Arrakis Pay

Last Updated: 11/01/2025

Arrakis Pay (“Arrakis Pay,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal information when you visit our websites, use our payment products, apply for services, communicate with us, or interact with our platforms, portals, applications, APIs, payment forms, dashboards, support tools, or related services.

This Privacy Policy applies to merchants, prospective merchants, business customers, platform partners, software providers, independent sales organizations, referral partners, representatives, beneficial owners, officers, directors, employees of our customers, end customers who make payments through Arrakis Pay-enabled services, website visitors, and other individuals whose information we process in connection with our services.

This Privacy Policy does not apply to Arrakis Pay employees, job applicants, or contractors where a separate privacy notice applies.

1. Personal Information We Collect

We may collect personal information directly from you, automatically through your use of our services, from our customers or partners, and from third-party sources.

Information you provide to us

We may collect:

  • Name, business name, title, role, email address, phone number, mailing address, billing address, and business contact details.
  • Account login credentials, username, password, security questions, and authentication information.
  • Business application information, including business type, ownership information, tax identification numbers, employer identification numbers, merchant category, business website, processing history, expected transaction volume, and bank account information.
  • Identity verification information, including date of birth, residential address, government identification number, copies of identification documents, beneficial ownership information, and similar due-diligence information.
  • Payment and transaction information, including card, bank, ACH, tokenized payment, refund, chargeback, settlement, invoice, subscription, payout, and purchase information.
  • Communications with us, including support requests, emails, chats, call recordings, forms, surveys, and feedback.
  • Information you upload or submit through our dashboards, onboarding tools, APIs, payment forms, or partner portals.
  • Any other information you choose to provide.

Information we collect automatically

When you use our websites, dashboards, APIs, apps, payment forms, or other services, we may automatically collect:

  • IP address, device identifiers, browser type, browser version, operating system, device type, language settings, time zone, referring URLs, pages viewed, links clicked, session duration, and similar usage data.
  • Log data related to transactions, account access, authentication, API calls, errors, performance, fraud signals, and security events.
  • Cookie, pixel, SDK, and similar tracking data.
  • Approximate location information derived from IP address or device settings.
  • Device fingerprinting, risk signals, and behavioral signals used to help detect fraud, unauthorized access, automated abuse, or suspicious activity.

Information from third parties

We may receive information from:

  • Merchants, platforms, software providers, marketplaces, banks, card networks, processors, sponsor banks, payment gateways, and other payment ecosystem participants.
  • Identity verification providers, credit bureaus, fraud prevention agencies, sanctions-screening providers, politically exposed person databases, adverse-media screening providers, and compliance vendors.
  • Public records, government databases, corporate registries, tax authorities, law enforcement, regulators, and courts.
  • Marketing partners, analytics providers, advertising networks, lead-generation partners, and event providers.
  • Social media platforms or public online sources, where permitted by law.

2. Sensitive Personal Information

Depending on the services used, we may collect sensitive personal information, including government identification numbers, financial account information, precise or approximate location signals, biometric information if used for identity verification, and information related to fraud, sanctions, criminal allegations, or regulatory screening.

We use sensitive personal information only as reasonably necessary to provide our services, verify identity, comply with law, prevent fraud, manage risk, secure our systems, or as otherwise permitted by applicable law. Where required, we will obtain consent before processing certain sensitive personal information, such as biometric data.

3. How We Use Personal Information

We may use personal information to:

Provide and operate our services

  • Process payments, refunds, chargebacks, authorizations, settlements, payouts, account updates, invoices, subscriptions, and related transactions.
  • Create, maintain, support, and administer merchant, partner, customer, and user accounts.
  • Provide dashboards, reports, APIs, payment links, hosted checkout pages, virtual terminals, onboarding tools, and support services.
  • Communicate about accounts, transactions, disputes, settlements, service updates, security alerts, and operational matters.

Underwrite merchants and manage risk

  • Evaluate applications for payment processing or related services.
  • Verify business identity, beneficial owners, directors, officers, principals, bank accounts, and other relevant parties.
  • Assess credit, fraud, chargeback, money-laundering, sanctions, prohibited-business, and transaction-laundering risk.
  • Monitor transaction patterns, account activity, merchant behavior, device activity, and processing history.
  • Establish reserves, risk controls, processing limits, delayed funding, account holds, or service restrictions where permitted by law and contract.

Comply with law and payment rules

  • Comply with anti-money-laundering, counter-terrorist-financing, sanctions, know-your-customer, know-your-business, tax, accounting, audit, financial-services, card-network, sponsor-bank, and regulatory obligations.
  • Respond to lawful requests from regulators, courts, law enforcement, tax authorities, card networks, banks, processors, and other authorized parties.
  • Maintain records required by law, network rules, sponsor-bank obligations, or contractual requirements.

