Privacy Policy
Last update: June 24, 2025
This privacy policy contains important information about your personal data, and we encourage you to read it carefully.
summarize
We provide financial infrastructure for the Internet. Enterprises of all sizes can use our technology and services to facilitate shopping, accept payments, send expenses, and manage online business.
This privacy policy (referred to as “this policy”) describes the personal data we collect, how we use and share this data, and detailed information on how you can contact us regarding privacy related issues. This policy also outlines your rights and choices as a data subject, including the right to object to the use of certain personal data. According to specific activities, Xfpayment will assume the role of “data controller” and/or “data processor” (or “service provider”).
This privacy policy (referred to as “this policy”) describes the personal data we collect, how we use and share this data, and detailed information on how you can contact us regarding privacy related issues. This policy also outlines your rights and choices as a data subject, including the right to object to the use of certain personal data. According to specific activities, Xfpayment will assume the role of “data controller” and/or “data processor” (or “service provider”).
define terms
In this policy, “ Xfpayment”、 ‘We’ or ‘our’ refers to the Xfpayment entity responsible for the collection, use, and processing of personal data as described in this document. The specific entity responsible for your personal data, Xfpayment, may vary depending on your jurisdiction.
Personal data “refers to any information related to identified or identifiable individuals, including the data you provide to us and the data we collect about you during your interaction with our services (such as device information, IP address, etc.).
“Services” refers to the products, services, devices, and applications we provide under the Xfpayment Service Agreement (“Commercial Services”) or Xfpayment Consumer Service Terms (“End User Services”); Website (“Website”), such as Xfpayment.com; And other Xfpayment applications and online services. We provide commercial services to entities (“business users”). We directly provide end-user services to individuals for their personal use.
Financial partners “refer to financial institutions, banks, and other partners who cooperate with us to provide services, such as payment method acquiring institutions, payment providers, and card networks.
Based on the context, ‘you’ may be the end customer, end-user, representative, or visitor:
end user. When you use end-user services (such as saving payment methods through Xfpayment) for personal use, we refer to you as an “end-user”.
The end customer. When you do not directly transact with Xfpayment, but we receive your personal data for the purpose of providing services to enterprise users (including when you purchase goods from enterprise users or receive payments from enterprise users on the Xfpayment checkout page), we refer to you as the “end customer”.
Representative. When you act on behalf of existing or potential enterprise users (such as company founders, account administrators of enterprise users), we refer to you as a “representative”.
visitor. If you have not logged into your Xfpayment account to access the website and interact with Xfpayment, or if your interaction with Xfpayment is not conducted as an end user, end customer, or representative, we refer to you as a “visitor”. For example, if you send a message to Xfpayment asking for more information about our services, you are a visitor.
In this policy, ‘transaction data’ refers to the data collected and used by Xfpayment to assist you with the requested transaction. Part of the transaction data belongs to personal data, which may include: your name, email address, contact phone number, billing and delivery address, payment method information (such as credit or debit card number, bank account information, or payment card image of your choice), merchant and location information, purchase amount and date, and in some cases, information about purchasing goods.
Personal data “refers to any information related to identified or identifiable individuals, including the data you provide to us and the data we collect about you during your interaction with our services (such as device information, IP address, etc.).
“Services” refers to the products, services, devices, and applications we provide under the Xfpayment Service Agreement (“Commercial Services”) or Xfpayment Consumer Service Terms (“End User Services”); Website (“Website”), such as Xfpayment.com; And other Xfpayment applications and online services. We provide commercial services to entities (“business users”). We directly provide end-user services to individuals for their personal use.
Financial partners “refer to financial institutions, banks, and other partners who cooperate with us to provide services, such as payment method acquiring institutions, payment providers, and card networks.
Based on the context, ‘you’ may be the end customer, end-user, representative, or visitor:
end user. When you use end-user services (such as saving payment methods through Xfpayment) for personal use, we refer to you as an “end-user”.
The end customer. When you do not directly transact with Xfpayment, but we receive your personal data for the purpose of providing services to enterprise users (including when you purchase goods from enterprise users or receive payments from enterprise users on the Xfpayment checkout page), we refer to you as the “end customer”.
Representative. When you act on behalf of existing or potential enterprise users (such as company founders, account administrators of enterprise users), we refer to you as a “representative”.
visitor. If you have not logged into your Xfpayment account to access the website and interact with Xfpayment, or if your interaction with Xfpayment is not conducted as an end user, end customer, or representative, we refer to you as a “visitor”. For example, if you send a message to Xfpayment asking for more information about our services, you are a visitor.
In this policy, ‘transaction data’ refers to the data collected and used by Xfpayment to assist you with the requested transaction. Part of the transaction data belongs to personal data, which may include: your name, email address, contact phone number, billing and delivery address, payment method information (such as credit or debit card number, bank account information, or payment card image of your choice), merchant and location information, purchase amount and date, and in some cases, information about purchasing goods.
1. The personal information we collect and how we use and share this information
The way we collect and use personal data depends on whether you are an end user, end customer, representative, or visitor, as well as the specific services you use. For example, if you are a sole proprietor and wish to use our business services, we may collect your personal data to conduct your business; Meanwhile, if you purchase goods from other commercial users who use our services for payment processing, you may also be the end customer. If you use our end-user services (such as Link) for these transactions, you may also be an end-user.
1.1 End users
When we provide services directly to you for your personal use, we provide end-user services.
a. The personal data we collect about end users
Xfpayment payment. When you purchase goods or services directly from Xfpayment, we will receive your transaction data. For example, when you make a payment through the Xfpayment gateway, we collect transaction information as well as your contact information and payment details.
b. How do we use and share personal data of end users
Service. We use and share your personal data to provide you with end-user services, including support, personalization (such as language preferences and settings selection), and communication about our end-user services (such as conveying policy updates and information about our services). For example, Xfpayment may use cookies and similar technologies or data you provide to our corporate users (such as when you enter your email address on our corporate user website) to identify you and assist you in using Link when accessing our corporate user website.
Fraud detection and loss prevention. We will collect your personal information through our services to detect fraudulent behavior and prevent you, us, our business users, and financial partners from suffering financial losses, including detecting unauthorized purchasing behavior. We may provide personal information about you (including transactions you attempt to conduct) to enterprise users and financial partners (including those using our fraud prevention related enterprise services such as Cybersource) in order for them to assess fraud or loss risks associated with the transaction. Learn more about how we use technology to assess fraud risks related to trading attempts, and what information we share with corporate users and financial partners.
advertisement. Where permitted by applicable law, we may use your personal data (including transaction data) to assess your eligibility for other end-user services and provide you with other end-user services or promote existing end-user services, including through joint marketing with partners such as Xfpayment Business Users. According to applicable laws (including any consent requirements), we will use end-user personal data and share it with third-party partners in order for us to promote our end-user services to you (including through interest based advertising) and track the effectiveness of such advertising. We will not transfer your personal data to third parties in exchange for compensation, but we may provide your data to third-party partners such as advertising partners, analytics providers, and social networks who assist us in promoting our services to you.
Fraud detection and loss prevention. We will collect your personal information through our services to detect fraudulent behavior and prevent you, us, our business users, and financial partners from suffering financial losses, including detecting unauthorized purchasing behavior. We may provide personal information about you (including transactions you attempt to conduct) to enterprise users and financial partners (including those using our fraud prevention related enterprise services such as Cybersource) in order for them to assess fraud or loss risks associated with the transaction. Learn more about how we use technology to assess fraud risks related to trading attempts, and what information we share with corporate users and financial partners.
advertisement. Where permitted by applicable law, we may use your personal data (including transaction data) to assess your eligibility for other end-user services and provide you with other end-user services or promote existing end-user services, including through joint marketing with partners such as Xfpayment Business Users. According to applicable laws (including any consent requirements), we will use end-user personal data and share it with third-party partners in order for us to promote our end-user services to you (including through interest based advertising) and track the effectiveness of such advertising. We will not transfer your personal data to third parties in exchange for compensation, but we may provide your data to third-party partners such as advertising partners, analytics providers, and social networks who assist us in promoting our services to you.
1.2 End customers
Xfpayment provides various commercial services for our enterprise users, including processing face-to-face or online payments or payments for these enterprise users. As a service provider (also known as a data processor) for enterprise users, we process personal data of end customers in accordance with the agreement with the enterprise users and their lawful instructions. For example, when you process payments for purchasing products from corporate users, or when corporate users request us to transfer money to you, we will do so.
Enterprise users have a responsibility to ensure that the privacy rights of their end customers are respected, including obtaining appropriate consent and disclosing their own data collection and usage related to their products and services. If you are the end customer, please refer to the privacy policy of the enterprise users with whom you conduct business to understand their privacy practices, choices, and control measures.
Enterprise users have a responsibility to ensure that the privacy rights of their end customers are respected, including obtaining appropriate consent and disclosing their own data collection and usage related to their products and services. If you are the end customer, please refer to the privacy policy of the enterprise users with whom you conduct business to understand their privacy practices, choices, and control measures.
a. The personal data we collect about end customers
Transaction data. If you are the end customer, making payments to our enterprise users, receiving refunds or payments, initiating purchases, or conducting transactions in other ways (whether face-to-face or online), we will receive your transaction data. We may also receive transaction history records between you and enterprise users. In addition, even if you choose not to fill out forms or engage in transactions with corporate users, we may still collect the checkout form information you enter. Enterprise users who use Xfpayment terminal services to provide goods or services to end customers can use terminal services to collect end customer personal data (such as your name, email, phone number, address, signature, or age) according to their own privacy policy.
b. How do we use and share personal data of end customers
In order to provide commercial services to our business users, we use and share personal data of end customers with them. Where permitted, we will also use the personal data of our end customers for Xfpayment’s own purposes, such as enhancing security, improving and providing our business services, and preventing fraud, losses, and other damages, as described below.
Payment processing and accounting. We use your transaction data to provide payment related business services to enterprise users (including online payment transaction processing, sales tax calculation, and invoice, billing, and dispute resolution), and help them determine income, settle bills, and perform accounting tasks. We may also use your personal data to provide and improve our business services.
During the payment transaction process, your personal data will be shared with various entities related to your transaction. As a service provider or data processor, we share personal data to conduct transactions according to the instructions of enterprise users. For example, when you choose a payment method for a transaction, we may share your transaction data with your bank or other payment method providers, including verifying your identity when necessary, processing your transactions, preventing fraud, and resolving disputes. The enterprise users you choose to conduct business with will also receive transaction data and may share this data with others. Please review the privacy policies of your merchant, bank, and payment method provider to learn more about how they use and share your personal data.
Xfpayment or our financial partners provide you with financial services. For example, enterprise users may issue card products for you to purchase goods and services. This type of card may carry the brand of Xfpayment, partner banks, and/or corporate users. In addition to any transaction data that we may generate or receive when shopping with these cards, we also collect and use your personal data to provide and manage these products, including assisting our enterprise users in preventing card misuse.
Identity/authentication services. We use your personal information to provide verification services for Xfpayment or business users who transact with you, in order to prevent fraud and enhance security. For this purpose, we may use personal information directly provided by you or obtained from service providers, including for telephone verification. If you provide selfies and ID photos, we may use biometric technology for comparison and calculation to determine if they match and verify your identity.
Fraud detection and loss prevention. We will use the personal data collected through our services to detect and prevent losses for you, us, our business users, and financial partners. We may provide your personal data (including transactions you attempt to conduct) to business users and financial partners (including those who use our fraud prevention related business services) to help them assess fraud or loss risks associated with transactions.
Our business users (and their authorized third parties). We share personal data of end customers with their respective business users and third parties authorized by these business users to receive such data directly. The following are common examples of such sharing:
When an enterprise user instructs Xfpayment to provide access to their Xfpayment account (including data related to their end customer) to another enterprise user through Xfpayment Connect.
Share the information you provide to us with business users so that we can make payments on their behalf.
