Privacy Policy

Stellar Technologies, Inc. (doing business as “StellarPay”)
Effective Date: January 2025
Last Updated: April 2025

Introduction

StellarPay, by Stellar Technologies Inc., is a digital finance platform designed to simplify cross-border payments and everyday financial management. StellarPay enables individuals to send, receive, and manage money across borders quickly, securely, and affordably. To deliver these services, StellarPay relies on data to ensure identity verification, compliance, security, and seamless user experiences.

This Privacy Policy outlines how and why we collect, use, share, and store your personal information, as well as your rights regarding that information. It is designed to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other relevant privacy regulations in the jurisdictions in which we operate. Please read this policy carefully to understand our practices and your rights regarding your personal data.

StellarPay is the data controller of the personal data you provide to us or that we collect. A “data controller” refers to the organization that determines the purposes and means of processing your personal data and is responsible for protecting it

Data Controller

StellarPay is operated by Stellar Technologies Inc, a Delaware corporation, with its registered address at 317 E 90th Street, New York, New York 10128, USA.

Any questions regarding this Privacy policy, or how we handle personal data, may be directed to our support team at support@stellarpay.app. If you request that your account be deleted, StellarPay will delete all retained personal information in accordance with the deletion and retention policies outlined below.

Please note that StellarPay does not directly or indirectly transfer any personal data for monetization-related services.

How and Why We Collect Data

In the course of using StellarPay, engaging with our platform, or corresponding with our team, you provide us with or we collect various pieces of personal data. We collect and use this data to provide our services, improve our product and offerings, ensure security, and comply with legal requirements.

We do not sell, distribute, or lease your personal data to third parties. We only share your personal data with trusted third parties where it is necessary to operate and improve our services or to comply with legal and regulatory obligations. We do not collect sensitive personal information such as race, ethnicity, religious or philosophical beliefs, political beliefs, sexual orientation, genetic information, or health information.

We will not discriminate against you if you choose to exercise any of the rights described in this Privacy Policy.

What Information Do We Collect?

In order to provide you with secure and seamless financial services, StellarPay collects various types of personal information. This section outlines the types of data we collect and the ways in which it may be gathered.

Information You Provide to Us

We collect personal information that you voluntarily provide when you do one of the following:
● Register for a StellarPay account
● Initiate or complete a financial transaction
● Contact customer support or submit inquiries
● Participate in surveys, promotions, or referral programs
● Provide documents or verification details

The information collected in any of the stages above may include:

Contact & Account Information
● Full name
● Email address
● Phone number
● Mailing address
● Date of birth
● Username and password
● Contact preferences

Identity & Verification Information
● Government-issued identification (e.g. passport, driver’s license)
● Selfies or facial scans for biometric verification
● Proof of address (e.g. utility bills)
● Social Security Number or Tax Identification Number (where applicable)

Financial & Payment Information
● Debit/credit card numbers
● Bank account numbers
● Billing addresses
● Payment and top-up method information

Transaction Data
● Transaction dates, amounts, currencies, exchange rates
● Sender and recipient details
● Messages sent or received with transfers
● Remittance purpose and notes
● Source of funds and destination country

Communication & Support Interactions
● Emails, messages, and transcripts from chat support
● Audio (if phone support is used), feedback, and correspondence

Information We Collect Automatically
When you access or use StellarPay’s Services—whether via our app, website, or APIs—we
automatically collect certain technical and usage data:

Device & Network Information
● Device model and type (e.g. iOS/Android)
● Operating system and browser details
● IP address and geolocation (based on IP)
● Device ID and language settings
● Mobile carrier and network information

Usage and Activity Data
● Features used and interaction logs
● Session duration, click behavior, and navigation paths
● Date/time stamps of access and activity
● Error logs and crash reports

Cookies & Tracking Technologies
We use cookies and similar technologies to:
● Remember your login
● Analyze behavior for service improvements
● Enable fraud detection and session security

Sensitive Personal Information

Where required for legal, compliance, or fraud prevention purposes—and only with your explicit consent where required—we may collect:
● Biometric data (e.g. facial recognition used in identity verification)
● Financial identifiers (e.g. government-issued IDs, income verification documents)

We take special care to protect sensitive personal information, and process it only when necessary and permitted by law.

