Mon-Fri: 8:00 AM - 6:30 PM
partners@ttrpay.net

Privacy Policy

TTRPay > Privacy Policy

Introduction

At TTRPay, we are committed to safeguarding your privacy and protecting your personal data. This Privacy Policy explains how we collect, use, and protect information when you use the TTRPay.net website and related services (the “Site”). This policy applies only to TTRPay.net and not to any other websites or platforms (for example, it does not cover any services on TTR.cash or other unrelated platforms). We aim to be transparent about our data practices and to comply with international privacy standards, including principles reflected in laws like the EU General Data Protection Regulation (GDPR). By using TTRPay.net, you agree to the practices described in this Privacy Policy.

Who We Are

TTRPay.net is owned and operated by TTR IT Holdings Limited, a company registered in Hong Kong. In this Privacy Policy, “TTRPay,” “the Company,” “we,” “us,” or “our” refers to TTR IT Holdings Limited, which is the organization responsible for handling your personal information. As the operator of the TTRPay platform (a global payment processing service for businesses), we act as the “data controller” for personal data collected via TTRPay.net. If you have any questions about this policy or how we handle personal data, please refer to the How to Contact Us section below.

What Data We Collect

We collect several types of personal data from you during registration, identity verification (KYC), and use of our services:

  • Information You Provide: When you register or create an account, we collect information such as your name, email address, phone number, and password. If you are a business or merchant, we also collect your business or trade name, physical address, business type and industry, company registration or tax identification number, website URL, and other details needed to set up your merchant account. As part of our Know Your Customer (KYC) and compliance process, we may collect identity information like your date of birth, government-issued identification number (e.g. passport or ID card number), and copies of identification documents. If you represent a business, we might also collect personal data about the business owners, directors, or beneficial owners (such as their names, birthdates, and ID information) as required by law. Additionally, we may ask for verification documents (e.g. business licenses, proof of address, financial statements) to confirm the information you provide.

  • Payment and Financial Information: In the course of providing payment services, we collect information related to transactions and payments. This may include your payment identifiers or account details (for example, bank account numbers or digital wallet IDs for settling funds), and transaction records (amounts, currency, dates, and recipient details). If we facilitate payments through certain methods (e.g. processing through a card network or PayPal), we may collect necessary details to execute those transactions. Note: TTRPay does not collect or store payment card numbers of your customers on our Site, except as needed to process payments securely through compliant payment gateways.

  • Automatic Data Collection: When you visit our Site or use our services, we automatically collect certain technical information. This includes your Internet Protocol (IP) address, browser type, device type, operating system, referring website, and browsing actions on our Site. We may use cookies or similar technologies to collect some of this data. This usage data helps us understand how users navigate our Site, enables site functionality (like keeping you logged in), and assists with security (e.g. detecting unusual account access). For more details, please see our Cookie Policy (if applicable).

  • Communication Data: If you contact us (for example, via email or a contact form), we will collect the information you provide in your inquiry, such as your name, email address, and the contents of your message or request. We retain such correspondence and our responses for record-keeping and to better service your future inquiries.

We do not knowingly collect any sensitive personal data unless necessary for compliance (for instance, information about criminal records or sanctions status might be collected as part of anti-money laundering checks, only if required by law).

We also do not collect any personal data from you that is not relevant to providing our services. You are responsible for ensuring that any personal data you provide is accurate and up-to-date, and for obtaining consent from any third parties whose personal information you might provide to us.

How We Use Your Information

We use the personal data we collect for the following purposes:

  • To Provide Our Services: We process your information to create and manage your TTRPay account, authenticate you as a user, and provide our payment processing services. This includes using your data to facilitate transactions (for example, receiving payments from your buyers and disbursing funds to you) and to provide any features you request on our platform.

  • KYC and Compliance: We use your personal and business information to verify your identity and fulfill our legal obligations related to Know Your Customer (KYC), Anti-Money Laundering (AML), and other compliance requirements. For example, we may use your identification details to confirm your identity or check your information against sanction lists or other databases as required by law. This helps us ensure the integrity of our platform and comply with applicable regulations.