The enterprise users you choose to conduct business with may further share your personal data with third parties (such as third-party service providers other than Xfpayment). Please refer to the privacy policy of enterprise users for more information.
Enterprise user advertising. If you initiate a purchase process with enterprise users, even if you have not completed the purchase, enterprise users will still receive your personal data due to the services we provide. Enterprise users may use your personal data to market and promote their products or services in accordance with their privacy policy terms.
Payment processing and accounting. We use your transaction data to provide payment related business services to enterprise users (including online payment transaction processing, sales tax calculation, and invoice, billing, and dispute resolution), and help them determine income, settle bills, and perform accounting tasks. We may also use your personal data to provide and improve our business services.
During the payment transaction process, your personal data will be shared with various entities related to your transaction. As a service provider or data processor, we share personal data to conduct transactions according to the instructions of enterprise users. For example, when you choose a payment method for a transaction, we may share your transaction data with your bank or other payment method providers, including verifying your identity when necessary, processing your transactions, preventing fraud, and resolving disputes. The enterprise users you choose to conduct business with will also receive transaction data and may share this data with others. Please review the privacy policies of your merchant, bank, and payment method provider to learn more about how they use and share your personal data.
Xfpayment or our financial partners provide you with financial services. For example, enterprise users may issue card products for you to purchase goods and services. This type of card may carry the brand of Xfpayment, partner banks, and/or corporate users. In addition to any transaction data that we may generate or receive when shopping with these cards, we also collect and use your personal data to provide and manage these products, including assisting our enterprise users in preventing card misuse.
Identity/authentication services. We use your personal information to provide verification services for Xfpayment or business users who transact with you, in order to prevent fraud and enhance security. For this purpose, we may use personal information directly provided by you or obtained from service providers, including for telephone verification. If you provide selfies and ID photos, we may use biometric technology for comparison and calculation to determine if they match and verify your identity.
Fraud detection and loss prevention. We will use the personal data collected through our services to detect and prevent losses for you, us, our business users, and financial partners. We may provide your personal data (including transactions you attempt to conduct) to business users and financial partners (including those who use our fraud prevention related business services) to help them assess fraud or loss risks associated with transactions.
Our business users (and their authorized third parties). We share personal data of end customers with their respective business users and third parties authorized by these business users to receive such data directly. The following are common examples of such sharing:
When an enterprise user instructs Xfpayment to provide access to their Xfpayment account (including data related to their end customer) to another enterprise user through Xfpayment Connect.
Share the information you provide to us with business users so that we can make payments on their behalf.
The enterprise users you choose to conduct business with may further share your personal data with third parties (such as third-party service providers other than Xfpayment). Please refer to the privacy policy of enterprise users for more information.
Enterprise user advertising. If you initiate a purchase process with enterprise users, even if you have not completed the purchase, enterprise users will still receive your personal data due to the services we provide. Enterprise users may use your personal data to market and promote their products or services in accordance with their privacy policy terms.
1.3 represents
We collect, use, and share personal data from business user representatives (such as business owners) to provide our business services.
a. The personal data we collect about representatives
Registration and contact information. When you register for an Xfpayment account as a corporate user (including establishing a business), we will collect your name and login credentials. If you register or participate in activities organized by Xfpayment, or register to receive Xfpayment communications, we will collect your registration and personal information data. As representatives, we may collect your personal data from third parties (including data providers) for the purpose of advertising, marketing, and communicating with you. Please refer to the following for details. We may also associate a location with you in order to effectively customize services or information based on your needs.
Identity information. As existing or potential enterprise users, owners of enterprise users, or shareholders, executives, or directors of enterprise users, we require your contact information, such as name, postal address, phone number, and email address, to fulfill our financial partner and regulatory requirements, verify your identity, and prevent fraudulent activities and damage to the Xfpayment platform. We collect your personal data directly from you and/or from public sources, third parties (such as credit institutions), and through the services we provide, such as ownership rights of enterprise users, date of birth, government issued identification documents and related identifiers, as well as any history of fraud or abuse. You can also choose to provide us with bank account information.
Identity information. As existing or potential enterprise users, owners of enterprise users, or shareholders, executives, or directors of enterprise users, we require your contact information, such as name, postal address, phone number, and email address, to fulfill our financial partner and regulatory requirements, verify your identity, and prevent fraudulent activities and damage to the Xfpayment platform. We collect your personal data directly from you and/or from public sources, third parties (such as credit institutions), and through the services we provide, such as ownership rights of enterprise users, date of birth, government issued identification documents and related identifiers, as well as any history of fraud or abuse. You can also choose to provide us with bank account information.
b. How do we use and share representative personal data
We usually use representative personal data to provide business services to corresponding business users. The way we use and share this data will be further described in the following text.
Business services. We use representative personal data and share it with business users to provide the services requested by you or the business users you represent.
In some cases, we may need to submit your personal data to government agencies in order to provide our business services, such as for company registration or calculating and paying applicable sales taxes. For our tax related business services, we may use your personal data to prepare tax documents and declare taxes on behalf of the business users you represent.
We share representative personal data with authorized parties of the corresponding business users, such as financial partners who provide financial products, or third-party applications or services that business users choose to use with our business services. The following are common examples of such sharing:
Payment providers such as Visa or WeChat Pay require information from enterprise users and their representatives who accept their payment methods. These pieces of information are typically required in the onboarding process, transaction handling, and dispute resolution for enterprise users.
Enterprise users can authorize Xfpayment to share their personal data with other enterprise users in order to provide services through Xfpayment Connect.
Third parties authorized by enterprise users must comply with their privacy policies when using personal data.
If you are a corporate user and the selected name contains personal information (such as a sole proprietorship or company name containing a surname), we will use and share such information in the same way as the company name to provide our services. For example, this may include displaying it in receipts and other transaction identification descriptions.
