Privacy Policy

1.0 Who We Are

LeoPay LLC ("LeoPay", "we", "our" or "us") is a company incorporated in the United States of America, with its registered office at 1309 Coffeen Avenue STE 1200 Sheridan, Wyoming 82801. LeoPay, together with its subsidiaries and affiliates ("LeoPay"), operates as a non-banking financial technologies provider, enabling cross-border payment rails powered by stablecoins and related blockchain-based financial infrastructure.

This Privacy Policy explains how we collect, use, store, and share your Personal Data when you use our platform, website, APIs, and other related online services (collectively, the "Services").

1.1 Please Read This Privacy Policy

Your privacy is of the utmost importance to us. This Privacy Policy sets out important details about how and why we process your Personal Data, your rights under applicable data protection laws, and how you can contact us or a relevant data protection authority if you have any questions or complaints regarding your data or our privacy practices.

1.3 Data Controller

LeoPay is the data controller of Personal Data collected via the Services and other related platforms (including official social media channels). This means LeoPay is responsible for determining how and for what purposes your Personal Data is processed, in compliance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("EU GDPR"), as well as any applicable local and international data protection legislation.

1.4 Third-Party Links and Integrations

Our Services may include links to, or integrations with, websites, applications, and services operated by trusted third parties. These may include:

• Identity verification service providers,
• Payment or blockchain network partners,
• Custodian or compliance solution providers, and
• Partner platforms offering access to LeoPay’s APIs.

Such third-party platforms may collect data about you according to their own privacy policies, which we encourage you to review. LeoPay is not responsible for the privacy practices or content of third-party websites.

1.5 Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes. When material changes are made, we will notify you through appropriate channels; for example, via email or a prominent notice on our website.

Please review this Policy periodically to stay informed of how we protect your information.

Definitions

“LeoPay Website” means our official website available at https://www.leopay.io and any other domains operated by LeoPay or its affiliates.

“Services” means the LeoPay Website, online platform, APIs, payment gateways, and any other digital or cross-border financial service offered by LeoPay.

“EEA” means the European Economic Area.

“EU GDPR” refers to the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679) and any laws implementing or supplementing it.

“Personal Data” means any information relating to an identified or identifiable natural person.

“User(s)” or “You” means individuals or entities using our Services, including clients, counterparties, and their representatives.

“Privacy Policy” means this document.

2.0 The Types of Personal Data We Collect

The categories of Personal Data we collect depend on your relationship with LeoPay and how you interact with our Services. Certain Personal Data is essential to provide you with access to our stablecoin-based payment infrastructure and related compliance obligations. Without such data, we may be unable to onboard or continue providing Services to you.

2.1 Information You Provide to Us

This includes information that you voluntarily provide while using our Services or when communicating with us directly. Such information may include (but is not limited to):

• Basic identification details: full name, date of birth, nationality, job title, and contact details (email, phone number, postal address, city, and country).
• Verification and KYC information: government-issued ID numbers, photographs, proof of address, and any documentation required under Anti-Money Laundering (AML) or Counter-Terrorist Financing (CFT) laws.
• Financial and transactional details: wallet addresses, bank account details, stablecoin transaction history, payment method information, or linked accounts.
• Login and account credentials: hashed passwords and authentication details.
• Any other information you voluntarily provide through forms, surveys, or direct correspondence.

2.2 Information We Collect Automatically

When you interact with the Services, we automatically collect certain technical and usage information to maintain platform integrity and enhance user experience. This may include:

• IP address, browser type, device identifiers, and operating system data.
• Log data (including session duration, access times, and error diagnostics).
• Geo-location data, network connectivity, and activity metrics.
• Behavioural data such as pages visited, actions performed, and clickstream data.

This information does not generally reveal your exact identity but helps us ensure security, fraud prevention, regulatory compliance, and service optimisation.

2.3 Information We Receive from Third Parties

We may also receive Personal Data about you from third-party sources, such as:

• Identity and AML verification providers (for KYC and screening checks).
• Blockchain analytics partners assisting with compliance monitoring.
• Payment service providers or financial institutions facilitating cross-border settlements.
• Publicly available databases or regulatory authorities, as required by law.

If we combine such third-party data with data collected directly from you, the combined information will be treated in accordance with this Privacy Policy unless stated otherwise.

3. Contractual Information and Related Correspondence

3.1 Communications and Correspondence

Any communication or interaction with us, whether by email, telephone, web forms, social media, or other electronic means, may involve the collection of Personal Data, such as your name, contact details, and the content of your message. This includes:

• General enquiries, onboarding queries, or service-related discussions;
• Support requests, operational follow-ups, or complaints;
• Dispute-related correspondence between you and LeoPay.

