Hurupay Privacy Policy

Welcome to Hurupay

At Hurupay, we are committed to safeguarding your privacy. This Privacy Policy provides key information about how we collect, use, and protect your personal data. We encourage you to read it thoroughly to understand your rights and how we handle your information.

Hurupay offers modern financial infrastructure for individuals and businesses globally. Our services enable users to receive and send payments, access virtual accounts, manage cross-border payouts, and operate in both fiat and stablecoin ecosystems.

This Privacy Policy (“Policy”) explains what personal data we collect, how we use it, who we share it with, and how you can reach us with any privacy-related concerns. It also outlines your rights as a data subject, including your right to object to certain uses of your data and the choices available to you.

Depending on the specific activity, Hurupay may act as a data controller or a data processor (also referred to as a service provider) in accordance with applicable data protection laws. For more information about our data practices, including our legal bases for processing your personal data and the relevant Hurupay legal entity responsible for data handling, please contact our Compliance Team or visit the Privacy section on our website.

1) Interpretations and Definitions

1.1 Definitions

In this Policy, “Hurupay,” “we,” “our,” or “us” refers to Hurupay Inc., the entity responsible for the collection, use, processing, and safeguarding of Personal Data as described in this Privacy Policy. The specific Hurupay entity responsible may vary depending on your jurisdiction or your interaction with our Services.

“Personal Data” means any information that relates to an identified or identifiable individual. This includes data you provide directly and information collected automatically when you interact with our Services, such as your name, contact details, device identifiers, transaction data, or other identifiers tied to you or your device.

“Services” refers to the full suite of Hurupay products and tools made available to users, including cross-border payment services, virtual account features, stablecoin transactions, and business tools; Hurupay-operated websites like www.hurupay.com; and any other applications or communication platforms used to interact with or access Hurupay’s services.

We provide these Services to both Business Users (companies or entrepreneurs who use Hurupay to send, receive, or manage payments or financial operations) and End Users (individuals transacting for personal purposes, including receiving or making payments through our platform or affiliated merchants).

“Financial Partners” are third-party institutions or entities with which Hurupay collaborates to deliver its Services. This includes banks, payment processors, stablecoin providers, card networks, compliance vendors, payment gateways, and other regulated financial institutions that enable fund movement, identity verification, fraud prevention, and transaction monitoring.

Depending on how you interact with Hurupay, the term “you” in this Privacy Policy may apply to one of the following:

• End Users: If you use Hurupay services directly for personal use, such as holding a USD virtual account or receiving funds as a freelancer, you are considered an End User.

• End Customers: If you don’t interact directly with Hurupay, but your personal data is processed because you are the recipient of a payment or service through one of our Business Users (e.g., a company paying you through Hurupay), we consider you an End Customer.

• Representatives: If you are acting on behalf of a business, such as a founder, admin, or financial representative managing a Hurupay Business Account, you are considered a Representative.

• Visitors: If you visit our website or contact us without having a Hurupay account, or if your interaction doesn’t fall into any of the above categories (e.g., visiting our office or emailing a support request), you are considered a Visitor.

2) Transaction or Personal Data

In this Privacy Policy, "Transaction Data" refers to information collected or used by Hurupay in connection with any financial transactions you initiate or receive through our platform. This may include personal information such as:

• Your full name, email address, and contact number

• Receiving bank account details, including the names on accounts and other account identifiers

• Bank or payment method details, including account numbers, digital wallet information, or payment card details.

• Transaction amounts, dates, and currency types

• Status of the transaction (e.g., pending, successful, refunded, or reversed)

• Where applicable, information about the transaction purpose, e.g., payroll, freelance work, vendor payment, or remittance

• Details about associated businesses or counterparties (e.g., sender or receiver names)

• Location and device-related metadata, if relevant to the transaction process

• Information regarding disputes, chargebacks, or refund requests

• Any support or compliance-related interactions concerning the transaction

Some or all of this Transaction Data may be classified as Personal Data under applicable data protection laws and is processed to enable seamless fund transfers, fraud detection, regulatory compliance, and service improvement.