Information from Connected Services & Permissions

If you opt to connect your account with a third-party service or provide access via your device, we may collect:
● Contacts (to enable sending money to saved recipients)
● Device camera (for ID or document upload)
● Push notifications (to alert you of transfers or important activity)

You can revoke permissions at any time via your device settings.

How We Process Your Information

StellarPay processes your personal information to operate our platform, fulfill remittance and financial service requests, ensure compliance with regulatory obligations, and improve your experience. We only process your information when we have a legal basis to do so, such as fulfilling a contract with you, meeting a legal obligation, or when you have given us consent.

We use your data to facilitate the creation and ongoing use of your account, verify your identity through KYC/AML procedures, process financial transactions such as international transfers or account top-ups, and send you important service communications. We also process your data to deliver customer support, evaluate service performance, and build product features that improve the platform over time.

Additionally, your personal information may be used for system monitoring, fraud prevention, internal analytics, compliance with anti-money laundering laws, and obligations imposed by financial regulators. In limited cases, we may also process your data for marketing or promotional purposes, but only where permitted by law or with your explicit consent. All data is processed in accordance with applicable data protection laws and industry best practices

Your information is securely stored on servers located in New York, New York, USA. For international users, we ensure compliance with applicable data protection laws.

Third Parties We Share Data With

To deliver StellarPay’s services securely, efficiently, and at scale, we partner with trusted third-party vendors and infrastructure providers. These partners enable critical parts of our product experience, such as payments processing, identity verification, fraud detection, data storage, and analytics. We only work with providers that are contractually obligated to safeguard your data and who comply with applicable privacy and data protection laws.

Our current vendors include:
● LinkIO: For payment initiation, financial data aggregation, and facilitating seamless bank account connectivity and transfers within regulated environments.
● Yellow Card: For cross-border crypto-to-fiat on- and off-ramp services, enabling compliant currency exchange in African markets.
● Persona: For real-time identity verification (KYC), document validation, and fraud prevention in line with financial regulations.
● Amazon Web Services (AWS): For secure cloud hosting, data infrastructure, and scalable compute capacity with ISO 27001, SOC 2, and GDPR-compliant architecture.
● Google Analytics: For aggregated and anonymized performance tracking, user behavior insights, and product usage metrics.

We may also share limited information with affiliates or regulatory entities when required by law or to comply with anti-money laundering (AML) obligations. In all cases, data sharing is minimized, access is restricted, and usage is governed by strict confidentiality and purpose limitation clauses.

We do not sell your personal data, and we ensure that all data processors act only under our instruction and only for the specific services outlined above.

At StellarPay, we take your privacy seriously and are committed to securing your personal information through rigorous organizational and technical safeguards. We implement industry best practices to help ensure the confidentiality, integrity, and availability of your data throughout its lifecycle.

The Security of Your Personal Information

At StellarPay, we take your privacy seriously and are committed to securing your personal information through rigorous organizational and technical safeguards. We implement industry best practices to help ensure the confidentiality, integrity, and availability of your data throughout its lifecycle.
● Encryption: All personal data is encrypted both in transit and at rest using modern cryptographic protocols.
● Role-Based Access Controls: Access to sensitive information is strictly limited to authorized personnel based on job responsibilities.
● Infrastructure Compliance: Our systems are hosted on AWS cloud infrastructure that complies with ISO 27001, SOC 2, and GDPR standards.
● Regular Security Audits: We conduct vulnerability assessments, penetration testing, and ongoing system monitoring to identify and mitigate potential risks.
● Secure Integrations: All third-party integrations are managed through secure API gateways and utilize encrypted SSL/TLS connections to protect data in transit.

