NDEIGHTNDEIGHT
Get Started
All legal documents

Privacy Policy

Last updated: March 9, 2026

This Privacy Policy describes how NDEIGHT ("Company", "we", "us", "our") collects, uses, stores, and protects personal data when users access or use our services. Our platform provides Merchant of Record (MoR) services, payment infrastructure, and compliance tools.

1. Scope

This policy applies to Merchants using our platform, Customers purchasing through our infrastructure, and Visitors interacting with our website or services.

2. Data Controller and Processor Roles

The Merchant may act as Data Controller for customer data. We may act as Data Processor on behalf of the Merchant, or as independent Data Controller for compliance, payment processing, fraud prevention, and regulatory obligations.

3. Personal Data We Collect

3.1 Merchant Account

Full name, business name, registration info, email, phone, billing, country, IP address, account activity.

3.2 Identity Verification (KYC)

Government-issued ID, selfie/biometric data, proof of address, date of birth, beneficial ownership, business verification documents.

3.3 Transaction Data

Amounts, payment methods, identifiers, billing details, IP, geolocation, fraud indicators. We do not store full card numbers.

3.4 Customer Data

Customer name, email, billing, transaction history, support communication. Merchants remain responsible for lawful use.

3.5 Technical Data

Device info, browser, IP, OS, usage logs, interaction data.

4. How We Use Personal Data

Providing and maintaining Services; processing payments; verifying identities; fraud detection; compliance; transaction monitoring; dispute management; security improvement.

We process data based on: contractual necessity; legal obligation; legitimate interests (fraud prevention, security); consent where required.

6. Data Sharing

We may share data with payment processors, banks, identity verification providers, fraud detection services, cloud providers, and regulatory authorities when required by law.

7–11. Payment Providers, Fraud Monitoring, Retention, Security

Third-party payment providers process data per their own policies. We analyze transactions for fraud and compliance. We retain data as necessary; financial and compliance records may be kept longer when required by law. We implement encryption, access control, and security monitoring. Audit logs support compliance and security.

12. International Transfers

Data may be transferred internationally; appropriate safeguards are implemented where required.

13. Your Rights (GDPR)

You may have rights to access, correct, delete, restrict processing, data portability, and object. Contact us to exercise these rights.

14–17. Cookies, Children, Changes, Contact

We use cookies for sessions and analytics. Services are not for individuals under 18. We may update this policy; changes will be published on our website. Contact us for questions or requests.