Fraud detection and loss prevention. We use representative personal data to identify and manage the risk that our business services may be used for fraudulent activities, resulting in losses for Xfpayment, end users, end customers, business users, financial partners, and others. We also use information about you obtained from public sources, third parties (such as credit institutions), and our services to address such risks, including identifying patterns of abuse and monitoring violations of service terms. Xfpayment may share personal data of representatives with business users, our financial partners, and third-party service providers (including telephone verification providers) to verify the information you provide and identify risk indicators. We also use and share personal data of representatives to conduct due diligence, including conducting anti money laundering and sanction screening in accordance with applicable laws.
advertisement. Subject to applicable laws and with your consent, we may use and share personal data of representatives with third parties (including) for the purpose of promoting and marketing our services and partner integration. Subject to compliance with applicable laws (including any consent requirements), we may advertise and track the effectiveness of interest based advertising. We will not transfer your personal data to third parties in exchange for compensation. However, we may provide your data to third-party partners who assist us in promoting our services, such as advertising partners, analytics providers, and social networks. We may also use your personal data (including your Xfpayment account activity) to assess your eligibility for business services and provide you with business services or promote existing business services.
Business services. We use representative personal data and share it with business users to provide the services requested by you or the business users you represent.
In some cases, we may need to submit your personal data to government agencies in order to provide our business services, such as for company registration or calculating and paying applicable sales taxes. For our tax related business services, we may use your personal data to prepare tax documents and declare taxes on behalf of the business users you represent.
We share representative personal data with authorized parties of the corresponding business users, such as financial partners who provide financial products, or third-party applications or services that business users choose to use with our business services. The following are common examples of such sharing:
Payment providers such as Visa or WeChat Pay require information from enterprise users and their representatives who accept their payment methods. These pieces of information are typically required in the onboarding process, transaction handling, and dispute resolution for enterprise users.
Enterprise users can authorize Xfpayment to share their personal data with other enterprise users in order to provide services through Xfpayment Connect.
Third parties authorized by enterprise users must comply with their privacy policies when using personal data.
If you are a corporate user and the selected name contains personal information (such as a sole proprietorship or company name containing a surname), we will use and share such information in the same way as the company name to provide our services. For example, this may include displaying it in receipts and other transaction identification descriptions.
Fraud detection and loss prevention. We use representative personal data to identify and manage the risk that our business services may be used for fraudulent activities, resulting in losses for Xfpayment, end users, end customers, business users, financial partners, and others. We also use information about you obtained from public sources, third parties (such as credit institutions), and our services to address such risks, including identifying patterns of abuse and monitoring violations of service terms. Xfpayment may share personal data of representatives with business users, our financial partners, and third-party service providers (including telephone verification providers) to verify the information you provide and identify risk indicators. We also use and share personal data of representatives to conduct due diligence, including conducting anti money laundering and sanction screening in accordance with applicable laws.
advertisement. Subject to applicable laws and with your consent, we may use and share personal data of representatives with third parties (including) for the purpose of promoting and marketing our services and partner integration. Subject to compliance with applicable laws (including any consent requirements), we may advertise and track the effectiveness of interest based advertising. We will not transfer your personal data to third parties in exchange for compensation. However, we may provide your data to third-party partners who assist us in promoting our services, such as advertising partners, analytics providers, and social networks. We may also use your personal data (including your Xfpayment account activity) to assess your eligibility for business services and provide you with business services or promote existing business services.
1.4 Visitors
We collect, use, and share personal data of visitors.
a. The personal information we collect from visitors
When you browse our website, we receive your personal data, which may be provided directly by you or collected through the use of cookies and similar technologies. Please refer to our Cookie Policy for more information. If you choose to fill out the form on this website or on third-party websites that display our advertisements (such as LinkedIn or Facebook), we will collect the information you fill out in the form. This may include your contact information and other information related to the questions you have raised about our services. We may also associate the location with your visit.
b. How do we use and share visitors’ personal information
individualization. We will use cookies and similar technologies to collect your relevant data, measure your engagement with website content, enhance relevance and navigation experience, customize your experience (such as language preferences and specific region content), and tailor Xfpayment and our services’ relevant content for you. For example, as not all services are available globally, we may customize our response based on your location.
advertisement. Subject to applicable laws and with your consent, we may use and share visitors’ personal data with third parties (including partners) for the purpose of promoting and marketing our services and partner integration. According to applicable laws (including any consent requirements), we may advertise and track the effectiveness of interest based advertising. Please refer to our Cookie Policy. We will not transfer your personal data to third parties in exchange for compensation, but we may provide your data to third-party partners who assist us in promoting our services, such as advertising partners, analytics providers, and social networks.
Participate. When you interact with our website, we use the information collected about your device and the information collected through your device to provide further opportunities for interaction, such as discussions about services or interactions with chatbots to answer your questions.
advertisement. Subject to applicable laws and with your consent, we may use and share visitors’ personal data with third parties (including partners) for the purpose of promoting and marketing our services and partner integration. According to applicable laws (including any consent requirements), we may advertise and track the effectiveness of interest based advertising. Please refer to our Cookie Policy. We will not transfer your personal data to third parties in exchange for compensation, but we may provide your data to third-party partners who assist us in promoting our services, such as advertising partners, analytics providers, and social networks.
Participate. When you interact with our website, we use the information collected about your device and the information collected through your device to provide further opportunities for interaction, such as discussions about services or interactions with chatbots to answer your questions.
2. More ways we collect, use, and share personal information
In addition to the above methods, we will also process your personal information in the following ways:
a. Collection of Personal Information
Online activities. Based on the services used and the way our business services are implemented by enterprise users, we may collect information related to the following:
The devices and browsers you use on our website and third-party websites, applications, and other online services (“Third Party Websites”).
The usage data related to these devices and browsers, as well as your interaction with our services, includes data elements such as IP address, plugins, language preferences, time spent on websites and third-party websites, pages visited, links clicked, payment methods used, and pages guiding you to visit our website and third-party websites. We also collect activity metrics (such as mouse activity metrics) to help us detect fraudulent behavior.Please also refer to our Cookie Policy
The devices and browsers you use on our website and third-party websites, applications, and other online services (“Third Party Websites”).
