Data privacy FAQs

Edited

What is 'personal data'?

Personal data is any information relating to you as an individual, that can be used to identify you either directly or indirectly, through certain factors. Personal data can be anything from your name, address, photo, email address, bank details, social media posts, IP address and more.

How does Paystack keep my data secure?

Paystack uses a combination of administrative, technical and organisational measures to ensure your data is kept secure. Employees have a duty of confidentiality and are only granted access to data on a need-to-know basis, strictly in line with their role.

Technical measures to protect personal data include network security, endpoint protection, the use of VPNs, access control mechanisms, firewalls and more. Many of these measures have been reviewed by independent third-party auditors and found to meet industry standards, which led to the following certifications: PCI-DSS Level 1 v 4.0,  ISO 27001:2022, and ISO 27701:2019.
For more information on our security practices, please visit https://paystack.com/security.

Where does Paystack keep my personal data?

Your data is stored on a private AWS cloud with servers located in Ireland. As Ireland is subject to the European General Data Protection Regulation, your data is securely stored in a country deemed to have strong data protection legislation. In addition to this, we also implemented necessary safeguarding measures to ensure the proper handling of personal data during this transfer.

What happens if a security incident or data breach involves my data?

Paystack handles and communicates security incidents in accordance with our documented security practices in our Incident Response Framework. You can report any suspected incidents to security@paystack.com.

In the event of a data breach that affects the rights and freedoms of data subjects, Paystack will report this breach to the relevant Data Protection Authority, in addition to notifying affected users without undue delay. 

Does Paystack have a Data Protection Officer?

Yes, Paystack has a global Data Protection Officer who is responsible for ensuring data privacy and data protection compliance across the jurisdictions in which we operate. You can reach our DPO at the following email address for any privacy-related inquiries: dpo@paystack.com

How do I exercise my rights with Paystack?

Our Privacy Policies on our website and Merchant dashboard explain the rights you have as a data subject, which may differ according to your jurisdiction. In order to exercise your rights to amend, or erase (for example) your personal data held by Paystack, you simply have to send an email to dpo@paystack.com.

If you happen to email our support team at hello@paystack.com instead, not to worry as our Privacy Team will pick up the request and respond accordingly. Please note, we may need to verify your identity with additional information before carrying out your request, however, in most cases, we will use the information already on file. Rest assured that any additional information you provide will be deleted in order to comply with the principles of purpose limitation and storage limitation (only keeping personal data strictly for the purpose in which it was intended, and only for as long as reasonably necessary;- in this instance the data is used to verify your identity, after which it shall be deleted).

What happens if I delete my Paystack account as a merchant (business owner)?

Once you close your Paystack account, you will no longer have access to the Merchant dashboard, and therefore will not be able to view any pending, past, or future transactions. You will also be unable to dispute settlements and view previous settlements.

Please note that in accordance with applicable law, and statutory or legal obligations, we will retain certain personal data (KYC) and transaction data to comply with these obligations. However, all personal data shall be destroyed by Paystack where possible, or anonymized in other instances. You will have the opportunity to export data to maintain your own copies (where possible) before we initiate a final delete.

How do I opt out of Face ID?

If you choose to use Face ID as a secure means of authentication when using certain apps (i.e. Merchant Dashboard, Zap), please note you can opt out of this decision at any point in time. “Face ID” allows you to unlock a device or user account, and gain secure entry through the provision of your visible identity, which the device recognizes in order to authenticate you. You can remove this on the Dashboard app by going to your Account, clicking “Security” and then unchecking the “FaceID” setting.

Similarly, for the Zap app, enter your device settings, look for the Zap app, then untoggle the “Face ID” setting. Please note that we do not collect and save your Face ID data in our environment because it is stored on your device. Therefore, we do not and cannot share them with a third party.

Should you require any additional information regarding our privacy practices, or have any privacy concerns please contact our Data Protection Officer at dpo@paystack.com