3) How we use your personal information

Hurupay Inc. (“Hurupay,” “we,” “our,” or “us”) collects and uses Personal Data differently depending on whether you are an End User, End Customer, Representative, or Visitor, and depending on the specific Services you use. For example, if you are a sole proprietor onboarding your business to use Hurupay’s Business Services, we may collect your Personal Data to verify your identity, assess regulatory risk, and activate your business account. At the same time, you may also be an End Customer if you receive payments from another Business User through Hurupay, or an End User if you personally use Hurupay’s USD virtual accounts, cross-border payment services, or stablecoin features. Because users may interact with Hurupay in more than one capacity, the types of Personal Data we collect and the purposes for which we process that data may vary accordingly.

3.1 End Users

We provide End-User services by offering financial services directly to you for your personal use, including USD virtual accounts, cross-border transfers, stablecoin deposits and withdrawals, currency conversions, and other related financial features available through the Hurupay platform. Additional details regarding our collection, use, and sharing of End User Personal Data, including the legal bases for processing, are available in our Privacy Centre.

a. Personal Data We Collect About End Users

Account Registration and Onboarding. When you create a Hurupay account, we collect Personal Data necessary to establish and secure your account and to comply with applicable financial regulations. This may include your full legal name, email address, telephone number, residential address, date of birth, tax identification number where required, and government-issued identification documents such as a passport, national ID card, or driver’s license. We may also collect a selfie or biometric image to verify that your identity document matches your likeness. This information is used to perform Know Your Customer (KYC) verification, sanctions screening, fraud prevention checks, and compliance with anti-money laundering and counter-terrorism financing laws.

Financial and Account Information. When you use Hurupay’s Services, we collect financial information associated with your account. This may include your USD virtual account details, linked bank account information, stablecoin wallet addresses, blockchain transaction identifiers, account balances, and records of deposits, withdrawals, conversions, and transfers. If you link a bank account, we may collect account ownership verification data and limited transactional confirmation information to confirm that you are authorised to use that account. Where required by law or risk assessment procedures, we may also request information about your source of funds, employment status, or income.

Transaction Data. When you send or receive funds, convert currencies, transact in stablecoins, or otherwise use our Services, we collect Transaction Data. This may include the amount, currency, recipient or sender information, payment reference details, timestamps, device identifiers, IP address, and, where applicable, blockchain hashes or wallet transaction records. We may also collect information entered during a transaction process even if the transaction is not completed, for purposes such as fraud detection, system security, and dispute resolution.

Identity and Compliance Screening. To protect the integrity of our platform and comply with legal obligations, Hurupay conducts automated and manual screening processes. This may include sanctions screening, politically exposed person (PEP) screening, adverse media checks, and ongoing risk scoring assessments. Where permitted by law, biometric comparison technology may be used solely for identity verification and fraud prevention purposes.

Communications and Support. If you contact Hurupay for support or submit inquiries via email, chat, or other communication channels, we collect the information you provide, including account identifiers, communication content, supporting documentation, and details regarding complaints or disputes. This information is used to resolve issues, provide assistance, and improve service quality.

b. How We Use and Share Personal Data of End Users

Services. We use your Personal Data to provide and maintain the End User Services, including account setup, transaction processing, stablecoin facilitation, currency conversion, and customer support. We may also use your information to personalize your experience, such as remembering language preferences or regional settings, and to communicate important updates about our Services, including policy changes or security alerts.

Regulatory Compliance and Risk Management. Hurupay uses Personal Data to comply with applicable laws and regulatory requirements, including anti-money laundering, counter-terrorism financing, sanctions compliance, and financial reporting obligations. This may involve transaction monitoring, suspicious activity detection, enhanced due diligence procedures, and regulatory reporting. We may share Personal Data with regulated financial institutions, banking partners, payment processors, compliance service providers, and government or law enforcement authorities where required by law.

