Privacy Policy

This Privacy Policy explains how Spark Advisory Limited, operating as aipaynex from RM 701, UNIT 108, 7/F, TWR B NEW MANDARIN PLAZA, 14 SCIENCE MUSEUM RD, TSIM SHA TSUI, HONG KONG, processes personal data and business data when visitors use our website, customers create accounts, merchants use our dashboard or APIs, payers use checkout, and partners interact with payment, webhook, reporting, or agent payment features.

This Policy does not replace privacy notices from merchants, payment providers, banks, networks, wallets, or other third parties that may independently process data.

We may process names, email addresses, phone numbers, usernames, authentication identifiers, team roles, account settings, support messages, billing contacts, identity or verification information, and other information users provide to us.

The exact categories depend on the services used, onboarding requirements, payment methods, compliance checks, and support interactions.

We may process company names, workspace information, business profiles, product or service descriptions, pricing, tax information, website URLs, operating regions, beneficial ownership details, team permissions, invoices, product catalogs, and integration settings.

Merchants are responsible for ensuring they have the rights and notices needed to submit business and customer data to aipaynex.

We may process payment, checkout, invoice, subscription, refund, dispute, chargeback, settlement, provider reference, payment route, webhook, reconciliation, receipt, and ledger-related data to deliver and support payment services.

Sensitive payment credentials, provider secrets, and private keys should not be intentionally exposed in public pages, client-side documentation, logs, or unsupported integration fields.

When merchants use aipaynex to serve their own customers or payers, we may process payer names, contact details, checkout session data, billing details, invoice references, product selections, payment status, fraud or compliance signals, and support context.

Merchants decide what customer data they submit and remain responsible for their own privacy notices, lawful bases, consent flows, and customer rights handling.

We may collect IP addresses, device identifiers, browser information, user agent strings, log data, request IDs, API metadata, webhook delivery state, integration errors, security events, and diagnostic information.

Technical data helps us secure accounts, debug integrations, prevent abuse, monitor reliability, and maintain auditability.

We may use cookies, local storage, pixels, analytics tools, and similar technologies to operate sessions, remember preferences, measure product usage, improve reliability, detect abuse, and understand website performance.

The final cookie and analytics disclosure should be reviewed against the current hosting, database, authentication, email delivery, analytics, observability, automation, security, compliance, fraud-prevention, support, and payment service providers used to operate aipaynex.

We collect data directly from users, merchants, partners, payers, API requests, checkout interactions, webhook events, support communications, connected services, payment providers, compliance vendors, analytics systems, and security systems.

Some data is generated automatically when services are used, such as logs, event IDs, route snapshots, status transitions, retry records, and audit entries.

We process data to provide and improve the services, create accounts, authenticate users, operate workspaces, enable payment flows, deliver webhooks, generate receipts, reconcile transactions, provide support, detect fraud, secure systems, comply with law, enforce terms, and communicate service updates.

We may also process data to develop product analytics, reliability metrics, risk controls, and automation features that improve the payment infrastructure experience.

Where privacy laws require a legal basis, we may process personal data to perform a contract, comply with legal obligations, pursue legitimate interests, protect vital or public interests where applicable, or rely on consent.

Examples of legitimate interests may include securing services, preventing fraud, supporting merchants, improving APIs, monitoring reliability, and maintaining audit records.

We may share data with service providers, payment processors, infrastructure providers, authentication providers, analytics and observability providers, email providers, compliance or fraud vendors, professional advisers, affiliates, business transaction counterparties, and authorities when required by law.

We do not sell personal data in the ordinary meaning of selling customer lists for money. Any jurisdiction-specific opt-out language should be finalized with counsel.

Third-party service providers may process data for hosting, storage, database infrastructure, email, analytics, observability, fraud prevention, support, automation, and security.

The current disclosure uses non-branded service-provider categories instead of naming each provider: hosting, database, authentication, email delivery, analytics, observability, automation, security, compliance, fraud-prevention, support, and payment service providers used to operate aipaynex.

Payment providers, processors, acquiring partners, banks, networks, wallets, stablecoin or crypto infrastructure, compliance vendors, and fraud vendors may process transaction and compliance data as independent controllers, processors, or service providers depending on the payment route and applicable terms.

Payment execution, settlement, refunds, chargebacks, KYC, KYB, fraud controls, and payout availability may require sharing data with those parties.

aipaynex may use structured payment, policy, mandate, receipt, event, and support data to operate AI-assisted or automated features such as tool discovery, risk explanations, reconciliation assistance, support workflows, and payment control recommendations.

Merchants should not submit sensitive personal data, payment credentials, secrets, or regulated data into AI prompts or automation fields unless the relevant feature and contract explicitly support that use.

Data may be processed in countries where aipaynex, merchants, providers, infrastructure vendors, support personnel, or payment partners operate.

Where required, we will use appropriate transfer mechanisms, contractual safeguards, or other lawful transfer bases. Final jurisdiction-specific language depends on the laws of Hong Kong and counsel review.

We retain data for as long as needed to provide services, maintain accounts, meet legal, tax, accounting, compliance, fraud-prevention, dispute, chargeback, audit, and security obligations, resolve issues, and enforce agreements.

Retention periods may vary by data type, payment method, provider requirement, jurisdiction, and business need.

We use administrative, technical, and organizational safeguards designed to protect data against unauthorized access, loss, misuse, alteration, and disclosure.

No system is perfectly secure. Merchants are responsible for protecting their own credentials, endpoint security, webhook secrets, API keys, access controls, and integration logs.

Depending on location, individuals may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain personal data processing.

Requests can be sent to legal@aipaynex.com. If we process data on behalf of a merchant, we may direct the requester to the merchant or coordinate with the merchant as required.

Users may opt out of marketing emails by using unsubscribe links or contacting us. Service, security, legal, billing, and transactional communications may still be sent where necessary.

Cookie and analytics choices should be finalized against the current hosting, database, authentication, email delivery, analytics, observability, automation, security, compliance, fraud-prevention, support, and payment service providers used to operate aipaynex.

The services are intended for business users and are not directed to children or minors. We do not knowingly collect personal data from children.

Minimum age language and any jurisdiction-specific child privacy requirements must be finalized before production-ready publication.

We may update this Privacy Policy from time to time. When changes are material, we will use reasonable efforts to provide notice through the website, dashboard, email, or other appropriate channels.

The current draft effective date is June 16, 2026.

For privacy questions, data requests, or security concerns, contact aipaynex at legal@aipaynex.com.

Formal privacy notices should identify Spark Advisory Limited at RM 701, UNIT 108, 7/F, TWR B NEW MANDARIN PLAZA, 14 SCIENCE MUSEUM RD, TSIM SHA TSUI, HONG KONG, unless a separately signed agreement specifies another notice process.