Introduction
We are DirePay ("we", "our", "us"), operating the website https://www.direpay.io/ (the "Website") and providing payment gateway, settlement, and related financial technology services to merchant partners across Asia (the "Services").
We are committed to protecting your personal data and to complying with applicable data protection laws, including (as relevant to you) the General Data Protection Regulation (GDPR), and the personal data protection laws of the markets we operate in across Asia (for example Malaysia's Personal Data Protection Act, Thailand's PDPA, or equivalent laws in Vietnam, India, Indonesia, Bangladesh, and the Philippines).
This Privacy Policy explains how we collect, use, disclose, and safeguard information when you: (a) visit our Website; (b) apply to become a merchant, partner, or reseller; (c) apply for a job with us; or (d) interact with our AI chat assistant. Information relating to end-users who make payments through our merchants' platforms is governed by the applicable merchant's own privacy policy and our data processing agreement with that merchant, not by this Policy.
1. Who We Are
Data Controller: DirePay
How to Contact Us:
Email: [email protected]
2. What Data We Collect
2.1 Website Visitors and Enquiries
When you contact us, fill in a form on the Website, or message our AI chat assistant, we may collect:
- Full name
- Job title / company name
- Phone number
- Email address
- Telegram or other messenger contact details
- Business details relevant to onboarding (e.g. website URL, industry, target markets, expected transaction volumes)
- The content of your enquiry or chat conversation
- Any other information you voluntarily provide
Please do not send us sensitive personal data (health information, political opinions, religious beliefs, biometric data, etc.) unless it is specifically requested and necessary.
2.2 Merchant and Partner Onboarding
When you apply to integrate with DirePay as a merchant, or to become a reseller/referral partner, we may additionally collect:
- Business registration and compliance documents, submitted as part of our Website Review / KYB (Know Your Business) process
- Authorized signatory and beneficial owner details
- Banking, settlement, and API credential information
- Transaction, rate configuration, and dashboard usage data generated through our backoffice (Settlement, Merchant Transactions, Daily Statement, API Logs, etc.)
This data is used to assess eligibility, prevent fraud, and comply with anti-money-laundering (AML) and payment industry obligations, and is also addressed in your merchant/partner services agreement with us.
2.3 Job Applicants
If you apply for a role with us, we may collect:
- Position applied for
- Full name, email address, phone number, Telegram or other messenger contact
- Any information you include in your application message
- Your CV or supporting documents (which may contain further personal data you choose to share — please avoid including sensitive personal data)
2.4 Cookies and Technical Data
We use cookies and similar technologies to operate the Website and understand how it is used. This may include your IP address, browser type, device information, approximate location, and pages visited. Details are set out in our separate Cookie Policy.
By submitting information to us, you confirm it is accurate, complete, and up to date, and you may update it at any time by contacting us.
3. Why We Process Your Data and Our Legal Basis
| Purpose | Legal Basis |
|---|---|
| Responding to enquiries and onboarding merchants/partners | Necessary to take steps at your request prior to a contract; legitimate interests |
| Conducting compliance, KYB, and fraud-prevention checks | Legal obligation; legitimate interests |
| Sending service updates or marketing communications | Consent, or legitimate interests where permitted, with an opt-out available at any time |
| Operating and securing the Website, including the AI chat assistant | Legitimate interests |
| Website analytics and performance cookies | Consent (non-essential cookies); legitimate interests (essential cookies) |
| Processing job applications | Necessary to take steps at your request prior to a contract; legitimate interests |
You may withdraw consent or object to processing based on legitimate interests at any time — see Sections 8 and 9.
4. Who We Share Your Data With
We may share personal data with:
- Banking and payment partners (banks, e-wallet providers, and payment networks) needed to process and settle transactions
- Compliance and verification providers who support our KYB/AML checks
- IT, hosting, analytics, and email service providers who process data on our behalf under contractual confidentiality and data-protection obligations
- Regulators and law enforcement, where required by law
- Professional advisors (auditors, lawyers), where necessary
- Affiliates within the DirePay corporate group
We do not sell your personal data. Third parties who process data on our behalf are contractually required to use it only for the purposes we specify and to apply appropriate security measures.
5. Data Security
We apply technical and organizational safeguards — including encryption, access controls, secure infrastructure, and regular security reviews — to protect personal data against unauthorized access, disclosure, alteration, or destruction. Access is limited internally on a need-to-know basis. While we work hard to protect your data, no system can guarantee absolute security.
6. International Data Transfers
Because we operate across multiple Asian markets and may use service providers located outside your home country, your data may be transferred internationally. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses, Binding Corporate Rules, or equivalent mechanisms recognized under applicable law. Contact us at [email protected] for more information about the safeguards used for a specific transfer.
7. How Long We Keep Your Data
- Enquiry and contact data: typically 2–5 years from your last interaction with us, unless a longer period is required by law
- Merchant/partner onboarding and transaction records: retained for the duration of the business relationship plus any period required by AML, tax, or financial-services record-keeping laws
- Job application data: retained for the duration of the recruitment process plus a limited period afterward, unless you consent to longer retention for future opportunities
- Technical/cookie data: up to 3 years, as further described in our Cookie Policy
We do not keep personal data longer than necessary for the purposes it was collected for.
8. Your Data Rights
Subject to applicable law, you may have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erasure of your data in certain circumstances
- Restrict how we process your data
- Portability of data you provided to us
- Object to processing based on legitimate interests or direct marketing
- Withdraw consent at any time, without affecting processing carried out before withdrawal
To exercise any of these rights, contact us at [email protected].
9. Withdrawing Consent
Where we rely on your consent, you may withdraw it at any time by emailing [email protected] or using the unsubscribe link in our communications.
10. How to Lodge a Complaint
If you have concerns about how we handle your data, please contact us first at [email protected] so we can try to resolve the issue. You also have the right to lodge a complaint with your local data protection authority (for example, the data protection authority in an EU/EEA member state where you live or work, or the relevant authority in your Asian market of residence).
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised "Last updated" date, and where changes are significant, we will notify you directly and seek consent where required by law.
12. Contact Us
Email: [email protected]