Fraud Detection and Loss Prevention. We use Personal Data collected across our Services to detect and prevent fraud, unauthorised transactions, account misuse, money laundering schemes, and other financial crimes. We may share relevant information with financial partners, fraud detection providers, blockchain analytics services, and other institutions to assess transaction risk and protect users and the Hurupay platform from financial harm.

Advertising. Where permitted by applicable law, we may use your Personal Data, including limited Transaction Data, to inform you about new features or services that may be relevant to you. We do not sell your Personal Data. However, we may share limited information with analytics providers or marketing partners to measure the effectiveness of communications and improve service outreach, subject to legal requirements and consent where applicable.

3.2 End Customers

Hurupay provides Business Services to Business Users, including payment processing, cross-border settlements, and digital asset-related services. When acting as a service provider (also referred to as a Data Processor) for a Business User, we process End Customer Personal Data in accordance with our agreement with the Business User and the Business User's lawful instructions. For example, when you make a payment to a Business User or receive funds through them, Hurupay processes your Personal Data to facilitate that transaction. Business Users are responsible for ensuring that they provide appropriate privacy disclosures to their customers. If you are an End Customer, you should review the privacy policy of the Business User with whom you are transacting for details about how they handle your information.

a. Personal Data We Collect About End Customers

Transaction Data. If you initiate or receive a payment through a Business User who uses Hurupay, we collect Transaction Data, including your name, contact details, payment method information, transaction amount and currency, payment reference, timestamps, and device or IP information. We may also receive transaction history related to your interactions with that Business User. Information entered into payment forms may be collected even if the transaction is not completed.

Identity and Verification Information. Where required for fraud prevention or regulatory compliance, Hurupay may collect and verify your Personal Data, including government-issued identification, selfie images for identity verification, proof of address, and screening results. We may cross-verify this information with publicly available data, financial institutions, identity verification providers, and blockchain analytics services to protect against impersonation and fraud.

b. How We Use and Share Personal Data of End Customers

To provide our Business Services to Business Users, we use and share End Customer Personal Data with them. This includes processing payments, facilitating payouts, enabling settlement and reconciliation, preventing fraud, resolving disputes, and supporting regulatory compliance obligations. During payment transactions, your Personal Data may be shared with banks, payment networks, financial institutions, and compliance providers as necessary to authenticate transactions, prevent fraud, and manage disputes. The Business User you transact with will also receive your Transaction Data and may share it further in accordance with their privacy policy.

Hurupay may also use End Customer Personal Data, where permitted by law, to enhance platform security, improve fraud detection systems, and strengthen compliance monitoring processes.

3.3 Representatives

We collect, use, and share Personal Data from Representatives of Business Users, such as business owners, directors, shareholders, authorised signatories, or compliance officers, to provide Business Services and comply with financial regulations.

a. Personal Data We Collect About Representatives

When onboarding or maintaining a Business User account, we collect Personal Data, including full legal name, contact details, residential address, date of birth, government-issued identification, ownership interest in the business, tax identification information, and corporate governance documentation. We may also collect information from publicly available sources, credit bureaus, compliance databases, and other third-party data providers to conduct due diligence, risk assessment, and sanctions screening.

b. How We Use and Share Personal Data of Representatives

We use Representatives’ Personal Data to verify business identity, conduct anti-money laundering and sanctions screening, assess service eligibility, monitor for fraud and misuse, and fulfill regulatory reporting obligations. We may share this information with banking partners, financial institutions, compliance service providers, and government authorities, as required by law. We also use this data to enforce our Terms of Service and manage platform risk.

