Privacy Policy
Last updated April 7, 2025
On this page
Thank you for using PayMongo!
All references to “we”, “us”, “our”, or “PayMongo” refer to PayMongo Philippines, Inc. and/or PayMongo Payments, Inc. All references to “you”, “your”, or “user”, or “customer” relate to the person or entity who is using or accessing PayMongo’s products or services, or has registered an Account with PayMongo.
In this Privacy Policy (“Policy”), we will explain how we collect, process, use, and/or share Personal Data and how you can reach us with privacy-related inquiries. This Policy also outlines your rights and choices as a data subject, in line with the Data Privacy Act of 2012 and relevant regulations.
Please read this Policy carefully. When using our website and/or availing of our products, services, or applications, you agree to abide by this Policy and to the collection, processing, use, access, and/or sharing of your Personal Data by PayMongo.
Please check back on this page from time to time to keep updated of any changes to this Policy. We will do our best to notify you of any material updates and will always ensure that the updated version of this Policy is publicly available. Please make sure you have given us an updated and active e-mail address or other contact information since this Policy and any changes or updates made shall apply to you, whether or not you receive notice of such updates or changes.
1. Applicability
This Policy shall apply to you whenever you use or access our products and services. This Policy also applies to all personal information collected or shared directly or indirectly through our onboarding and KYC procedures, use of our APIs, pages, links, and other products and/or services or through our partners, customers, or third-party service providers as a result of your use or access of our products or services.
2. Personal Information We Collect
2.1 Personal Information You Voluntarily Provide to PayMongo
When you register your business for an account with PayMongo (“Customer”), we require you to identify an authorized representative and provide us with such authorized representative’s personal information such as, but not limited to, the authorized representative’s first and last name, e-mail address, identification cards and government-issued identification including documents containing a photo and signature, bank statements, and proof of income. We may also ask you to submit documentation verifying the legal existence of your business and its beneficial owners and principals, bank statements and related banking information, and other financial documents to verify your business activities and assess the risks associated with your business. The collection of this information is necessary to provide the functionality of our products and services and/or to comply with applicable laws and regulations.
Even if you do not register for an account with us, you may still choose to provide us with certain personal information about you (for example, you may want to sign up for our newsletters or RSVP for events).
Personal information may also be collected when you make a payment through a Customer’s website or application which utilizes or is powered by PayMongo’s products and services. In this case, the personal information may include:
- First and last name;
- Physical and/or mailing address;
- Financial information, including but not limited to credit or debit card numbers or bank account information;
- Email address;
- Phone number;
- Device information, such as a unique device identifier; and
- Location information, such as your IP address or geo-location.
The collection of this Personal Data is necessary for us to process the transaction, to provide the functionality of the product or service utilized or access, and/or to comply with applicable laws and regulations.
Card Vaulting
PayMongo also offers UX features which includes card vaulting.
By agreeing to save your Card Details for future use, you agree to the storage of your Card Number, Expiration Date, and CCV/CVV (“Card Details”) through the safety of our Card Vaulting System. Your CCV/CVV will only be stored in order to process your payment transactions. If your payment is successfully completed, your CCV/CVV will be deleted immediately. If your payment attempt is not successfully completed, your CCV/CVV will be deleted within twenty-four (24) hours from the time you receive notification that your payment attempt has failed. We employ world-class security standards (PCI-DSS compliant) for card processing, which guarantees the security of your Card Details. We will also be using safe and tokenized user details to access your Card Details.
2.2 Personal Information We Collect Automatically
We collect certain information automatically as you access and use our products and services. This includes:
• Device information, such as a unique device identifier; and
• Location information, such as your IP address or geo-location.
2.3 How We Use Personal Information
We may use your personal information for the following purposes: (i) providing and improving our products and services; (ii) identity verification and fraud prevention; (iii) internal usage, including but not limited to, data analytics and metrics; (iv) complying with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with applicable law, including without limitation, the Anti-Money Laundering Act and the Terrorism Financing Prevention and Suppression Act of 2012; and (v) any other legitimate purpose.
We may also use your personal information for marketing and promotion.If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails, or through other means we may inform you to unsubscribe. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you messages that are required to provide you with our Services.
2.4 How We Share Personal Information
We may share personal information with third parties such as, but not limited to, the following:
- With our subsidiaries and affiliates (please refer to the List of Third Parties);
- With our contractors and vendors who support aspects of the Service and our business, including: services related to website hosting, data analysis, information technology and related infrastructure, bank account identity and authentication, helpdesk and support, user identity verification, and fraud prevention (please refer to List of Third Parties);
- With our banking partners, including Payment Method Providers and Acquirers, who enable the processing of Transactions via the Payment Processing Services (please refer to the List of Third Parties);
- With a buyer or other successor in the event of a merger, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred (in such event, we will provide notice to our users of such transfer);
- With appropriate law enforcement or government agencies in compliance with a lawful request, order, or other legal mandate, or when necessary to exercise or defend legal claims, including when disclosure is necessary to prevent physical harm or possible fraud, to report suspected illegal activity, or to investigate violations of our Terms of Service or any other applicable policies; and
- With partners or other third parties for purposes of marketing and promotion, subject to your consent and other applicable regulations.
We do our best to ensure that any entity to whom we disclose your personal information is contractually required to comply with confidentiality standards, establish adequate safeguards for data protection, respect your data privacy rights, and comply with applicable data privacy laws. We use contractual and other means to monitor compliance with this Policy by third parties to whom we share your personal information. We also require third-party data processors to use information shared with them only for authorized purposes and to comply with our reasonable instructions for adequate protection of your personal information.
We may also share your personal information to comply with any subpoena, court order, or other similar legal process, including to respond to any government or regulatory request. To the full extent permitted by law, we will notify you if we receive government requests about your personal information.
We may also share financial information in relation to a transaction processed through our products or services by our Customers. We will endeavor to limit the financial information shared to include only the following credit or debit card details: (1) last four digits of the card; (2) card brand; and (3) country of issuance of the card. Please review the corresponding terms of use or privacy policy of the Customer or business you choose to transact with to learn more about their collection and processing of your personal and financial information.
If you do not wish any of your personal information to be shared to any third party or for any of the indicated purposes, please contact us immediately.
2.5 Accessing and Correcting Your Information
You are solely responsible for ensuring that any personal information that you provide to us is accurate. You may be able to view and update certain personal information that we have about you by logging into your Account or by emailing us at the email address provided at the end of this Policy. We may refuse any changes you make to your personal information if we believe the proposed change is inaccurate or is submitted through inappropriate channels.
3. Lawful Collection, Use, and Processing of Personal Information
To the extent required by applicable laws, PayMongo or any third-party service providers engaged by us will aim to obtain your consent to collect and use your personal information at the time of collection. We adopt an ‘opt-in' policy to obtain your express consent when collecting your personal information. You may be asked, for example, to sign a form or tick a box on a website or an application.
If you do not permit the collection, use, processing or disclosure of some personal information we request, then we may not be able to provide you with our Service. In other instances, it is obligatory for you to provide us with your personal information in order to allow us to satisfy your request or to provide you with any other service that you have requested.
4. Data Security
We use commercially reasonable physical, technical, and administrative measures to secure your personal information from accidental loss and from unauthorized access, use, and disclosure. For example, we (i) implement a strict data security policy, (ii) restrict access to personal information to employees, contractors, and other service providers on a need-to-know basis, (iii) use industry-standard encryption technology to secure data, (iv) train our personnel on privacy issues and have appointed a data privacy officer, (v) review the privacy practices of new products and services that we integrate into our Service, and (vi) require our personnel to sign confidentiality agreements that extend to your personal information. However, no transmission of information through any mode or channel is completely secure. As we cannot guarantee the security of information transmitted to or from us, we are not responsible for any unauthorized access to and disclosure of any information you send to or receive from us. Any transmission of personal information is at your own risk.Please also keep in mind that the safety and security of your information also depends on you. You are responsible for keeping your account information, including your login credentials and password, confidential. We ask you not to share your login details and password with anyone. If you have reason to believe that your account or data is no longer secure, please contact us immediately at the email address, mailing address, or telephone number listed at the end of this Policy.
5. Data Retention
We may retain your personal information for the longer of: (i) six (6) months after receipt of your request to delete your Account; (ii) the length of time required by law; (iii) the length of time required by our compliance program; (iv) the length of time required by our banking partners, including Payment Method Providers and Acquirers, or (v) for as long as may be necessary for the fulfillment of the purposes for which your personal information have been collected and processed. Please note that if you delete your Account, we may still retain your personal information for such period mentioned in any of the foregoing instances. You may delete your Account through the Dashboard, or you may email the address provided at the end of this Policy.
At the end of the retention period, we will ensure that your personal information will be deleted. For any physical documents containing your personal information, the documents will be destroyed by means that ensure its confidentiality.
6. Automated Data Collection Technologies
As you navigate through and interact with the Service, we may use automatic data collection technologies to collect certain information about your equipment and browsing actions and patterns, as further described in this Policy.
6.1 Cookies and Analytics
We may use cookies and other technologies to automatically collect information about your use of the Service. You can learn more about these technologies below. We may use collected information to provide you with a better user experience; to comply with our legal obligations under applicable laws, such as anti-money laundering and related laws; to protect you and detect irregular or suspicious account activities; to customize our services and content for you; and to better understand how our users interact with the Service.
Cookies. A cookie is a small file placed on your computer when you visit certain websites. Cookies may be either first-party or third-party cookies, and they may be either permanent or temporary (i.e. session) cookies. It may be possible to refuse to accept cookies by activating the appropriate setting within your browser. However, if you disable or refuse cookies, please note that some parts of the Service may be inaccessible or may not function properly.
Other Technologies. We may use other third-party services that automatically collect information about you to better understand how you use and interact with the Service. For example, we may use third-party vendors to provide us with services surrounding analytics, advertising, and cybersecurity. The information collected through this process by the third-party service providers does not enable us or them to identify your name, contact details or other personal information that directly identifies you unless you choose to provide these.
6.2 “Do Not Track” Signals
To the extent that we receive any Do-Not-Track signals, we will not comply with them.
7. Third-Party Services
Any third-party services integrated with the Service shall be subject to the policies and practices of such third parties, and we are not responsible for how they collect, use, and share your personal information. We encourage you to review the privacy practices and policies of such third parties. We make no guarantees about, and assume no responsibility for the information, services, or data privacy practices of third parties.
8. Your data privacy rights
Subject to the applicable data protection law, you may have the right to request access to, or correct your personal information held by us, or enquire about our data protection policies and practices. You may also have the right to object to the processing of your personal information held by us or to file a complaint with the National Privacy Commission for the protection of your rights as a data subject. (For more information on these rights, you may refer to the National Privacy Commission’s webpage at: https://privacy.gov.ph/data-subject-rights/.)
9. Contact Us
For any comments, queries, data access requests, or data correction requests relating to our use of your personal information, please contact our Data Protection Officer at the following contact details:
Data Protection Officer
Email: dpo@paymongo.com; dpo2@paymongo.com
Address: Unit 3308 High Street South Corporate Plaza Tower 2, 26th St. & 11th Ave., Bonifacio Global City, Philippines
Phone Number: (0920)-976-4033