RedotPay Privacy Policy
Last Updated: 29 January 2026
Thank you for choosing the relevant service(s) (the “Services”) and/or product(s) (the “Product”) provided by RedotPay Group (as defined in the General Terms and Services available at www.redotpay.com/terms/general, hereinafter also referred to as “I”, “me”, “my”, “we”, “us” and “our” or “RedotPay”). By accessing or using our Services/Products, you CONSENT to the policies and practices set out in this privacy policy, including all appendices (collectively, the “Privacy Policy”), and represent and warrant that you have the valid consent and authority from the Relevant Person(s) (defined below) for us to collect, use, disclose and/or process your Personal Data as described herein. This Privacy Policy describes how we will collect, use and disclose your personal data when you access or use our Services/Products. You agree that RedotPay may update this Privacy Policy at any time by posting the amended version on our website and associated application program interface or mobile applications (the “Site”) or sending the latest Privacy Policy to you via email. To the extent that we have notified you of the updated Privacy Policy, your use or continued use of any Services/Products after such amendment shall be deemed as your acceptance and agreement to the same.
2. WHAT PERSONAL DATA WE COLLECT
We may from time to time collect, process, and store certain personally identifiable information that can be used to contact or identify you and your beneficial owners, directors, officers, authorized signatories, employees, representatives, guarantee/security providers and other natural persons related to you (the “Relevant Persons”) via your use of the Services/Products or where you have given your consent (collectively, the “Personal Data”). Such Personal Data may include contact details, information and data generated in the ordinary course of your relationship with us, information and data collected when you or a Relevant Person participates in events organized by us and information from cookies or the use of any information technology applications.
Personal Data may also include, without limitation:
A. Personal Identifying Information:
Full legal name (including former name, and names in English and Chinese, or other languages if applicable)
Identification document type (e.g., Passport)
Identification document number (e.g., Passport No., National ID)
Gender
Date of birth
Place of birth
Nationality
Residential address
Country/state of residence
Level of activity anticipated
Contact phone number
Email address
Blockchain address
Biometric data (e.g., facial and/or finger recognition for identity verification, where applicable)
Additional Personal Data or documentation at the discretion of our compliance team
B. Personal Financial Information:
Total net wealth (approximately in USD or equivalent)
Purpose of account opening
Initial and ongoing sources of wealth or income
Nature and details of the business/occupation/employment
Source of funds/digital assets
Credit history and score
Transaction history and spending pattern
Bank account information
C. Personal Location Information:
Location data
IP address
Device information
D. Sensitive Personal Information:
In certain cases, we may collect “Sensitive Personal Information” as defined under applicable laws (e.g., GDPR). This includes data revealing family, racial origin, political or philosophical opinions, religious beliefs, criminal records, biometric data, or any data related to the health of such person, such as his/her physical, psychological, mental, genetic or sexual condition. We collect and use Sensitive Personal Information only to the limited extent necessary for specific purposes.
We may use the collected Personal Data for the following purposes:
| Category of Personal Data | Specific Purposes | Legal Basis |
|---|---|---|
| A. Personal Identifying Information (e.g., name, ID number, date of birth, address, email, phone) |
| We process this category of Personal Data based on contractual necessity, your consent where applicable, legal obligations, and legitimate interests such as ensuring security. |
| B. Personal Financial Information (e.g., wealth sources, transaction history, bank details) |
| We process this category of Personal Data based on contractual necessity, legal obligations such as anti-money laundering (AML) requirements, and legitimate interests such as risk management. |
| C. Personal Location Information (e.g., IP address, GPS data) |
| We process this category of Personal Data based on legitimate interests, such as ensuring security, and your consent for precise location data where applicable. |
| D. Sensitive Personal Information (e.g., biometrics) |
| We process this category of Personal Data based on your explicit consent and legal obligations, such as those for high-risk KYC procedures. |
In addition to the purposes outlined above, we may also use collected Personal Data:
To provide and manage our Services/Products:
To make decisions relating to the provision or continued provision of the Services/Products to you.
To verify or maintain the quality or safety of the Services/Products, and administer, operate, deliver, improve, and personalize the Services/Products.