The usage data related to these devices and browsers, as well as your interaction with our services, includes data elements such as IP address, plugins, language preferences, time spent on websites and third-party websites, pages visited, links clicked, payment methods used, and pages guiding you to visit our website and third-party websites. We also collect activity metrics (such as mouse activity metrics) to help us detect fraudulent behavior.Please also refer to our Cookie Policy
Communication and participation in information. We will also collect information that you choose to share with us through various channels, such as support tickets, emails, or social media. If you reply to Xfpayment’s email or survey, we will collect your email address, name, and any other data you choose to include in the email or reply. If you contact us by phone, we will collect your phone number and any other information you may provide during the call. Conversations with Xfpayment or Xfpayment representatives may be recorded. In addition, we will also collect your participation data, such as your registration, attendance, or viewing of Xfpayment events, as well as any other interactions with Xfpayment personnel.
Forum and discussion group. If our website allows the posting of content, we will collect personal data related to the posts you provide.
Forum and discussion group. If our website allows the posting of content, we will collect personal data related to the posts you provide.
b. The use of personal information.
In addition to the use of personal information mentioned above, we also use personal information in the following ways:
Analyze, optimize, and expand our services. Whether you are an end user, end customer, representative, or visitor, we collect and process personal data through various services to improve our services, develop new services, and support our efforts to make our services more efficient, relevant, and practical for you. We may use personal data to generate summary and statistical information to understand and explain how our services are used. Examples of how we use personal data to analyze, improve, and develop our products and services include:
Use the analysis on our website (including the analysis described in our Cookie Policy) to help us understand your usage of our website and services and diagnose technical issues.
Train machine learning models to support our services and prevent fraud and other harms.
Analyze transaction data and draw inferences from it to reduce costs, minimize fraud and disputes, and improve authentication and authorization rates for Xfpayment and our business users.
Communication. We use the contact information you provide to provide our services, which may involve sending a verification code via SMS for identity verification. If you are an end user, representative, or visitor, we may use the contact information you provide to communicate with you in order to provide information about our services and those of our affiliated companies, invite you to participate in our events, surveys, or user research, or otherwise communicate with you for marketing purposes, and comply with applicable laws, including any consent or opt out requirements. For example, when you provide us with your contact information or when we collect your business contact information through your participation in trade shows or other events, we may use this data to follow up with you about the event, provide the necessary information for our services, and include you in our marketing information activities. Where permitted by applicable law, we may record conversations with you for the purpose of providing our services, fulfilling our legal obligations, conducting research and quality assurance, and for training purposes.
Social media and promotional activities. If you choose to submit personal data to participate in discounts, plans, or promotions, we will use the personal data you provide to manage that discount, plan, or promotion. We will also use the personal data you provide and the personal data you post on social media platforms for marketing purposes, unless we obtain permission.
Fraud prevention and security. We collect and use personal data to help us identify and manage activities that may involve fraudulent or harmful behavior in our services, enable our fraud detection business services, and protect our services and transactions from unauthorized access, use, alteration, or theft of personal data, information, and funds. As part of the fraud prevention, detection, security monitoring, and compliance efforts of Xfpayment and its business users, we collect information from public sources, third parties (such as credit reporting agencies), and through the services we provide. In some cases, we may also collect your information directly from you or from our business users, financial partners, and other third parties for the same purpose. In addition, to protect our services, we may receive detailed information such as IP addresses and other identification data related to potential security threats from third parties. This type of information helps us verify identity, conduct credit checks where permitted by law, and prevent fraud. In addition, we may use technology to assess potential fraud risks associated with individuals seeking to purchase our business services, or potential fraud risks arising from end customers or end-users attempting to transact with our business users or financial partners.
Comply with legal obligations. We use personal data to fulfill contractual and legal obligations related to anti money laundering, Know Your Customer (KYC) laws, counter-terrorism activities, protection of vulnerable customers, export controls, and prohibitions on conducting business with restricted persons or certain business areas, as well as other legal obligations. For example, we may monitor transaction patterns and other online signals, and use these insights to identify fraud, money laundering, and other harmful activities that may affect Xfpayment, our financial partners, end-users, business users, and other individuals. The security, assurance, and compliance of our services are our top priorities, and collecting and using personal data is crucial for this work.
Analyze, optimize, and expand our services. Whether you are an end user, end customer, representative, or visitor, we collect and process personal data through various services to improve our services, develop new services, and support our efforts to make our services more efficient, relevant, and practical for you. We may use personal data to generate summary and statistical information to understand and explain how our services are used. Examples of how we use personal data to analyze, improve, and develop our products and services include:
Use the analysis on our website (including the analysis described in our Cookie Policy) to help us understand your usage of our website and services and diagnose technical issues.
Train machine learning models to support our services and prevent fraud and other harms.
Analyze transaction data and draw inferences from it to reduce costs, minimize fraud and disputes, and improve authentication and authorization rates for Xfpayment and our business users.
Communication. We use the contact information you provide to provide our services, which may involve sending a verification code via SMS for identity verification. If you are an end user, representative, or visitor, we may use the contact information you provide to communicate with you in order to provide information about our services and those of our affiliated companies, invite you to participate in our events, surveys, or user research, or otherwise communicate with you for marketing purposes, and comply with applicable laws, including any consent or opt out requirements. For example, when you provide us with your contact information or when we collect your business contact information through your participation in trade shows or other events, we may use this data to follow up with you about the event, provide the necessary information for our services, and include you in our marketing information activities. Where permitted by applicable law, we may record conversations with you for the purpose of providing our services, fulfilling our legal obligations, conducting research and quality assurance, and for training purposes.
Social media and promotional activities. If you choose to submit personal data to participate in discounts, plans, or promotions, we will use the personal data you provide to manage that discount, plan, or promotion. We will also use the personal data you provide and the personal data you post on social media platforms for marketing purposes, unless we obtain permission.
