Privacy Policy

Introduction

ShortlyPay (“we,” “our,” “us”) values your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our payment gateway solutions, including our wallet systems in Bangladeshi Taka (BDT) and United States Dollar (USD).

By accessing or using our services, you agree to the terms of this Privacy Policy.

Information We Collect

We may collect the following types of information:

a) Personal Information

• Full Name
• Date of Birth
• National ID / Passport Information
• Mobile Number & Email Address
• Residential & Billing Address

b) Financial Information

• Bank Account Details
• Debit/Credit Card Details
• Mobile Financial Services (MFS) Account (bKash, Nagad, Rocket, etc.)
• Transaction History (local & international)

c) Technical Information

• Device Information (IP address, browser type, OS, device ID)
• Geo-location data (if enabled)
• Login & authentication records

Compliance Data

• KYC (Know Your Customer) records
• AML/CFT (Anti-Money Laundering / Counter-Terrorist Financing) checks

How We Use Your Information

We use your data to:

• Provide payment gateway and wallet services.
• Process transactions in BDT (local) and USD (international).
• Verify identity and prevent fraud.
• Comply with Bangladesh Bank, BFIU, and international financial regulations.
• Improve user experience and develop new features.
• Send security alerts, transaction updates, and customer support messages.
• Conduct risk analysis and ensure compliance with AML/CFT & GDPR.

Sharing of Information

We do not sell your personal data. We may share information with:

• Regulators: Bangladesh Bank, BFIU, or other regulatory authorities (if required by law).
• Financial Partners: Banks, card networks (Visa, Mastercard), and MFS providers.
• International Partners: For USD wallet transactions, cross-border settlement partners.
• Service Providers: Cloud hosting, KYC/AML providers, fraud detection tools.
• Law Enforcement: If required under applicable laws.

Data Retention

• Local (BDT transactions): Stored in compliance with Bangladesh Bank & BFIU guidelines (minimum 5 years).
• International (USD transactions): Stored as per GDPR and PCI-DSS requirements.

We retain data only as long as necessary for compliance, legal, and business purposes.

Security Measures

We apply industry-standard security practices including:

• PCI-DSS Compliance for card transactions.
• Data Encryption (AES-256, SSL/TLS).
• Two-Factor Authentication (2FA).
• Fraud & Risk Monitoring Systems.
• Secure Cloud Hosting (ISO 27001 certified servers).

Your Rights

Depending on jurisdiction, you may:

• Access your personal data.
• Request corrections or updates.
• Request deletion (subject to regulatory requirements).
• Withdraw consent for marketing communication.
• File a complaint with the Bangladesh authorities or GDPR regulators.

Cross-Border Data Transfers

Data for USD wallets may be processed outside Bangladesh in secure international servers.

We ensure transfers comply with GDPR standard contractual clauses and global financial data regulations.

Children's Privacy

Our services are not intended for individuals under 18 years old.

Changes to this Policy

We may update this Privacy Policy from time to time. Users will be notified of significant changes via email or app notification.

Contact Us

For questions or concerns about this Privacy Policy: