Swyftly
Swyftly

Privacy Policy

Last Updated: October 25, 2025

Swyftly Technologies Inc. ("Swyftly," "we," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal information in compliance with the Data Privacy Act of 2012 (R.A. 10173) and BSP Circular No. 982.

1. Introduction

This policy applies to:

  • Merchants: Our business clients who use our payment gateway Services
  • Customers: Individuals who make payments to our Merchants through our Services
  • Visitors: Individuals who browse our website

2. Data We Collect

We collect, store, and process the following data:

Merchant Data

Information you provide during onboarding, such as your business name, SEC/DTI registration, address, contact details, bank account information, and identification data for your authorized representatives and Ultimate Beneficial Owners (UBOs) as required by AML/KYC regulations.

Transaction Data

Information related to payments, including amounts, timestamps, payment methods, and merchant details.

Customer Payment Information

Information provided by a Customer during a transaction, such as name, contact info, and payment reference IDs. Swyftly does not store complete, unencrypted payment card numbers.

Technical Data

IP addresses, browser fingerprints, device information, and other data used for fraud analytics and security.

3. How We Use Your Data

We process data for the following purposes:

  • To Provide Services: To process transactions, make settlements, and operate our payment gateway
  • For Compliance & Security: To verify Merchant identity (KYC), comply with BSP and AMLC reporting obligations, monitor for fraud (AML/CTF), and secure our platform
  • To Provide Support: To respond to Merchant and Customer inquiries
  • To Improve Services: To analyze transaction data and improve our platform's performance

4. Data Sharing

Swyftly does not sell your personal data. We may share limited data with:

  • Financial Partners: Acquiring banks, payment networks (e.g., GCash, Maya, InstaPay), and financial partners required to process a transaction
  • Verification Vendors: Third-party services for fraud and KYC/AML verification
  • Regulators: The BSP, AMLC, National Privacy Commission (NPC), and other government bodies as required by law or during an audit

5. Data Security Measures

We implement administrative, technical, and physical security measures to protect your data, including:

  • Certifications: PCI-DSS and ISO 27001 compliant
  • Encryption: Industry-standard encryption for data in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) and Multi-Factor Authentication (MFA) for all administrative systems
  • Monitoring: 24/7 security monitoring and regular penetration testing

6. Data Retention

In compliance with BSP AML guidelines, we retain transactional and KYC data for five (5) years from the date of the last transaction or the termination of the Merchant relationship, whichever is later. After this period, data is securely destroyed or anonymized.

7. Data Breach Protocol

In the unlikely event of a data breach, we will:

  • Implement immediate containment and investigation
  • Notify affected parties and the National Privacy Commission (NPC) and BSP within 72 hours, as required by law
  • Implement remediation measures to prevent recurrence

8. Your Rights

As a data subject under the Data Privacy Act, you have the right to access, correct, or request the deletion of your personal information, subject to our legal and regulatory retention obligations.

9. Contact Us

For any questions about this Privacy Policy, please contact our Data Protection Officer at dpo@swyftly.ph