Privacy Policy

Last Updated: March 6, 2025

1. Introduction

This Privacy Policy explains how DoronPay Inc. ("we," "our," "us," or "DoronPay") collects, uses, processes, and protects your personal information when you access or use our cryptocurrency payment platform, including our website, mobile application, APIs, and related services (collectively, the "Services").

At DoronPay, we are committed to protecting your privacy and ensuring the security of your personal information. We understand that when you use our cryptocurrency payment services, you trust us with sensitive information, and we take that responsibility seriously.

This Privacy Policy should be read in conjunction with our Terms and Conditions, which govern your use of our Services. We encourage you to review both documents carefully to understand your rights and obligations.

2. Information We Collect

To provide our cryptocurrency payment services effectively and comply with legal requirements, we collect various types of information from and about our users. The information we collect falls into several categories:

Personal Details

We collect basic personal information that helps us create and manage your account:

• Name: Your full legal name as it appears on official documents
• Email Address: For account communications, notifications, and customer support
• Phone Number: For account security, two-factor authentication, and important service updates
• Date of Birth: To verify you meet age requirements and comply with regulations
• Address: Physical or mailing address for verification and compliance purposes

Identity Documents (KYC/AML Compliance)

Where required by law or to enable certain features, we collect identity verification documents:

• Government-Issued ID: Passport, driver's license, or national ID card
• Proof of Address: Utility bills, bank statements, or other official documents
• Selfie or Photo Verification: To confirm your identity matches the provided documents
• Business Documentation: For merchants, including business registration, tax IDs, and ownership information

These documents are collected to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations in the jurisdictions where we operate, including Ghana where our users are located.

Payment and Transaction Data

To facilitate cryptocurrency transactions and settlements, we collect:

• Cryptocurrency Wallet Addresses: Bitcoin, USDT, and other supported cryptocurrency addresses
• Transaction History: Details of all transactions processed through DoronPay, including amounts, dates, and parties involved
• Bank Account Information: For fiat settlements where applicable
• Mobile Money Account Details: For mobile money settlements in supported regions
• Payment Preferences: Your preferred payment methods and settlement options
• Transaction Metadata: Blockchain transaction IDs, confirmation times, and network fees

Technical Information

We automatically collect certain technical information when you use our Services:

• Device Details: Device type, model, operating system, and unique device identifiers
• Browser Information: Browser type, version, language preferences, and plugins
• IP Address: Your Internet Protocol address, which may indicate your general location
• Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns
• Log Files: Error logs, access logs, and performance data
• Location Data: Approximate location based on IP address or precise location if you grant permission

Information from Third Parties

We may receive information about you from third-party sources, including:

• Identity verification service providers
• Fraud prevention and risk assessment services
• Blockchain analytics providers
• Credit bureaus or financial institutions
• Public databases and government records
• Social media platforms if you choose to connect them

Information Category	Primary Purpose	Collection Method
Personal Details	Account creation and management	Direct input during registration
Identity Documents	KYC/AML compliance and verification	Upload during verification process
Payment Data	Transaction processing and settlement	Direct input and blockchain records
Technical Information	Security, fraud prevention, service improvement	Automatic collection during usage
Third-Party Data	Enhanced verification and fraud prevention	From partners and service providers

3. How We Use Your Information

DoronPay uses the information we collect for various legitimate purposes related to providing and improving our cryptocurrency payment services. Here's how we use your information:

Provide and Improve DoronPay Services

• Process Transactions: Execute cryptocurrency payments, conversions, and settlements on your behalf
• Account Management: Create, maintain, and manage your DoronPay account
• Customer Support: Respond to your inquiries, resolve issues, and provide technical assistance
• Service Enhancement: Analyze usage patterns to improve features, user experience, and platform performance
• New Features: Develop and roll out new services, such as DoronPay Link, DoronSwap, and Doron Vouchers
• Platform Optimization: Monitor and optimize transaction speeds, success rates, and overall platform stability