We encourage users to use our services within a secure environment and contact us immediately at support@stellarpay.app if you suspect unauthorized access to your data

Your Rights

You have the following rights in relation to your personal data:
● Right of Access: You can request a copy of the personal information we hold about you to verify that we are lawfully processing it.
● Right to Correction: You may request correction of incomplete or inaccurate information we hold about you.
● Right to Erasure: You can request the deletion or removal of your personal information where there is no legitimate reason for us to keep it. Please note that we may not be able to comply with your request for erasure for legal reasons.
● Right to Object: You may object to processing of your personal data where we are relying on a legitimate interest and where it affects your fundamental rights and freedoms.
● Right to Restrict Processing: You may request that we suspend the processing of your personal information, for example to establish its accuracy or the reason for processing it.
● Right to Data Portability: You may request the transfer of your personal data to you or another provider in a machine-readable format, where applicable.
● Right to Withdraw Consent: If we rely on your consent to process personal information, you may withdraw that consent at any time.

To exercise any of your rights, please contact us at support@stellarpayapp. We will respond to your request consistent with applicable law and subject to proper verification. Please note that it may take a few weeks for us to respond to your request, especially in cases where the request is complex.

We do not charge a fee to access your personal data or exercise your rights unless the request is clearly unfounded, repetitive, or excessive. In such cases, we may charge a reasonable fee or refuse to comply with your request.

Marketing Preferences

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or updating your preferences in your account settings. Note that you will still receive important service-related communications (e.g., payment confirmations, account changes).

Managing Your Account

You may review and update your account information at any time by logging into your StellarPay profile. If you wish to delete your account entirely, you can initiate a request, and—unless retention is required by law—we will delete your data within a commercially reasonable timeframe.

Our Use of Cookies

Our website uses cookies to distinguish you from other users of our site. This helps us improve your experience, remember preferences, and deliver relevant features. Cookies also help us analyze site performance and usage. Through continuing use of our website, you agree to our use of cookies.

Cookies are small data files placed on your browser or device that store user preferences and other types of data. We use both first-party and third-party cookies.

We use this information to tailor our website content and the advertisements you see—both during and after your visit—to better match your interests. We may also share this data with trusted third parties for the same purpose. You can manage cookie preferences in your browser settings. Blocking all cookies may impact your ability to access certain features of our services.

Children’s Privacy

StellarPay is not intended for or directed to individuals under the age of 18. We do not knowingly collect personal data from children or anyone under the age of 18. By using our Services, you affirm that you are at least 18 years old, or that you are the parent or guardian of a minor and consent to their use of our Services.

If we become aware that we have unintentionally collected personal information from a user under 18, we will take immediate steps to delete such information from our systems. If you believe we may have collected data from a minor, please contact us at support@stellarpay.app so we can take appropriate action.

Customer Protection Measures

Protecting our users goes beyond safeguarding data—we’re equally committed to ensuring the security of your financial activity. To support this, we have implemented a Customer Protection Policy that includes:
● Transaction Monitoring: We use automated systems to monitor transactions for suspicious activity, fraud, or unauthorized use.
● Account Alerts: We notify users of key account activities (e.g., logins from new devices, changes to security settings, large transfers).
● Dispute Resolution: If you believe a transaction was unauthorized or incorrect, you may file a dispute within 30 days of the transaction date by contacting us at support@stellarpay.app.
● Encryption and Identity Verification: We use strong encryption and multi-step identity verification (e.g., biometric login, 2FA) to ensure only authorized users access your account.

Please note that while we take robust steps to protect your account, you are responsible for keeping your login credentials secure. If you suspect your account has been compromised, contact us at support@stellarpay.app.

U.S. State Privacy Rights

Residents of certain U.S. states have specific privacy rights under applicable legislation, such as the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and similar laws in Florida, Utah, and others.

