PRIVACY POLICY
Last Updated: October 22, 2025
1. INTRODUCTION
Opust Solutions (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment processing services (provided through authorized payment processing partners), SaaS development services, and website.
IMPORTANT: Payment processing services involve our authorized payment processing partners. When you use payment processing, your data is also processed by our partners according to their privacy practices.
2. INFORMATION WE COLLECT
2.1 Information You Provide
– Personal: Name, email, phone, date of birth, government-issued ID, SSN/Tax ID, address
– Business: Company name, business type, tax ID, bank account details, ownership structure, beneficial owners (25%+ ownership)
– Financial: Bank accounts, payment card information (tokenized), transaction history, credit reports
2.2 Transaction Data
– Transaction amounts, dates, times, currencies
– Customer payment information (processed by partners)
– Billing/shipping addresses, IP addresses
– Transaction outcomes, refunds, chargebacks
– Fraud and risk assessment data
IMPORTANT: We do NOT store complete card numbers. Card data is tokenized by our processing partners. We NEVER store CVV codes or PIN data.
2.3 Automatically Collected
– Device information (IP, browser, OS, device ID)
– Usage data (pages visited, features used, time spent)
– Location data (general from IP address)
– Cookies and tracking technologies
– Log files, API usage data
2.4 Third-Party Sources
– Payment processors and card networks
– Banks and financial institutions
– Identity verification services (KYC/AML)
– Fraud prevention services
– Credit bureaus (with authorization)
– Business information databases
– Government databases (sanctions, PEP lists)
2.5 Credit Reports Authorization
You authorize us to obtain consumer credit reports for you and beneficial owners for application evaluation, ongoing monitoring, risk assessment, and compliance. This covers credit inquiries at account opening and periodically thereafter.
3. HOW WE USE YOUR INFORMATION
– Service Delivery: Process transactions, manage accounts, provide support, calculate fees
– Compliance: Verify identity (KYC), Anti-Money Laundering (AML), screen sanctions lists, prevent fraud, comply with Card Association rules, respond to legal requests, maintain records (typically 7 years)
– Security: Detect fraud, monitor suspicious activity, assess risk, prevent unauthorized access, maintain PCI DSS compliance
– Business Operations: Improve services, develop features, conduct analysis, generate reports, test quality
– Marketing (with consent): Send promotions, product updates, surveys, newsletters (opt-out available)
4. HOW WE SHARE YOUR INFORMATION
WE DO NOT SELL YOUR PERSONAL INFORMATION.
4.1 With Payment Processing Partners (Required)
Shared with:
– Authorized payment processing partners
– Payment processors and acquiring banks
– Card networks (Visa, Mastercard, Amex, Discover)
– Financial institutions
– ACH networks
Purpose: Authorize transactions, settle payments, prevent fraud, comply with rules, and provide gateway services.
4.2 Other Service Providers
– Identity verification (KYC/AML)
– Fraud detection
– Credit reporting
– Cloud hosting (encrypted)
– Customer support tools
– Analytics
– Email services
– Accounting
All providers are contractually obligated to protect data and use it only for specified purposes.
4.3 Legal Requirements
When required by law, legal process, government requests, to enforce Terms, protect rights/safety, prevent fraud/illegal activity, or comply with Card Association/regulatory mandates.
4.4 Business Transfers
If we’re involved in a merger, acquisition, or bankruptcy, your information may transfer to a new entity with notice provided.
4.5 With Your Consent
When you explicitly consent to specific data sharing.
4.6 Aggregate Data
We may share de-identified, aggregate data that cannot identify you individually for benchmarks, statistics, research, and product development.
5. DATA SECURITY
5.1 Technical Safeguards
– Encryption in transit (TLS 1.2+/SSL)
– Encryption at rest (AES-256)
– Secure data centers with physical security
– Firewalls and intrusion detection
– Regular security audits
– Multi-factor authentication
– Role-based access controls
5.2 PCI DSS Compliance
We and our partners maintain PCI DSS Level 1 compliance. We do NOT store complete card numbers (tokenization used). CVV and PIN data are NEVER stored. Card data is encrypted and tokenized.
5.3 Organizational
– Limited data access (need-to-know)
– Employee training
– Confidentiality agreements
– Background checks
– Incident response procedures
5.4 Your Responsibility
Maintain login security, use strong passwords, enable two-factor authentication, secure devices, log out on shared devices, and notify us of suspected breaches.
IMPORTANT: No system is 100% secure. We cannot guarantee absolute security.
6. DATA RETENTION
We retain information as long as necessary for services, compliance, disputes, and fraud prevention.
Retention Periods:
– Account information: Duration + 7 years
– Transaction records: 7 years
– Credit reports/KYC: 7 years
– Communications: 3-7 years
– Security logs: 1-2 years
– Marketing data: Until opt-out or closure
– Chargeback records: 7 years
After retention, we securely delete or anonymize data.
7. YOUR PRIVACY RIGHTS
7.1 Access and Portability
Request copies of your data in portable format.
7.2 Correction
Request correction of inaccurate data. Update account information directly in the dashboard.
7.3 Deletion
Request deletion (subject to legal retention requirements).
7.4 Restriction and Objection
Request processing restriction, object to processing, opt-out of marketing.
7.5 Withdrawal of Consent
Withdraw consent where it was the basis for processing.
7.6 Complaints
Lodge a complaint with the data protection authority.
To Exercise Rights: Email [email protected] with your name, contact info, and request. We respond within 30 days.
8. INTERNATIONAL DATA TRANSFERS
We operate globally and may transfer data outside your residence (UAE, United States, other countries). We ensure safeguards: Standard Contractual Clauses, Data Processing Agreements, adequacy decisions, or your consent.
9. COOKIES
Types: Essential (required), Performance (analytics), Functional (preferences), Marketing (ads with consent).
Control: Browser settings, opt-out tools, cookie consent banner.
Note: Disabling may limit functionality.
10. SPECIAL CONSIDERATIONS
10.1 Children
Services NOT intended for under 18. We don’t knowingly collect children’s data. If discovered, we delete immediately. Parents can request deletion at [email protected].
10.2 Third-Party Links
Not responsible for external site privacy practices. Review their policies.
10.3 Sensitive Data
Generally not collected unless required for services, with consent, or by law.
11. REGION-SPECIFIC RIGHTS
11.1 EEA/UK (GDPR)
Legal bases: Contract, legal compliance, legitimate interests, consent.
Rights: Access, rectification, erasure, restriction, portability, objection.
Data Protection Officer: [email protected]
11.2 California (CCPA/CPRA)
Rights: Know what’s collected, know if sold/shared, opt-out of sale, delete, correct, limit sensitive data use, and non-discrimination.
WE DO NOT SELL INFORMATION.
Categories collected: Identifiers, financial info, commercial info, internet activity, geolocation, professional info.
To exercise: Email [email protected] with “California Privacy Rights Request.”
11.3 Other Jurisdictions
We comply with applicable laws worldwide. Contact [email protected] for specific questions.
12. CHANGES TO POLICY
We may update periodically. Material changes: Updated date, email notification, website notice, and account notification. Continued use means acceptance.
13. CONTACT
Privacy Team: [email protected]
Data Protection Officer: [email protected]
General: [email protected]
Website: https://opustsolutions.com
We respond to inquiries within a reasonable timeframe and are committed to protecting your privacy.