Data Privacy & Protection

Last updated: 9/27/2025

Our Commitment to Data Privacy

At PayAiML, we understand that data privacy is fundamental to building trust with our customers. We are committed to implementing the highest standards of data protection and privacy practices across all our services.

Compliance Standards

GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) for all European users, ensuring lawful processing, data minimization, and user rights protection.

PCI DSS Certification

Our payment processing infrastructure maintains PCI DSS Level 1 compliance, the highest level of security certification for payment processors.

SOC 2 Type II

We undergo regular SOC 2 Type II audits to ensure our security controls and processes meet the highest industry standards.

Data Protection Measures

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption standards.

Access Controls

Strict role-based access controls ensure only authorized personnel can access sensitive data.

Data Minimization

We collect and process only the minimum data necessary to provide our services effectively.

Regular Audits

Independent security audits and penetration testing are conducted regularly to identify vulnerabilities.

Data Processing Principles

  • Lawfulness:We process data only when we have a legal basis to do so.
  • Transparency:We clearly communicate how and why we process your data.
  • Purpose Limitation:Data is used only for the specific purposes for which it was collected.
  • Accuracy:We maintain accurate and up-to-date personal data.
  • Storage Limitation:Data is retained only as long as necessary for the intended purpose.

Your Data Rights

Under applicable data protection laws, you have the following rights:

  • • Right to access your data
  • • Right to rectification
  • • Right to erasure
  • • Right to restrict processing
  • • Right to data portability
  • • Right to object
  • • Right to withdraw consent
  • • Right to lodge a complaint

Data Breach Response

In the unlikely event of a data breach, we have established procedures to:

  • Detect and contain the breach within 24 hours
  • Assess the scope and impact of the incident
  • Notify relevant authorities within 72 hours
  • Inform affected users without undue delay
  • Implement corrective measures to prevent future incidents

Contact Our Data Protection Officer

For any questions about data privacy or to exercise your rights, contact our Data Protection Officer:

Email: dpo@payaiml.com

Response Time: Within 30 days

Languages: English, Spanish, French, German