Categories of Information Collected

We may collect the following categories of personal information noted below. We never sell your personal information. :
● Identifiers (e.g., name, email, phone number)
● Personal records (e.g., billing address, financial data)
● Biometric data (e.g., facial ID for KYC)
● Geolocation data (e.g., IP-based location)
● Sensitive data (e.g., government-issued IDs, bank account credentials)

Your State-Specific Rights May Include

● The right to access, correct, or delete personal data
● The right to opt out of targeted advertising or profiling
● The right to limit the use of sensitive personal information
● The right to appeal a denied privacy request (where applicable)

To exercise the rights noted above, please email us at support@stellarpay.app, or submit a request via our website or your StellarPay account.We may verify your identity or request written authorization if you're acting on behalf of another individual.

For California residents, you may also invoke your rights by requesting details on how we share information with third parties for direct marketing.

StellarPay Record Retention Policy

The purpose of this policy is to establish a consistent approach to the creation, retention, and disposal of records at StellarPay, ensuring compliance with applicable laws and regulations, reducing organizational risk, and preserving essential business information.

Scope

This policy applies to all employees, contractors, and departments of StellarPay that create, access, manage, or store corporate records, whether physical or electronic. It encompasses all record types, including but not limited to operational, legal, financial, compliance, HR, and customer-related documentation.

Definition of a Record

A “record” includes any tangible or digital document or file created, received, or maintained by StellarPay in the course of its business activities. This includes but is not limited to:
● Email communications
● Financial statements
● Regulatory filings
● Customer onboarding records (e.g., KYC documents)
● Contracts and agreements
● Internal policies and procedures
● Audit reports
● Transaction logs
● Board meeting minutes

Record Creation and Classification

Employees must ensure that all records created are:
● Accurate, complete, and truthful
● Properly categorized (e.g., Compliance, Operations, Transaction Logs, etc.)
● Clearly named and stored using standardized naming conventions
● Marked confidential if appropriate
● Shared only with those who are authorized to access them

Team members are encouraged to create records for decisions, processes, and activities that have business, legal, or regulatory significance.

Authorization

Access to records is determined by classification:
● Confidential records (e.g., customer KYC data, employee records, audit results) require restricted access and must only be accessible by authorized personnel.
● Internal records (e.g., internal policies, performance metrics) are available to relevant teams and employees on a need-to-know basis.
● Public records may be shared externally as required by law or business need, under appropriate authorization.
Access permissions must be reviewed periodically and enforced through physical or technical controls

Retaining records

Unless otherwise dictated by law or regulation, StellarPay will retain records for a minimum of five (5) years. The following categories of records below are subject to longer or indefinite retention. Any updates to applicable law will supersede the retention period outlined above.

Security of Records

Physical records must be stored in secure, access-controlled locations. Confidential documents must not be left in open or shared spaces.
● Electronic records must be encrypted, password-protected, and stored on secure servers or approved cloud platforms with appropriate access control.
● Employees accessing records remotely must use secure networks and company-issued devices where possible.

Discarding or Destruction of Records

Once the retention period has expired, records may be destroyed only under the supervision of authorized personnel. Destruction methods include:
● Shredding for physical records
● Secure deletion for electronic records, ensuring data is permanently removed
● Disposal must be documented and reviewed for compliance

Records may also be discarded upon request from a stakeholder. For example, a customer or partner may ask us to delete their information from our databases. In this case, managers should authorize employees to discard relevant records.

We expect our employees to always respect our confidentiality policy. When files need to be discarded, employees must not create copies or store information on their devices. This may constitute a security breach and warrant disciplinary action.

Policy Review and Oversight

The Chief Operating Officer (COO) and Chief Executive Officer (CEO) are jointly responsible for overseeing record retention practices and ensuring compliance with this policy. Team members are individually responsible for implementing retention schedules within their separate teams.