Comply with Legal and Regulatory Obligations

• KYC/AML Compliance: Verify your identity and conduct due diligence as required by financial regulations
• Transaction Monitoring: Screen transactions for suspicious activity and potential money laundering
• Regulatory Reporting: Report transactions and user information to regulatory authorities when legally required
• Tax Compliance: Provide necessary transaction records for tax reporting purposes
• Sanctions Screening: Ensure compliance with international sanctions and embargo requirements
• Record Keeping: Maintain records as required by Money Services Business (MSB) regulations and other applicable laws

Detect and Prevent Fraud

• Fraud Detection: Use automated systems and manual reviews to identify potentially fraudulent transactions
• Risk Assessment: Evaluate transaction risk levels based on various factors
• Account Security: Monitor for unauthorized access attempts and suspicious account activity
• Dispute Resolution: Investigate and resolve disputes, chargebacks, and claims
• Pattern Analysis: Analyze blockchain transactions and user behavior to identify fraud patterns
• Prevention Measures: Implement security measures to protect users from scams and unauthorized transactions

Communicate with You

• Service Updates: Inform you about changes to our Services, new features, or platform maintenance
• Security Alerts: Notify you of important security issues, suspicious activity, or required actions
• Transaction Notifications: Send confirmations, receipts, and status updates for your transactions
• Account Information: Provide statements, balance updates, and settlement confirmations
• Marketing Communications: With your consent, send information about promotions, offers, and new services
• Educational Content: Share guides, tips, and best practices for using cryptocurrency and DoronPay

Research and Analytics

• Analyze user behavior and preferences to understand how our Services are used
• Conduct market research and competitive analysis
• Generate aggregated, anonymized statistics about platform usage
• Improve our risk models and fraud detection algorithms

4. Sharing Your Information

DoronPay respects your privacy and limits the sharing of your information. We may share your data with third parties only in the following circumstances:

Regulators and Legal Authorities

We may disclose your information where required by law or when we believe disclosure is necessary to:

• Comply with legal obligations, court orders, subpoenas, or legal processes
• Respond to requests from government agencies, regulatory bodies, or law enforcement
• Report suspicious transactions to financial intelligence units
• Cooperate with investigations into illegal activities
• Enforce our Terms and Conditions or other policies
• Protect the rights, property, or safety of DoronPay, our users, or the public

Service Providers

We work with trusted third-party service providers who help us deliver our Services. These providers may access your information only to perform specific tasks on our behalf and are obligated to protect your information. Categories of service providers include:

• Cloud Hosting: Data storage and computing infrastructure providers
• Payment Processors: Blockchain node providers and cryptocurrency transaction facilitators
• Identity Verification: KYC/AML verification service providers
• Fraud Prevention: Risk assessment and fraud detection services
• Customer Support: Help desk and customer service platforms
• Analytics: Data analysis and business intelligence tools
• Communication: Email, SMS, and push notification services

Partners and Merchants

We share information with partners and merchants only to the extent necessary to complete transactions:

• Transaction details required for payment processing
• Wallet addresses for cryptocurrency transfers
• Information needed to resolve disputes or provide refunds
• Merchant account information for business transactions

We do not sell your personal information to merchants or use it for purposes unrelated to completing your transactions.

Business Transfers

If DoronPay is involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our platform before your information is transferred and becomes subject to a different privacy policy.

Aggregated and Anonymized Data

We may share aggregated, anonymized data that does not identify you personally for various purposes, including:

• Market research and analysis
• Industry reports and whitepapers
• Platform statistics and performance metrics
• Academic research and collaboration

With Your Consent

We may share your information with third parties when you have explicitly consented to such sharing, such as when you authorize a third-party application to access your DoronPay account.