Prevent fraud and protect security

  • Detect, investigate, prevent, and respond to fraud, unauthorized access, suspicious activity, identity theft, account takeover, transaction laundering, malware, phishing, abuse, and other harmful activity.
  • Protect Arrakis Pay, our customers, end users, partners, banks, processors, card networks, and the financial system.
  • Enforce our terms, agreements, acceptable-use rules, and policies.

Improve and develop our business

  • Analyze usage, performance, reliability, and customer experience.
  • Develop, test, improve, and troubleshoot products, dashboards, APIs, risk tools, support systems, and payment services.
  • Conduct analytics, research, training, quality assurance, and product development.
  • Create aggregated, anonymized, or de-identified information for business intelligence, benchmarking, reporting, and product improvement.

Marketing and communications

  • Send marketing, educational, promotional, and event-related communications where permitted by law.
  • Personalize content, advertising, and communications.
  • Measure the effectiveness of campaigns and website experiences.
  • Honor opt-out, unsubscribe, and communication-preference requests.

4. Cookies and Similar Technologies

We may use cookies, pixels, SDKs, local storage, server logs, analytics tools, and similar technologies to operate our websites and services, remember preferences, improve performance, analyze usage, prevent fraud, secure accounts, and support marketing.

You may be able to manage cookies through your browser settings or our cookie banner or preference center, where available. Disabling certain cookies may affect the functionality of our websites or services.

Where legally required, we will obtain consent before using non-essential cookies or similar technologies.

5. How We Share Personal Information

We may disclose personal information to the following categories of recipients:

Payment ecosystem participants

We may share information with banks, sponsor banks, processors, payment gateways, card networks, ACH operators, alternative payment method providers, acquiring banks, issuing banks, settlement banks, payment facilitators, fraud tools, dispute-management providers, and other entities needed to process, route, authorize, settle, refund, or dispute transactions.

Platforms, merchants, and partners

If you use Arrakis Pay through a merchant, software platform, marketplace, ISO, referral partner, or other integrated partner, we may share relevant information with that party to provide services, manage accounts, resolve support issues, process transactions, support reporting, or comply with contractual obligations.

Service providers

We may share information with vendors that provide hosting, cloud infrastructure, identity verification, data storage, analytics, marketing, email, SMS, customer support, compliance, fraud prevention, chargeback management, security, professional services, accounting, tax, and legal services.

Compliance, risk, and fraud prevention parties

We may share information with fraud prevention agencies, identity verification providers, credit bureaus, sanctions-screening providers, adverse-media providers, card networks, financial institutions, regulators, law enforcement, courts, auditors, and other parties where needed for compliance, risk management, fraud prevention, dispute resolution, or legal obligations.

Corporate transactions

We may share information in connection with a merger, acquisition, financing, investment, sale of assets, bankruptcy, reorganization, due diligence process, or similar corporate transaction.

Legal and safety purposes

We may disclose information when we believe disclosure is necessary or appropriate to comply with law, enforce agreements, protect rights, prevent fraud, protect security, respond to legal process, or protect Arrakis Pay, our customers, end users, partners, or others.

With consent or direction

We may share personal information when you authorize or direct us to do so.

6. Third-Party Services and Integrations

Our services may connect with third-party platforms, banks, processors, software applications, accounting systems, marketplaces, wallets, or other services. When you authorize an integration, Arrakis Pay and the third party may exchange information needed to provide the integration.

Third-party services are governed by their own privacy policies and terms. You should review those policies before connecting or using third-party services.

7. Automated Decision-Making and Profiling

We may use automated tools, rules, algorithms, machine learning, or other technologies to help evaluate applications, verify identity, detect fraud, assess transaction risk, monitor suspicious activity, enforce prohibited-business rules, determine account eligibility, or apply risk controls.

Automated processes may affect whether an account is approved, whether a transaction is permitted, whether additional verification is required, whether funds are delayed, or whether services are restricted. Where required by law, you may have rights to request human review, contest a decision, or obtain additional information.

8. Security

We use reasonable technical, administrative, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure.

These safeguards may include encryption, access controls, authentication controls, monitoring, logging, vulnerability management, incident response procedures, employee training, vendor due diligence, and security review processes.

No method of transmission or storage is completely secure. You are responsible for keeping your login credentials confidential and for promptly notifying us of unauthorized account activity.

9. Data Retention

We retain personal information for as long as reasonably necessary to provide services, comply with legal and regulatory obligations, resolve disputes, enforce agreements, maintain business records, prevent fraud, manage risk, support tax and accounting requirements, comply with card-network or sponsor-bank rules, and meet audit or reporting requirements.

Retention periods vary depending on the type of information, purpose of processing, applicable law, payment-network rules, contractual obligations, and dispute or investigation needs. When information is no longer needed, we may delete, anonymize, aggregate, or de-identify it.