3.4 Visitors

We collect, use, and share Personal Data from Visitors who browse Hurupay’s website or engage with our content.

a. Personal Data We Collect About Visitors

When you browse our website, we may collect Personal Data through cookies and similar technologies, including IP address, device information, browser type, approximate location, pages visited, and interaction data. If you complete a form on our website, request information, or engage with our advertisements, we collect the information you provide, such as name, email address, company details, and inquiry content. If you visit our offices or attend Hurupay events, we may collect registration information and security-related data such as access logs.

b. How We Use and Share Personal Data of Visitors

We use Visitor Personal Data to improve website functionality, personalize content based on region or language preferences, measure engagement, and respond to inquiries. Where permitted by law and with required consent, we may use Visitor data for advertising and marketing purposes. We do not sell Visitor Personal Data. Limited information may be shared with analytics providers and marketing service providers to improve website performance and outreach effectiveness.

4) Why We Process Your Personal Data

Hurupay processes your Personal Data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other regional regulations. Our legal basis for collecting and using your data depends on the nature of the relationship and context in which the data is collected.

We first rely on contractual and pre-contractual necessity to provide our Services. This includes creating and managing Hurupay accounts, verifying user identity, processing payments, conducting fraud detection, and fulfilling obligations under the terms agreed with both our Business Users and End Users. These activities also cover customer support, auditing, billing, and facilitating account creation or onboarding through features like virtual USD accounts or SEPA payment rails.

In addition, Hurupay processes data to comply with legal obligations. For example, we collect and verify identity information to meet Know Your Customer (KYC), Anti-Money Laundering (AML), sanctions screening, and other compliance requirements. This may include disclosing information to regulators, conducting politically exposed persons (PEP) checks, or undergoing audits mandated by financial authorities or Financial Partners.

Where allowed, Hurupay also relies on legitimate interests to protect and operate our business. This includes fraud monitoring, loss prevention, and improving the reliability and security of our Services. We analyze usage patterns to improve the user experience, provide customer support, develop new features, and ensure network integrity. We may also use aggregated data to generate business intelligence and monitor the performance of our Services and partnerships.

In some cases, we may process Personal Data based on your consent. For example, if you opt into optional features such as Financial Insights, crypto staking tools, or when interacting with third-party integrations via Hurupay’s platform, you may be asked for specific consent. Where processing is based on consent, you have the right to withdraw it at any time without affecting prior lawful use.

Furthermore, in line with public interest obligations and legal authorization, Hurupay may process special categories of data such as information related to criminal offenses or sanctions if necessary for regulatory compliance. This is particularly relevant when assessing users under enhanced due diligence, such as politically exposed persons or during cross-border fraud investigations.

Lastly, depending on your jurisdiction, we may rely on other valid legal bases for processing your data. These are outlined in our jurisdiction-specific provisions, which are available on request or accessible within our Privacy Center.

5) Additional Ways We Collect, Use, and Share Personal Data

Beyond the core services, Hurupay may collect and process your Personal Data in several other ways to improve user experience, detect fraud, fulfill legal obligations, and enhance service quality. When you interact with our platform, we may collect technical data about your device and browsing activity, such as IP addresses, browser types, plugins, and the time spent on our site or third-party platforms. This includes mouse movement signals, which help us identify suspicious or fraudulent behavior. We may also gather engagement data when you contact us via support tickets, email, social media, or by attending webinars and Hurupay-hosted events. If you respond to a survey or call us, we may collect or record the conversation for training and quality purposes.

We use this data to better understand how users engage with Hurupay’s services so we can improve our platform and develop new features. For example, we may apply analytics or train AI models on aggregate usage patterns to optimise fraud detection, boost transaction success rates, and personalise user experience. We may also evaluate chat transcripts and call logs to improve customer support and service delivery.

Your contact details may be used to send service updates, account verification codes, and other relevant communications, including occasional event invites and opportunities to participate in research. We will not use your mobile authentication data for third-party marketing purposes. If you engage in promotions or provide data on social media, we may use that information to follow up or share offers only where legally allowed.

To ensure the security of our platform and to protect users from fraudulent activity, we collect data from public sources, credit bureaus, and third-party fraud intelligence providers. This allows us to verify identities, run credit or sanctions checks, and monitor for risks. Information like IP addresses or unusual patterns may be flagged and assessed to prevent abuse or financial loss.

