Privacy Policy

Who We Are

Sunu Pay ("Sunu Pay," "we," "us," or "our") is a payments platform committed to making it simple, secure, and affordable for people to send, receive, and manage money. We are the data controller responsible for the personal information we collect through our website, mobile applications, and related services (together, the "Services").

This Privacy Policy describes how we handle your personal information and what rights you have regarding that information. By using our Services, you agree to the practices described in this policy.

Information We Collect

We collect information to provide and improve our Services, comply with legal obligations, and protect against fraud. The specific information we collect depends on how you use our Services.

Information You Provide Directly

Information We Collect Automatically

When you use our Services, we automatically collect certain technical information including:

• Device information — device type, operating system, unique device identifiers, browser type
• Usage data — pages visited, features used, time spent, referring URLs
• Location data — approximate location based on IP address (precise location only with your explicit consent)
• Log data — IP address, access times, error reports

Information from Third Parties

We may receive information about you from third parties such as:

• Identity verification providers
• Fraud prevention services
• Banking and payment partners
• Credit reference agencies (where permitted by law)
• Public databases and government registers

How We Use Your Information

We use your personal information for the following purposes:

• To provide our Services — processing transactions, managing your account, providing customer support
• To verify your identity — meeting Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements
• To prevent fraud — detecting and investigating suspicious activity, protecting your account
• To comply with the law — meeting regulatory, tax, and legal obligations
• To improve our Services — analyzing usage to make Sunu Pay better
• To communicate with you — sending service notifications, security alerts, and (with your consent) marketing messages
• To personalize your experience — providing relevant content and features based on how you use our Services

Legal Basis for Processing

Where applicable laws like GDPR (UK and EU) require it, we only process your personal information when we have a valid legal basis. Our legal bases include:

• Contract — processing necessary to provide our Services to you
• Legal obligation — compliance with anti-fraud, anti-money laundering, tax, and other regulations
• Legitimate interests — improving our Services, preventing fraud, maintaining security
• Consent — for marketing communications, optional analytics, and other non-essential processing
• Vital interests — when necessary to protect someone's life or safety

You can withdraw consent at any time, where consent is the legal basis. Withdrawing consent does not affect the lawfulness of processing already carried out.

How We Share Your Information

We share your personal information only when necessary, and only with parties bound by appropriate confidentiality and security obligations. The categories of recipients include:

Service Providers

We work with carefully selected vendors who help us operate our Services — including cloud hosting, identity verification, fraud detection, customer support tools, and analytics providers. These providers are contractually required to protect your data and only use it for the services they provide to us.

Banking and Payment Partners

To process transactions, we share necessary information with banking partners, payment networks, and financial institutions involved in your transfers.

Regulatory Authorities

We may share information when required by law, regulation, court order, or to comply with anti-money laundering, counter-terrorism financing, sanctions, or fraud-prevention obligations.

Business Transfers

If Sunu Pay is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.

With Your Consent

We share information with other parties only with your explicit consent or at your direction.

How We Protect Your Information

We use industry-standard security measures to protect your personal information, including:

• Encryption — all data is encrypted both in transit (TLS) and at rest using AES-256 or equivalent
• Access controls — strict employee access policies, multi-factor authentication, and need-to-know basis
• Monitoring — continuous security monitoring and intrusion detection
• Regular audits — independent security reviews and penetration testing
• Secure infrastructure — hosting on infrastructure that meets recognized security standards

While we take security seriously, no system is 100% secure. We strongly encourage you to use a strong unique password, enable two-factor authentication, and never share your login credentials.

How Long We Keep Your Information

We retain your personal information only for as long as necessary to provide our Services and comply with our legal obligations. Specifically:

• Account information — for the duration of your account, plus the period required by law (typically 5–7 years for financial records)
• Transaction records — for the legally required retention period for financial regulations in the relevant jurisdictions
• Marketing data — until you withdraw consent or opt out
• Technical logs — typically up to 12 months, unless needed for security investigations

When we no longer need your information, we securely delete or anonymize it.

International Data Transfers

Sunu Pay operates globally. To provide our Services, your personal information may be transferred to and processed in countries other than your own. These countries may have data protection laws different from your country.

When we transfer personal data internationally, we use appropriate safeguards required by law, such as:

• Standard Contractual Clauses approved by relevant regulators
• Adequacy decisions where applicable
• Other lawful transfer mechanisms recognized under applicable data protection laws

Your Privacy Rights

Depending on where you live, you may have the following rights regarding your personal information:

• Right to access — request a copy of the personal data we hold about you
• Right to rectification — correct inaccurate or incomplete information
• Right to erasure — request deletion of your data, subject to legal retention requirements
• Right to restrict processing — limit how we use your data in certain circumstances
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent — for any processing based on your consent
• Right to lodge a complaint — with your local data protection authority

To exercise any of these rights, please contact us at info@sunupay.app. We will respond within the timeframes required by law (usually 30 days).

Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our Services. The categories include:

• Essential cookies — required for the Services to function (logging in, security)
• Performance cookies — help us understand how the Services are used so we can improve them
• Functional cookies — remember your preferences and settings
• Marketing cookies — used (with consent) to deliver relevant content

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may limit your ability to use some features of the Services.

Children's Privacy

Sunu Pay's Services are not directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it promptly.

If you believe a child has provided us with personal information, please contact us immediately at info@sunupay.app.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email or in-app notification for significant changes
• Where required by law, obtain your consent before applying the changes

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise any of your rights, please contact us: