Privacy Policy
Zyrix Technologies Inc. ("Zyrix", "we", "us") respects your privacy and is committed to protecting personal data with the same diligence we apply to the payments we process. This Policy explains what we collect, why we collect it, how we use and safeguard it, and the rights available to you under applicable laws, including the EU/UK GDPR, Türkiye's Law No. 6698 on the Protection of Personal Data (KVKK), the Saudi Personal Data Protection Law (PDPL), and comparable frameworks across the Gulf and wider region.
1. Scope
This Policy applies to personal data processed when you visit our websites, use the Zyrix platform and APIs, or otherwise interact with us. Where Zyrix processes payment and transaction data on behalf of a merchant, the merchant acts as the controller and Zyrix acts as a processor; this Policy then governs only the data for which Zyrix is itself the controller.
2. Data We Collect
Account and identity data: name, business details, email, phone, and verification documents required for onboarding and compliance.
Transaction data: amounts, currencies, timestamps, payment method metadata, and routing outcomes. We do not store full card numbers; card data is tokenized at the point of entry.
Technical data: IP address, device and browser information, and usage analytics collected to secure and improve the service.
3. How We Use Personal Data
We process personal data to provide and operate the platform; to authenticate users and prevent fraud; to meet legal, regulatory, and anti-money-laundering obligations; to provide support; and to analyze and improve our services. We do not sell personal data, and we do not use it for advertising.
4. Lawful Bases
Depending on the activity and your jurisdiction, we rely on the performance of a contract, compliance with a legal obligation, our legitimate interests in operating a secure payments network, and—where required—your consent. You may withdraw consent at any time without affecting prior lawful processing.
5. Sharing and Sub-Processors
We share data with payment providers, banks, and infrastructure sub-processors strictly as necessary to deliver the service, and with regulators or authorities where the law requires. All sub-processors are bound by written agreements imposing confidentiality and security obligations consistent with this Policy.
6. International Transfers
Zyrix operates data regions including Istanbul, Riyadh, Frankfurt, and Virginia, and stores data in the region the law requires. Where data is transferred across borders, we rely on recognized safeguards such as Standard Contractual Clauses and equivalent mechanisms, and we honor local data-residency requirements.
7. Retention
We retain personal data only as long as necessary for the purposes described here or as required by financial-services and anti-money-laundering record-keeping laws, after which it is deleted or irreversibly anonymized.
8. Security
We maintain a layered security program including encryption in transit and at rest, tokenization, access controls, continuous monitoring, and independent assessments. No system is perfectly secure, but we apply industry-leading controls appropriate to the sensitivity of payment data.
9. Your Rights
Subject to applicable law, you may request access to, correction of, or deletion of your personal data; object to or restrict certain processing; request portability; and lodge a complaint with your supervisory authority. To exercise these rights, contact privacy@zyrix.co.
10. Children
Our services are intended for businesses and are not directed to children. We do not knowingly collect personal data from minors.
11. Changes and Contact
We may update this Policy to reflect legal or operational changes and will revise the date above accordingly. Questions may be directed to privacy@zyrix.co or to Zyrix Technologies Inc., 1007 N Orange St, 4th Floor, PMB 5879, Wilmington, DE 19801, USA.