Privacy Policy

Last Updated: October 6, 2025

This Privacy Policy describes how International Data Inc. d/b/a PaymentWorld.io (“PaymentWorld.io,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit our websites, use our products and services, communicate with us, or otherwise interact with us.

Who We Are
International Data Inc. d/b/a PaymentWorld.io
1001 S Main St, Ste 600
Kalispell, MT 59901, USA

Scope
This Policy applies to our websites, platforms, and services, including account onboarding, pay-ins/payouts, cross-border payments, mass payouts, payroll and treasury services, and related value-transfer features (collectively, the “Services”). Additional disclosures or agreements may apply to certain features or regions.

1) Information We Collect

A. Identifiers & Contact Data
Name, address, email, phone, date of birth, IP address, device identifiers.

B. Government & KYC Data (Sensitive)
Government ID numbers (e.g., passport, driver’s license), tax IDs, proof of address, identity photos/biometrics (if you opt into selfie/ID match), sanctions/PEP screening results.

C. Financial & Transaction Data
Bank account details, payment instrument details (tokenized where possible), invoices, payouts/pay-ins, account balances, merchant/beneficiary details, currency, amounts, timestamps, counterparties.

D. Commercial & Account Data
Account credentials, user roles, audit logs, preferences, communications with us, customer support tickets, fraud/risk signals.

E. Internet/Network Activity
Log files, pages viewed, referring URLs, device/browser data, approximate location (from IP), first-party cookies and similar technologies.

F. Professional/Business Data
Business name, EIN/VAT, corporate documents, beneficial ownership and control persons.

G. Inferences
Risk scores, fraud/AML risk flags, service eligibility assessments.

We collect information directly from you, from your employer/merchant (if you are an authorized user), from transaction counterparties, and from third parties such as identity verification providers, sanctions/PEP screeners, fraud-prevention vendors, financial institutions, card networks, and public sources.

2) How We Use Information

• Provide & Improve Services: Set up and manage accounts, process transactions and payouts, onboard merchants/beneficiaries, provide support, and enhance user experience.

• Compliance & Risk: Perform KYC/KYB, sanctions/PEP and adverse-media screening, monitor transactions, prevent fraud, combat money laundering and terrorist financing, and file legally required reports.

• Security: Detect and respond to security incidents, protect against malicious or unauthorized activity, maintain platform integrity.

• Communications: Send service notices, onboarding and policy updates, and respond to inquiries.

• Analytics: Measure usage, performance, and service quality.

• Legal Obligations: Satisfy recordkeeping, reporting, and audit requirements under applicable law.

• Business Operations: Accounting, billing, testing, research, and service development.

No Selling: We do not sell personal information.
No Targeted Ads: We do not share personal information for cross-context behavioral advertising.

3) Legal Bases (EEA/UK/Switzerland)

Where GDPR/UK GDPR/Swiss FADP apply, our processing is based on:

• Contract (Art. 6(1)(b)) to deliver the Services;

• Legal Obligation (Art. 6(1)(c)) for AML/KYC, sanctions, tax, and recordkeeping;

• Legitimate Interests (Art. 6(1)(f)) for security, fraud prevention, analytics, service improvement;

• Consent (Art. 6(1)(a)) where required (e.g., optional biometrics/ID-selfie checks or certain cookies).

4) How We Disclose Information

We disclose personal information to:

• Service Providers/Processors: Cloud hosting, analytics, KYC/KYB, sanctions screening, document verification, communications, customer support.

• Financial Counterparties: Banks, payment networks, money transmitters, payout partners, and other regulated entities as needed to process transactions.

• Fraud & Risk Partners: Identity proofing, fraud/abuse detection, chargeback prevention, risk scoring.

• Affiliates: For support, compliance, and operations consistent with this Policy.

• Authorities & Law Enforcement: Where required by law or to protect rights, security, or integrity (e.g., SAR confidentiality rules apply).

• Corporate Transactions: In connection with mergers, acquisitions, financing, or transfer of assets.

We do not permit service providers to use personal information for their own marketing.

5) International Data Transfers

We are U.S.-based. If you are outside the U.S., your information may be transferred to and processed in countries that may not provide the same level of data protection as your home jurisdiction. Where required, we use appropriate safeguards (e.g., EU Standard Contractual Clauses) and implement supplementary measures.

6) Retention

We retain personal information only as long as necessary for the purposes described and to comply with legal, regulatory, tax, and accounting requirements. For AML/BSA and related recordkeeping, we typically retain certain records for at least five (5) years or longer if required by applicable law or to establish/defend legal claims.

7) Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. No system is 100% secure; you are responsible for maintaining the confidentiality of your credentials.

8) Your Privacy Choices & Rights

Email & Communications: You may opt out of non-transactional emails by following unsubscribe links or contacting us.

Cookies/Tracking: You can control cookies via your browser settings. Some features may not function without certain cookies.

U.S. State Privacy Rights (e.g., CA/VA/CO/CT/UT)
Depending on your state, you may have rights to know/access, correct, delete, and obtain a portable copy of certain personal information, and to appeal a denied request. We do not sell or share for targeted advertising; therefore, those opt-outs do not apply. To exercise rights, see Contact Us below. We will verify your request and respond within statutory timelines. Authorized agents may submit requests where permitted and with proper authorization.

California “Notice at Collection”
We collect the categories listed in Section 1 for the purposes in Section 2, from the sources described above, and retain them as described in Section 6. We do not sell or share for cross-context behavioral advertising. We may disclose information to the recipient categories in Section 4 for business purposes.

EEA/UK/Swiss Rights
Subject to limits in law, you may request access, rectification, erasure, restriction, portability, and objection to processing based on legitimate interests. Where processing relies on consent, you may withdraw consent at any time (without affecting prior processing). You also have the right to lodge a complaint with your local data protection authority.

Automated Decision-Making
We use automated tools for fraud and risk scoring and to support AML monitoring. These tools help protect our users and platform. You may contact us to request information about this processing and, where required, to obtain human review.

9) Children’s Privacy

Our Services are not directed to children under 13 (or under 16 where applicable). We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us and we will take appropriate steps.

10) Third-Party Services & Links

Our Services may link to third-party sites or services. Their privacy practices are governed by their own policies. We are not responsible for third-party privacy practices.

11) Financial Privacy (GLBA)

If you obtain a financial product or service from us primarily for personal, family, or household purposes, we will provide you with any required GLBA (Gramm-Leach-Bliley Act) financial privacy notice describing our information-sharing practices and your options, as applicable.

12) Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date indicates the latest revision. Material changes will be posted on this page and, where required, we will notify you by email or through the Services.

13) Contact Us

Privacy & Data Protection Contact
Email: [email protected] (or [email protected])
Mail: International Data Inc. d/b/a PaymentWorld.io
1001 S Main St, Ste 600, Kalispell, MT 59901, USA

To exercise your rights, ask questions, or appeal a decision, please email us with the subject line “Privacy Request.” If you are in the EEA/UK/Switzerland, please indicate your country of residence in your request.