5. Data Security

DoronPay takes the security of your personal information seriously and implements comprehensive security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

Security Measures We Implement

• Encryption: We use industry-standard encryption protocols (TLS 1.3) to protect data in transit and AES-256 encryption for data at rest
• Secure Infrastructure: Our systems are hosted on secure, enterprise-grade cloud infrastructure with redundancy and disaster recovery capabilities
• Access Controls: Strict access controls ensure that only authorized personnel can access personal information on a need-to-know basis
• Multi-Factor Authentication: We enforce multi-factor authentication for account access and sensitive operations
• Regular Security Audits: We conduct periodic security assessments, penetration testing, and vulnerability scans
• Employee Training: All DoronPay employees receive regular training on security best practices and data protection
• Secure Development: We follow secure coding practices and conduct security reviews of all code changes
• Monitoring and Logging: Continuous monitoring of systems for suspicious activity with comprehensive logging
• Incident Response: We maintain an incident response plan to quickly address any security breaches

Cryptocurrency-Specific Security

• Non-Custodial Model: For user wallets, you retain control of your private keys, reducing custody risks
• Cold Storage: Where we hold reserves, the majority of funds are stored in offline cold wallets
• Multi-Signature Wallets: Critical transactions require multiple approvals
• Blockchain Monitoring: Real-time monitoring of on-chain transactions for anomalies

6. Your Rights

You have certain rights regarding your personal information, subject to legal and regulatory requirements. Depending on your jurisdiction, these rights may include:

Right to Access

You have the right to request access to the personal information we hold about you. We will provide you with:

• A copy of your personal information
• Information about how we use your data
• Details about who we share your data with
• The retention period for your data

Right to Correction

You can request that we correct any inaccurate or incomplete personal information. You can update most information directly through your account settings, or contact us for assistance.

Right to Deletion

You may request deletion of your personal information in certain circumstances, such as when:

• The information is no longer necessary for the purposes it was collected
• You withdraw consent (where consent is the legal basis for processing)
• You object to processing and there are no overriding legitimate grounds
• The information was processed unlawfully

However, we may need to retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements.

Right to Restriction

You can request that we restrict the processing of your information in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit it to another service provider where technically feasible.

Right to Object

You can object to the processing of your personal information for direct marketing purposes or when we process your data based on legitimate interests.

Right to Withdraw Consent

Where we process your information based on consent, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of processing before the withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: support@doronpay.com
• Subject Line: Include "Privacy Rights Request" in your subject line
• Verification: We may need to verify your identity before processing your request
• Response Time: We will respond to your request within 30 days, or as required by applicable law

7. Cookies & Tracking

Our website and mobile application use cookies and similar tracking technologies to enhance your experience, analyze traffic, and provide personalized content.

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us remember your preferences, understand how you use our Services, and improve your experience.

Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly, including authentication and security features
• Performance Cookies: Help us understand how visitors interact with our website by collecting anonymous usage statistics
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences
• Analytics Cookies: Allow us to analyze website traffic and user behavior to improve our Services
• Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness (with your consent)

Other Tracking Technologies

In addition to cookies, we may use:

• Web Beacons: Small graphic images that track user behavior and email engagement
• Local Storage: HTML5 local storage for storing data on your device
• Mobile SDKs: Software development kits in our mobile app for analytics and crash reporting
• Fingerprinting: Device and browser characteristics for fraud prevention

Managing Cookies

You can control and manage cookies in several ways:

• Browser Settings: Most browsers allow you to refuse or accept cookies through their settings
• Cookie Preferences: Use our cookie consent banner to customize your preferences
• Opt-Out Tools: Use industry opt-out tools like the Network Advertising Initiative opt-out page
• Do Not Track: We respect Do Not Track browser signals

Third-Party Cookies

We may allow trusted third-party services to place cookies on your device for analytics, advertising, and other purposes. These third parties have their own privacy policies governing the use of your information.

8. International Transfers

DoronPay operates globally, and your information may be transferred to, stored, and processed in countries other than your country of residence.

Where We Process Data

Your data may be transferred to and processed in:

• Ghana: Our primary operations and headquarters are based in Accra, Ghana
• Ghana: We maintain operations and serve customers in Ghana
• Other Countries: Where our service providers, partners, or cloud infrastructure are located

Data Protection Safeguards

When we transfer your information internationally, we ensure appropriate protections are in place:

• Contractual Safeguards: We use standard contractual clauses approved by regulatory authorities
• Adequacy Decisions: We transfer data to countries recognized as providing adequate protection
• Encryption: All international data transfers are encrypted in transit
• Vendor Agreements: Our service providers are contractually obligated to protect your data
• Compliance Framework: We maintain compliance with applicable data protection regulations in all jurisdictions

Legal Requirements

These countries may have data protection laws that differ from those in your country of residence. However, we ensure that your information receives an appropriate level of protection wherever it is processed, in compliance with applicable laws and this Privacy Policy.