10. International Data Transfers

Arrakis Pay may process personal information in countries other than the country where you reside. These countries may have privacy laws that differ from those in your jurisdiction.

Where required, we use appropriate safeguards for cross-border transfers, such as contractual protections, data-processing agreements, standard contractual clauses, or other legally recognized transfer mechanisms.

11. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information, including the right to:

  • Access personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of personal information.
  • Request restriction of certain processing.
  • Object to certain processing.
  • Request portability of certain information.
  • Opt out of marketing communications.
  • Opt out of certain targeted advertising, sale, or sharing of personal information where applicable.
  • Limit certain uses of sensitive personal information where applicable.
  • Withdraw consent where processing is based on consent.
  • Appeal certain privacy-rights decisions where applicable.
  • Lodge a complaint with a privacy or data protection authority.

These rights may be limited by law, including where we must retain or process information to provide services, complete transactions, comply with legal obligations, prevent fraud, maintain security, resolve disputes, enforce contracts, or satisfy regulatory, tax, audit, AML, sanctions, card-network, or sponsor-bank requirements.

To exercise privacy rights, contact us using the details below.

12. Marketing Choices

You may opt out of marketing emails by using the unsubscribe link in our emails or by contacting us. Even if you opt out of marketing, we may still send non-marketing communications, including service messages, account notices, transaction updates, legal notices, security alerts, and support communications.

13. California Privacy Notice

This section applies to California residents and supplements the rest of this Privacy Policy.

Categories of personal information collected

In the past 12 months, Arrakis Pay may have collected the following categories of personal information:

  • Identifiers, such as name, email address, phone number, postal address, IP address, account identifiers, government identifiers, and device identifiers.
  • Customer records information, such as billing address, bank account information, payment information, tax identifiers, and identity verification information.
  • Commercial information, such as transaction history, products or services purchased, payment activity, refunds, disputes, and merchant services activity.
  • Internet or network activity, such as browsing activity, log data, cookie data, device data, and interactions with our websites or services.
  • Geolocation information, such as approximate location derived from IP address or device data.
  • Professional or employment-related information, such as title, role, business affiliation, ownership role, or authority to act for a business.
  • Inferences, such as risk indicators, fraud signals, merchant-risk profiles, preferences, or service usage patterns.
  • Sensitive personal information, such as government identifiers, financial account information, login credentials, identity verification documents, and information used for fraud or compliance screening.

Sources of personal information

We collect personal information from you, your business, merchants, customers, partners, platforms, service providers, payment ecosystem participants, compliance vendors, fraud prevention vendors, public sources, and government or regulatory sources.

Purposes for collection, use, and disclosure

We collect, use, and disclose personal information for the business and commercial purposes described in this Privacy Policy, including providing payment services, underwriting merchants, verifying identity, preventing fraud, managing risk, complying with law, supporting customers, improving products, conducting analytics, and marketing where permitted.

Sharing, selling, and targeted advertising

Arrakis Pay does not sell personal information for money. However, depending on our cookie and advertising practices, we may “share” personal information or use it for targeted advertising as those terms are defined under California law. If applicable, California residents may opt out through our cookie preference tool, “Do Not Sell or Share My Personal Information” link, or by contacting us.

California rights

California residents may have the right to:

  • Know what personal information we collect, use, disclose, sell, or share.
  • Access specific pieces of personal information.
  • Delete personal information.
  • Correct inaccurate personal information.
  • Opt out of sale or sharing of personal information.
  • Limit use or disclosure of sensitive personal information.
  • Not be discriminated against for exercising privacy rights.
  • Use an authorized agent to submit requests, subject to verification.

To submit a California privacy request, contact us using the details below.

14. Notice to Individuals in the EEA, UK, and Similar Jurisdictions

Where applicable privacy laws require a legal basis for processing, Arrakis Pay may process personal information based on:

  • Performance of a contract.
  • Compliance with legal obligations.
  • Legitimate interests, such as providing services, preventing fraud, securing systems, improving products, managing risk, and operating our business.
  • Consent, where required.
  • Establishment, exercise, or defense of legal claims.
  • Public interest or substantial public interest, where applicable to financial crime prevention or regulatory compliance.

You may have rights to access, rectify, erase, restrict, object, port data, withdraw consent, and complain to a supervisory authority, subject to applicable limitations.

15. Children’s Privacy

Arrakis Pay’s services are not directed to children, and we do not knowingly collect personal information from children under the age required by applicable law. If we learn that we have collected personal information from a child without appropriate consent, we will take steps to delete it where required.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date above. If we make material changes, we may provide additional notice where required by law.

17. Contact Us

For privacy questions, requests, or complaints, contact:

Arrakis Pay
Attn: Privacy Team
Email: privacy@arrakispay.com