps us enhance our user interface, plan new services, and make informed business decisions. We may also derive insights from transactional patterns (in aggregated form) to improve our fraud detection algorithms or to suggest features.

Marketing and Optional Communications: With your consent or as permitted by law, we may use your contact info and usage data to send promotional content about our services or new features. For example, we might send an email newsletter with tips or special offers, or suggest referral programs that you could benefit from. We may also tailor our marketing. For instance, if we know you frequently use Paydoly for certain types of payments, we might highlight a related feature. Important: If we ever decide to use third‑party analytics or advertising networks (as noted later, we currently do not, but may in future), information like cookies and device identifiers might be used to personalize ads or measure effectiveness. You will have control as described in Section 5 to opt in or out of marketing.

Biometric Use: If we collect biometric data (like your facial scan), it will be used solely for verification and security purposes. We do not use biometric information for any advertising or unrelated profiling. For example, the selfie you provide is used in an automated way to compare against your ID photo for identity proofing. After that, we retain biometric identifiers only as long as needed for that purpose or as required by law (see data retention below). In some jurisdictions, we may be required to get separate consent for biometrics and to provide a means for you to request deletion of biometric data, which we will honor.

Device Data Use: Technical device and log data are used for debugging, protecting our systems, and ensuring compatibility. For instance, knowledge of what app versions or devices people use helps us test and ensure our service works well across them. IP addresses are used to provide more relevant service (like language or regional settings), and to guard against fraud (e.g., blocking an IP that is performing attacks).

We will not use your personal information for purposes that are materially different from the above without notifying you and obtaining your consent if required. We do not engage in “selling” of personal information as defined under CCPA (we don’t provide your data to third parties for money or their own marketing). Any use of your data for new purposes, especially if unrelated to the original purpose, will be communicated to you through an updated privacy notice or a consent request.

3. Cookies and Similar Technologies

(Currently, Paydoly does not use extensive third‑party analytics or advertising cookies. However, for completeness and future readiness, we address how we might handle cookies.)

Cookies: Cookies are small text files placed on your device that help websites function and gather information. Our website may use cookies and similar tracking technologies (like web beacons or pixels) primarily for functionality and security. For example, we might use a cookie to keep you logged in as you navigate our site, or to remember your language preferences. We may also use cookies to collect basic web traffic data via in‑house analytics (like counting visits, referring URLs, etc.). These are typically first‑party cookies (set by Paydoly).

At present, we do not employ third‑party analytics services (such as Google Analytics) on our website, nor do we use advertising networks that track you across sites. This means we are not currently setting third‑party cookies for marketing or data sharing purposes. In the future, if we decide to add an analytics tool or any cookie that collects personal data beyond our own uses, we will update this Policy and provide notice or opt‑in prompts as required. For instance, if we add Google Analytics to help analyze website use, we would then inform you and allow opt‑out as needed (Google Analytics typically can be disabled by browser settings or opting out).

Your Choices for Cookies: Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when cookies are being sent. However, please note that if you disable cookies entirely, some features of our website may not function properly (like staying logged in). For essential cookies (that ensure security or basic functionality), our site may not have an option to disable those without impacting service.

On our mobile app, cookies are not typically used in the same way, but there are analogous technologies (like device IDs). If we ever implement analytic tracking in the app, we will provide an in‑app settings option for you to limit that tracking to the extent possible.

In summary, at this time we have a minimal usage of cookies, focused on necessary operation. As our use of any tracking technologies evolves, we will maintain transparency and user control.

4. How We Share Information

Paydoly understands that your information is important and we are not in the business of selling your personal data to others. We share information only in the following circumstances:

With Service Providers (Processors): We share necessary information with trusted third‑party service providers who perform services on our behalf, under strict confidentiality and data security obligations. These include:
Payment and KYC Providers: For example, we share your personal information (like name, DOB, ID documents) with Stripe, our third‑party identity verification and KYC/AML provider, so that Stripe can verify your identity and check watchlists as part of compliance. Stripe may also store and process that data to provide us with risk assessments. Similarly, if we use banking partners or payment processors to execute transactions, we share transaction details with them as needed (for instance, if you cash out to a bank account, we send your name, account number and amount to the banking partner to process it). These providers are bound to use your data only for the purposes we dictate (e.g. Stripe uses the data to give us an identity verification result, not for their own unrelated purposes).
Cloud Storage and IT Providers: We may store your information on cloud platforms (for instance, Amazon Web Services or other reputable cloud infrastructure). These providers technically have access to data for storage or backup purposes but are not allowed to use it independently.
Communications and Support Tools: We could use third‑party platforms to send communications (like an email service provider for sending out confirmation emails or an SMS gateway for texts). Information like your email or phone and the content of the message will pass through those systems, under agreements that they keep it secure and confidential.
Analytics or Marketing Support (Future): If in future we engage analytics firms or marketing platforms, we would share minimal data or aggregated data with them to perform tasks like usage analytics or sending newsletters (for example, an email marketing platform would get your email address to distribute our newsletter if you’re subscribed). We will ensure any such partner meets U.S. privacy standards and only processes data as instructed by us.
In all cases, service providers are given only the information necessary for them to perform their function, and they are contractually prohibited from using the information for anything outside the scope of our instructions.
Within Corporate Affiliates: Since this Policy covers both Paydoly Inc. and Paydoly Dominicana SRL, information may be shared between these affiliated entities as needed. For instance, certain backend systems and databases are common to both, so your data might be accessible by staff in either the U.S. or Dominican Republic entities, but always under the same security standards. We share data internally to provide a seamless service (e.g., if you contact support, our team (whether in U.S. or D.R.) can access your profile to assist you) and for centralized administration (like consolidated fraud monitoring, accounting, etc.). All personnel, regardless of location, are trained on privacy and are bound by confidentiality.
Legal and Regulatory Disclosures: We may disclose personal information when required by law or necessary to protect our rights or the rights of others. This includes:
Compliance with Laws: If we receive a lawful subpoena, court order, or similar legal process that compels us to provide information (for example, an investigation by U.S. law enforcement or a Dominican Republic authority), we will comply to the extent required. We will attempt to notify you of such requests when allowed, but in some cases we may be prohibited from notifying (e.g., a gag order in a law enforcement request).
Regulatory Reporting: As a regulated financial service, we might share certain information with government agencies in mandated reports. For instance, if required by FinCEN or the UAF as part of AML regulations, we file reports that could include personal and transactional data (as described in our KYC/AML policy). These reports are legally required and typically kept confidential by the receiving agency.
Enforcing Our Rights: We may disclose data if necessary to enforce our terms of service or other agreements, or to investigate and defend ourselves against any third‑party claims or allegations. For example, if there’s a dispute or legal claim between you and Paydoly, we may preserve and produce relevant data as evidence.
Preventing Harm: If we believe in good faith that disclosure is necessary to prevent physical or financial harm, or to report suspected illegal activity, we may share information with the appropriate authorities. For example, notifying police of fraudulent or scam accounts.
Business Transfers: If Paydoly undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of its assets, user information (including personal data) might be among the assets transferred. We would ensure the acquiring entity continues to honor the privacy commitments we’ve made in this Policy. We would also inform you (for example, via email or notice on our website) of any such change in ownership or control of your personal information.
With Your Consent: Apart from the scenarios above, we will explicitly ask for your consent before sharing your personal information with third parties in any way not covered by this Policy. For instance, if we ever want to partner with another company for a joint offering where they get access to some of your data, we will let you opt‑in to such sharing. Similarly, if you request or direct us to share data with a third‑party (for example, if you use an account aggregation service that needs your Paydoly data, or you want to link your Paydoly account with another app), we will do so only with your authorization.
Anonymized or Aggregated Data: We may share information that has been de‑identified and aggregated, so it cannot reasonably be used to identify you. For example, we might publish reports or share stats with partners that say “X% of our users sent money internationally last year” or “The average transaction size is $Y,” with no personal details. This type of information is not personal and may be shared freely for industry analysis, marketing, or other business purposes.