Fraud prevention and security. We collect and use personal data to help us identify and manage activities that may involve fraudulent or harmful behavior in our services, enable our fraud detection business services, and protect our services and transactions from unauthorized access, use, alteration, or theft of personal data, information, and funds. As part of the fraud prevention, detection, security monitoring, and compliance efforts of Xfpayment and its business users, we collect information from public sources, third parties (such as credit reporting agencies), and through the services we provide. In some cases, we may also collect your information directly from you or from our business users, financial partners, and other third parties for the same purpose. In addition, to protect our services, we may receive detailed information such as IP addresses and other identification data related to potential security threats from third parties. This type of information helps us verify identity, conduct credit checks where permitted by law, and prevent fraud. In addition, we may use technology to assess potential fraud risks associated with individuals seeking to purchase our business services, or potential fraud risks arising from end customers or end-users attempting to transact with our business users or financial partners.
Comply with legal obligations. We use personal data to fulfill contractual and legal obligations related to anti money laundering, Know Your Customer (KYC) laws, counter-terrorism activities, protection of vulnerable customers, export controls, and prohibitions on conducting business with restricted persons or certain business areas, as well as other legal obligations. For example, we may monitor transaction patterns and other online signals, and use these insights to identify fraud, money laundering, and other harmful activities that may affect Xfpayment, our financial partners, end-users, business users, and other individuals. The security, assurance, and compliance of our services are our top priorities, and collecting and using personal data is crucial for this work.
c. Sharing of personal information.
In addition to the aforementioned personal information sharing, we also share personal information through the following methods:
Xfpayment affiliated companies. We share personal data with other Xfpayment affiliated entities for the purposes described in this policy.
Service provider or processor. In order to provide, communicate, market, analyze, and promote our services, we rely on service providers. These providers provide critical services such as providing cloud infrastructure, conducting analysis to evaluate the speed, accuracy, and/or security of our services, verifying identities, identifying potential harmful activities, and providing customer service and audit capabilities. We authorize these service providers to use or disclose the personal data we provide to them in order to perform services on our behalf and comply with relevant legal obligations. We require these service providers to undertake security and confidentiality obligations for the personal data they process on our behalf through contractual commitments. Most of our service providers are located in the UK.
Financial partners. We share personal data with certain financial partners in order to provide services to enterprise users, and collaborate with these financial partners to provide certain services. For example, we may share certain personal data with institutional investors and lending institutions that purchase loan receivables or provide financing related to Xfpayment, such as payment processing volume, loan repayment data, and representative contact information.
Third party with your consent. In some cases, we may not provide services and instead recommend you to other parties (such as professional service companies we collaborate with to provide services). In these cases, we will disclose the identity of the third party and the information to be shared with them, and seek your consent to share this information.
Company transactions. If we engage in or intend to engage in a transaction that changes our business structure, such as restructuring, merger, sale, joint venture, transfer, assignment, change of control, or other disposal of all or part of our business, assets, or stocks, we may share personal data with third parties in relation to such transaction. Any other entity that acquires us or a portion of our business has the right to continue using your personal data in accordance with the terms of this policy.
Compliance and hazard prevention. When we deem it necessary to comply with applicable laws, we will share personal data; Comply with the rules established by financial partners when using their payment methods; Execute our contractual rights; Protect Xfpayment, your and others’ services, rights, privacy, security, and property, including preventing malicious or fraudulent activities; And respond to effective legal requirements from courts, law enforcement agencies, regulatory agencies, and other public and government agencies (which may include agencies outside your country of residence).
Xfpayment affiliated companies. We share personal data with other Xfpayment affiliated entities for the purposes described in this policy.
Service provider or processor. In order to provide, communicate, market, analyze, and promote our services, we rely on service providers. These providers provide critical services such as providing cloud infrastructure, conducting analysis to evaluate the speed, accuracy, and/or security of our services, verifying identities, identifying potential harmful activities, and providing customer service and audit capabilities. We authorize these service providers to use or disclose the personal data we provide to them in order to perform services on our behalf and comply with relevant legal obligations. We require these service providers to undertake security and confidentiality obligations for the personal data they process on our behalf through contractual commitments. Most of our service providers are located in the UK.
Financial partners. We share personal data with certain financial partners in order to provide services to enterprise users, and collaborate with these financial partners to provide certain services. For example, we may share certain personal data with institutional investors and lending institutions that purchase loan receivables or provide financing related to Xfpayment, such as payment processing volume, loan repayment data, and representative contact information.
Third party with your consent. In some cases, we may not provide services and instead recommend you to other parties (such as professional service companies we collaborate with to provide services). In these cases, we will disclose the identity of the third party and the information to be shared with them, and seek your consent to share this information.
Company transactions. If we engage in or intend to engage in a transaction that changes our business structure, such as restructuring, merger, sale, joint venture, transfer, assignment, change of control, or other disposal of all or part of our business, assets, or stocks, we may share personal data with third parties in relation to such transaction. Any other entity that acquires us or a portion of our business has the right to continue using your personal data in accordance with the terms of this policy.
Compliance and hazard prevention. When we deem it necessary to comply with applicable laws, we will share personal data; Comply with the rules established by financial partners when using their payment methods; Execute our contractual rights; Protect Xfpayment, your and others’ services, rights, privacy, security, and property, including preventing malicious or fraudulent activities; And respond to effective legal requirements from courts, law enforcement agencies, regulatory agencies, and other public and government agencies (which may include agencies outside your country of residence).
3. Legal basis for processing personal data
In order to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws, we process your personal data based on multiple legal grounds. Some jurisdictions may have other legal grounds.
a. Contract and pre contract business relationship. We process personal data to establish business relationships with potential business users and end users, and to fulfill our respective contractual obligations with them. These processing activities include:
Create and manage Xfpayment accounts and Xfpayment account credentials, including evaluating usage requests to initiate or expand our services;
Create and manage Xfpayment Checkout accounts;
Accounting, auditing, and billing activities; as well as
Handling payments and related activities, including fraud detection, loss prevention, transaction optimization, communication regarding such payments, and related customer service activities.
