Privacy Policy

Last updated: December 22, 2023

Thank you for using PayMongo!

Capitalized terms used but not defined shall have the respective meanings given to them in the Terms of Use. We created this Privacy Policy (“Policy”) to give you confidence as you visit and use our Service. This Policy covers how we collect, use, store, and share your information when you use our Service. All references to “we”, “us”, “our”, or “PayMongo” refer to PayMongo Philippines, Inc. and Paymongo Payments, Inc., corporations duly organized and existing under Philippine law. All references to “you”, “your”, or “user” relate to the person or entity who registered an Account on PayMongo to use or access the Services.

Please read this Policy carefully. By clicking the applicable button or checkbox to indicate your acceptance to this Policy and our Terms, or otherwise by creating an Account and using the Service, you represent and agree that you have read, understand, and agree to be bound by both this Policy and our Terms as binding agreements.

We may update this Policy from time to time. If you continue using the Service after we make any changes to this Policy, you accept and agree to be bound by those changes. The most updated version of this Policy will always be posted on the Service, so we encourage you to check the Policy periodically. In certain situations, we may notify you about material changes to the Policy. You are responsible for ensuring we have an up-to-date, active, and deliverable email address on file for you, and you agree that your use of the Service will be subject to any updated Policy posted on the Service, whether or not you receive notice of such changes.

1. Applicability

This Policy applies to personal information we collect on the Service. It does not apply to any non-personal information or any information collected by any third party. As used in this Policy, “personal information” means information that can be used to identify any natural person either directly or indirectly.

Moreover, if you are a Customer, we may collect Customer Data either directly from you or from the user using our Payment Processing Services.

2. Personal Information We Collect

2.1 Personal Information You Voluntarily Provide to PayMongo

When you register for an Account, we require that you provide us with certain personal information about you. This includes, but is not limited to, your first and last name, e-mail address, and the name of your business. As part of the account registration and verification process, we may also ask you for certain other information, such as your phone number and your business’s tax identification number, as well as documents that include personal information about you. These documents include, but are not limited to, government-issued identification including identification containing photo and signature, bank statements, proof of income, documentation verifying the legal existence of your business and its beneficial owners and principals, bank statements and related banking information, and other financial documents to verify your identity and assess the risk associated with your business. Even if you access and use the Service without registering for an Account, you may choose to provide us with certain personal information about you (for example, you may want to sign up for our newsletters or RSVP for events). The collection of this information is necessary to provide the functionality of the Service and/or to comply with applicable laws and regulations related to the Service’s product offerings.

If you are a Customer, when you make a payment through a user’s website or application in relation to a Transaction, we will receive certain Customer Data. Customer Data may include:

  • First and last name;
  • Physical and/or mailing address;
  • Financial information, including but not limited to credit or debit card numbers or bank account information;
  • Email address; and
  • Phone number.

The collection of this Customer Data is necessary to provide the functionality of the Service (mainly, to process the Transaction) and/or to comply with applicable laws and regulations related to the Service’s product offerings. We may use Customer Data for the following purposes: (i) providing and improving the Services; (ii) internal usage, including but not limited to, data analytics and metrics so long as such Customer Data has been anonymized and aggregated with other customer data; (iii) complying with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with applicable law; and (iv) any other purpose for which consent has been provided by the Customer.

This Customer Data may further be shared with others, as stated in Section 2.4 of this Privacy Policy. To process the transaction, we may also share with the merchant you choose to transact with these Customer Data, except for your financial information (only the following card details will be shared: (1) last four digits of the card; (2) card brand; and (3) country of issuance of the card). Please review the privacy policy of the merchant you choose to transact with to learn more about their processing of your Customer Data.

PayMongo also offers UX features for you, as a Customer which includes card vaulting.