Rest assured, we do not sell your personal data to third parties for their own marketing or profit. We do not share your information with advertisers or data brokers. Any sharing we do is aimed at serving you, running our business, and fulfilling legal duties, as outlined above.

5. Your Rights and Choices

We believe in empowering our users with control over their personal data. Depending on your jurisdiction and our internal policies, you may have some or all of the following rights regarding your personal information:

Access and Portability: You have the right to request a copy of the personal information we hold about you. We can provide this in a readily usable format. For example, you can contact us (using the contact information in Section 9) to request a report of your account information and transaction history. For California residents, this is aligned with the CCPA right to know categories and specific pieces of personal information collected. Generally, we will provide the information free of charge, up to a reasonable frequency (excessive requests may incur a fee as permitted by law).
Correction (Rectification): We strive to keep your information accurate and up to date. If you find that any personal information we have is incorrect or incomplete, you have the right to request that we correct it. In many cases, you can directly make changes by logging into your account profile (e.g., updating your contact info). For changes that require verification (like a name change), our support can guide you through the process and update records accordingly.
Deletion (Right to Erasure): You may request that we delete your personal data. This is sometimes called the “right to be forgotten.” By closing your Paydoly account, you can trigger deletion of certain data. However, please note: We cannot always fulfill a deletion request, especially where retention is required by law or for legitimate business needs. For example, as a financial institution, we are legally obligated to retain transactional and KYC data for a minimum period (often 5 years) to comply with anti money laundering laws and other regulations. We will inform you if a deletion request cannot be fully honored and will delete what we can. We will also maintain a record that your email or account was deleted to ensure we don’t inadvertently recreate it or for fraud prevention. If your data is retained for legal reasons, it will be sequestered and used only for those reasons, not for active business use.
Opt‑Out of Marketing: If you have subscribed to any marketing communications from us (such as newsletters, promotional emails, or SMS), you have the right to opt out at any time. You can unsubscribe by clicking the “unsubscribe” link in an email, or adjusting your settings in your account (if available), or by contacting us to be removed. Note that even if you opt out of marketing messages, we will still send you service‑related communications (as described earlier) that are necessary for account administration or security.
Opt‑Out of Sale of Personal Information: As mentioned, we do not sell your personal information. Therefore, this may not be applicable. However, some U.S. state laws (like CCPA/CPRA in California or similar laws in Virginia, etc.) have broad definitions of “sale” that include certain data sharing. We do not share data in those ways as of now, but if we ever did, we would provide a “Do Not Sell My Personal Information” link or mechanism. California residents also have the right to direct us not to share your information for cross‑context behavioral advertising (essentially targeted advertising), but since we currently don’t do this, there is no such sharing to opt out of. We will update you if this changes.
Opt‑Out of Profiling/Automated Decision‑Making: We do not make any legally significant decisions about you purely by automated means without human involvement. For example, while we use automated fraud scoring, any decision to freeze or close an account involves manual review. If you ever feel you were subject to an unfair automated decision, you can contact us to have a person review the decision. Users in some jurisdictions (like under GDPR, though we are not under GDPR scope unless serving EU users) have rights related to not being subject to solely automated decisions. We uphold the spirit of this by keeping a human in the loop for important determinations.
Non‑Discrimination: We will not discriminate against you for exercising any of these privacy rights. For instance, if you ask to see your data or opt out of marketing, we will not deny you services, provide a different level of service, or charge different prices just because of that. Your privacy choices are respected with no negative effect on service quality. The only exception would be if a request (like deletion) prevents us from continuing to provide service (e.g., if you ask us to delete all your data, we may need to close your account as we wouldn’t be able to operate it), but we will explain such consequences at the time.
California “Shine the Light”: California Civil Code Section 1798.83 permits California users to request information about our disclosures of certain categories of data to third parties for their direct marketing purposes. However, Paydoly does not disclose personal data to third parties for their own direct marketing.
Dominican Republic Users: While the D.R. does not currently have an extensive data protection law akin to the U.S. or EU frameworks, we extend the above rights to our Dominican users as a matter of policy. We handle requests from Dominican users with the same care as U.S. users. If local law in the D.R. provides any specific rights or requirements, we will follow those as well.