Create and manage Xfpayment Checkout accounts;
Accounting, auditing, and billing activities; as well as
Handling payments and related activities, including fraud detection, loss prevention, transaction optimization, communication regarding such payments, and related customer service activities.
b. Legal compliance. We process personal data to verify the identity of individuals and entities, in order to comply with obligations related to fraud monitoring, prevention, and detection, laws related to identifying and reporting illegal activities, such as anti money laundering (AML) and know your customer (KYC) regulations, and financial reporting obligations. For example, we may need to record and verify the identity of enterprise users to comply with regulations aimed at preventing money laundering, fraud, and financial crimes. These legal obligations may require us to report our compliance status to third parties and undergo third-party verification audits.
c. Legitimate rights and interests. We process your personal data based on legitimate commercial interests, where permitted by applicable laws. The following list illustrates our commercial purposes for processing your data for legitimate interests:
Detecting, monitoring, and preventing fraud and unauthorized payment transactions;
Reduce financial losses, claims, liabilities, or other damages to end customers, end-users, business users, financial partners, and Xfpayment;
Determine the eligibility for Xfpayment services and provide new Xfpayment services;
Responding to inquiries, providing service notifications, and offering customer support;
Promote, analyze, modify, and improve our services, systems, and tools, as well as develop new products and services, including improving the reliability of our services;
By understanding its effectiveness and optimizing our digital assets, we manage, operate, and improve the performance of our website and services;
Analysis and promotion of our services, as well as related improvements;
Summarize, analyze, and develop business intelligence to enable us to operate, protect, make informed decisions, and report business performance;
Sharing personal data with third-party service providers who provide services on our behalf and business partners who help us operate and improve our business;
Ensure the network and information security of Xfpayment and our services; as well as
Our affiliated companies share personal data with each other.
Reduce financial losses, claims, liabilities, or other damages to end customers, end-users, business users, financial partners, and Xfpayment;
Determine the eligibility for Xfpayment services and provide new Xfpayment services;
Responding to inquiries, providing service notifications, and offering customer support;
Promote, analyze, modify, and improve our services, systems, and tools, as well as develop new products and services, including improving the reliability of our services;
By understanding its effectiveness and optimizing our digital assets, we manage, operate, and improve the performance of our website and services;
Analysis and promotion of our services, as well as related improvements;
Summarize, analyze, and develop business intelligence to enable us to operate, protect, make informed decisions, and report business performance;
Sharing personal data with third-party service providers who provide services on our behalf and business partners who help us operate and improve our business;
Ensure the network and information security of Xfpayment and our services; as well as
Our affiliated companies share personal data with each other.
d. Agreed. We may rely on your consent or explicit consent to collect and process personal data related to your interactions and the services we provide. When we process your personal data based on your consent, you have the right to withdraw your consent at any time, and such withdrawal will not affect the legality of the processing based on your consent before the withdrawal.
e. Significant public interest. We may process special categories of personal data as defined by GDPR, provided that such processing is for significant public interest reasons and in compliance with applicable laws, such as when we conduct politically sensitive person checks. We may also process personal data related to criminal convictions and offenses, provided that such processing is authorized by applicable laws, such as when we conduct sanction screening to comply with anti money laundering (AML) and know your customer (KYC) obligations.
f. Other valid legal basis. We may further process personal data based on other valid legal grounds recognized by applicable laws in specific jurisdictions. Please refer to the specific jurisdiction terms section below for more information.
4. Your rights and choices
Based on your location and compliance with applicable laws, you may choose how we collect, use, and disclose your personal data:
a. Choose not to receive our electronic communications
If you wish to stop receiving marketing related emails from us, you can click on the unsubscribe link included in such emails to choose to unsubscribe. We will process your request promptly and reasonably. However, it should be noted that even if you choose to unsubscribe from our marketing related emails, we still reserve the right to communicate with you regarding the services you receive (such as support and important legal statements), and our business users may still send you messages or instruct us to send messages on their behalf.
b. Your data protection rights
Based on your location and compliance with applicable laws, you may have the following rights regarding the personal data we process as a data controller regarding you:
Have the right to request confirmation whether Xfpayment is processing personal data related to you, the categories of personal data it is processing, and which third parties or categories of third parties it is sharing your personal data with;
The right to request access to Xfpayment’s processing of your personal data;
If your personal data is inaccurate, incomplete or outdated, you have the right to request Xfpayment to correct or update your personal data;
Under specific circumstances stipulated by law, Xfpayment has the right to request the deletion of your personal information;
Have the right to request Xfpayment to restrict the use of your personal data in certain circumstances, such as when Xfpayment is considering another request you have submitted (e.g. a request for Xfpayment to update your personal data);
We have the right to request that we export the personal information we hold about you to another company, provided that it is technically feasible;
If your personal data is processed based on your previous consent, you have the right to withdraw your consent;
If we process your data based on legitimate interests, you have the right to object to the processing of your personal data; We will stop processing your personal data upon receiving your objection, unless there are convincing legal reasons or if processing is necessary for legal reasons;
The right not to be discriminated against for exercising these rights; as well as
You have the right to pass through oper@xfpayment.com Contact us to appeal any decisions made by Xfpayment related to your rights.
And/or relevant regulatory agencies.
According to applicable laws, you may have additional rights over your personal data.
Have the right to request confirmation whether Xfpayment is processing personal data related to you, the categories of personal data it is processing, and which third parties or categories of third parties it is sharing your personal data with;
The right to request access to Xfpayment’s processing of your personal data;
If your personal data is inaccurate, incomplete or outdated, you have the right to request Xfpayment to correct or update your personal data;
Under specific circumstances stipulated by law, Xfpayment has the right to request the deletion of your personal information;
Have the right to request Xfpayment to restrict the use of your personal data in certain circumstances, such as when Xfpayment is considering another request you have submitted (e.g. a request for Xfpayment to update your personal data);
We have the right to request that we export the personal information we hold about you to another company, provided that it is technically feasible;
If your personal data is processed based on your previous consent, you have the right to withdraw your consent;
If we process your data based on legitimate interests, you have the right to object to the processing of your personal data; We will stop processing your personal data upon receiving your objection, unless there are convincing legal reasons or if processing is necessary for legal reasons;
The right not to be discriminated against for exercising these rights; as well as
You have the right to pass through oper@xfpayment.com Contact us to appeal any decisions made by Xfpayment related to your rights.
And/or relevant regulatory agencies.
