Data privacy FAQs

Personal data is any information relating to you as an individual that can be used to identify you either directly or indirectly, through certain factors. Personal data can be anything from your name, address, photo, email address, bank details, social media posts, IP address and more.

The personal data we collect depends on how you interact with us, the services you use,  the choices you make and provisions of the law. We may collect your personal data from different sources and in various ways, including data you provide directly, data collected automatically, third-party data sources, and data we infer or generate from other data.

Paystack collects and uses personal data primarily to deliver its core services, along with related products and offerings that may be of interest to users. Personal data collected is also used for responding to inquiries, improving website features and content, and analysing data to enhance product development. Paystack also uses personal data to monitor and prevent misuse of its platform, detect and manage fraud or illegal activities through internal and third-party tools, and verify user identity in compliance with legal obligations.

With your explicit consent, Paystack may send marketing materials, newsletters, and service updates. We also maintain accurate records and conduct surveys to better understand user preferences and gather feedback. Additionally, personal data is used to generate insights and analytics that help optimise our operations and improve service delivery. In cases of disputes or investigations by regulatory bodies, the data may be used to support resolution efforts, as well as for any other purposes disclosed during the course of providing you with our services.

Yes, Paystack complies with applicable data protection legislation in its countries of operation. For example, Paystack is registered with the Nigeria Data Protection Commission and the Data Protection Commission in Ghana, as well as holding Data Processor and Data Controller licences in Kenya. For further information, please visit www.paystack.com/compliance. 

Paystack uses a combination of administrative, technical and organisational measures to ensure your data is kept secure. Employees have a duty of confidentiality and are only granted access to data on a need-to-know basis, strictly in line with their role. Technical measures to protect personal data include network security, endpoint protection, the use of VPNs, access control mechanisms, firewalls and more. Many of these measures have been reviewed by independent third-party auditors and found to meet industry standards, which led to the following certifications: PCI-DSS Level 1 v 4.0,  ISO 27001:2022, and ISO 27701:2019. For more information on our security practices, please visit https://paystack.com/security. 

Your data is stored on a private AWS cloud with servers located in Ireland. As Ireland is subject to the European General Data Protection Regulation, your data is securely stored in a country deemed to have strong data protection legislation. In addition to this, we also implemented necessary safeguarding measures to ensure the proper handling of personal data during this transfer.

Yes, Paystack may transfer your personal data outside your country to other Paystack entities, in line with our Binding Corporate Rules, or third-party service providers as part of our efforts to provide you with the service. These transfers are conducted based on the mechanisms permitted by the relevant data protection law in your jurisdiction, ensuring adequate protection for your data. When personal data needs to be transferred to another country, we implement adequate measures to ensure the data remains secure. Specifically, we use contractual terms to ensure that the personal data is adequately protected or that the country to which the data is being transferred has adequate data protection laws in place.

Paystack handles and communicates security incidents in accordance with our documented security practices in our Incident Management Framework. You can report any suspected incidents to security@paystack.com. In the event of a data breach that affects your rights and freedom, Paystack will report this breach to the relevant Data Protection Authority, in addition to notifying affected users without undue delay.  We will also inform you if such a data breach is likely to pose a high risk to you. Not to worry, we do our best to ensure that unauthorised third parties do not have access to your personal data. 

Yes, Paystack may share your data with third parties such as merchants, service providers, financial institutions, affiliates, partners, and law enforcement, among others, to provide the service or for our legitimate interests, such as prevention of fraud, or offering and improving new products and features. Except where your data is shared for legal, compliance and regulatory reasons, Paystack ensures the execution of relevant agreements to guarantee the protection of your data. Paystack also leverages third-party analytics to analyse aggregated data collected through its website and apps. This enables us to perform analytics and track the performance of our website. For more information on data sharing, kindly read our Privacy Policy.  

Yes, Paystack has a global Data Protection Officer who is responsible for ensuring data privacy and data protection compliance across the jurisdictions in which we operate. You can reach our DPO at the following email address for any privacy-related inquiries: dpo@paystack.com 

Our Privacy Policies on our website and Merchant dashboard explain the rights you have as a data subject, which may differ according to your jurisdiction. In order to exercise your rights to amend, or erase (for example) your personal data held by Paystack, you simply have to send an email to dpo@paystack.com. If you happen to email our support team at hello@paystack.com instead, not to worry, our Privacy Team will pick up the request and respond accordingly. Please note, we may need to verify your identity with additional information before carrying out your request. However, in most cases, we will use the information already on file. Rest assured that any additional information you provide will be deleted in order to comply with the principles of purpose limitation and storage limitation (only keeping personal data strictly for the purpose for which it was intended, and only for as long as reasonably necessary; in this instance, the data is used to verify your identity, after which it shall be deleted). 

Once you close your Paystack account, you will no longer have access to the Merchant dashboard, and therefore will not be able to view any pending, past or future transactions. You will also be unable to dispute settlements and view previous settlements. Please note that in accordance with applicable law and statutory or legal obligations, we will retain certain personal data (KYC) and transaction data to comply with these obligations. However, all personal data shall be destroyed by Paystack where possible, or anonymised in other instances. You will have the opportunity to export data to maintain your own copies (where possible) before we initiate a final delete.

If you choose to use Face ID as a secure means of authentication when using certain apps (i.e. Merchant Dashboard, Zap), please note you are able to opt out of this decision at any point in time. “Face ID” allows you to unlock a device or user account and gain secure entry through the provision of your visible identity, which the device recognises in order to authenticate you. You can remove this on the Dashboard app by going to your Account, clicking “Security”, then unchecking the “FaceID” setting. Similarly, for the Zap app, enter your device settings, look for the Zap app, then untoggle the “Face ID” setting. Please note that we do not collect and save your Face ID data in our environment because it is stored on your device. Therefore, we do not and cannot share them with a third party. 

Should you require any additional information regarding our privacy practices or have any privacy concerns, please contact our Data Protection Officer at dpo@paystack.com.