To exercise any of your rights, please contact us via the channels provided in Section 9 (Contact Information). We may need to verify your identity before fulfilling certain requests (for example, we might ask you to confirm logged‑in control of your account or provide identifying info). This is to ensure we don’t release or modify data at the request of someone other than the account holder. We aim to respond to requests as soon as reasonably possible, generally within 30 days. If we need more time (up to 45 days more, for example, due to complexity), we will inform you of the reason and extension.

6. International Data Transfers

Paydoly operates in both the United States and the Dominican Republic, and we may process data in either or both countries, as well as potentially other locations where our service providers have servers (e.g., cloud infrastructure may be global). By using Paydoly, you acknowledge that your information may be transferred to or stored on servers located in a country different from your own. Specifically:

Between U.S. and D.R.: Data of Dominican users will likely be stored on infrastructure in the United States (as our primary data center is in the U.S.), and data of U.S. users may be accessed by our Dominican Republic office for customer support or operations. We ensure that such cross‑border data flows happen securely and lawfully. Even though the Dominican Republic currently may not have an equivalent to, say, the EU’s GDPR restrictions on data export, we treat transfers from D.R. to the U.S. with the same caution as if such rules existed. We consider the U.S. privacy protections as the baseline and apply them to all data. In practice, this means Dominican user data receives the same level of protection under our internal policies as U.S. user data does.

Legal Adequacy and Safeguards: The U.S. and D.R. do not have a special adequacy arrangement between them (like the EU has with some countries), but since we are one company operating in both, we have put contractual and operational safeguards in place. All internal transfers are governed by data protection agreements binding our staff and any contractors to protect the data. If we ever engage a service provider in a third country, we will ensure that the provider has robust security certifications or contractual clauses (for instance, if any data were transferred from the U.S. or D.R. to the European Union or vice versa, we’d use standard contractual clauses or similar, but currently, our main transfers are US ↔ DR).

Other International Considerations: If you are accessing Paydoly from outside the U.S. or D.R. (for instance, you’re traveling or you have a different nationality), be aware that your information will still be processed according to this Policy, in the jurisdictions mentioned. If we detect certain country‑specific requirements (for example, if we began serving users in the EU, we would adjust our practices to comply with GDPR), we will comply accordingly. Right now, our focus is US and DR users, to whom we apply U.S. standards across the board.

Government Access: Different countries have different laws about government surveillance and access to data. Paydoly will handle government requests for data carefully, as described in Section 4, and under guidance of our legal counsel, to ensure any cross‑border disclosures are properly handled. We strive to be transparent with users about government requests, unless legally restricted from doing so.

By maintaining robust security measures (next section) and contractual obligations, we aim to protect your data no matter where it is physically located. Our application of U.S. privacy best practices to all data means that even if the Dominican Republic might not require certain protections, we voluntarily implement them. For example, we treat all personal data as if laws like CCPA (and even principles of GDPR regarding security and user rights) apply.

If you have questions about our international data handling, you can reach out to us (Section 9), and we’ll be happy to provide further information.

7. Data Security

Protecting your personal and financial information is a top priority for Paydoly. We implement a variety of administrative, technical, and physical security measures designed to safeguard your data against loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Here are key aspects of our security program:

Encryption: We use encryption to protect data in transit and at rest. Our websites and apps enforce HTTPS, which means your data is encrypted as it travels between your device and our servers. Sensitive data (like passwords, social security numbers, identity documents) is additionally encrypted at rest in our databases and storage. For example, passwords are stored only in hashed form (never in plaintext), and any identity document images are stored encrypted with restricted access.
Access Controls: We restrict access to personal data strictly to employees and contractors who need it to perform their job (principle of least privilege). Different data sets have different access levels. For instance, customer support agents might see your basic account info and transaction history to help you, but only specially authorized compliance personnel can access your government ID document or full SSN, and even then through audited systems. We employ multi‑factor authentication for any internal access to sensitive systems, and we maintain strict password policies. Our databases are segmented from the public internet, accessible only through our application or secure admin channels.
Network and System Security: Paydoly’s systems are protected by firewalls and network monitoring tools to prevent and detect intrusion. We regularly update our software and infrastructure to address security vulnerabilities (applying patches, etc.). We use anti‑virus and anti‑malware solutions where appropriate, and monitor for suspicious activities in our systems. We also employ DDoS protection and rate‑limiting to prevent abuse of our services.
Testing and Audits: We conduct periodic security audits and assessments. This includes engaging third‑party security experts to perform penetration testing of our applications and infrastructure. We also comply with industry standards (for instance, if Paydoly deals with card payments, we adhere to PCI‑DSS standards for handling card data). Internally, we review logs and have an incident response plan in place to quickly handle any security events. We also vet our service providers for strong security practices (for example, Stripe is known to maintain high security standards as a financial services provider).
Training and Policies: All employees undergo background checks as allowed by law and are required to sign confidentiality agreements. We train our staff about the importance of data security and privacy. We maintain internal policies on how to handle user data, including clear procedures on data access requests, incident reporting, and proper use of systems. Access to production data is logged and routinely reviewed to ensure no unauthorized access.
Data Minimization: We try to collect only what we need. By minimizing the amount of sensitive data we hold (for example, not storing full payment card details ourselves but tokenizing them), we reduce risk. When data is no longer needed for business or legal reasons, we securely destroy or anonymize it.
Incident Response: Despite all precautions, no system can be 100% secure. In the unlikely event of a data breach or security incident, we have a response plan to contain and investigate the issue, notify affected users and regulators as required by law, and take steps to prevent future incidents. If something affects your account security (like we suspect unauthorized access), we will notify you and prompt measures like password resets.
User Responsibilities: Security is a partnership. While we do our part, you also play a role in keeping your information safe. We encourage you to use a strong, unique password for Paydoly and to keep your login credentials confidential. Enable any additional security features we offer (like two‑factor authentication, if available). Be aware of phishing attempts; Paydoly will never ask you for your password via email or unsolicited calls. If you suspect any unauthorized activity on your account, notify us immediately.

Our comprehensive approach to security is aligned with both U.S. federal guidelines and industry best practices. We continuously evaluate new security technologies and threats and update our safeguards accordingly. For more details on our security practices, you can contact us, and we may provide a summary of our measures (within the bounds of keeping our methods secure).

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, while also adhering to applicable laws and regulations. Because we are a financial services provider, certain data must be kept for minimum retention periods to comply with legal obligations (e.g., anti money laundering record retention, tax laws, etc.). Below is an overview of our retention practices:

Account Information: Information you provide during account registration and verification (personal details, KYC documents, etc.) is retained for as long as your account is active. If you decide to close your account, we will initiate deletion of data that is no longer needed. However, we will retain and securely store any data that we are required to keep for legal compliance or legitimate business purposes. For example, U.S. regulations require that we maintain a record of identity verification and account records for at least 5 years after an account is closed (to assist in possible future financial investigations). Similarly, transaction histories are typically kept for at least 5 years. In some cases (like in the Dominican Republic or other jurisdictions), laws may require longer retention; in those cases, we comply with the longer period (which can be up to 10 years for certain financial records). After the mandatory period, we will erase or anonymize the data unless it is still needed for a lawful purpose.
Transactional Data: As mentioned, transactions and related data (beneficiaries, amounts, timestamps) are retained for a minimum of 5 years. This is important for accounting, dispute resolution, and fraud prevention, as well as legal compliance. In practice, we may keep this data longer in an archive form, but we will not use it for any new purposes beyond what is described in this Policy. When it’s no longer needed, we either delete it or aggregate/anonymize it so it no longer is tied to an individual.
Biometric Data: If we collect biometric identifiers (like facial scan data) for verification, we will retain that only as long as needed for the verification purpose or as required by law, whichever is shorter. For instance, Stripe (our verification partner) stores verification data by default for 3 years, but we may opt to have it deleted sooner if not needed, except where regulations require us to keep proof of verification. Some jurisdictions require biometric data to be deleted within a shorter time frame (like within 1‑3 years of collection or immediately after verification is complete); we will adhere to those standards if applicable. We will also honor any specific user request to delete biometric data, to the extent possible, once its purpose has been served.
Communication and Support Records: If you contacted us for support or we sent you communications, we may retain those messages and notes for a period of time. Support tickets are generally kept for a couple of years for quality assurance and to reference previous interactions if you contact us again. Email or chat logs are similarly kept. If these contain sensitive info, they are protected, and we purge them periodically if not needed.
Marketing Data: If we have information on your marketing preferences or analytics data, we typically keep it until you opt out or until it’s no longer useful. If you unsubscribe from marketing emails, we will keep your email on a suppression list to ensure we don’t contact you again for marketing (which is a form of retention, but solely for compliance with your opt‑out request).
Backups: Our systems likely create routine backups. Those backups may store snapshots of your data and might persist for some time even after deletion in the main system, until they are rotated out. We have policies to not restore deleted data from backups except for a legitimate reason (disaster recovery, etc.), and if we do, we’ll re‑delete as required.

When we no longer have a legitimate need or legal obligation to retain your personal information, we will dispose of it in a secure manner. This could involve irreversible anonymization (converting data to a form that cannot be linked to you) or complete deletion from our systems. We also take care to remove data from any third parties that were processing it on our behalf, once it’s no longer needed.

Please note that due to the way certain technologies work, there might be delays in deleting residual copies (for example, info cached in systems or stored in intermediate data stores). We aim to ensure deletion requests and retention expirations are fully processed across all environments in a reasonable time frame.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we make a significant change (one that materially affects how your personal data is handled), we will notify you in advance through appropriate means. This might include:

Posting a prominent notice on our website or in‑app prior to the change becoming effective.
Sending an email or notification to the email address or contact number associated with your account outlining the changes.

The “Effective Date” at the top of this Policy will be updated to the date of the latest revision. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

If you continue to use Paydoly’s services after a revised Privacy Policy has become effective, it means you accept the revised terms. If you do not agree with the changes, you should discontinue use of the services and may close your account (as you always retain the right to do).

10. Contact Information and Further Resources

If you have any questions, concerns, or requests regarding this Privacy Policy or how your data is handled, please do not hesitate to contact us. We are here to help and clarify our practices. You can reach Paydoly’s privacy team at:

Email: privacy@paydoly.com Address: Paydoly Inc., 1201 W Peachtree St. NW Ste 2367, Atlanta, GA 30309, USA (Attn: Paydoly Privacy) and/or Paydoly Dominicana SRL, Av. Núñez de Cáceres No. 256, El Millón, Santo Domingo, National District., Dominican Republic.

We will respond to your inquiries as soon as possible, generally within 30 days. If you need to access, correct, or delete your data, or opt out of any services, contacting us through the above channels is the best way to exercise those rights.

Additional Resources: For U.S. users, you can learn more about consumer privacy rights from resources like the Federal Trade Commission (FTC) website. California residents can visit the California Attorney General’s site for information on the CCPA. While these external resources are not directly related to Paydoly, they can provide helpful context on privacy laws and your rights.

For Dominican Republic users, since local privacy law is still developing, you may consult the Dominican Institute of Telecommunications (INDOTEL) or any agency handling electronic commerce and data protection for guidance, though we reiterate that Paydoly is applying robust U.S.‑level privacy protections for your benefit.

By using our services, you entrust us with your personal information, and we take that responsibility very seriously. This Privacy Policy is intended to inform you in a clear and comprehensive manner. Thank you for reading it.