According to applicable laws, you may have additional rights over your personal data.
c. The process of exercising data protection rights
If you wish to exercise your data protection rights related to the personal data processed by us as data controllers, please contact us as follows. For personal data processed by us as data processors, please contact the relevant data controller (enterprise user) to exercise your rights. If you contact us regarding your personal data processed by us as data processors, we will refer you to the relevant data controller to the extent that we can identify that controller.
5. Security and Retention
We make reasonable efforts to provide a security level that is commensurate with the risks associated with processing your personal data. We take organizational, technical, and administrative measures aimed at protecting the personal data covered by this policy from unauthorized access, destruction, loss, alteration, or abuse. Unfortunately, no data transmission or storage system can guarantee 100% security.
We encourage you to assist us in protecting your personal data. If you have an Xfpayment account, you can protect your personal data by using strong passwords, protecting your password from unauthorized use, and avoiding the use of the same login credentials you use for other services or accounts. If you suspect that your interaction with us is no longer secure (for example, if you believe that the security of your Xfpayment account has been compromised), please contact us immediately.
We will retain your personal data as long as we continue to provide services to you or our enterprise users, or as long as we reasonably anticipate that we will continue to provide services. Even after we cease providing services directly to you or business users with whom you do business, or even after you close your Xfpayment account or complete transactions with business users, we may still retain your personal data for the purpose of:
Comply with our legal and regulatory obligations;
Implement fraud monitoring, detection, and prevention activities; as well as
Comply with our tax, accounting, and financial reporting obligations, including contractual agreements with financial partners that require retention of such data (as well as payment methods you use that require retention of data).
If we retain your personal data, we will comply with any limitations and record retention obligations stipulated by applicable laws.
We encourage you to assist us in protecting your personal data. If you have an Xfpayment account, you can protect your personal data by using strong passwords, protecting your password from unauthorized use, and avoiding the use of the same login credentials you use for other services or accounts. If you suspect that your interaction with us is no longer secure (for example, if you believe that the security of your Xfpayment account has been compromised), please contact us immediately.
We will retain your personal data as long as we continue to provide services to you or our enterprise users, or as long as we reasonably anticipate that we will continue to provide services. Even after we cease providing services directly to you or business users with whom you do business, or even after you close your Xfpayment account or complete transactions with business users, we may still retain your personal data for the purpose of:
Comply with our legal and regulatory obligations;
Implement fraud monitoring, detection, and prevention activities; as well as
Comply with our tax, accounting, and financial reporting obligations, including contractual agreements with financial partners that require retention of such data (as well as payment methods you use that require retention of data).
If we retain your personal data, we will comply with any limitations and record retention obligations stipulated by applicable laws.
6. International data transmission
As a global enterprise, we sometimes need to transfer your personal data to countries/regions outside of your home country/region, including the United States. The data protection regulations in these countries/regions may differ from those in your country/region. When transferring data across borders, we will take measures to comply with applicable data protection laws related to such transfers. In some cases, we may need to disclose personal data in accordance with legal requirements from officials such as law enforcement or security agencies.
When applicable laws require the use of data transmission mechanisms, we will adopt one or more of the following methods:
Transfer to certain countries or recipients that are deemed to have sufficient levels of protection for personal data under applicable laws.
The EU Standard Contract Terms approved by the European Commission and the UK International Data Transmission Appendix published by the UK Information Commissioner’s Office.
Other legal methods that we can adopt according to applicable laws.
Xfpayment’s privacy practices (as described in this privacy policy) comply with the Cross Border Privacy Rule System (“CBPR”) and the Processor Privacy Rule System (“PRP”). These systems provide a framework for organizations to ensure the protection of personal data transmitted between participating economies. If CBPR and/or PRP are deemed effective transmission mechanisms under applicable laws, Xfpayment will transmit personal data based on the CBPR and PRP authentication it has obtained. If you still have unresolved issues regarding privacy or data usage that we have not been able to address satisfactorily, please contact us oper@xfpayment.com Contact us.
When applicable laws require the use of data transmission mechanisms, we will adopt one or more of the following methods:
Transfer to certain countries or recipients that are deemed to have sufficient levels of protection for personal data under applicable laws.
The EU Standard Contract Terms approved by the European Commission and the UK International Data Transmission Appendix published by the UK Information Commissioner’s Office.
Other legal methods that we can adopt according to applicable laws.
Xfpayment’s privacy practices (as described in this privacy policy) comply with the Cross Border Privacy Rule System (“CBPR”) and the Processor Privacy Rule System (“PRP”). These systems provide a framework for organizations to ensure the protection of personal data transmitted between participating economies. If CBPR and/or PRP are deemed effective transmission mechanisms under applicable laws, Xfpayment will transmit personal data based on the CBPR and PRP authentication it has obtained. If you still have unresolved issues regarding privacy or data usage that we have not been able to address satisfactorily, please contact us oper@xfpayment.com Contact us.
7. Updates and notifications
We may revise this policy from time to time to reflect new services, changes in our privacy practices, or relevant laws. The legend “Last Updated Time” at the top of this policy indicates the time when this policy was last significantly revised. Any changes shall take effect at the later of the time we publish the revised policy on the service or provide update notifications in other ways as required by law.
We may provide you with disclosures and alerts related to the policies or personal data collected through posting on our website. If you are an end user or representative, we may also contact you through your Xfpayment dashboard, email address, and/or the actual address listed in your Xfpayment account.
We may provide you with disclosures and alerts related to the policies or personal data collected through posting on our website. If you are an end user or representative, we may also contact you through your Xfpayment dashboard, email address, and/or the actual address listed in your Xfpayment account.
8. Contact Us
If you have any questions or complaints about this policy, please contact us: oper@xfpayment.com
If you are the end customer (i.e. an individual conducting business or transactions with a business user), please refer to the business user’s privacy policy or notice for information about the business user’s privacy practices, choices, and controls, or contact the business user directly.
If you are the end customer (i.e. an individual conducting business or transactions with a business user), please refer to the business user’s privacy policy or notice for information about the business user’s privacy practices, choices, and controls, or contact the business user directly.