Book a demo
Legal

Privacy Policy

Last updated 4 May 2026

1. Overview

This Privacy Policy explains how Reparpay LLC processes personal data when you use our platform, dashboard or website.

2. Data we collect

We collect only what we need:

  • Account data — name, work email, role, login credentials.
  • Transaction metadata — charge IDs, amounts, currencies, timestamps, IP addresses (anonymised after 60 days for analytics).
  • Card data — tokenised at ingress, never retained in cleartext.
  • Usage data — pages viewed, API calls, device information.

3. Bases for processing

We process personal data on the basis of contract performance, legitimate interest in operating and securing the platform, legal obligation (AML/PSD2), and consent where applicable.

4. Sharing

Personal data is shared with our sub-processors (listed in the trust center) and with authorities where legally required. We never sell personal data.

5. International transfers

EU customer data is stored in EU regions (Paris, Frankfurt, Stockholm). Where data is transferred outside the EU/EEA, we use the European Commission's Standard Contractual Clauses with supplementary measures.

6. Retention

Account data is retained for the duration of the contract plus 7 years for accounting obligations. Card data is retained only as long as necessary to support the saved-card flow.

7. Your rights

Subject to GDPR, you have rights of access, rectification, erasure, restriction, portability and objection. Exercise them via [email protected].

8. Security

We encrypt personal data in transit and at rest, with envelope keys rotated under FIPS 140-3 Level 3 HSMs. Access is logged at the row level and gated by four-eye approval for sensitive operations.

9. Cookies

See our separate Cookie Policy for details on cookie use and your choices.

10. DPO & contact

Our Data Protection Officer can be reached at [email protected]. The supervisory authority for our establishment is the CNIL (France).