Privacy Policy
Effective Date: 28 April 2025
Introduction
MoyoPal.io ("we", "us", "our") is committed to protecting your personal data worldwide. This policy explains how we collect and use your information (including your name and email address) in compliance with the EU/UK General Data Protection Regulation (GDPR) and other laws. We act as the data controller for the information we collect. You can contact us about privacy at the address below.
Information We Collect
Identity and Contact Information: When you register or contact us, we collect your name and email address. These are "personal data" under GDPR (any information relating to an identifiable person)gdpr-info.eu.
Payment Information: To process payments, we collect only the information needed by our payment providers (Stripe, PayPal, Google Pay), such as your name, billing address and transaction details. We do not store your full payment card data; card details are submitted directly to the payment provider.
Usage and Device Data: We automatically collect information about how you use our site and services. This may include your IP address, browser and device type, pages visited, and clickstream data. We collect this via cookies and similar technologies (see Cookies below) to understand and improve our service. For example, Google Analytics uses cookies to gather anonymous statistics on pages viewed and links clickedgdpr.eu.
How We Use Your Personal Data
We use your personal data for the following purposes:
Providing and Improving Our Service: We use your data to create and manage your account, verify your identity, deliver our services, and personalise your experience. This includes account setup, customer support, and service improvements.
Payment Processing: We use your payment-related data (via Stripe, PayPal, Google Pay) to complete transactions and prevent fraud. We share transaction details with these providers under a data processing agreement. For example, Stripe secures payment data using PCI-DSS industry standardsstripe.com, and similar high security measures apply to PayPal and Google Pay.
Communications: We use your email to send account-related messages (confirmation emails, receipts, security alerts, and important updates). These communications are necessary to operate our service.
Analytics: We analyse usage data to improve our service. We use Google Analytics (a third-party service) to collect aggregate information about site usage. Google Analytics places "statistics" cookies that collect anonymous data on how our site is usedgdpr.eu. This data is aggregated and cannot identify you personally; Google processes it on our behalf under its GDPR-compliant Data Processing Terms.
Marketing (with Consent): If you opt in, we may use your email to send newsletters, promotional offers, or information about our products. We will only send marketing communications if you have explicitly consented, and each message will include an easy way to unsubscribe. We comply with applicable marketing laws (for example, the UK Privacy and Electronic Communications Regulationsico.org.uk). You can withdraw consent or opt out at any time.
Legal and Security Compliance: We use data as needed to meet our legal obligations (for example, financial recordkeeping under tax laws) and to protect our rights and property.
Payment Processing (Stripe, PayPal, Google Pay)
We use reputable third-party services to handle payments: Stripe, PayPal, and Google Pay. When you make a payment:
We transmit your payment details (name, card information, etc.) directly to the payment provider. We do not receive or store full credit card numbers on our servers.
The payment provider processes the payment under its own Privacy Policy and security controls. For example, Stripe uses PCI-DSS security standards to protect your card datastripe.com, and PayPal and Google Pay employ similar encryption and tokenization.
We receive confirmation of the payment (such as "payment succeeded") and basic transaction details (amount, date, items purchased) from the provider. We retain these details to fulfill orders, provide service, and comply with any legal financial recordkeeping requirements.
Children's Accounts (Minors with Parental Consent)
Our services are not intended for unsupervised use by children. If you are under the applicable age of consent, you must have a parent or guardian's permission to use our service. In particular:
Under EU law (GDPR Article 8), a child must be at least 16 years old to consent on their own. EU Member States may lower this to no less than 13. In the UK, the age of digital consent is 13.
We therefore require verifiable parental consent for any user below the applicable age (e.g. under 16 in most EU countries, under 13 in the UK)gdprhub.euico.org.uk. We use reasonable methods (such as email confirmation or identification checks) to verify that consent has been given by a parent or legal guardian.
If we learn that we have collected personal data from a child without verification of parental consent, we will promptly delete that data.
Marketing Communications
Opt-in Required: We send marketing emails only if you have opted in to receive them. We do not share your email address with third-party marketers without consent.
Unsubscribe: Every marketing email we send will include a clear unsubscribe link. You may also withdraw consent or change your preferences by contacting us at any time. In accordance with GDPR, withdrawing consent is made as easy as giving itgdprhub.eu.
Regulatory Compliance: We follow all applicable laws for electronic marketing. For example, in the UK we comply with the Privacy and Electronic Communications Regulations (PECR)ico.org.uk. You will not receive marketing if you opt out, and we will honour opt-out requests promptly.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience and analyse site usage:
Strictly Necessary Cookies: These cookies are essential for the website to function (for example, managing your login session or shopping cart). We do not need your consent for these cookies, but we do inform you about themgdpr.eu. They do not track your activity beyond what is needed for these core functions.