We process such information to:

• Administer and deliver the Services;
• Fulfil contractual and legal obligations;
• Maintain accurate business records;
• Ensure compliance with regulatory and audit requirements; and
• Improve service quality and client engagement.

3.2 Call and Contact Records

We may record or log details of your communication with LeoPay (e.g., date, time, duration, phone number, and nature of the call). If calls are recorded, we will inform you in advance and, where required by law, obtain your explicit consent.

Such recordings are retained only for as long as necessary to comply with legal, contractual, or compliance purposes, including fraud prevention and dispute resolution.

3.3 Purpose of Processing

We retain and process this information as necessary to:

• Perform our obligations under a contract or regulatory framework;
• Comply with record-keeping, financial audit, and tax requirements;
• Address client concerns, investigations, or claims; and
• Advance our legitimate business interests in ensuring transparency, quality assurance, and lawful administration of our Services.

4. Marketing Communications

4.1 Direct Marketing

We may collect your name, contact details (email, phone number, and address), and professional affiliation to inform you about LeoPay’s services, new product offerings, compliance updates, or industry developments relevant to your interests.

We may collect this information directly from you or, where lawful, from third parties such as partners or event organisers.

4.2 Your Rights to Opt Out

You may opt out of receiving marketing communications at any time by following the unsubscribe link in our emails or contacting us at compliance@leopay.tech. Once you opt out, we will add your contact details to a suppression list to ensure you no longer receive marketing communications.

However, we may still contact you for operational or compliance-related matters (such as account notifications or service updates).

4.3 Lawful Basis

If you are an existing customer or acting in a professional capacity for a company, we may rely on legitimate interest as our lawful basis for marketing communications, where permitted by law. Further, If you are not an existing customer or acting outside a professional capacity, we will contact you for marketing purposes only with your explicit consent.

4.4 Third Parties and Marketing Service Providers

LeoPay does not sell or share your personal contact details with unaffiliated third parties for their marketing purposes. We may use third-party email and analytics providers to deliver our marketing content; however, such processors act only on our instructions, under confidentiality and data protection agreements.

4.5 Marketing Analytics

When sending marketing communications, we may use web beacons or similar tools to collect limited engagement data, such as:

• Whether and when an email was opened;
• Device and browser type; and
• IP address or interaction data.

This helps us measure the effectiveness of our campaigns and refine communications. Such processing is based on legitimate interests or, where required, your consent.

5. Website Information

5.1 Data Collected via Website and Platform

When you visit or interact with the LeoPay Website or our associated platforms, we and authorised third-party providers may collect information automatically through cookies, web beacons, and analytics tools.

This may include:

• IP address and geolocation data;
• Browser type, version, and language;
• Device identifiers and operating system;
• Login timestamps, access duration, and user interaction metrics; and
• Aggregated analytics and performance data.

We use this information for:

• Ensuring website functionality and security;
• Analyzing usage patterns to improve performance;
• Detecting anomalies or unauthorized activity; and
• Developing marketing insights, where legally permitted.

5.2 Advertising and Personalization

We may, directly or via third-party partners, use website data to:

• Display or tailor marketing and informational content; or
• Evaluate the effectiveness of online campaigns.

Such personalisation is conducted without using identifiable information and, in all cases, in accordance with applicable consent requirements.

5.3 External Links and Third-Party Integrations

Our website may contain links to or integrations with third-party websites, applications, or plug-ins. LeoPay does not control and is not responsible for the privacy practices of these external entities.

Further, we strongly encourage you to review the privacy policies of any external website you visit.

6. Business and Partner Contact Information

6.1 Business Relationships

If you are an employee, representative, or contact of a LeoPay customer, vendor, service provider, or business partner, we may collect and process:

• Your name, position, and professional contact details;
• Details of your company or organization; and
• Records of communications or interactions related to the business relationship.

This information is processed as necessary for our legitimate interests in managing relationships, fulfilling contracts, and conducting due diligence under applicable laws.

07. Information Collected at LeoPay Premises

7.1 Visitor Records

When you visit our offices or physical premises, we may record information such as:

• Your name, employer, contact details, date, and time of visit;
• Person you are meeting; and
• Vehicle registration details (if applicable).

This is necessary for security, health, and safety purposes, and to ensure a secure and compliant environment.

7.2 CCTV and Physical Security

LeoPay premises may be monitored by CCTV surveillance for security, safety, and fraud prevention. Recorded footage may capture your image and activities and will be retained only as long as necessary for legitimate security or legal purposes.

We will disclose footage only:

• To law enforcement under formal request; or
• Where required to resolve a dispute or legal claim.

