NXI
Apply now
NXI Pay, payments perfected
Legal

Privacy Policy

Effective 1 November 2025 · Last updated January 2026

1. Introduction

Paytech Solutions Limited, trading as NXI, NXIPay, or NXI Pay ("NXI Pay", "we", "us", or "our"), is committed to protecting the privacy of our business partners. This Privacy Policy explains how we collect, use, and protect business information from merchants and business contacts who use our payment orchestration services.

Important: We operate a business-to-business (B2B) platform. We do not collect personal information from consumers or end-customers. If you are an end-customer making a payment through a merchant using our services, please contact that merchant directly regarding their privacy practices.

2. About NXI Pay

  • Legal Entity: Paytech Solutions Limited
  • Trading Name: NXI, NXIPay, or NXI Pay
  • Registration Number: 134756
  • Jurisdiction: Marshall Islands
  • Registered Address: Trust Company Complex, Ajeltake Road, Ajeltake Island, Majuro, Marshall Islands MH 96960
  • Administrative Headquarters: 121 Platte Akker, 4847KP Teteringen, The Netherlands
  • Contact: [email protected]

3. What Information We Collect

We collect business information from merchants and business contacts only.

3.1 Business Contact Information

  • Company name and registration details
  • Business contact names, titles, and roles
  • Business email addresses and phone numbers
  • Business addresses

3.2 Business Financial Information

  • Business bank account details (for settlement)
  • Tax identification numbers (for compliance and reporting)
  • Business financial statements (for underwriting)

3.3 Transaction Information

  • Transaction volumes and processing history
  • Merchant category codes and business types
  • Chargeback and refund data
  • Payment routing and settlement data

3.4 Technical Information

  • IP addresses (for security and fraud prevention)
  • Access logs (for platform security)
  • API usage data (for service delivery)
  • Cookies and similar technologies on our website (see section 4)

4. Cookies and Website Data

Our website at nxipay.com uses a small number of cookies and similar technologies.

  • Strictly necessary cookies: required for the site to function and to keep it secure. These are always active and do not require consent.
  • Functional cookies (live chat): if you choose to use our live-chat widget, it sets cookies to maintain your chat session. This widget loads only after you accept it through the cookie banner shown on your first visit.

You can accept or decline non-essential cookies using the banner on our website, and you can change your choice at any time by clearing your browser storage for this site. We do not use advertising or cross-site tracking cookies.

5. How We Use Information

We use business information to:

  • Provide payment orchestration and acquirer connectivity services
  • Process settlements and financial reconciliations
  • Comply with anti-money laundering (AML) and know-your-business (KYB) requirements
  • Comply with card scheme rules and regulations
  • Prevent fraud and ensure platform security
  • Communicate about services, updates, and support
  • Improve our services and develop new features
  • Fulfil our contractual obligations

Legal Basis (GDPR):

  • Contractual Necessity: processing required to deliver our services.
  • Legal Obligation: compliance with financial regulations, AML and KYB requirements, and tax laws.
  • Legitimate Interests: fraud prevention, platform security, and service improvement.
  • Consent: where we rely on consent, such as loading the non-essential live-chat widget on our website.

6. How We Share Information

We share business information with the following categories of recipient.

6.1 Payment Partners

  • Acquirers: for transaction processing.
  • Technology Partners: PCI-DSS certified gateway and orchestration providers.

6.2 Service Providers

  • Compliance and KYB verification services
  • Cloud infrastructure providers
  • Professional advisors (legal, accounting)

6.3 Legal Requirements

  • Regulatory authorities and law enforcement (when required by law)
  • Card schemes (Visa, Mastercard) for compliance purposes

We do not sell business information to third parties.

7. International Transfers

As a global payment platform, we transfer business data internationally.

  • Our administrative operations are based in the Netherlands (EEA).
  • We work with acquirers and technology partners in various jurisdictions.
  • Data transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) or adequacy decisions.
  • We conduct transfer impact assessments and implement supplementary security measures where required.

8. Data Security

We implement appropriate technical and organisational measures to protect business information.

  • Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest.
  • PCI-DSS Compliance: we use PCI-DSS Level 1 certified technology partners for all payment card data processing.
  • Access Controls: role-based access with multi-factor authentication.
  • Tokenisation: payment card data is tokenised by our PCI-DSS certified partners.
  • Monitoring: security logging and intrusion detection systems.
  • Breach Notification: we will notify affected parties and relevant authorities within 72 hours of becoming aware of a data breach.

Important: We do not directly process or store full payment card data. All card data handling is performed by our PCI-DSS certified technology partners.

9. Data Retention

We retain business information for:

  • Active Merchants: the duration of the business relationship plus 7 years (for financial and regulatory compliance).
  • Prospective Merchants: 2 years from last contact, unless you request earlier deletion.

10. Your Rights

Depending on your location, you may have the following rights.

10.1 GDPR Rights (EEA, UK)

  • Access: request a copy of your business data.
  • Rectification: correct inaccurate information.
  • Erasure: request deletion, subject to legal retention requirements.
  • Restriction: limit how we process your data.
  • Portability: receive your data in a structured format.
  • Object: object to processing based on legitimate interests.
  • Withdraw Consent: where we rely on consent as a legal basis.

10.2 How to Exercise Your Rights

Contact us at [email protected]. We will respond within:

  • 1 month (GDPR, UK)
  • 45 days (California residents, if applicable)

If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority.

11. California Privacy Rights

If you are a California resident acting on behalf of a California-based business, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: what business information we collect and how we use it.
  • Right to Delete: request deletion of your business information, subject to legal exceptions.
  • Right to Correct: correct inaccurate information.
  • Right to Opt-Out: opt out of sharing or selling. We do not sell business information.
  • Non-Discrimination: we will not discriminate against you for exercising your rights.

To exercise these rights, contact [email protected].

12. Canadian Privacy Rights

If you are in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

  • Request access to your business information.
  • Challenge the accuracy of your information.
  • Withdraw consent, where applicable and subject to legal and contractual restrictions.

For questions or complaints, contact [email protected]. You may also contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email to your registered business contact address
  • Notice on our website at nxipay.com
  • Notice in our platform dashboard

Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

For any privacy-related questions, requests, or concerns:

  • Privacy Contact and Data Protection Officer: [email protected]
  • Postal Address: NXI Pay, 121 Platte Akker, 4847KP Teteringen, The Netherlands

15. Definitions

  • "Merchant" means a business entity that has contracted with NXI Pay for payment processing services.
  • "Business Information" means information relating to a business entity, its operations, and its authorised representatives acting in a business capacity.
  • "Acquirer" means a financial institution or bank that processes card payments on behalf of merchants.
  • "Payment Orchestration" means routing payment transactions to appropriate acquirers and managing the technical connectivity for payment processing.