Privacy Policy

1. Introduction:

bepay is committed to ensuring the highest level of data security, privacy, and transparency in handling users' personal and financial information. This Privacy Policy explains how we collect, store, use, and protect user data while ensuring compliance with global data protection regulations, including various act.

We value user trust and are dedicated to safeguarding your personal data against unauthorized access, misuse, or disclosure. Our platform follows strict security measures, including encryption, two-factor authentication (2FA), and real-time fraud monitoring to ensure the protection of sensitive information.

This Privacy Policy applies to:

Individuals who register an account on bepay.
Businesses and merchants using bepay's services.
Website visitors who engage with our platform.

By using bepay, you consent to the collection, processing, and sharing of your personal data as described in this Privacy Policy. If you disagree with any terms, you should discontinue using our services.

1.1 For the purpose of privacy policy:

Reference in this policy to 'you' or 'your' is reference to user(s)

Reference to 'we', 'us' or 'our' is reference to bepay.

Reference to website ("bepay") means a reference to website(s), mobile site(s) and mobile app(s).

First, we need to define, and it is important for you to understand, the expression: "Personal Data" (PD). It generically represents any kind of information about a physical person, whose particularities can lead, directly or indirectly, to its identification. Here you have, by way of example, but not limited to: name and surname, geographical address, any identification number, political orientation, sexual orientation, email address, any location information and any other online identifier such as the device used to access the Internet, IP address, or cookie information.

With regards of your agreement on collection and use of personal data, we have taken all the necessary technical measures to provide you with this detailed agreement, so you can have a crisp clear experience, from the first to the last interaction with our website or our services.

Visitors and Users agree and accept that the use of our website is not possible without any indication of personal data.

In your relationship with us through the website, controller, for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in member states of the European Union and other provisions related to data protection, is bepay.

This Policy does not apply to other companies' or Companys' websites to which we may link to or may link to us. You should carefully review the privacy policies of those websites in order to determine how they treat your personal information.

If you do not agree to this Privacy Policy, please exit, and do not access or use our website.

2. Definitions:

Our data protection policy should be legible and understandable for the general public, as well as for our Users and business partners. To ensure this, we would like to first explain the terminology used. In this data protection declaration, we use, inter alia, the following terms:

Data Subject or Data Principal - is any identified or identifiable natural person, whose personal data is collected and processed by us.
Processing - is any operation which is performed on personal data, such as collection, recording, Company, structuring, storage, etc.
Restriction of processing - is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling - means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
Data Controller or Data Fiduciary - is the natural or legal person, public authority, agency or other body, which determines the purposes and means of the processing of personal data;
Processor - is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient - is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed.
Third-party - is a natural or legal person, public authority, agency or body other than the ones above, who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent - is any freely given, specific, informed and unambiguous indication of data subject's acceptance to the processing of their personal data.

2.1 Compliance:

The processing of personal data will be in line with these main international legislations:

General Data Protection Regulation (GDPR), applicable in Europe;
California Consumer Privacy Act (2018) and Privacy Act U.S.C. 552a (Privacy Act of USA);
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection ("PDPL") of Dubai
Any other applicable law, as the case may be, at any given time.

We are able to provide our services worldwide. For the purpose of avoiding any compliance conflict with any terminology used by any particular legislation, in this document: "Users" are the "data subjects" or the "data principals" and bepay is the "data controller" or "data fiduciary."

3. Information We Collect:

bepay collects and processes various categories of personal and transactional data to ensure the secure and efficient operation of its services. The types of data collected may vary depending on user activity, regulatory requirements, and service usage patterns.

3.1. Categories of Data Collected

3.1.1. Personal Identification & Account Data

Full Name, Date of Birth, and Contact Information – Including email address, phone number, and residential address, used for account verification and customer support.
Government-Issued Identification – Such as passports, national ID cards, or driver's licenses, required for Know Your Customer (KYC) compliance and fraud prevention.
Selfie or Biometric Verification Data – In certain cases, users may be asked to provide facial recognition or biometric data for enhanced identity verification and security authentication.

3.1.2. Financial & Transactional Data

Payment and Wallet Information – Including linked bank accounts, cryptocurrency wallet addresses, transaction histories, and payment preferences.
Transaction Records – Details of deposits, withdrawals, purchases, and peer-to-peer transfers conducted through bepay, used for compliance, auditing, and fraud detection.
Billing & Subscription Data – Information related to recurring payments, invoices, and merchant subscriptions, if applicable.

3.1.3. Technical & Device Data

IP Address & Geolocation Data – Collected to monitor for suspicious activities, prevent unauthorized access, and comply with location-based regulatory restrictions.
Device Identifiers & Browser Information – Including operating system details, browser type, and session activity, used for fraud prevention and security monitoring.
Cookies & Tracking Technologies – Utilized to enhance user experience, analyze platform performance, and offer personalized features.

3.1.4. Communication & Support Data

Customer Support Interactions – Records of inquiries, complaints, and chat conversations with bepay's support team, maintained for quality assurance and dispute resolution.
Marketing Preferences – User choices regarding promotional communications, newsletters, and engagement with bepay's marketing campaigns.