Card Vaulting

By agreeing to save the Card Details for future use, you, as a Customer, agree to the storage of your Card Number, Expiration Date, and CCV/CVV (“Card Details”) through the safety of our Card Vaulting System. With regard to your CCV/CVV, this data will only be stored in order to process your payment. If your payment pushes through, your CCV/CVV will be deleted immediately. If your payment does not push through, your CCV/CVV will be deleted within twenty-four (24) hours thereof. We employ world-class security standards (PCI-DSS compliant) for card processing, which guarantees the security of your Card Details. We will also be using safe and tokenized user details to access your Card Details.

PayMongo Subscriptions

By agreeing to recurring payments, you, as a Customer, authorize us to automatically deduct payment from your credit/debit card account until you retract such authorization. The payments shall be charged at the start of each billing cycle, which shall be dependent on the products/plans that your merchant offers. After the processing of payment, your merchant shall reach out to you to inform you if your payment is successful or not. You further acknowledge and agree that PayMongo shall not be held liable for your merchant's failure to notify you regarding your payment status. Moreover, you acknowledge and agree that the billing cycle and amount to be deducted are dependent on the instructions made by your merchant to PayMongo.

2.2 Personal Information We Collect Automatically

We collect certain information about you automatically as you access and use the Service and may similarly collect information from Customers. This includes:

  • Device information, such as a unique device identifier; and
  • Location information, such as your IP address or geo-location.

This information does not identify you directly but may nevertheless be considered personal information.

2.3 How We Use Personal Information

We use the personal information that we collect to make the Service available to our users, to comply with our legal obligations under anti-money laundering and related laws, to market and promote the Service, to improve the Service, and to protect our legal rights.

Examples of the ways in which we may use your personal information include:

  • Allowing you to register for an Account and use the Payment Processing Services;
  • Verifying your identity in compliance with our obligations under applicable law;
  • Identifying fraudulent or illegal activity;
  • Providing you with information, products or services that you request from us;
  • Carrying out our obligations and enforcing our rights arising from any contracts entered into between you and us, including for billing and collection;
  • Notifying you about changes to the Service, such as updates to this Policy; and,
  • Understanding how our users interact with the Service to improve the Service and our product offerings.

In addition to the above, if you choose to opt in to receive marketing and promotional communications from us, we may use your personal information to contact you about our products. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails, or by whatever other means we allow you to unsubscribe. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.

We may also use your personal information for any other purposes with your consent.

2.4 How We Share Personal Information

We may disclose or share personal information that we collect in the following circumstances:

  • With our subsidiaries and affiliates (please refer to the List of Third Parties for the list thereof);
  • With our contractors and vendors who support aspects of the Service and our business, including: services related to website hosting, data analysis, information technology and related infrastructure, bank account identity and authentication, helpdesk and support, user identity verification, and fraud prevention (please refer to List of Third Parties for the list of said contractors and vendors);
  • With our banking partners, including Payment Method Providers and Acquirers, who enable the processing of Transactions via the Payment Processing Services (please refer to the List of Third Parties for the list thereof);
  • With a buyer or other successor in the event of a merger, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred (in such event, we will provide notice to our users of such transfer);
  • When we believe, in good faith, that disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms of Service or any other applicable policies; and
  • With your express consent.

Any third-party entity to whom we disclose your personal information is contractually required to comply with confidentiality standards and establish adequate safeguards for data privacy, undertake to respect your right to privacy and comply with applicable laws. We also require that these third-party entities use information shared with them only for authorized purposes and follow our reasonable directions with respect to this information.

Additionally, we may share your personal information as required to comply with any subpoena, court order, similar legal process, including to respond to any government or regulatory request. To the extent permitted by law, we will notify you if we receive government requests about your data.

Further, we may disclose anonymized, non-personal information about the Service and our users without restriction.

Finally, if you are merchant applying for access to flexible financing offered by GoTyme Bank in partnership with us, you agree to the sharing of the following information to GoTyme Bank:

  • Name
  • Address;
  • Account Name;
  • Account Number;
  • Business Name;
  • Contact Number;
  • Email Address;
  • Registered Name;
  • Registered Number;
  • TIN; and
  • The following business documents, which may include personal information, when applicable:
    a. Government ID;
    b. Articles of Partnership;
    c. Secretary’s Certificate;
    d. Partnership Agreements;
    e. Latest General Information Sheet;
    f. FDA Certificate of Registration;
    g. DTI Registration;
    h. Articles of Incorporation;
    i. Alien Certificate of Registration;
    j. Special Power of Attorney;
    k. Latest Mayor’s Permit;
    l. SEC Registration; and
    m. By-Laws.

