This Privacy Policy describes how WePay processes personal data in connection with the service. It should be read alongside your agreements and any partner notices that apply to regulated processing.
1. Data we process
We may process account identifiers (such as email), authentication credentials from our identity provider, verification status, program usage data, and technical logs (for example IP address and browser type) needed to operate and secure the service. Full primary account numbers are processed only as required by your card program and partner rules.
2. Purposes
Data is used to operate sign-in, email verification, deposit flags stored in your database, and to secure the service. Analytics may run if you enable measurement IDs in Firebase.
3. Legal bases (EEA/UK reference)
Where GDPR/UK GDPR applies, we rely on contract (providing the service), legitimate interests (security and improvement), and consent where required (e.g. non-essential cookies or marketing — configure to match your setup).
4. Retention & security
We apply retention limits appropriate to the purpose of processing, with access controls, encryption in transit, and least-privilege access to systems and keys. Specific retention schedules may be set out in your customer documentation.
5. Your rights & contact
Depending on jurisdiction, you may have rights to access, rectify, delete, or port data, and to object to certain processing. Contact us via the Contact page for privacy requests. You may lodge a complaint with a supervisory authority where applicable.