Privacy Policy

1. Welcome

Gaian builds financial infrastructure for businesses and consumers. We value privacy and strive to be transparent. This Privacy Policy (the “Policy”) describes how we collect, use, share and store personal data when you interact with our Services. Capitalised terms not defined here have the meanings set out in the Terms of Service.

2. Defined Terms

  • “Personal Data” means any information that relates to an identified or identifiable natural person.

  • “Financial Partners” are banks, payment schemes, card networks and other regulated partners that help us provide the Services. Depending on context, “you” may be a:

  • End User - individual using Gaian’s consumer scan‑and‑pay app.

  • End Customer - individual whose Personal Data we process to facilitate transactions for a Business User (e.g., when paying on a merchant’s site powered by Gaian).

  • Business User - entity integrating our API/SDK or using our dashboards.

  • Representative - individual acting on behalf of a Business User.

  • Visitor - individual browsing our websites without otherwise interacting with the Services.

3. Personal Data We Collect & How We Use It

3.1 End Users (Consumer App)

We collect the following categories of Personal Data when you use the Gaian consumer app:

  • Profile data – such as your name, email address, phone number and profile photo. We use this to set up your account, authenticate you and deliver personalised features.

  • Credentials – a password or OAuth token that lets you log in securely.

  • Transaction data – details about each payment (merchant name, amount, currency, timestamp). We use this to route payments, generate receipts and resolve disputes.

  • Device & usage data – information like IP address, device identifier and in‑app actions. This helps us prevent fraud, analyse performance and improve the Service.

3.2 Business Users & Representatives

We collect company details (business name, registration number, address), KYC/KYB information (government ID, proof of address), and financial data (bank account, settlement preferences) to onboard, verify identity, provide developer credentials, and comply with anti‑money‑laundering obligations.

3.3 End Customers

When you purchase from a merchant that uses Gaian, we process Transaction Data (card PAN, payment token, name, email, shipping details, amount, items purchased) to route payments, prevent fraud, and provide receipts to the merchant.

3.4 Visitors

We collect cookies, log files and similar data to operate our sites, remember preferences, and measure performance.We share Personal Data with Financial Partners, service providers, and as required by law. We do not sell Personal Data.

4. Additional Uses & Disclosures

We may use Personal Data to:

  • Develop new products and features;

  • Send transactional or marketing communications (with consent where required);

  • Protect the security of the Services and our users;

  • Comply with legal, regulatory or audit requirements;

  • Facilitate a business transfer (e.g., merger, acquisition, or asset sale) subject to standard confidentiality safeguards.

Where required by data‑protection law (e.g., GDPR), our processing is based on:

  • Contractual necessity: to fulfil our agreement with you;

  • Legitimate interests: to secure and improve the Services;

  • Consent: for marketing emails or non‑essential cookies;

  • Legal obligation: to satisfy AML/CTF, tax and accounting requirements.

6. Your Rights & Choices

Depending on your jurisdiction, you may have rights to access, correct, delete or port your Personal Data; object to or restrict certain processing; and withdraw consent. To exercise these rights, email [email protected].

7. Cookies & Similar Technologies

We use cookies, device identifiers, and SDK‑stored data to authenticate sessions, prevent fraud, remember preferences, and analyse traffic. You can manage cookies in your browser or mobile OS settings.

8. Security & Retention

We employ administrative, technical and organisational measures-such as TLS encryption, network segregation, least‑privilege access controls, and periodic penetration testing-to protect Personal Data. We retain Personal Data only as long as necessary for the purposes outlined in this Policy and applicable law (typically 7 years for transaction records).

9. International Transfers

Your data may be transferred to and processed in countries other than your own. Where required, we rely on recognised transfer mechanisms such as Standard Contractual Clauses, the UK IDTA, or the ASEAN Model Contractual Clauses.

10. Updates & Notifications

We may update this Policy periodically. Material changes will be announced via website banner or in‑app message at least 14 days before they take effect. The “Last updated” date at the top indicates the effective date.

11. Contact Us

Data Protection Officer

Gaian Network

Email: [email protected]

Last updated