  • Communication: We use contact information (like your email and phone number) to communicate with you about your account and our services. This includes sending you service-related announcements, transaction alerts, confirmations, invoices or receipts, and important updates about the platform (such as changes to our terms or policies). We may also respond to your inquiries and provide customer support using your communication data.

  • Improvement and Analytics: We analyze usage data and feedback to understand how our services are used and to improve our platform’s functionality and user experience. This may involve aggregating data (in a non-identifiable form) to monitor usage trends, troubleshoot performance issues, and develop new features or services. We do this to continually enhance our offerings and tailor them to our users’ needs.

  • Security and Fraud Prevention: Your information is crucial for maintaining the security of TTRPay. We may process data to detect, investigate, and prevent fraud, unauthorized transactions, suspicious activities, or other violations of our terms and laws. For example, we may use certain device or IP information to identify multiple accounts or unusual login patterns that could indicate fraud. We also keep logs of account activities to audit and ensure the safety and integrity of our platform.

  • Legal and Regulatory Purposes: We may use your personal data as necessary to enforce our Terms of Service and other agreements, to exercise or defend legal claims, and to comply with applicable laws and regulatory requirements. This includes using data to fulfill reporting obligations to regulators or financial authorities, and to cooperate with lawful government requests or court orders.

  • Optional Marketing (with Consent): We do not send out mass marketing communications, but if you are an existing customer, we may inform you about new features or services related to TTRPay. We will only send you promotional emails or newsletters if you have given us consent or if it’s otherwise permitted by law. You have the right to opt-out of marketing messages at any time, and we will provide an unsubscribe mechanism in any promotional email. Opting out of marketing will not affect our communications with you regarding transactions or service updates.

No Third-Party Sharing for Their Own Use: We value your privacy. TTRPay does not sell or rent your personal data to any third parties for marketing or any other purposes. In addition, we do not share your personal information with third-party service providers for their independent use. Any processing of your data is done in-house by TTRPay, or by strictly necessary partners under our direct instruction, solely to deliver the services you have signed up for. We will only disclose your personal data to third parties in a few exceptional cases, such as:

  • Financial Partners for Transactions: To facilitate payment transactions that you initiate, we might need to share certain data with banks, payment networks, or payment method providers. For example, if a payout to your bank account is requested, we will provide your banking details to our banking partner to execute the transfer. These third parties will receive only the information required to complete the transaction and are contractually or legally obligated to use the data for that limited purpose only.

  • Legal Requirements: If we are compelled by law, regulation, court order, or governmental authority to disclose certain data, we will do so to the extent we are required. For instance, we may share information in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements, or to comply with financial regulations (e.g. reporting suspicious activities under AML laws).

  • Professional Advisors and Affiliates: We may share information with our auditors, legal counsel, or other professional advisors as necessary for them to provide services to us (for example, auditing our financial statements or assisting in a legal compliance review). These parties are bound by confidentiality obligations. We currently do not have subsidiaries or affiliated companies that process personal data, but if TTRPay in the future involves an affiliate in data processing, we will ensure the same privacy protections are in place.

  • With Your Consent: In any situation where we might need to share your data beyond the scope of this Privacy Policy, we will notify you and obtain your consent before doing so. For example, if you request a feature that involves a third-party integration, we will only share data with that third party with your knowledge and agreement.

In all cases of data disclosure, we remain committed to ensuring that any third party receiving the data is bound to uphold privacy and security standards consistent with this Privacy Policy.

We never share more information than necessary for the specific purpose and always strive to anonymize or aggregate data when feasible.

Legal Basis for Processing

For users in jurisdictions that require a lawful basis for processing personal data (such as the European Economic Area under the GDPR), TTRPay relies on the following legal bases:

  • Performance of a Contract: Most of our data processing is based on necessity for performing our contract with you. When you sign up for and use TTRPay’s services, we must process your personal data to provide those services (e.g. using your details to set up your account, process transactions, and provide customer support). We cannot provide the requested services without this information.