7.3 Retention

Visitor data is retained only as long as necessary for security or regulatory purposes, typically up to 3 years, and accident or safety-related reports may be retained for up to 6 years, in compliance with legal obligations.

8. Legal Claims

In the event LeoPay reasonably anticipates, is subject to, or intends to initiate legal proceedings, we may retain and process your personal information to the extent necessary to establish, exercise, or defend our legal rights. Such processing shall be based on our legitimate interest in protecting our legal and commercial interests, ensuring the integrity of our operations, and complying with legal obligations.

Where relevant, such information may also be disclosed to our legal advisors, insurers, regulators, or law enforcement authorities. The retention period for such information shall depend on the nature of the claim, the applicable limitation period, and the duration for which we consider there to be a reasonable risk of legal exposure.

9. Data Collected During Anti-Money Laundering (AML) and Compliance Reviews

9.1 Statutory And Regulatory Obligations

As part of LeoPay’s statutory and regulatory obligations under applicable Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and Know Your Customer (KYC) frameworks, we may collect and process the following categories of personal information:

• Full name, email address, nationality, country of residence, contact number, occupation, and job title;
• Government-issued identification documents and verification details;
• Wallet addresses, blockchain transaction hashes, and on-chain activity patterns;
• Publicly available online information, including social media links or profiles.

Such data processing is carried out on the basis of legal and regulatory obligations as well as legitimate interests in preventing fraud, financial crime, and the misuse of our services. Further, the data may be sourced directly from you, our compliance partners, regulated financial institutions, and publicly available sources, including the open web and, where permitted by law, monitored data from non-indexed networks (Deep Web) for AML intelligence purposes.

10. Information Received from Third Parties

10.1 Third-Party Sources

LeoPay may receive and process personal information about you from the following third-party sources:

• Service Partners: including regulated financial institutions, liquidity providers, blockchain analytics partners, payment processors, KYC/AML verification vendors, and compliance data aggregators.
• Business Affiliates and Group Entities: with whom we have contractual arrangements for the purpose of providing, maintaining, or enhancing our services.
• Public Sources: including social media platforms (LinkedIn, X/Twitter, etc.), sanction lists, or other publicly available registries.
• Credit and Risk Agencies: for creditworthiness assessment, fraud prevention, and counterparty verification.

Any personal information received from third parties will be processed in accordance with this Privacy Policy and applicable data protection laws.

11. Legal Basis for Processing Personal Information

11.1 Legal Obligations

LeoPay will only process your personal information where permitted under applicable law. Typically, this will occur under one or more of the following legal bases:

• Contractual necessity: to perform obligations under a contract or facilitate services you request.
• Legal obligation: to comply with applicable AML/CFT, taxation, accounting, and data retention laws.
• Legitimate interests: for fraud prevention, business continuity, service enhancement, and security monitoring, provided that such interests do not override your rights and freedoms.
• Consent: where expressly required, for specific purposes such as marketing or third-party data sharing.

In limited circumstances, we may process your data to protect vital interests, the public interest, or the interests of others.

12. Disclosure of Personal Information to Third Parties

LeoPay does not sell, rent, or trade your personal information. However, we may share it with selected third parties strictly for legitimate business or regulatory purposes, including but not limited to:

• Service providers assisting with KYC/AML verification, payment processing, data hosting, customer support, marketing, analytics, and legal services.
• Regulatory authorities, law enforcement agencies, tax authorities, and courts, where disclosure is required by law or regulatory order.
• Affiliates and group entities for internal governance, system maintenance, reporting, and compliance consolidation.

All third-party processors are contractually bound to maintain confidentiality and implement adequate technical and organisational safeguards. They are authorised to process your data solely under LeoPay’s documented instructions and for the purposes specified herein. Further, in the event of a corporate restructuring, merger, or acquisition, your personal information may be transferred to the successor entity, provided that equivalent privacy protections are ensured.

13. International Data Transfers

LeoPay’s primary data infrastructure is located in jurisdictions offering appropriate data protection standards, including the European Union, the United Arab Emirates and India. Further, where your personal information is transferred across borders, including to countries that may not provide the same level of data protection as your jurisdiction, LeoPay ensures that such transfers are governed by lawful mechanisms, including:

• Adequacy decisions issued by relevant data protection authorities;
• Standard Contractual Clauses (SCCs) approved by the European Commission; or
• Equivalent contractual or regulatory frameworks recognised under applicable law.

You may request further information or a copy of the applicable transfer safeguards by contacting compliance@leopay.tech.

14. Data Security

LeoPay employs robust technical and organisational security measures designed to protect your personal information from accidental loss, unauthorised access, alteration, disclosure, or misuse. Further, access to personal data is restricted to personnel, contractors, and service providers who have a legitimate operational need and are bound by confidentiality and data protection obligations.

We continuously monitor our systems and update our security measures in line with industry best practices, regulatory requirements, and emerging technological standards.

15. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to comply with applicable legal, accounting, taxation, anti-money laundering (AML), and regulatory reporting requirements.

In order to determine the appropriate retention period, we assess the volume, nature, and sensitivity of the data; the risk of harm from unauthorised use or disclosure; the purposes for processing; and applicable legal or regulatory obligations in each jurisdiction where we operate, including India, the United States, the United Arab Emirates, and the European Union.

Once the retention period expires, we securely delete, anonymise, or de-identify the data. Anonymised or de-identified data that cannot reasonably identify an individual may be retained and processed for analytics, compliance audits, or statistical purposes, without further notice. LeoPay ensures that any such data will not be re-identified.

16. Your Rights

Depending on your place of residence, you may have certain rights under applicable data protection laws such as the EU General Data Protection Regulation (GDPR), the Digital Personal Data Protection Act, 2023 (India), the UAE Federal Decree-Law No. 45 of 2021, and relevant U.S. state privacy laws. These rights may include the following:

• Access: You may request a copy of the personal information we hold about you, including the purposes for which it is used or disclosed.
• Rectification: You may request correction of incomplete or inaccurate personal information.
• Erasure: You may request deletion of personal information, subject to regulatory or legal retention obligations.
• Objection: You may object to our processing where it is based on legitimate interests or direct marketing purposes.
• Restriction: You may request limitation of processing in specific circumstances (e.g., pending verification of accuracy).
• Data Portability: You may request transfer of your data to another service provider, where processing is based on consent or contractual necessity.
• Withdrawal of Consent: Where processing is based on your consent, you may withdraw it at any time without affecting prior lawful processing.
• Lodge a Complaint: You may lodge a complaint with the competent data protection authority in your jurisdiction.

For EU residents: European Data Protection Board – National DPAs

For Indian residents: Data Protection Board of India (upon constitution)

For UAE residents: UAE Data Office

For U.S. residents: Respective state privacy regulator (e.g., California Privacy Protection Agency).

You may exercise these rights by contacting us at compliance@leopay.tech. Please include sufficient details to verify your identity and the nature of your request.

However, we may require supporting documentation (e.g., government-issued identification, registered email verification, or transaction reference) to confirm your identity. You may also authorise a representative through a written mandate or valid power of attorney to submit such requests on your behalf.

While we do not ordinarily charge a fee for exercising these rights, we reserve the right to impose a reasonable fee or refuse repetitive, manifestly unfounded, or excessive requests. Further, we will acknowledge and respond to legitimate requests within the period prescribed under applicable law. Please note that exercising certain rights may limit or prevent our ability to provide services to you.

17. Changes to This Policy

LeoPay reserves the right to modify or update this Privacy Policy at any time to reflect changes in our practices, technologies, regulatory environment, or operational requirements. Material changes will be communicated through our website, by email, or via your registered account.

Continued use of LeoPay’s services following such changes constitutes acceptance of the revised policy. Further, you are advised to review this Privacy Policy periodically to remain informed about how we protect and process your personal information.

18. Blockchain-Specific Disclosures

LeoPay’s services involve the use of blockchain and distributed ledger technologies for facilitating cross-border stablecoin transactions. You acknowledge and understand that data recorded on public blockchains (including wallet addresses and transaction details) may be immutable and globally accessible. Further, due to the decentralised and transparent nature of such networks, certain personal information (such as blockchain wallet addresses or transaction hashes) may become publicly visible and cannot be modified or erased. This technical limitation may restrict your ability to exercise certain data rights, including erasure, rectification, or objection.

LeoPay will always work towards minimising the on-chain disclosure of identifiable data and ensure that all personally identifiable information is stored off-chain, processed securely, and disclosed only in accordance with applicable law or regulatory requests.

You are solely responsible for safeguarding your wallet credentials, including private and public keys. LeoPay does not control your blockchain transactions and shall not be liable for any unauthorised access, loss, or misuse arising from your wallet management. Additionally, by engaging in transactions through LeoPay’s infrastructure, you acknowledge that the blockchain’s immutable characteristics may limit certain privacy protections.

19. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of India, without prejudice to overriding mandatory provisions of the laws applicable in your country of residence.

However, any dispute, controversy, or claim arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the competent courts of Bengaluru, India, except where otherwise required under applicable data protection or consumer protection laws.