Privacy Policy

1. Introduction

Settlra Technologies Ltd ("Settlra", "we", "us", "our") is committed to protecting your personal data. This Privacy Policy describes how we collect, use, store, and share information about you when you use our platform, API, dashboard, and related services.

This policy applies to our business customers ("Merchants"), their authorized users, and visitors to our marketing website. It does not apply to the personal data of end recipients of payouts, which is processed as described in Section 7.

2. Information We Collect

We collect the following categories of personal data:

• Account information: Business name, contact person name, email address, phone number, country of incorporation.
• KYC / identity verification: Government-issued ID, certificate of incorporation, proof of address, beneficial owner information.
• Transaction data: Payout amounts, recipient phone numbers and names, network operators, timestamps, and status.
• Technical data: API access logs, IP addresses, device information, browser type, and usage analytics.
• Communications: Support emails, sales inquiries, and any other correspondence.

3. How We Use Your Information

We use your personal data to:

• Provide, maintain, and improve the Services
• Verify your identity and comply with KYC/AML obligations
• Process transactions and send payout confirmations
• Detect and prevent fraud, money laundering, and other illegal activities
• Respond to your inquiries and provide customer support
• Send service notifications and operational updates
• Comply with applicable laws and regulatory requirements
• Exercise or defend legal claims

4. Legal Basis for Processing (GDPR)

Where GDPR applies, our legal bases for processing personal data are: (a) contractual necessity — processing required to perform our contract with you; (b) legal obligation — processing required to comply with applicable laws; (c) legitimate interests — processing for fraud prevention, security, and service improvement; and (d) consent — where you have provided explicit consent.

5. Data Sharing

We may share your information with:

• Mobile network operators: Recipient name and phone number to process payouts.
• KYC / identity verification providers: To verify your identity documents.
• Sanctions screening providers: To screen against global sanctions and PEP lists.
• Cloud infrastructure providers: AWS, used to host and store data.
• Regulatory authorities: Where required by law or court order.

We do not sell personal data to third parties for marketing purposes.

6. Data Retention

We retain transaction records and KYC documentation for a minimum of 7 years from the date of the transaction, in accordance with anti-money laundering regulations. Account information is retained for the duration of your account plus 7 years. Technical logs are retained for 90 days unless required for ongoing investigations.

7. Recipient Data

When you submit a payout, you provide us with the name and phone number of the payment recipient. We process this data solely to execute the payout and maintain audit records. You are the data controller for recipient personal data; Settlra acts as a data processor. You are responsible for ensuring you have appropriate legal basis to provide recipient data to us.

8. Your Rights

Subject to applicable law, you have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. To exercise these rights, contact privacy@settlra.com. We will respond within 30 days.

9. Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, and regular third-party penetration testing. See our Security page for details.

10. Contact

For privacy-related inquiries, contact our Data Protection Officer at privacy@settlra.com.