1. Who We Are

Apex Advisory Group Ltd (“CyberPay”, “we”, “us”) is incorporated in Seychelles and operates CyberPay.link, including CyberPay-enabled checkouts used by Merchants and Buyers. This Privacy Policy explains how we process personal data when you interact with our website, cashier/checkout pages, APIs, and related services (the “Service”).

2. When We Collect Data

We may collect data when:

• a Merchant onboards, integrates, or uses the Service;
• a Buyer uses a CyberPay-enabled checkout/cashier page;
• we create an Account automatically for a Buyer to process a Transaction;
• you communicate with support;
• we conduct compliance screening or risk reviews; or
• you otherwise interact with our website, APIs, or services.

3. Categories of Data We Collect

We may collect:

• Identity & Contact Data: name, email, phone, address, DOB, ID details (where required).
• Merchant KYB Data: company details, directors, beneficial owners, corporate documents.
• Transaction & Payment Data: amounts, currencies, payment method, confirmations, settlement refs, order IDs.
• Crypto/Blockchain Data: wallet addresses, transaction hashes, network metadata (where applicable).
• Technical & Device Data: IP address, device identifiers, browser data, session integrity signals.
• Compliance Data: KYC/KYB results, sanctions/PEP screening outcomes, adverse media indicators.
• Communications: support tickets, correspondence, call logs (where permitted).

4. Purposes of Processing

We process data to:

• provide payment facilitation, routing, and settlement;
• execute on-ramp/off-ramp and related conversion flows;
• conduct AML/CFT and sanctions screening;
• prevent fraud, bots, abuse, and account takeover;
• manage disputes, Chargebacks (where they occur via rails), and evidence;
• comply with legal and regulatory obligations;
• enforce our Terms of Use and policies; and
• maintain audit trails and operational integrity.

5. Legal Bases

Depending on jurisdiction, we process data on the basis of:

• Contractual necessity (to provide the Service / process Transactions),
• Legal obligation (AML/CFT, sanctions, record keeping),
• Legitimate interests (fraud prevention, security, dispute defence), and/or
• Consent (where required for certain cookies/marketing).

6. Sharing and Disclosures

We may share data with:

• Banks, PSPs, Acquirers, APM Providers, EMIs, VASPs, Liquidity Providers
• Compliance/Fraud Vendors and infrastructure providers
• Merchants (payment confirmations, dispute evidence, reconciliation refs)
• Professional advisers (lawyers, auditors, consultants)
• Regulators / Law Enforcement where required or appropriate

We may disclose information to contest Chargebacks/disputes, respond to lawful requests, or protect the Service.

7. Cross-Border Transfers

CyberPay operates internationally. Data may be processed in multiple jurisdictions. Where required, we apply appropriate safeguards for cross-border transfers.

8. Retention

We retain data as long as necessary for processing, AML/CFT compliance, dispute handling, legal obligations, risk management, and audit. Retention may be extended to establish, exercise, or defend legal claims.

9. Your Rights

Depending on applicable law, you may have rights of access, correction, deletion, restriction, portability, and objection. These rights may be limited where processing is required for AML/CFT obligations, fraud prevention, legal compliance, or dispute defence.

10. Security

We implement reasonable technical and organisational measures designed to protect personal data. No system is completely secure.