Status: DRAFT — pending legal review. This document is a structural placeholder.

Privacy Policy

Last updated: TBD — pending legal review.

NexusPay is operated by Innovate Hub PH. We comply with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

1. Personal data we collect

  • Account data: name, email, password (hashed), business name.
  • KYB data: business registration documents, beneficial-owner identification, business address.
  • Transaction data: payment amounts, methods, counterparties, timestamps.
  • Technical data: IP address, user-agent, session cookies, audit-log events.

2. How we use it

  • To deliver the NexusPay service and process payments.
  • To meet our regulatory obligations (BSP, AMLC, BIR, SEC where applicable).
  • To prevent fraud and other illegal activity.
  • To communicate operational notices and product updates.

3. Legal bases

We rely on (a) the contract you enter into with us, (b) compliance with legal obligations, and (c) our legitimate interest in operating a secure payments platform.

4. Retention

Transaction and KYB records are retained for at least five (5) years after account closure, in line with BSP and AMLA record-keeping rules. Marketing data is retained until you withdraw consent.

5. Disclosure to third parties

We share data with licensed payment providers (DirectPay, PayGram, and others) only as needed to process your transactions, with regulators on lawful demand, and with vendors bound by confidentiality and DPA-compliant data-processing agreements.

6. Your rights as a data subject

Under the DPA you have the right to:

  • Be informed about processing.
  • Access your personal data.
  • Object to processing and to direct marketing.
  • Rectify inaccurate data.
  • Erasure or blocking, subject to retention obligations.
  • Data portability.
  • Lodge a complaint with the National Privacy Commission.

Authenticated merchants may exercise data-access and erasure rights directly from the dashboard data-rights panel (DSAR). Other data subjects may write to our Data Protection Officer.

7. Security

Sensitive fields are encrypted at rest using AES-256-GCM. All traffic is served over TLS 1.2+. See our Security page for details.

8. Data Protection Officer

Innovate Hub PH — Data Protection Officer. [email protected].