Last updated: April 2026
DapaPay Ltd — support@dapapay.com
Dapa International Business ("DapaPay", "we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the DapaPay platform and services, regardless of where you are located in the world. We operate in compliance with applicable data protection laws including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) where applicable, and other international privacy frameworks relevant to the jurisdictions we serve.
Dapa International Business is the data controller responsible for your personal data. Email: support@dapapay.com Data Protection Officer: dpo@dapapay.com
We collect the following categories of personal data: • Identity data: full name, date of birth, nationality • Contact data: email address, phone number, postal address • Financial data: transaction history, account balances, payment references • Identity verification data: government-issued ID documents, proof of address, selfie/biometric data (for KYC purposes) • Technical data: IP address, device identifiers, browser type, operating system • Usage data: login history, feature usage, transaction patterns • Communications data: support correspondence, feedback We do not collect unnecessary personal data and only process what is required to provide our services.
We process your personal data for the following purposes: • To provide and operate our payment services • To verify your identity and comply with Know Your Customer (KYC) requirements • To comply with Anti-Money Laundering (AML) and counter-terrorism financing regulations • To process payments and maintain transaction records • To detect, prevent, and investigate fraud and financial crime • To communicate with you about your account and our services • To comply with legal and regulatory obligations • To improve our platform and develop new features • To respond to legal requests from competent authorities Our legal bases for processing include: performance of contract, compliance with legal obligations, legitimate interests, and consent where applicable.
DapaPay operates globally. Your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home country. Where we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by relevant data protection authorities, adequacy decisions, or other legally recognised transfer mechanisms.
We do not sell your personal data to third parties. We may share your data with: • Regulated banking and payment partners (including Griffin Bank for ring-fenced account services) • Identity verification and KYC service providers • Fraud prevention and security services • Legal and compliance advisors under confidentiality obligations • Law enforcement, regulators, and government authorities when required by law or court order • Successor entities in the event of a merger, acquisition, or business transfer
We retain your personal data for as long as necessary to provide our services and comply with our legal obligations: • Transaction records: 7 years minimum • KYC and identity documents: 5 years after account closure • Account data: duration of account plus 5 years after closure • Communications: 3 years • Technical logs: 12 months
Depending on your location, you may have the following rights: • Right of access: obtain a copy of your personal data • Right to rectification: correct inaccurate or incomplete data • Right to erasure: request deletion of your data (subject to legal obligations) • Right to restriction: limit how we process your data • Right to data portability: receive your data in a structured format • Right to object: object to processing based on legitimate interests • Right to withdraw consent: where processing is based on consent • Right to lodge a complaint with your local data protection authority To exercise your rights, contact us at support@dapapay.com. We will respond within 30 days.
We implement industry-standard technical and organisational security measures including: • End-to-end encryption for sensitive data in transit • Homomorphic encryption for DAPA balance data • Multi-factor authentication for account access • Regular security audits and penetration testing • Access controls limiting data access to authorised personnel
We use strictly necessary cookies for authentication and security. We do not use advertising or tracking cookies.
DapaPay services are not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on our platform.
Email: support@dapapay.com Data Protection Officer: dpo@dapapay.com You also have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.