Hurupay also processes your Personal Data to meet obligations under anti-money laundering (AML), counter-terrorist financing (CTF), sanctions, and export control regulations. This includes analysing transactions and user behaviour to flag potentially suspicious activity or violations of restricted-country policies. Our services are not intended for use by children under 13, and we do not knowingly collect personal data from minors.

We may share your Personal Data with Hurupay’s affiliated companies to improve operations or deliver joint services. Additionally, we rely on trusted third-party service providers for critical functions like cloud hosting, identity verification, analytics, and support. These vendors are required to meet strict confidentiality and data protection standards.

In some cases, we work closely with financial institutions and payment processors (“Financial Partners”) to deliver services such as USD accounts, SEPA transfers, and payment gateways. As part of this collaboration, we may share data like transaction history, loan repayment status, or contact details to fulfill regulatory or operational obligations.

If you consent to services provided by a third-party, such as a legal firm offering company registration, we will clearly disclose the provider and only share your data with your permission. In the event of a business merger, reorganization, or acquisition, we may transfer user data to the acquiring entity under existing policy protections.

Lastly, we may disclose your Personal Data if required to comply with legal obligations, respond to law enforcement, enforce our rights, protect against fraud, or address security risks. This may involve responding to government requests, following partner-specific rules (like card network guidelines), or ensuring the safety of Hurupay, our users, and financial stakeholders.

6) Security and Retention of Personal Data

At Hurupay, we are committed to protecting your Personal Data and apply appropriate technical, administrative, and organizational safeguards based on the level of risk involved. These measures are designed to prevent unauthorized access, loss, misuse, alteration, or destruction of your data. While we implement industry-standard security protocols, we also acknowledge that no method of transmission over the internet or electronic storage is ever completely secure.

To help safeguard your Hurupay account, we strongly encourage you to use a unique and complex password, avoid sharing your login credentials or private keys, and never reuse the same password across multiple services. If you suspect any unauthorized activity on your account or believe your account security may have been compromised, please contact us immediately at [email protected].

We retain your Personal Data for as long as necessary to provide our services to you or our business partners and as long as legally or operationally required. This includes retaining data for purposes such as fraud prevention and monitoring, regulatory compliance, tax and accounting obligations, and contractual requirements from our banking and financial partners. In some cases, even after you have closed your Hurupay account or completed a transaction, we may still retain your Personal Data in line with applicable legal retention schedules and internal risk management policies.

Our data retention practices are designed to respect regulatory timelines, enforce platform integrity, and uphold our obligations under financial and anti-money laundering laws. We ensure that any data we retain is securely stored and only accessible by authorized personnel for lawful purposes.

7) Personal Data Transfer

As an international financial technology company, Hurupay may transfer your Personal Data to countries outside the country where you are located. This may include transfers to jurisdictions where our affiliates, service providers, compliance partners, cloud infrastructure providers, financial institutions, or technology vendors operate. These countries may have data protection laws that differ from those in your jurisdiction. When transferring Personal Data across borders, Hurupay implements appropriate safeguards to ensure compliance with applicable data protection and financial regulatory laws. In certain circumstances, we may also be required to disclose Personal Data in response to lawful requests from government authorities, law enforcement agencies, courts, or national security authorities.

If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, additional information regarding cross-border transfers and your data protection rights is available in our Privacy Centre. Where required by applicable law, Hurupay relies on legally recognized transfer mechanisms to safeguard Personal Data transferred internationally.

When a lawful data transfer mechanism is required, Hurupay may rely on one or more of the following:

Transfers to Adequate Jurisdictions. We may transfer Personal Data to countries or recipients that are recognized by relevant authorities as providing an adequate level of data protection under applicable law.

Standard Contractual Clauses and UK Addendum. Where appropriate, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum issued by the UK Information Commissioner’s Office to ensure appropriate safeguards are in place. These contractual safeguards are designed to protect Personal Data when transferred outside the EEA or UK. A copy of the relevant Standard Contractual Clauses may be made available upon request, subject to confidentiality requirements.