3.2. How We Collect User Data

Directly from Users – Information is provided when creating an account, completing verification, making transactions, or contacting customer support.
Automatically Through Platform Use – bepay collects system logs, cookies, and metadata whenever users engage with its services.
From Third-Party Sources – bepay may obtain additional data from financial institutions, regulatory agencies, or compliance service providers to validate identity, prevent fraud, and ensure platform security.

4. How We Use Your Data:

bepay collects, processes, and protects user data to ensure a secure and compliant payment experience.

4.1. Personal Data Collection

User Information: Name, email, phone number, nationality, and government-issued ID (for KYC).
Transaction Data: Payment history, wallet balances, withdrawal and deposit records.
Technical Data: Device type, IP address, geolocation data, and browser information for fraud prevention.

4.2. Data Usage & Processing

bepay uses collected data for:

User verification (KYC/AML compliance).
Transaction security and fraud prevention.
Providing a seamless payment experience across fiat and crypto assets.
Compliance with financial regulations and tax reporting obligations.

4.3. Third-Party Data Sharing

bepay does not sell user data.
Data may be shared with:
- Regulatory authorities for legal compliance.
- Financial institutions for transaction processing.
- Fraud detection agencies to prevent illicit activities.

4.4. Data Retention Policy

Personal data is retained for as long as legally required under applicable KYC/AML laws.
Users can request data deletion (subject to legal compliance).

5. Data Sharing:

bepay is committed to protecting user data and does not sell personal information to third parties. However, bepay may share or disclose certain data under specific conditions, as outlined below.

5.1. Data Sharing for Service Provisioning

Payment Processors & Banking Partners – bepay collaborates with banks, card networks, and blockchain infrastructure providers to facilitate transactions, fiat-to crypto conversions, and fund settlements.
Identity Verification & Compliance Partners – bepay works with KYC/AML service providers to ensure that users meet regulatory requirements before accessing financial services.

5.2. Legal & Regulatory Disclosures

Compliance with Legal Obligations – bepay may disclose personal information in response to court orders, regulatory requests, or subpoenas issued by law enforcement agencies.
Fraud Prevention & Risk Mitigation – Information may be shared with government authorities or industry partners to prevent financial crime, cyber fraud, and unauthorized account activity.
Jurisdiction-Specific Reporting – In certain regions, bepay may be required to provide user transaction records to tax authorities or financial regulators for legal compliance.

5.3. Data Transfers to Third-Party Service Providers

bepay engages cloud hosting services, cybersecurity firms, and analytics providers to ensure the reliability and security of its platform.
Third-party service providers are contractually obligated to protect user data, maintain confidentiality, and comply with global data protection laws.

5.4. Business Transfers & Mergers

In the event of a merger, acquisition, or sale of bepay's assets, user data may be transferred to the acquiring entity, subject to applicable data protection regulations.
Users will be notified in advance if their personal data is subject to ownership changes.

5.5. User-Controlled Data Sharing

Users may authorize third-party integrations, such as linking bepay to financial apps, blockchain wallets, or tax reporting services.
Any data shared through user-authorized connections remains under the user's control and is governed by the third party's privacy policies.

6. Compliance & Security Measures:

bepay is committed to protecting user data and does not sell personal information to third parties. However, bepay may share or disclose certain data under specific conditions, as outlined below.

6.1. Regulatory Framework

bepay complies with General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other international privacy laws.
Data processing follows strict AML/CTF protocols to prevent financial crimes.

6.2. Encryption & Secure Storage

bepay uses 256-bit encryption for sensitive data storage.
All financial transactions are secured through blockchain-based authentication mechanisms.

6.3. Account Security

Users must enable two-factor authentication (2FA) for added protection.
bepay uses biometric authentication (where applicable) for secure login.
Suspicious login attempts trigger automated security alerts.

6.4. Data Breach & Incident Response

bepay has a dedicated cybersecurity team monitoring threats.
In case of a data breach, users will be notified immediately, and security patches will be deployed.
bepay cooperates with cybercrime authorities for risk mitigation.

6.5. User Privacy Rights

bepay would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to be informed – You have the right to be informed about the personal data we collect from you, and how we process it.
The right to access – You have the right to request bepay for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that bepay correct any information you believe is inaccurate. You also have the right to request bepay to complete the information you believe is incomplete.
The right to erasure – You have the right to request that bepay erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that bepay restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to bepay's processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that bepay transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

7. Cookies & Tracking Technologies:

bepay employs cookies, tracking technologies, and analytical tools to enhance user experience, improve service functionality, and ensure platform security. These technologies collect non-personally identifiable information related to user activity, device interactions, and browsing behavior.

7.1. Types of Cookies Used

Essential Cookies – Required for core functionalities such as user authentication, security verification, and transaction processing. Disabling these may affect platform accessibility.
Performance & Analytics Cookies – Collect anonymized data on website traffic, session duration, and user engagement to improve platform efficiency.
Functional Cookies – Store user preferences, language settings, and personalized dashboard configurations for a seamless experience.
Marketing & Advertising Cookies – Used to deliver targeted advertisements, promotions, and personalized recommendations based on browsing behavior.

