Privacy Policy.

We collect the data we need to run a regulated wallet for you: identity (name, date of birth, national ID), contact details (email, phone, address), KYC documents, and the financial activity we're legally required to record (transactions, balances, FX conversions).

We also collect device data (IP, user agent, device fingerprint) and access logs — used exclusively for fraud prevention, debugging, and account security.

To run your account, comply with KYC/AML regulation, prevent fraud, and provide customer support. We never sell or share your data with advertisers, brokers, or marketing platforms.

All personal data is encrypted at rest with AES-256 and in flight with TLS 1.3. Sensitive fields (card PANs, CVVs, government IDs) live behind a column-level KMS with hardware- isolated key custody. Access is restricted to named individuals and audited continuously.

Limited categories of third parties, only when necessary to provide the service:

• Card networks (Visa, Mastercard) for card processing
• Local payment rails (InstaPay, Vodafone Cash, Fawry) for top-ups and withdrawals
• Identity verification partners for KYC
• Cloud infrastructure providers (encrypted, no human access)
• Regulators and law enforcement, when legally required

You can request a copy of all data we hold about you, ask us to correct anything that's wrong, and request deletion (subject to our regulatory retention obligations). Email privacy@binkpay.net.

Active account data is held for as long as your account is open. After closure, regulatory obligations require us to retain identity, transaction and audit records for seven years. Beyond that we erase or fully anonymise the data.

We update this policy when our practices change. Material changes are emailed to you 30 days before they take effect, with a clear summary of what's different.