To provide Services/Products to you, such as maintaining or servicing accounts, providing customer service, processing your payments and transactions, verifying customer information and providing storage.
For security and fraud prevention:
To monitor and record the usage of the Services/Products and communications with you and/or the Relevant Persons (including for investigation and fraud prevention purposes).
To detect, prevent and address technical issues and security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information.
For risk management:
To conduct risk assessment and data analysis (including data processing, anti-money laundering and credit analyses), internal management and carry out internal/external audits.
To resist malicious, deceptive, fraudulent, or illegal actions directed at RedotPay or the users’ business and to prosecute those responsible for those actions.
For communication:
To communicate with you, your affiliates and/or your representatives in relation to events, our Services/Products and other products or services offered by RedotPay or its affiliates, unless you have opted not to receive such information.
To provide you with statements, invoices, receipts and other related information in relation to the Services/Products.
For marketing and analytics:
For compliance:
For legal purposes:
For other purposes:
We do not use or disclose Personal Data for any purpose other than those expressly permitted under this Privacy Policy and the applicable law.
We may share your Personal Data with the following persons for the purposes stated above:
Identity Verification & Compliance Providers: We share your Personal Data with “Know Your Client” (KYC) and other blockchain analytics service providers to verify your identity and comply with anti-money laundering regulations.
Payment Processors & Financial Institutions: We share your Personal Data with credit card networks, banks, financial institutions, and/or payment processors, merchants, loyalty programs partners to facilitate deposits, withdrawals, and transactions.
IT & Infrastructure Providers: We share your Personal Data with service providers that provide website hosting, data analysis, information technology, mailing, and telecommunications data processing, payments, credit references or other services.
Marketing & Analytics Partners: We share your Personal Data with social media platforms, online platforms, or third-party websites for marketing, advertising, or promoting our Services/Products, but only if you have provided consent for such sharing.
Professional Advisers: We share your Personal Data with our professional advisers, as necessary to help administer, operate, deliver and improve the Services/Products, including any person to whom we are under an obligation or otherwise to make disclosure pursuant to legal process or pursuant to any foreign or domestic legal, tax, and/or regulatory obligation or request.
RedotPay’s affiliates: We share your Personal Data with any actual or proposed assignee or business transferee of RedotPay and/or its affiliate who is under a duty of confidentiality to the disclosing entity.
Others: We share your Personal Data with persons or entities that you authorize or consent to receive your Personal Data, such as your authorized representatives, agents, advisors, or beneficiaries.
We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Please note that we may transfer the data, including Personal Data, outside your jurisdiction and process it there. Your consent to this Privacy Policy and your submission of such information represent your agreement and consent to that transfer. Information you provide to us may also be stored on our and/or third-party cloud servers.
We will take reasonable measures to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place, including the security of your Personal Data and other personal information.
We rely on appropriate safeguards for data transfers, which may include:
Standard Contractual Clauses (SCCs): We use EU Standard Contractual Clauses approved by the European Commission for transfers from the EEA to third countries.
Data Protection Impact Assessments (DPIAs): We conduct DPIAs for high-risk processing activities, including transfers to countries without an adequacy decision, to ensure your data is protected.
Due Diligence: We conduct rigorous information security due diligence on all third-party vendors and sub-processors who will receive your data.
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies. By accessing/using our Services/Products, you are giving consent for us to retain your Personal Data.
We may communicate company news, promotions, and information relating to our products and services provided by us. We may share Personal Data with our affiliates to send marketing communications. We will only send you such marketing communications if we have received your express consent in the relevant channels in the Services/Products.
If you change your mind and wish not to receive these communications, please send an email to DPO@redotpay.com with the subject “MARKETING OPT OUT”.
To ensure the quality of our Services/Products, for Services/Products-related communications, such as amendments to terms and conditions, updates and operational notifications, you understand you will not be able to opt out of receiving such information.
While you access the Site, we may use the industry practice of placing a small amount of data that will be saved by your browser (“Cookies”). This information can be placed on your computer or other devices used to visit the Site. This information helps us recognize you as a customer, collect information about your use of our Services/Products to better customize our services and better your experience. We may also use the information collected to ensure compliance with our compliance program and to ensure your account security has not been compromised by detecting irregular or suspicious account activities.
