WeFlow — Privacy Policy

Privacy Policy

Table of Contents:

1. Introduction
1. Personal Data We Collect
1. How We Use Personal Data
1. Legal Bases for Processing
1. Cookies and Tracking Technologies
1. How We Share Personal Data
1. Data Security Measures
1. International Data Transfers
1. Data Retention
1. Your Rights
1. Updates to This Policy
1. Contact Us

1. Introduction

Welcome to WeFlow’s Privacy Policy. This Policy explains how WeFlow (referred to as “We” or “Us”) collects, uses, and protects your personal data when you visit our website or use our crypto payment services. By using WeFlow’s website and services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use immediately. WeFlow’s services are not intended for individuals under 18 years of age; we do not knowingly collect data from children. If we become aware of any personal data collected from a minor under 18, we will take steps to delete such data. We may update this Privacy Policy from time to time, and will notify users of any material changes. Your continued use of our services after updates signifies acceptance of the revised Policy.

2. Personal Data We Collect

WeFlow may collect Personal Data (information that can identify you directly or indirectly) that you provide or that we obtain through your use of our services. The types of personal data we collect include:

Account Information: When you register an account, we collect information such as your name, email address, contact information, and password. If you are registering as a business, we may collect business name, organization details, and relevant contact persons.
Identity Verification Data: To comply with Know Your Customer (KYC) regulations, we may collect identity documents (e.g. passport or ID card), proof of address, date of birth, and, if required, selfies or video for facial verification. This information is used to verify your identity and fulfill anti-money laundering requirements.
Transaction Data: When you use WeFlow to process payments, we collect details of the transactions. This includes cryptocurrency wallet addresses (sender and receiver), transaction IDs, payment amounts, timestamps, and any associated metadata. WeFlow does not store your private keys; those remain under your control at all times.
Financial Information: For payout or settlement purposes, we may collect your bank account details or other payment information if you choose to convert crypto payments to fiat currency.
Technical and Usage Data: We automatically collect certain technical data when you interact with our website or API. This can include your IP address, browser type and version, device identifiers, operating system, referral website, and browsing actions on our site. We also log usage data such as page access times, API calls, and errors, which helps us monitor service performance.
Cookies and Similar Technologies: WeFlow uses cookies and similar tracking technologies on our website to enhance user experience, remember your preferences, and analyze usage. See Section 5 below for more details on our cookie usage.

WeFlow’s Privacy Policy does not apply to anonymized data (data which cannot identify an individual). If we link anonymized data with your personal data such that you can be identified, we treat the combined data as personal data.

3. How We Use Personal Data

WeFlow processes your personal data for the following purposes:

Providing and Improving Services: We use account and transaction data to provide our crypto payment gateway services to you, including processing payments, issuing invoices, and enabling payouts. Personal data allows us to maintain and improve our platform’s functionality, perform troubleshooting, and personalize your experience. For example, usage data helps us analyze and enhance the user interface and service performance.
User Support and Communications: Contact information (such as email) is used to communicate with you about your account, provide customer support, send technical or security notices, and inform you of updates or changes to our services. If you subscribe to our newsletters or marketing updates, we will use your contact details to send those (you can opt-out at any time).
Identity Verification and Compliance: WeFlow processes personal data to comply with legal obligations, especially KYC/AML regulations. Identity documents and verification information are used to confirm your identity and screen for fraud or illicit activity. We may use third-party identity verification services (e.g. Onfido) to assist with this process, in which case we share necessary data with those providers (see Section 6). This helps ensure our platform is not used for money laundering or other prohibited activities.
Fraud Prevention and Security: WeFlow may process data (such as device information and transaction patterns) to detect and prevent fraudulent or unauthorized activities. For example, we might use automated systems to flag suspicious login attempts or crypto transactions from blacklisted addresses (with the help of blockchain analytics tools like Chainalysis). This processing is necessary to protect the security and integrity of our services and our users.
Analytics and Statistical Purposes: We use aggregated usage data and cookies to understand how our users interact with our website and services. This helps us perform analytics, such as measuring the number of visitors, popular features, and user flow. These insights allow WeFlow to improve our offerings and develop new features. Where possible, we use anonymized or aggregated data for analytics to avoid identifying any individual user.
Legal and Regulatory: We may process and retain personal data as needed to fulfill our legal obligations (such as financial reporting, audits, tax requirements) or to establish, exercise, or defend legal claims.

WeFlow will not sell your personal data to third parties for monetary gain. We only use your data for the purposes stated in this Policy and as allowed by law.

4. Legal Bases for Processing

When we process personal data from individuals in certain jurisdictions (such as the European Economic Area), we rely on recognized legal bases under applicable data protection laws (e.g., GDPR):

Performance of a Contract: Much of our data processing is necessary to provide the WeFlow services you request – for example, using your details to set up an account and process transactions. This is considered processing needed to perform our contract with you.
Legal Obligation: Some processing is required to comply with laws or regulations, such as KYC/AML checks (identity verification) and record-keeping for financial regulations.
Legitimate Interests: WeFlow may process data for the purposes of our legitimate interests, such as improving our services, preventing fraud, and securing our platform. When we rely on this basis, we ensure that our interests are not overridden by your data protection rights.
Consent: WeFlow will seek your consent in situations where it’s required. For instance, if we ever want to use your personal data for a new purpose not described in this Policy, or if local law mandates consent for certain data types or communications, we will obtain your consent. You have the right to withdraw consent at any time, which will not affect the lawfulness of processing before withdrawal.

5. Cookies and Tracking Technologies

WeFlow uses cookies, web beacons, and similar technologies on our website to collect information about your browsing activities. Cookies are small text files placed on your device that help the site function and provide analytics info. We use cookies to remember your language preferences, login sessions, and to understand how users navigate our site.

WeFlow may use both session cookies (which expire when you close your browser) and persistent cookies (which remain for a set period or until deleted). These cookies might be categorized as:

Necessary Cookies: Required for the operation of the website (e.g., to keep you logged in or for shopping cart functionality).
Analytics Cookies: To collect information on website usage (pages visited, time on page, etc.) so we can improve user experience. We may use third-party analytics services that set their own cookies, such as Google Analytics.
Functional Cookies: To remember preferences and enhance personalization (e.g., your preferred currency or dark mode).
Advertising Cookies: (If applicable) to track browsing habits and show you relevant ads. Note: Currently, WeFlow’s site does not display third-party ads, so these cookies are limited.

You can control or delete cookies through your browser settings. However, please note that blocking certain cookies might impact your experience with our services (for example, some pages might not function properly without necessary cookies).

6. How We Share Personal Data

WeFlow respects your privacy and does not disclose your personal data to third parties except in the limited cases described here:

Service Providers: WeFlow shares necessary personal data with trusted third-party service providers who perform functions on our behalf. For example, we use identity verification providers like Onfido to conduct KYC checks, and blockchain monitoring services like Chainalysis to assist with AML compliance. These providers will receive only the information needed to provide their services (such as identification info for KYC) and are contractually obligated to protect your data and use it only for our specified purposes. We may also use cloud hosting providers, email delivery services, analytics tools, and customer support platforms that process data on our behalf.
Affiliates: If WeFlow is part of a corporate group, we may share data with our affiliates or subsidiaries as necessary to operate the service (subject to the same privacy protections).
Business Transfers: In the event of a merger, acquisition, financing due diligence, restructuring, bankruptcy, or sale of all or part of our assets, your data may be transferred to a successor or affiliate as part of that transaction. We would ensure the receiving party is bound to respect your personal data in line with this Policy.
Legal Compliance and Protection: We may disclose personal data if required to do so by law or in response to valid requests by public authorities (e.g., law enforcement or regulatory agencies). WeFlow may also disclose information if we believe in good faith that such action is necessary to comply with a legal obligation, to protect our rights or property, to investigate fraud, or to protect the safety of our users or the public.
With Consent: In cases where you have provided explicit consent for us to share your information with a third party, we will do so in accordance with that consent. For instance, if you opt-in to a partnership feature or referral program that involves sharing data, we will clarify what information will be shared and with whom, and proceed with your permission.

WeFlow does not sell personal information to third-party companies. We also do not share personal data with advertisers or marketers without your consent.

7. Data Security Measures

WeFlow takes the security of your personal data seriously. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: Sensitive data transmitted between your browser and our servers (and between our servers and third parties) is encrypted using Transport Layer Security (TLS). This helps protect your information from being intercepted. WeFlow also encrypts personal data at rest where appropriate (e.g., encrypting database fields containing personal identifiers).
Access Controls: We restrict access to personal data to authorized personnel who need it to operate our services. Our employees and contractors are bound by confidentiality obligations. We utilize role-based access controls and authentication mechanisms (including 2FA for administrative access) to prevent unauthorized access to systems where personal data is stored.
Security Testing and Audits: WeFlow’s platform undergoes regular security assessments. We employ tools to monitor for vulnerabilities and may engage third-party security experts to conduct penetration testing. We also maintain audit logs of key activities on our systems to detect any irregularities.
Network and Infrastructure Security: Our servers are protected by firewalls, and we employ anti-DDoS and intrusion detection systems. We keep our software and infrastructure updated with the latest security patches. For cryptocurrency transactions, WeFlow uses secure APIs and does not hold custody of private keys, reducing risk. Funds received on your behalf are immediately forwarded to your designated wallet or converted per your instructions, so we minimize holding sensitive crypto assets.
Training and Policies: WeFlow ensures that employees are trained in data protection best practices and understand the importance of safeguarding personal data. We have internal policies in place to handle data securely and respond to potential security incidents.

