Kiofe.
Home About Careers Contact
Login | Sign Up
Legal

Privacy Policy

How Kiofe collects, uses, and protects your personal information.

Last updated: July 8, 2025

1. Introduction

Kiofe B.V. ("Kiofe", "we", "us", or "our") is committed to protecting the privacy of our users, merchants, and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment gateway services, visit our website, or interact with us in any way.

By using our services, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

We collect information in the following categories:

Personal Information

  • Full name, email address, phone number, and business address
  • Date of birth and government-issued identification (for KYC/AML compliance)
  • Bank account details and financial information for settlement purposes
  • Business registration details, including chamber of commerce number

Transaction Data

  • Payment amounts, currencies, and transaction timestamps
  • Payment method details (card type, last four digits, bank name)
  • Transaction status, refund history, and chargeback records
  • Customer IP addresses and device information associated with transactions

Technical Data

  • IP address, browser type, operating system, and device identifiers
  • Cookies, usage logs, and website interaction data
  • API call logs, integration data, and webhook delivery records

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Payment Processing: To process transactions, manage settlements, and handle refunds and chargebacks
  • Account Management: To create and manage your merchant account, verify your identity, and provide customer support
  • Compliance: To comply with KYC (Know Your Customer), AML (Anti-Money Laundering), and other regulatory obligations
  • Fraud Prevention: To detect, prevent, and investigate fraudulent transactions and unauthorized access
  • Service Improvement: To analyze usage patterns, improve our platform, and develop new features
  • Communication: To send service updates, security alerts, and administrative messages
  • Marketing: To send promotional materials with your consent, which you can opt out of at any time

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary for the performance of our payment services agreement
  • Legal Obligation: Processing required to comply with applicable laws, including AML directives and payment services regulations
  • Legitimate Interests: Processing for fraud prevention, platform security, and service improvement
  • Consent: Processing for marketing communications, which you can withdraw at any time

5. Data Sharing and Third Parties

We may share your information with the following categories of third parties:

  • Payment Processors: Third-party payment infrastructure providers and payment network partners to process transactions
  • Banking Partners: Financial institutions for settlement and payout purposes
  • Compliance Providers: KYC/AML verification services and fraud detection platforms
  • Cloud Infrastructure: Hosting and cloud service providers who store and process data on our behalf
  • Law Enforcement: When required by law, regulation, or legal process

We do not sell your personal information to third parties. All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6. Data Security

We implement industry-standard security measures to protect your data, including:

Encryption

256-bit SSL/TLS encryption for all data in transit and AES-256 encryption for data at rest

PCI DSS Level 1

Full compliance with the highest level of Payment Card Industry Data Security Standards

Access Controls

Role-based access, multi-factor authentication, and regular security audits

Monitoring

24/7 security monitoring, intrusion detection, and automated threat response

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Specifically:

  • Account data is retained for the duration of your account and up to 5 years after closure
  • Transaction records are retained for a minimum of 7 years as required by financial regulations
  • KYC/AML documentation is retained for 5 years after the business relationship ends
  • Marketing consent records are retained until consent is withdrawn
  • Technical logs are retained for up to 12 months

8. Your Rights

Under the GDPR and applicable data protection laws, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
  • Right to Restriction: Request restriction of processing in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@kiofe.com. We will respond to your request within 30 days.

9. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. These include:

  • Essential Cookies: Required for the operation of our platform (e.g., authentication, security)
  • Analytics Cookies: Help us understand how visitors interact with our website
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements (only with your consent)

You can manage your cookie preferences through your browser settings or our cookie consent banner.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by email. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Kiofe B.V., Keizersgracht 126, 1015 CW, Amsterdam
privacy@kiofe.com
Data Protection Officer: dpo@kiofe.com

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.