Privacy Policy

01

Introduction

OVGC ("we", "us", "our") is committed to protecting the privacy of the merchants and buyers who use our platform. This Policy describes the types of information we collect, how we use it, when we share it, and the rights you have over your personal data.

By using our Services, you confirm that you have read and understood this Policy. If you do not agree, please do not use our Services.

02

Data Controller

OVGC Payment Services FZ-LLC, a company registered in the United Arab Emirates with offices at Al Barsha Business Center, Al Barsha 1, Dubai, acts as the data controller for the personal information described in this Policy. For data protection enquiries, contact privacy@ovgcpayments.com.

03

Data We Collect

We only collect data that is necessary to operate our Services, fulfil legal obligations, and protect against fraud.

Information You Provide

Account & Identity

Name, email, phone number, date of birth, government-issued ID, photograph, and verification documents collected during onboarding (KYC/KYB).

Business Information

Legal entity name, trading name, registered address, beneficial ownership, URLs, financial statements, and proof of operational capability.

Payment & Banking Details

Bank account details and any wallet addresses you provide for payouts.

Support Communications

Records of messages and tickets exchanged with our support, compliance, or sales teams.

Information We Collect Automatically

Technical Data

IP address, device fingerprint, browser type, OS, time zone, referring URL, and pages viewed on our website and dashboard.

Transaction & Usage Data

Transaction history, amounts, payment methods, counterparty information, authorisations, refunds, chargebacks, and risk-scoring signals.

Cookies & Similar Technologies

See our Cookie Policy for details on cookies, local storage, and similar technologies.

Information from Third Parties

We may receive information from KYC/KYB verification providers, sanctions and PEP screening databases, fraud-detection partners, payment processors, banks, card networks, and government authorities — for the purpose of compliance, risk assessment, and fulfilling our regulatory obligations.

04

How We Use Your Data

1
To deliver and operate the Services
Process Transactions, authorise payments, settle funds to your bank or USDC wallet, generate invoices, and provide dashboard access.
2
To verify identity & comply with law
KYC, KYB, AML, sanctions, PEP, and CTF checks; ongoing monitoring; and reporting to regulators where required.
3
To prevent fraud & abuse
Risk scoring, chargeback detection, account-takeover prevention, and enforcement of our Acceptable Use Policy.
4
To improve the Services
Analyse aggregated usage data, debug issues, and develop new features.
5
To communicate with you
Send transactional messages (receipts, security alerts, account updates) and, where you have opted in, product news.
6
To resolve disputes & enforce agreements
Investigate complaints, handle chargebacks, and protect our legal rights.

05

Legal Basis (GDPR / UK GDPR)

We rely on one or more of the following legal bases to process personal data:

Contract

Processing necessary to provide the Services you have requested under our Terms of Service.

Legal Obligation

Compliance with anti-money laundering, counter-terrorist financing, tax, payment scheme, and other regulatory requirements.

Legitimate Interests

Operating, securing, and improving our Services, preventing fraud, and informing you about features relevant to your account.

Consent

Where you have given explicit consent (e.g., for marketing communications), which you may withdraw at any time.

06

Sharing & Disclosure

We do not sell personal data. We share data only with parties that have a need to receive it for the purposes described in this Policy:

1
Service providers & sub-processors
Payment processors, acquirers, KYC/KYB vendors, hosting providers, fraud detection partners, customer support tools — bound by written contracts requiring confidentiality and data protection.
2
Card networks & financial institutions
Visa, Mastercard, American Express, banks, and clearing houses — for the purposes of authorising and settling transactions.
3
Regulators & law enforcement
Where required by law, court order, or to protect our rights, property, or safety, or those of our merchants, buyers, or the public.
4
Corporate transactions
In the event of a merger, acquisition, financing, or sale of assets, data may be transferred under suitable confidentiality protections.

07

International Data Transfers

Our infrastructure and certain processors may be located outside the United Arab Emirates, United Kingdom, or European Economic Area. Where we transfer personal data internationally, we put in place appropriate safeguards — such as the European Commission's Standard Contractual Clauses or the UK International Data Transfer Agreement — to ensure your data is protected to a standard equivalent to the originating jurisdiction.

08

Retention

We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law. Typical retention periods include:

Account & transaction records

Retained for at least 7 years after account closure to comply with AML, financial-services, and tax record-keeping rules.

KYC/KYB documents

Retained for at least 5 years after the end of the business relationship.

Marketing data

Retained until you withdraw consent or unsubscribe.

Website analytics

Aggregated and pseudonymised data may be retained for up to 26 months.

09

Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include:

1
Encryption in transit (TLS 1.2+) and at rest (AES-256)
2
Role-based access controls, MFA, and least-privilege principles
3
Regular vulnerability scanning and penetration testing
4
Incident response procedures and security monitoring
5
Vendor due diligence and contractual data-protection obligations on all sub-processors

No security system is impenetrable. If we become aware of a personal data breach that is likely to result in a high risk to your rights, we will notify you and relevant supervisory authorities without undue delay.

10

Your Rights

Depending on where you live, you have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct inaccurate or incomplete data.

Right to Erasure

You can request deletion of your data, subject to our legal obligations to retain certain records.

Right to Restriction

You can ask us to limit how we process your data in certain circumstances.

Right to Data Portability

You can receive a copy of your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests, including direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

Right to Lodge a Complaint

You can complain to a supervisory authority — in the UK, the Information Commissioner's Office (ICO); in the UAE, the UAE Data Office (the federal supervisory authority for the Personal Data Protection Law, Federal Decree-Law No. 45 of 2021).

To exercise any of these rights, contact privacy@ovgcpayments.com. We will respond within 30 days, unless legally permitted to extend that period.

11

Cookies

We use cookies and similar technologies to operate our website and dashboard, remember your preferences, and analyse usage. For details and to manage your preferences, see our Cookie Policy.

12

Children

Our Services are not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us so we can delete it.

13

Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the dashboard before the changes take effect. The "Last updated" date at the top of this page indicates the most recent version.

14

Contact

For questions or to exercise your rights, please contact our Data Protection team:

Email

privacy@ovgcpayments.com

Post

OVGC Payment Services FZ-LLC, Al Barsha Business Center, Al Barsha 1, Dubai, United Arab Emirates