This is for the purpose of evaluating your eligibility to the access to flexible financing. In line with this, GoTyme may also access any information about you with any credit reference bureau.

If you do not wish any of your personal information to be shared to any third party or for any of the indicated purposes, please contact us immediately.

2.5 Accessing and Correcting Your Information

You are solely responsible for ensuring that any personal information that you provide to us is accurate. You may be able to view and update certain personal information that we have about you by logging into your Account or by emailing address provided at the end of this Policy. Please note that we reserve the right to reject any changes you make to your personal information and to reject any requests to change your personal information submitted through inappropriate channels.

3. Data Security

We use commercially reasonable physical, technical, and administrative measures to secure your personal information from accidental loss and from unauthorized access, use, and disclosure. For example, we (i) have implemented a strict data security policy, (ii) restrict access to personal information to employees, contractors, and other service providers on a need-to-know basis, (iii) use industry-standard encryption technology to secure data, (iv) train our personnel on privacy issues and have appointed a data privacy officer, (v) review the privacy practices of new products and services that we integrate into our Service, and (vi) require our personnel to sign confidentiality agreements that extend to your personal information. However, the transmission of information via the Internet is not completely secure. As we cannot guarantee the security of information transmitted to or from us, we are not responsible for any unauthorized access to and disclosure of any information you send to or receive from us. Any transmission of personal information is at your own risk.

Please also keep in mind that the safety and security of your information also depends on you. You are responsible for keeping your account information, including your password, confidential. We ask you not to share your password with anyone. If you have reason to believe that your data is no longer secure, please contact us immediately at the email address, mailing address or telephone number listed at the end of this Policy.

4. Data Retention

We may retain your personal information for the longer of: (i) six (6) months after receipt of your request to delete your Account; (ii) the length of time required by law; (iii) the length of time required by our compliance program; or (iv) the length of time required by our banking partners, including Payment Method Providers and Acquirers. Please note that if you delete your Account, we may still retain your personal information as explained above. You may delete your Account through the Dashboard, or you may email the address provided at the end of this Policy.

5. Automated Data Collection Technologies

As you navigate through and interact with the Service, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, as further described in this Policy.

5.1 Cookies and Analytics

We may use cookies and other technologies to automatically collect information about your use of the Service. You can learn more about these technologies below. We may use this information to provide you with a better user experience, to comply with our legal obligations under anti-money laundering and related laws, to protect you and detect irregular or suspicious account activities, to customize our services and content for you, and to better understand how our users interact with the Service.

Cookies. A cookie is a small file placed on your computer when you visit certain websites. Cookies may be either first-party or third-party cookies, and they may be either permanent or temporary (i.e. session) cookies. It may be possible to refuse to accept cookies by activating the appropriate setting within your browser. However, if you disable or refuse cookies, please note that some parts of the Service may be inaccessible or may not function properly.

Other Technologies. We may use other third-party services that automatically collect information about you to better understand how you use and interact with the Service. For example, we may use third-party vendors to provide us with services surrounding analytics, advertising, and cybersecurity. The information collected through this process by the third-party service providers does not enable us or them to identify your name, contact details or other personal information that directly identifies you unless you choose to provide these.

5.2 “Do Not Track” Signals

To the extent that we receive any Do-Not-Track signals, we will not comply with them.

6. Third-Party Services

Any third-party services integrated with the Service shall be subject to the policies and practices of such third parties, and we are not responsible for how they collect, use, and share your personal information. We encourage you to review the privacy practices and policies of such third parties. We make no guarantees about, and assume no responsibility for the information, services, or data privacy practices of third parties.

7. Contact Us

To ask questions or comment about this Policy and our privacy practices, contact us.