7.2. User Control & Cookie Management

Users may accept, reject, or customize cookie preferences through browser settings or bepay's cookie management tool.
Disabling certain cookies may limit access to specific features, potentially affecting transaction speed, personalized content, or account-related functionalities.
bepay does not track users beyond its platform and does not engage in cross-site tracking unless explicitly stated.

7.3. Third-Party Tracking & Analytics

bepay may integrate with third-party analytics services (e.g., Google Analytics, blockchain monitoring tools) to assess platform performance and identify fraudulent activities.
These services operate under their own privacy policies, and users are encouraged to review their respective data collection practices.

7.4. Links

For your convenience, bepay provides links to other sites. When you click on one of their links, you are leaving bepay and entering another site. We are not responsible for such third-party sites. You should carefully review the privacy statements of any other sites you visit because those privacy statements will apply to your visit to such other sites.

8. Data Retention Policy:

bepay retains user data, transaction records, and compliance-related information for the duration necessary to fulfill regulatory, legal, and operational requirements.

8.1. Retention Periods

Personal Identification & KYC Data – Stored for a minimum of five (5) years post account closure, in line with AML and financial compliance laws.
Transaction History & Payment Records – Retained for audit, taxation, and dispute resolution purposes, typically between 5 to 7 years, or as required by applicable jurisdictions.
Technical & Usage Data – Log files, security logs, and device metadata are stored for up to 2 years unless extended for fraud investigations.
Marketing & Communication Data – Retained until the user withdraws consent or unsubscribes from promotional communications.

8.2. Data Deletion & Anonymization

Upon account termination, certain data may be anonymized, ensuring it can no longer be linked to the individual but is retained for statistical and research purposes.
Users may request deletion of personal data; however, bepay reserves the right to deny such requests if retention is legally mandated for compliance, dispute resolution, or anti-fraud purposes.

9. Policy Updates & Amendments:

9.1. Modification of Privacy Policy

bepay reserves the right to update, amend, or modify this Privacy Policy in response to changes in regulatory requirements, technological advancements, or service enhancements.
Any material changes affecting user rights, data processing practices, or security measures will be communicated via email, in-app notifications, or website announcements.

9.2. User Acknowledgment & Continued Use

Users are advised to review the Privacy Policy periodically to stay informed about their rights and bepay's data protection measures.
Continued use of bepay's services following a policy update constitutes acceptance of the revised terms.
If a user disagrees with any changes, they must discontinue use of bepay's platform and request account closure.

10. Governing Law & Dispute Resolution:

10.1. Jurisdiction & Legal Compliance

This Privacy Policy shall be governed by and construed in accordance with the laws of the European Union, USA and GCC area, without regard to conflict of law principles.
Users are responsible for ensuring their use of bepay complies with local, national, and international financial regulations applicable in their jurisdiction.

10.2. Dispute Resolution Mechanism

Users agree to resolve disputes through good faith negotiations before seeking legal action.
If disputes remain unresolved, they shall be subject to binding arbitration in Dubai, in accordance with the applicable rules.
Arbitration proceedings will be conducted in English, unless otherwise agreed upon.

10.3. Compliance with International Laws

bepay operates under global data protection laws, including GDPR, CCPA, IT Act and AML regulations.
Users must acknowledge that cryptocurrency regulations vary by jurisdiction and are responsible for compliance with applicable financial and tax laws.

10.4. Cooperation with Regulatory Authorities

bepay may cooperate with government agencies, tax authorities, and financial regulators as required by law.
Users may be required to provide additional documentation for compliance purposes.

California Privacy Rights

In addition to the rights provided for above, if you are a California or US resident, you have the right to request information from us regarding whether we share certain categories of your personal information with third parties for the third parties' direct marketing purposes. To the extent we share your personal information in this way, you may receive the following information:

the categories of information we disclosed to third parties for the third parties' direct marketing purposes during the preceding calendar year; and
the names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.

Effective January 1, 2020, pursuant to the California Consumer Privacy Act of 2018 ("CCPA"), California residents have certain rights in relation to their personal information, subject to limited exceptions. Any terms defined in the CCPA have the same meaning when used in this California Privacy Rights section.

bepay does not sell your personal information in its ordinary course of business and will never sell your personal information to third parties without your explicit consent.

Transferring PD From the European Economic Area

PD that we collect from you may be stored, processed, and transferred between any of the countries in which we operate. The European Union and the UK has not found the United States and some other countries to have an adequate level of protection of PD under Article 45 of the GDPR. Our company relies on derogations for specific situations as defined in Article 49 of the GDPR.

Changes to Our Privacy Policy

We reserve the right to change this privacy notice at any time. If our company decides to change this privacy notice, we will post those changes on our website so that our users and customers are always aware of what information we collect, use, and disclose.

11. Contact Information:

If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, you should contact our Data Protection officer

Mr. Sadri Sali LL.M., CCAS

Email: [email protected]

We will seek to deal with your request without undue delay, and in all events in accordance with the requirements of the applicable law.