PayGlobal360 Privacy Policy

Overview

This Privacy Policy (“Policy”) sets out the practices of PayNways Inc. (“PayNways”, “we”, “us”) with respect to the handling of Personal Data in relation to the PayGlobal360 software platform (“Product”). PayGlobal360 is licensed to enterprise clients for on-premises deployment within the client’s own infrastructure.

This Policy applies solely to the operation of the PayGlobal360 Product and does not apply to the PayNways corporate website or to any PayNways cloud-hosted services.

1. Definitions

For the purposes of this Policy:

• “Client” means the legal entity that licenses and deploys PayGlobal360 within its controlled environment.
• “Personal Data” means any information relating to an identified or identifiable natural person as defined under applicable data protection laws (e.g., GDPR, DPDP Act 2023, CCPA, LGPD, etc.).
• “Processing” includes any operation performed on Personal Data such as storage, transmission, modification, or deletion.
• “Client Environment” means the on-premises infrastructure, data center, or private cloud environment owned or controlled by the Client.

2. Scope of Processing

2.1 No Data Collection by PayNways

PayGlobal360 operates entirely within the Client Environment.
PayNways does not collect, store, transmit, or otherwise process Personal Data generated by or contained within the Product, except where explicitly authorized for support purposes.

2.2 Data Processed by the Product

When operated by the Client, PayGlobal360 may process the following categories of data:

• Payment transaction details (payer/payee identifiers, account numbers, timestamps, etc.)
• Customer reference attributes embedded in payment messages
• User account information (e.g., usernames, roles, directory attributes)
• Application logs, audit logs, and operational metadata
• Configuration data, rule definitions, and processing parameters

All such data is processed solely within the Client Environment and under the Client’s exclusive control.

3. Ownership and Control of Data

3.1 Client as Data Controller

The Client acts as the Data Controller with respect to all Personal Data processed by PayGlobal360. The Client is responsible for ensuring compliance with all applicable data protection laws.

3.2 PayNways as Software Provider (Not a Processor)

Because PayGlobal360 is deployed on-premises, PayNways does not act as a “Data Processor” under GDPR or equivalent laws in the normal course of product use.

PayNways does not:

• Access or extract Client data
• Receive Client data for analytics or telemetry
• Transfer any Client data outside the Client Environment
• Process any Personal Data independently

4. Data Transfers

PayGlobal360 does not transmit any Personal Data to PayNways or to any third party.

The Product:

• Does not include outbound data transfer mechanisms
• Does not contain embedded telemetry or analytics that send data externally
• Does not integrate with cloud services unless configured by the Client

Any data transfers initiated by the Client (e.g., regulatory reporting, external API calls) fall under the Client’s responsibility.

5. Support Access

5.1 Client-Initiated Access Only

PayNways may obtain temporary, controlled access to the Client Environment solely for the purpose of providing technical support, and only when:

• Requested explicitly by the Client
• Approved by the Client’s authorized personnel
• Conducted under contractual confidentiality obligations (e.g., NDA, MSA, Support Agreement)

5.2 Restrictions

During support access:

• PayNways does not copy, store, or retain Personal Data
• PayNways conducts troubleshooting using masked or redacted data whenever feasible
• Access is time-bound and supervised by the Client

6. Security and Compliance

PayGlobal360 includes enterprise security controls such as:

• RBAC & multi-level authorization models
• Integration with LDAP/Active Directory
• Support for mTLS and HTTPS encryption
• Audit logs and activity monitoring
• Configurable retention and purging controls

6.1 Client Responsibilities

As the operator of the on-premises environment, the Client is solely responsible for:

• Network security, firewalls, and access controls
• Backup, recovery, and disaster recovery processes
• Data classification, retention, and destruction policies
• Internal monitoring and incident response
• • Compliance with statutory and regulatory obligations (e.g., PCI-DSS, GDPR, DPDP Act, CCPA, local central bank mandates)

7. Cookies, Telemetry & Tracking Technologies

PayGlobal360 does not use:

• Cookies
• Tracking technologies
• Embedded analytics tools
• Behavioral or usage monitoring scripts

All user session information is generated locally and is not transmitted externally.

8. Data Retention & Deletion

The Product allows the Client to configure data retention settings for:

• Transaction records
• Logs and audit trails
• Case management data
• Notifications and alerts

PayNways does not retain any Personal Data on its own systems.

9. Compliance with Laws and Regulations

PayGlobal360 is designed to support Client compliance with applicable regulatory frameworks, including but not limited to:

• GDPR (EU)
• DPDP Act 2023 (India)
• CCPA/CPRA (California)
• PCI-DSS (Payment Card Industry)
• Local financial regulatory standards (e.g., BANXICO, RBI, MAS, FCA, etc.)

However, compliance responsibility ultimately lies with the Client as the Data Controller and operating entity.

10. Amendments to This Policy

PayNways reserves the right to update or amend this Policy as needed due to:

• Legal or regulatory changes
• Product updates
• Security enhancements

Revised versions will be provided to Clients prior to release of the applicable product version.

11. Contact Information

For questions regarding this Policy or data protection practices related to PayGlobal360:

PayNways Inc.
Email: compliance@paynways.com
Website: www.paynways.com