Privacy Policy

Summary: We are a non-custodial service. We do not see, store, or process your customers' sensitive financial data.

1. Data We Collect

We collect the following types of information:

  • Account Information: Name, email, and business details provided during registration.
  • API Usage Data: Logs of API requests, timestamps, and response status codes.
  • Transaction Metadata: Order IDs, amounts, and currency codes (needed for routing).

2. Data We DO NOT Collect

Consistent with our non-custodial architecture, we never store or have access to:

  • Credit/Debit card numbers (PANs).
  • Bank account passwords or PINs.
  • Customer CVV/CVC codes.

3. How We Use Your Data

We use the collected data solely to:

  • Authenticate your API requests.
  • Route transaction requests to the appropriate banking partner.
  • Monitor system performance and security.
  • Generate usage reports for your dashboard.

4. Data Sharing

We do not sell your data. We only share data with:

  • Banking Partners: To facilitate the payment processing you requested.
  • Legal Authorities: If required by Cambodian law or a valid court order.

5. Security

We employ industry-standard security measures, including TLS 1.3 encryption for all data in transit and AES-256 encryption for API keys at rest. Access to production systems is strictly limited to authorized personnel.

6. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@baray.io.