Analytics/Performance Cookies: We use cookies (such as Google Analytics cookies) to collect aggregated, anonymous data about site usage. These "statistics cookies" track things like pages visited and links clicked, helping us improve our sitegdpr.eu. This data is anonymised and cannot be used to personally identify you.
Marketing/Advertising Cookies: If we use any cookies to serve targeted advertising or marketing (e.g. Google Ads cookies), we will do so only with your consent. (If we do not use marketing cookies, state that here.)
Your Choices: You can manage or delete cookies through your browser settings (see your browser's Help for instructions). Disabling non-essential cookies may limit some functionality on our site.
Cookie Data as Personal Data: Note that according to GDPR Recital 30, cookie identifiers can be used to create profiles of natural personsgdpr.eu. In other words, cookies that identify you are treated as personal data and require a lawful basis (consent or legitimate interest)gdpr.eu. We rely on consent for non-essential cookies and do not use them beyond the purposes described.
International Data Transfers
Your personal data may be transferred to and stored in locations outside the UK/EEA (for example, if our service providers or servers are located abroad). When we transfer data internationally, we ensure adequate safeguards:
Adequacy Decisions: If the destination country is deemed "adequate" by the EU/UK (meaning it provides GDPR-level protection), transfers are allowed by default.
Standard Contractual Clauses: If no adequacy decision exists (for example, transferring data to the US), we use the EU's Standard Contractual Clauses, which are model agreements pre-approved by the European Commission to ensure strong data protectioncommission.europa.eu. In all cases, we ensure that your data remains protected under arrangements that meet GDPR requirements.
Data Retention
We keep your personal data only for as long as necessary to fulfil the purposes in this policy and to comply with our legal obligations (in line with the GDPR's "storage limitation" principlegdprhub.eu). For example:
Account and Profile Data: We retain your name, email and other registration data for the duration of your account. After you delete your account, we may keep residual data for a limited period (e.g. 5–7 years) if required by law (for tax or audit purposes).
Transaction/Payment Records: We keep transaction details (date, amount, items) and related payment confirmations for a period (typically 5–7 years) to meet financial recordkeeping obligations.
Analytics Data: Data collected by Google Analytics is kept in aggregated form. Individual session data are typically anonymised or deleted after a set period (the default Google Analytics retention is 26 months).
Marketing Consents: We keep records of your consent or preferences (opt-in/opt-out) for as long as you maintain an account or until you withdraw consent, plus any necessary period afterward. We will inform you of the data retention period (or the criteria used to determine it) as part of your GDPR data access rightsgdpr-info.eu. Once personal data is no longer needed, we will securely delete or irreversibly anonymise it.
Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Access: You can request confirmation of whether we process your personal data, and ask for a copy of that data.
Rectification: You can ask us to correct any inaccurate or incomplete data.
Erasure: You can request deletion of your data ("right to be forgotten") in certain circumstances.
Restriction: You can ask us to restrict or block further processing of your data while a dispute is resolved.
Portability: You can obtain a copy of your data in a structured, commonly used format and transfer it elsewhere if processing is based on consent or contract.
Objection: You have the right to object to certain processing (for example, direct marketing or profiling) at any time. We will stop processing your data for those purposes unless we demonstrate compelling legitimate grounds.
Withdraw Consent: If processing is based on your consent, you can withdraw consent at any time. It will be as easy to withdraw consent as it is to give itgdprhub.eu.
Complaint: You have the right to lodge a complaint with a data protection authority (for example, the UK's ICO) if you believe your data is not being handled properly.
To exercise these rights, please contact us (see Contact Us below). We will respond without undue delay and in any case within 24 or 48 hours of your request (this period may be extended by two additional week or two for complex requests)gdprhub.eu.
Security Measures
We implement appropriate technical and organizational security measures to protect your data, in accordance with GDPR requirements. These include:
Encrypting data in transit (HTTPS/SSL) and at rest.
Strict access controls and authentication (only authorised personnel can access personal data).
Regular security audits, monitoring and penetration testing.
Data pseudonymization or anonymization where possible.
These measures ensure data integrity and confidentialitygdprhub.eu. Despite our efforts, no system can be 100% secure; however, we use industry-standard practices. In the event of a data breach, we will follow legal requirements to notify authorities and affected individuals as appropriate.
Changes to This Policy
We may update this Privacy Policy from time to time. We will post any revisions on this page with an updated effective date. We encourage you to review this policy periodically for any changes.
Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: privacy@moyopal.io
You can also contact the data protection authority in your country (for example, the UK Information Commissioner's Office) for more information on data privacy.
Last updated: 28 April 2025.