  • Legal Obligation: We process certain data to comply with our legal and regulatory obligations. For example, laws relating to financial services, anti-money laundering (AML), “know your customer” regulations, tax reporting, and other regulations require us to collect and retain specific personal information. We may also be legally obliged to disclose information to authorities or respond to lawful requests. Processing of personal data for these purposes is based on necessity to meet legal obligations.

  • Legitimate Interests: We may process your data for the purposes of our legitimate interests, provided those are not overridden by your data protection rights. These legitimate interests include maintaining the security of our platform, preventing fraud, improving and developing our services, and running our business in an efficient and commercially reasonable manner. For instance, using your usage data to identify improvement areas in our user interface, or processing data to investigate potential fraud, are actions taken in our legitimate interest to ensure a safe and effective service. When we rely on legitimate interests, we balance our interests against your rights and expectations to ensure fair processing. You have the right to object to processing based on legitimate interests (see Your Rights below).

  • Consent: In limited cases, we may ask for your consent to process your personal data. For example, if we want to send you marketing emails or if we introduce optional features that involve sharing data with third parties, we will only do so if you have given consent. If we rely on consent, you have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing that is done under other legal bases.

  • Other Bases: In rare circumstances, we might process personal data to protect vital interests (e.g. if processing is necessary to protect someone’s life) or for tasks carried out in the public interest. These bases are mentioned here for completeness, but they would apply only in exceptional scenarios (for example, if we needed to notify authorities about an imminent threat and processing data was necessary for public safety).

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. How long we keep your data depends on the nature of the information and the purposes of processing:

  • Active Account Period: For as long as you maintain an active account with TTRPay, we will keep your personal information on file. This allows us to provide you with our services continuously, such as processing transactions and maintaining your account preferences and history.

  • After Account Closure: If you close your account or your relationship with TTRPay otherwise ends, we will archive and securely store your data for a period of time as required or permitted by applicable laws. For financial and legal compliance, we typically retain transactional and KYC information for a set number of years after the end of the relationship. For example, anti-money laundering regulations may require us to retain certain identity and transaction records for a minimum of 5 to 7 years after an account is closed. During this retention period, your data will be blocked from routine use and only accessed if needed for legal, audit, or dispute-resolution purposes.

  • Retention for Legal Obligations and Disputes: Even if you request deletion, we may retain certain information as necessary to comply with legal obligations (such as maintaining records of transactions for financial regulations or tax laws) or to resolve disputes and enforce our agreements. We also retain backup copies of data for a limited period for business continuity (these backups are protected and are only kept for disaster recovery needs).

  • Deletion and Anonymization: Once the retention period expires, or if we determine that the data is no longer required (whichever comes first), we will delete your personal data in a secure manner. In some cases, rather than complete deletion, we may anonymize the data so it can no longer be associated with you. For example, aggregate usage statistics that no longer identify an individual may be kept for analytical purposes, but any personal identifiers would be removed.

We continuously review the personal data in our custody to ensure we are not keeping it longer than necessary. If you believe we are holding onto your personal information longer than we should, please contact us and we will investigate and address your concerns in line with applicable law.

Your User's Rights

We respect your rights to your personal data. Depending on your jurisdiction and the applicable data protection laws, you may have some or all of the following rights regarding the personal data we hold about you:

  • Right to Be Informed: You have the right to clear and transparent information about how we collect and use your personal data. This Privacy Policy is intended to provide you with those details. If anything is unclear, you can always contact us for more information.

  • Right of Access: You have the right to request access to the personal data we hold about you. This means you can ask us to confirm whether we are processing your personal data and provide you with a copy of that data, as well as information about how we use it. (In certain exceptional cases, we might not be able to provide certain details if it involves someone else’s data or other legally protected information, but we will inform you if that situation arises.)

  • Right of Rectification: If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or update it. We encourage you to keep your account information up-to-date, and we will promptly rectify any inaccuracies you report to us.

  • Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete your personal data in certain circumstances. This right is not absolute, but applies, for example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent (in cases where we rely on your consent) and we have no other legal basis to keep processing it. We will also erase data unlawfully processed or required to be deleted to comply with a legal obligation. If you request erasure, we will also notify any third parties processing that data on our behalf to honour the request, where feasible. Do note that we may retain some information as required by law or for legitimate business purposes (see Data Retention above).

  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions. For example, if you contest the accuracy of your data, you can request that we restrict processing while we verify the information. During restriction, we can store your data but will not use it for anything not agreed to. You can also request restriction if you believe our processing is unlawful or if you need us to preserve your data for legal claims, but you do not want us to otherwise use it.

  • Right to Data Portability: For data that you have provided to us and that we process by automated means based on your consent or to perform a contract, you have the right to request a copy in a structured, commonly used, machine-readable format (for example, a CSV file). Where technically feasible, you may also request that we transmit this data directly to another service provider. Data portability allows you to reuse your data across different services.

  • Right to Object: You have the right to object to our processing of your personal data in certain situations. You can object at any time to processing of your personal data for direct marketing purposes, and if you do, we will stop processing your data for that purpose. You can also object if we are processing your data based on legitimate interests (or performing a task in the public interest). In such cases, we will stop processing the data unless we have compelling legitimate grounds to continue (for example, a legal requirement) that override your rights, or if we need to continue processing the data for the establishment, exercise, or defense of legal claims.

  • Right to Withdraw Consent: If we rely on your consent for any part of processing, you have the right to withdraw that consent at any time. For instance, if you consented to receive marketing emails, you can opt out later by clicking “unsubscribe” in the email or contacting us. Withdrawal of consent will not affect processing already carried out, but it will stop the particular activity that was based on consent. We will make it as easy as possible for you to withdraw consent, and there will be no penalty for doing so.

  • Right to Lodge a Complaint: If you believe your privacy rights have been violated or you have concerns about how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. If you are in the European Union or United Kingdom, this would be your local data protection authority. For example, in the UK it’s the Information Commissioner’s Office (ICO), and in Hong Kong it’s the Privacy Commissioner for Personal Data (PCPD). We encourage you to contact us first so we can address your concerns directly, but you are entitled to reach out to the regulators at any time.

To exercise any of your rights, please contact us. We will respond to your request as soon as possible, and in any event within any timeframes required by law (typically within one month for many requests under GDPR, with the possibility to extend if the request is complex – we will inform you if an extension is needed). Please note that for security, we may need to verify your identity before processing certain requests (for example, by confirming your email or requiring additional identification) to ensure that your personal data is not disclosed to someone impersonating you.

Data Security

We take data security seriously and have implemented appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption: Sensitive data exchanged with our Site is protected using industry-standard encryption protocols such as SSL/TLS. This means that when you enter personal information on our platform, it’s encrypted in transit to prevent eavesdropping. In addition, we employ encryption or other pseudonymization techniques for personal data at rest in our databases where feasible, adding an extra layer of protection.

  • Access Controls: We limit access to personal data strictly to authorized personnel who need it to perform their job duties. TTRPay staff and any contractors are bound by confidentiality obligations and are regularly trained on privacy and security practices. We implement role-based access controls so that individuals only access the data necessary for their tasks. Systems that contain personal data are protected by strong authentication methods and regularly updated passwords or keys.

  • Network & System Security: Our servers and infrastructure employ firewalls, intrusion detection and prevention systems, and anti-malware protections to guard against external threats. We continuously monitor our systems for possible vulnerabilities and attacks. Security patches and system updates are applied in a timely manner to mitigate risks. We also maintain robust backup systems and disaster recovery plans to ensure data resilience.

  • Testing and Audits: We periodically test our security measures and procedures, conducting internal audits and, when appropriate, engaging independent experts to perform security assessments. Any identified vulnerabilities are addressed promptly. We also have incident response plans in place in the unlikely event of a data breach, which include notifying affected users and regulators as required by law.

While we strive to protect your information with these measures, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously update and enhance our security practices to meet or exceed industry standards. You also play a role in keeping your data safe: please use a strong, unique password for your TTRPay account, do not share your login credentials, and notify us immediately if you suspect any unauthorized access to your account.

International Data Transfers

TTRPay is based in Hong Kong and our primary operations (including data hosting) are currently located in Hong Kong. However, the personal data we collect may be transferred to, stored in, or accessed by our staff or authorized contractors in other countries. Additionally, if you are using our services from outside of Hong Kong (for example, as an international merchant or user), your information will necessarily travel across international borders to reach our servers.

We recognize that different countries may have different data protection laws. Whenever we transfer personal data across national borders, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws. These safeguards may include:

  • Adequacy and Standard Contractual Clauses: If you are located in a region like the European Economic Area (EEA) or the United Kingdom, and your data is transferred out of that region (for example, to Hong Kong or any other country that may not have been deemed “adequate” by the EU), we will implement measures to ensure lawful transfer. Typically, we would rely on the European Commission’s Standard Contractual Clauses (SCCs) or equivalent agreements that contractually bind the recipient to protect your data to EU GDPR standards. We may also rely on any future adequacy decisions or frameworks that might apply (such as an adequacy finding for Hong Kong, if established).

  • Your Consent in Certain Cases: In the event we need to transfer your data to a third country in a situation not already covered by an appropriate safeguard, we will inform you and obtain your consent for the transfer, or ensure another GDPR-recognized exception applies (such as transfer necessary for the performance of a contract with you).

  • Security Measures: Regardless of where your data is processed, we apply the same security standards described in the Data Security section. Our contracts with any processors or partners require them to maintain equivalent high standards of security and confidentiality.

Please note that by using TTRPay.net or submitting your information to us, you acknowledge that your personal data may be transferred to and processed in Hong Kong and other jurisdictions as necessary.

We will always handle your information securely and lawfully. If you have questions about our international data transfer practices or require more information about the safeguards we have in place, you can contact us.

Changes to This Privacy Policy

We reserve the rights to update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated Privacy Policy on this page and update the “Last Updated” date at the bottom of this document. Any revised policy will be effective when posted on our Site.

If we make any material changes that substantially affect how we handle your personal data, we will take additional steps to inform you. This may include, for example, providing a prominent notice on our website or notifying you via email (using the email address associated with your account) prior to the change becoming effective. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information.

Your continued use of TTRPay.net after any changes to this Privacy Policy constitutes acceptance of the updated terms. If you do not agree with any updates or modifications, you should stop using the Site and services. Remember, you can always contact us if you have questions or concerns about the changes.

How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, we’re here to help. Please contact us through any of the following methods:

  • Email: You can reach our privacy team at partners@ttrpay.net. Please include “Privacy Inquiry” in the subject line so we can route your inquiry to the right personnel. We will endeavor to respond promptly to all legitimate requests.

  • Postal Mail: You may also contact us in writing at the following address:
    TTR IT Holdings Limited
    367–375 Queen’s Road Central
    Sheung Wan, Hong Kong

  • Phone: If you need urgent assistance or prefer to speak with us, you can call our office at +852 3001 1122 during business hours (Mon–Fri, 8:00 AM – 6:30 PM Hong Kong Time). Please ask to speak with the team responsible for data protection or privacy.

We will gladly address any issues you raise about our handling of your personal data. If you contact us to exercise any of Your Rights (such as accessing or deleting your data), please provide adequate information for us to verify your identity. This is to protect your data from unauthorized access.

Last Updated: This Privacy Policy is effective as of May 16, 2025, and was last updated on that date.