.png)
Last Updated: 2025-10-21
Welcome to NapoleonPay.
We value your privacy and are committed to protecting your personal data.
This Privacy Policy explains how NapoleonPay (“we”, “our”, “us”) collects, uses, and protects personal information when you visit our website (napoleonpay.com), communicate with us, or use our payment gateway and related technical services.
By using our services, you acknowledge that you have read and understood this Privacy Policy.
1. Who We Are
NapoleonPay is a technical payment gateway provider offering API-based payment processing and routing infrastructure for merchants and partners.
We are not a licensed payment institution and do not hold client funds or act as a custodian.
All payments processed through our technology are executed by third-party financial institutions or licensed payment providers with whom we integrate.
For the purposes of data protection law, NapoleonPay acts as:
• a data controller for information collected through our website and direct communication, and
• a data processor for transaction data handled on behalf of our merchants and partners.
You can contact us at:
📧 payments@napoleonpay.com
2. Legal Framework
NapoleonPay processes personal data in compliance with:
• General Data Protection Regulation (EU) 2016/679 (GDPR),
• Data Protection Act (where applicable in the EEA or UK), and
• relevant EU privacy, e-commerce, and data-security standards (including PCI DSS and ISO 27001 best practices).
3. Data We Collect
3.1 Website and Communication Data
When you visit napoleonpay.com or contact us, we may collect:
• Name, email, and contact details (if you contact us directly);
• Business or company name;
• Technical information such as IP address, browser type, device ID, and operating system;
• Information about how you use our website (pages visited, referral source, session duration).
3.2 Transaction and Gateway Data
When you or your customers use our payment gateway (via merchants integrated with NapoleonPay), we may process:
• Merchant name, ID, and business contact details;
• Payment transaction identifiers, timestamps, and status codes;
• Transaction metadata (currency, country, payment method, amount, success/failure reason);
• Limited card or payment information (only masked or tokenized data, never full card numbers or CVVs);
• Device, IP, and geolocation data for fraud prevention and risk analysis;
• Logs and audit trails of API communication between systems.
3.3 Partner and Client Relationship Data
For our business clients, partners, and service providers, we may collect:
• Contractual and billing information;
• Identification details of contact persons;
• Communications, proposals, and agreements.
We do not intentionally collect or store sensitive personal data such as race, religion, or biometric data.
4. How We Use Personal Data
We process data only where lawful and necessary. Our purposes include:
• Providing and maintaining the NapoleonPay gateway and related services;
• Authenticating transactions and verifying integrity of API requests;
• Detecting and preventing fraud, abuse, and security threats;
• Managing client relationships and communication;
• Fulfilling contractual and regulatory obligations;
• Analyzing system performance, uptime, and operational statistics;
• Responding to legal requests and cooperating with authorities when required by law.
We do not sell, rent, or profile user data.
5. Lawful Basis for Processing
We process personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing gateway services | Performance of a contract |
| Communicating with clients | Legitimate interest |
| Fraud prevention and security | Legitimate interest / legal obligation |
| Regulatory and audit requirements | Legal obligation |
| Website analytics | Consent (via cookies) |
6. Data Sharing and Disclosure
We may share personal data only with trusted third parties that support our operations, such as:
• Payment processors and acquiring banks that execute financial transactions;
• Hosting and IT infrastructure providers, including Amazon Web Services (AWS), used for data storage and server hosting;
• Fraud detection and risk management services;
• Legal, compliance, or audit consultants;
• Regulatory authorities or law enforcement, if required by law or court order.
All third parties are bound by contractual data-processing agreements (DPAs) ensuring GDPR compliance, confidentiality, and data security.
We do not transfer or disclose data for marketing or unrelated purposes.
7. International Data Transfers
NapoleonPay primarily stores and processes data within the European Economic Area (EEA).
If data must be transferred outside the EEA, we ensure protection through:
• Adequacy decisions by the European Commission, or
• Standard Contractual Clauses (SCCs) ensuring GDPR-level safeguards.
8. Data Retention
We retain data only as long as necessary to fulfill its purpose and comply with legal or contractual obligations.
| Data Type | Typical Retention |
|---|---|
| Transaction and system logs | 5 years from transaction date |
| Client communication and contracts | 5 years after contract termination |
| Website inquiries and correspondence | 12 months |
| Security and audit logs | 12–24 months |
9. Data Security
We take strong technical and organizational measures to protect data, including:
• Encrypted storage (AES-256) and transmission (TLS 1.2+);
• Segregated access controls (role-based authentication);
• Encrypted backups and redundancy across AWS data centers;
• Continuous monitoring and intrusion detection;
• Regular vulnerability assessments and patch management;
• Access granted strictly on a need-to-know basis.
In case of a data breach, we will notify affected clients and authorities as required by GDPR Articles 33–34.
10. Your Data Protection Rights
Under GDPR, you have the following rights:
• Access – request a copy of your data;
• Rectification – correct inaccurate or incomplete data;
• Erasure – request deletion of data when legally permissible;
• Restriction – limit processing in specific cases;
• Portability – obtain your data in a machine-readable format;
• Objection – object to certain processing based on legitimate interest;
• Withdrawal of consent – if processing is based on consent.
You can exercise these rights by contacting payments@napoleonpay.com.
We may request identity verification before acting on your request.
If you believe your rights have been violated, you can lodge a complaint with your local Data Protection Authority.
11. Cookies and Tracking
Our website uses essential cookies and limited analytics tools to:
• Enable secure operation and basic functionality;
• Measure website performance and improve usability.
You can control or disable cookies in your browser settings.
We do not use advertising or tracking cookies.
12. Children’s Data
NapoleonPay services are intended for business and adult use.
We do not knowingly collect data from children under 18 years of age.
13. Policy Updates
We may update this Privacy Policy to reflect operational or legal changes.
The updated version will always be available at napoleonpay.com/privacy-policy with the latest “Last Updated” date.
Please check this page periodically.
14. Contact
If you have any questions or wish to exercise your data protection rights, please contact us:
📧 payments@napoleonpay.com
🌐 https://napoleonpay.com
Secure and efficient payment solutions worldwide. Supporting 50+ currencies, 180 countries, and real-time transaction monitoring with SEPA, SWIFT, and alternative payments.
© 2025 NapoleonPay. All rights reserved.