Other Lawful Transfer Mechanisms. Hurupay may rely on other legally recognized transfer mechanisms available under applicable data protection laws, including derogations for specific situations, where appropriate and lawful.

Where applicable, Hurupay implements additional technical and organizational safeguards to protect Personal Data transferred internationally. These measures may include encryption, access controls, data minimization, contractual confidentiality obligations, and enhanced compliance monitoring.

If you have questions or concerns regarding international data transfers or believe your Personal Data has been transferred in a manner inconsistent with this section, you may contact Hurupay through the contact details provided in this Privacy Policy.

8) Your Legal Rights

At Hurupay, we respect your rights under applicable data protection laws and aim to provide you with control over your Personal Data, depending on your location and local regulations.

a. Opting Out of Marketing Communications

If you no longer wish to receive marketing-related emails from Hurupay, you can opt out by clicking the “unsubscribe” link included in those communications or following the steps provided within the message. Please note that unsubscribing from marketing messages will not affect transactional or service-related communications such as updates to our terms, security alerts, or notifications directly related to your use of Hurupay. Additionally, if you transact through a business using Hurupay, they may still send you messages independently.

b. Your Data Protection Rights

Depending on where you are located, and subject to applicable data protection law, you may have the following rights regarding the Personal Data we hold and process about you in our role as a data controller:

• Access: You can request confirmation that we are processing your Personal Data and access to that information.

• Rectification: You can request that we correct or update your Personal Data if it is inaccurate or incomplete.

• Erasure: You may request deletion of your Personal Data in certain circumstances, as provided under law.

• Restriction: You can request that we temporarily limit our use of your data (e.g., while investigating a correction request).

• Portability: Where technically feasible, you may request that we export your Personal Data to you or another service provider.

• Objection: You may object to our processing of your Personal Data if we rely on our legitimate interests as the legal basis, and we will cease processing unless we have compelling lawful grounds to continue.

• Withdrawal of Consent: Where processing is based on your consent, you can withdraw that consent at any time.

• Non-Discrimination: Exercising your data rights will not affect your access to services or result in unfair treatment.

• Appeals: You may challenge any decision Hurupay makes regarding your data rights by contacting us or the relevant data protection authority in your jurisdiction.

c. How to Exercise Your Rights

If you wish to exercise any of the rights above regarding Personal Data processed by Hurupay as a data controller, please contact us at [email protected]. If your Personal Data is processed by Hurupay on behalf of one of our Business Users (i.e., Hurupay is acting as a data processor), we will refer you to the relevant Business User to handle your request, as they control that data.

For more details, or if you have any concerns about how your Personal Data is handled, please refer to our full Privacy Policy or contact our Compliance Team directly.

9) Links to other Websites

Our Service may contain links to other websites that are not operated by Us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

10) Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, regulatory requirements, or privacy practices. The “Last updated” date at the top of this Policy indicates when it was last materially revised. Any updates will take effect from the date they are posted on our website or as otherwise communicated in accordance with applicable data protection laws.

Where appropriate, we may also provide additional notices of material changes, especially if they significantly impact your rights or how we process your data.

If you are a Hurupay End User, Business Representative, or Recipient, we may notify you about such updates by:

• Posting an alert on our platform or website;

• Sending an email to the address linked to your Hurupay account;

• Or using other contact information you’ve provided to us.

We encourage you to periodically review this Policy to stay informed about how we protect your information.

11) How to Contact Us

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices at Hurupay, please reach out to us directly at [email protected].

If you are a Recipient or End Customer transacting with one of our Business Users (e.g., a freelance platform, payroll provider, or merchant using Hurupay’s services), we encourage you to first review the privacy policy or notice of that Business User. They are primarily responsible for their own data-handling practices and cannot provide more information about how your data is collected, used, and protected in the context of your relationship with them.

For further assistance regarding Hurupay's role in facilitating transactions or managing personal data, please don’t hesitate to get in touch.