We provide you with the ability to customize your Cookie preferences. When you first visit our Site, you will be presented with a Cookie consent banner that allows you to:
Most browsers are set up to accept Cookies automatically. Some Cookies expire when you finalize the session and other Cookies remain on your computer or other devices until deleted or expired. You have the option to decline the use of our Cookies, but this may affect the functionality of the Services/Products or your user experience.
Some browsers have a do-not-track feature that lets you tell websites that you do not want to have your online activities tracked. As of the date of this Privacy Policy, we do not respond to browser do-not-track signals.
We endeavor to protect ourselves and you from unauthorized access, alteration, disclosure, or destruction of data we collect and store. We take various measures to ensure information security, including encryption of our communications with SSL, requiring two-factor authentication for all sessions, periodic review of our Personal Data collection, storage, and processing practices and restricted access to your Personal Data on a need-to-know basis.
The Security of your data is important to us, but you understand and acknowledge that no method of transmission over the Internet, or method of electronic storage, is fully secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Our Site may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. You understand we have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
We do not provide Services/Products to anyone who is regarded as a “minor” or equivalent under applicable law. We do not knowingly and intentionally collect the personally identifiable information from anyone who is regarded as a “minor” or equivalent under applicable law. If you are a parent or guardian and you are aware that your child (being a “minor” or equivalent under applicable law) has provided us with Personal Data, please contact us and we will take appropriate measures.
You understand you are solely responsible for your interactions with other Users. We reserve the right, but have no obligation, to monitor disputes between you and other Users.
A. Contacting Us about Privacy Questions or Concerns
If you have any questions about this Privacy Policy or the use of your Personal Data, please contact us by sending an email to the following address DPO@redotpay.com with the subject “PRIVACY ENQUIRY”.
B. Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your Personal Data over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
The categories of Personal Data we collected about you.
The categories of sources for the Personal Data we collected about you.
Our purposes for collecting that Personal Data.
The categories of third parties with whom we share that Personal Data.
The specific pieces of Personal Data we collected about you (also called a data portability request).
To exercise your right to data portability, you may request a machine-readable copy of your Personal Data by contacting DPO@redotpay.com.
C. Right to Correct, Delete and Limit the Use of Personal Data
You have the right to request that we correct any inaccurate Personal Data we hold about you. You also have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions (e.g., for compliance with law or legal purposes).
You have the right to request to limit the use of your Personal Data, or withdraw your consent to the use of your Personal Data. Where you or a Relevant Person withdraws your/its/their consent or fails to supply relevant information or data required for us to provide our Services/Products to you, we may be unable to provide or continue to provide Services/Products to you.
To make your request, please contact DPO@redotpay.com with the subject “DATA REQUEST”. We will do our best to respond to your request as soon as possible (generally within less than 15 working days of the receipt of your request), with the exception that we may refuse your deletion request in certain circumstances, such as compliance with law or legal purposes.
Additionally, we provide functionality within the RedotPay application (app) that enables you to delete your transaction records, including payment, deposit, and withdrawal history, directly from the app’s frontend interface.
In response to data access, correction, deletion or data portability request, we will verify the requesting party’s identity to ensure that he or she is legally entitled to make such a request. While we aim to respond to these requests free of charge, we reserve the right to charge you a reasonable fee, especially if the request is repetitive or onerous.
14. LANGUAGE
The official and controlling language of this Privacy Policy is English. If this Agreement is translated into any other language from English, the English language version shall prevail to the extent of any inconsistency.
15. DATA PROTECTION OFFICER (DPO) AND COMPLAINTS
We have appointed an independent Data Protection Officer (the “DPO”) who is responsible for overseeing questions about this Privacy Policy. If you have any questions or complaints concerning the security of your Personal Data, or wish to exercise your data rights, please contact the DPO at: DPO@redotpay.com.
We are committed to resolving any complaints about our collection or use of your Personal Data. We will acknowledge receipt of your complaint and respond to you generally within 15 working days.