9. Data Retention

We retain your information only as long as necessary to provide our Services and comply with legal obligations. Our retention practices are designed to balance your privacy rights with our operational and legal requirements.

Retention Periods

Different types of information are retained for different periods:

• Account Information: Retained for the duration of your active account plus 7 years after closure for regulatory compliance
• Transaction Records: Retained for at least 7 years to comply with financial regulations and tax laws
• Identity Verification Documents: Retained for 7 years after account closure as required by AML/KYC regulations
• Communication Records: Customer support communications retained for 3-5 years
• Technical Logs: Server logs and technical data typically retained for 90 days to 1 year
• Marketing Data: Retained until you opt out or withdraw consent

Factors Affecting Retention

We determine retention periods based on:

• Legal Obligations: Requirements under Money Services Business (MSB) regulations, tax laws, and other applicable regulations
• Contractual Requirements: Our agreements with you and our business partners
• Dispute Resolution: The need to resolve disputes, enforce agreements, and defend legal claims
• Business Needs: Operational requirements and legitimate business interests
• Regulatory Guidance: Industry best practices and regulatory recommendations

Secure Deletion

When information is no longer needed, we securely delete or anonymize it using industry-standard methods to prevent unauthorized access or reconstruction of the data.

Blockchain Considerations

10. Children's Privacy

DoronPay is committed to protecting the privacy of children. Our Services are not intended for, and we do not knowingly collect personal information from, individuals under the age of 18.

Age Restrictions

• You must be at least 18 years old to create a DoronPay account
• Our Terms and Conditions require users to be of legal age in their jurisdiction
• We implement age verification measures during account registration

Parental Notice

If you are a parent or guardian and believe that your child under 18 has provided personal information to DoronPay, please contact us immediately at support@doronpay.com.

Our Response

If we become aware that we have collected personal information from a child under 18 without parental consent, we will:

• Immediately take steps to delete such information from our systems
• Terminate the associated account
• Refund any balances to the parent or guardian
• Take additional measures as required by applicable law

11. Changes to This Privacy Policy

DoronPay may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs.

How We Notify You

When we make changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this page
• Post the updated Privacy Policy on our website and mobile application
• For material changes, provide advance notice via email or prominent notification on our platform
• For significant changes that affect your rights, we may require you to review and accept the new Privacy Policy

Your Responsibility

We encourage you to:

• Review this Privacy Policy periodically to stay informed about how we protect your information
• Check the "Last Updated" date to see when changes were last made
• Contact us if you have questions about any changes

Continued Use

Your continued use of DoronPay after we post changes to this Privacy Policy constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue using our Services and close your account.

12. Contact Us

We value your privacy and are here to address any questions, concerns, or requests you may have regarding this Privacy Policy or our privacy practices.

General Privacy Inquiries

For general privacy questions or concerns:

Email: support@doronpay.com
Response Time: We aim to respond to all privacy inquiries within 48 hours

Data Protection Officer

For matters specifically related to data protection:

Email: support@doronpay.com
Purpose: Data subject rights requests, compliance questions, data protection concerns

Security Issues

For urgent security or privacy breach concerns:

Email: support@doronpay.com
Available: 24/7 for critical security matters

Mailing Address

DoronPay Inc.
Attention: Privacy Department
Tetteh Quarshie Ave Adabraka, Accra, GA-074-3179
Greater Accra, Accra

Phone Support

Phone: +233 55 058 1851
Hours: Monday - Friday, 9:00 AM - 5:00 PM PST

Regulatory Complaints

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction:

• Ghana: Data Protection Commission (www.dataprotection.org.gh)

When Contacting Us

To help us respond to your inquiry more efficiently, please include:

• Your full name and email address associated with your DoronPay account
• A clear description of your question, concern, or request
• Any relevant account information (without including sensitive details like passwords)
• Your preferred method of response