Despite our efforts, no security measure is 100% infallible. In the event of a data breach that affects your personal data, WeFlow will act promptly to contain the incident and will notify affected users and relevant authorities as required by law.

8. International Data Transfers

WeFlow operates globally, which means your personal data may be transferred to and processed on servers located in countries outside of your home jurisdiction. For example, if you are located in the EU or Asia, your data might be processed in the United States or other regions where our service providers are based. WeFlow will ensure adequate safeguards when transferring personal data internationally. This includes using standard contractual clauses or other lawful transfer mechanisms, as applicable, to protect your information.

WeFlow will not transfer your personal data to any country or organization unless adequate controls are in place to protect it. These controls include data protection laws that are deemed sufficient by relevant regulatory authorities or binding agreements that uphold privacy principles. We also consider whether the receiving party has certified to frameworks like the EU-US Data Privacy Framework (where relevant).

If you have questions about international data transfers or need more information about the safeguards we apply, please contact us (see Section 12).

9. Data Retention

WeFlow retains personal data only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. In general:

Account Information: We retain your account data as long as you maintain an account with WeFlow. If you deactivate or request deletion of your account, we will delete or anonymize your personal data within a reasonable period after your request, except for data we are obligated to keep for legal compliance.
Transaction Records: We keep records of transactions and related data for a period required by financial regulations and our internal compliance. Typically, this might be at least 5-7 years, to comply with anti-money laundering laws and audits. After the retention period, we either delete the data or anonymize it for statistical purposes.
KYC Data: Identity verification data is retained as long as you are our customer and for a certain period after (to comply with KYC/AML regulations). This retention is necessary to assist with any investigations and to meet record-keeping rules.
Technical Logs: Short-term server logs and analytics data may be kept for a shorter duration (often 6-12 months) unless used for security analysis. We may store aggregated analytic information (which is non-personal) for longer to track long-term performance trends.

When we no longer have a legitimate need or legal obligation to retain your personal data, we will securely dispose of it. This may involve irreversible anonymization or secure deletion from our systems and backups.

10. Your Rights

Depending on the jurisdiction you are in and applicable data protection laws, you may have certain rights regarding your personal data. WeFlow is committed to honoring these rights, which may include:

Access: You have the right to request a copy of the personal data we hold about you, as well as information on how we process it. We will provide this data except where doing so would adversely affect the rights of others or is not required by law.
Rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct it. We encourage you to keep your account information up-to-date, and you can make many changes through your account settings or by contacting support.
Deletion: You may have the right to request deletion of your personal data (the “right to be forgotten”). Upon your request, we will erase your personal data that we are not legally required or otherwise permitted to retain. Note that due to anti-money laundering laws, we cannot immediately delete certain transactional or KYC data even if you close your account, but we will remove non-essential data wherever possible.
Objection to Processing: You have the right to object to our processing of your personal data when we process it based on legitimate interests. If you raise an objection, we will consider whether our legitimate grounds for processing outweigh your privacy rights. Where we process data for marketing purposes, you can always object and opt-out from marketing communications (e.g., by unsubscribing from emails).
Restriction of Processing: You can request that we restrict processing of your personal data in certain circumstances – for example, while we verify the accuracy of data you contested or in lieu of deletion if you need the data preserved for legal claims.
Data Portability: For data that you have provided to us and which we process by automated means based on consent or contract, you have the right to request a portable copy in a commonly used format. WeFlow can provide such data (for example, basic account details and transaction history) in a machine-readable format upon request.
Withdraw Consent: If we rely on your consent to process personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing done before your withdrawal. For instance, you can opt-out of marketing emails by withdrawing your consent to receive them.

To exercise any of these rights, please contact us using the contact information in Section 12. We will respond to your request in accordance with applicable law, typically within 30 days. Please note that we may need to verify your identity before fulfilling certain requests to ensure the security of your data. Additionally, some rights may be limited where we have an overriding legitimate interest or legal obligation to continue processing your data.

11. Updates to This Policy

WeFlow may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. When we update the Policy, we will revise the “Last Updated” date at the top. If the changes are significant, we may provide a more prominent notice (such as by email notification or a banner on our site) to inform you of the update.

Please review this Privacy Policy regularly to stay informed about how WeFlow is protecting your information. Your continued use of our website or services after any update constitutes your acceptance of the revised Policy, to the extent permitted by law. If you do not agree to the updated terms, you should stop using our services and may request deletion of your data as outlined in Section 10.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, you can contact WeFlow’s data protection team at:

Email: privacy@weflow.cc (or support@weflow.cc)

WeFlow is committed to protecting your privacy and will address any issues to the best of our ability. If you are not satisfied with our response and you are in a region with a data protection authority, you may have the right to lodge a complaint with your local data protection supervisory authority.