SkenderPay

Privacy Notice

SkenderPay LLC · Last updated 10 June 2026

This Privacy Notice explains how SkenderPay LLC, an Arizona limited liability company, ACC Business ID 25031836 ("SkenderPay", "we", "us" or "our"), collects, uses, discloses, retains and protects personal data in connection with our website, online interfaces, beta pages, pilot environments, communications and related digital services.

Current stage

SkenderPay is currently developing fintech infrastructure. Unless expressly stated in separate service terms, SkenderPay does not provide regulated payment services, money transmission, deposit-taking, banking, custody, exchange, brokerage, investment advice or crypto-asset services. Any future payment, fiat, crypto, merchant, onboarding or transaction-related functionality will be subject to applicable terms, regulatory analysis and, where required, regulated partners.

This Privacy Notice should be read together with our Terms of Use, Cookie Notice and any additional terms that apply to specific beta, pilot, partner or merchant services. Where we rely on consent for a specific processing activity, we will request consent separately where required by applicable law.

Privacy contact: privacy@skenderpay.com · Postal address: [insert registered or principal business address]

1. Scope and roles

This Privacy Notice applies when SkenderPay acts as a data controller for its own website, communications, onboarding, compliance, account-management, security, business-development and administrative activities.

Where SkenderPay processes personal data strictly on behalf of a business customer under a separate data processing agreement, that customer is responsible for determining the purposes and means of processing and for providing its own privacy notice. In those situations, SkenderPay acts as processor and processes personal data in accordance with the customer’s instructions, unless applicable law requires otherwise.

This Privacy Notice applies to users, website visitors, prospective users, merchants, business representatives, partners, service providers, job or contractor applicants, and other persons who interact with SkenderPay.

2. Personal data we may collect

"Personal data" means information relating to an identified or identifiable individual. Depending on how you interact with SkenderPay and which features are made available, we may collect the following categories of personal data:

Contact and identity data

Name, email address, phone number, company, role, country, preferred language and other contact details you provide.

Business and merchant data

Company name, business address, registration details, tax or business identifiers, ownership or control information, authorised representatives and merchant profile information.

Account and pilot data

Login details, account settings, access credentials, user role, onboarding status, beta or pilot participation information, and records of your use of pilot features.

Verification and compliance data

Identification documents, date of birth, nationality, address, beneficial ownership information, sanctions or politically exposed person screening results, adverse media indicators, source-of-funds or source-of-wealth information, and other information required for compliance checks, where applicable.

Transaction or pilot operational data

Where transaction, settlement, internal-credit or merchant pilot features are enabled: transaction references, timestamps, merchant identifiers, amounts, status information, balances, counterparties within the pilot environment and related operational records.

Website, device and log data

IP address, browser type, device type, operating system, language settings, referring URLs, pages viewed, timestamps, clickstream data, error logs, security logs and similar technical information.

Cookie and preference data

Cookie identifiers, consent preferences, language preferences, session information and similar data described in our Cookie Notice.

Communications and support data

Messages, emails, support requests, feedback, survey responses, call notes and records of our communications with you.

Marketing data

Newsletter subscription status, marketing preferences, event participation and engagement with our updates or campaigns.

Legal and regulatory request data

Information contained in lawful requests, correspondence with authorities, dispute records, claims, audit records or internal investigation material.

We do not intentionally request special category personal data, such as health information, biometric data, political opinions, religious beliefs or trade union membership, unless it is necessary for a specific lawful purpose, required by law or provided by you as part of documents submitted to us. If such data is processed, we will apply appropriate safeguards and rely on a lawful basis permitted by applicable law.

3. Sources of personal data

We may collect personal data:

  • from you directly, for example when you contact us, register interest, participate in a pilot, create an account, complete onboarding or send us documents;
  • from your device or browser when you visit our website or use online interfaces;
  • from business customers, merchants, partners or authorised representatives who provide information about their personnel or users;
  • from identity verification, fraud prevention, sanctions screening, analytics, hosting, payment, cloud, security and other service providers, where applicable;
  • from public sources, company registries, sanctions lists, regulatory databases, blockchain analytics sources, adverse media sources and other lawful sources where compliance checks are required.

4. How we use personal data and our legal basis

Where EU, UK or similar data protection rules apply, we rely on one or more legal bases, including performance of a contract or pre-contractual steps, compliance with legal obligations, legitimate interests, consent, and, where necessary and permitted, the establishment, exercise or defence of legal claims. In jurisdictions that do not use this terminology, we process personal data on equivalent lawful grounds permitted by applicable law.

Website operation and security

What we do — Operate the website, maintain sessions, prevent abuse, detect bots, secure systems, troubleshoot errors.

Legal basis — Legitimate interests; legal obligation where applicable.

Responding to inquiries

What we do — Reply to messages, provide support, manage business communications and maintain records.

Legal basis — Legitimate interests; pre-contractual steps; consent where required.

Beta, pilot and account access

What we do — Register users, administer access, manage accounts, operate beta or pilot features and provide related notices.

Legal basis — Contract or pre-contractual steps; legitimate interests.

Merchant and partner onboarding

What we do — Assess prospective merchants, partners or service providers and administer business relationships.

Legal basis — Pre-contractual steps; contract; legitimate interests; legal obligation where applicable.

Verification, AML, sanctions and fraud prevention

What we do — Verify identity or business information, screen against sanctions and risk databases, monitor suspicious activity, prevent fraud or misuse, and meet compliance requirements.

Legal basis — Legal obligation; legitimate interests; public interest or legal claims where permitted.

Pilot operations and transaction records

What we do — Record, reconcile, investigate and support pilot, merchant, internal-credit or settlement-related activity where such features are enabled.

Legal basis — Contract; legitimate interests; legal obligation where applicable.

Service improvement and analytics

What we do — Understand website usage, improve functionality, test features and measure performance.

Legal basis — Legitimate interests; consent for non-essential cookies or analytics where required.

Marketing and updates

What we do — Send newsletters, product updates, event invitations or business-development communications.

Legal basis — Consent; legitimate interests or soft opt-in where permitted. You may opt out at any time.

Legal, audit and corporate purposes

What we do — Maintain legal records, enforce terms, manage disputes, respond to lawful requests, conduct audits or support a corporate transaction.

Legal basis — Legal obligation; legitimate interests; legal claims.

5. Compliance checks and automated tools

Depending on the features used and the applicable regulatory position, SkenderPay may carry out identity, business, sanctions, fraud, AML/CFT, adverse media, blockchain analytics or other risk checks. These checks may be performed by SkenderPay, by a regulated partner, or by specialist service providers.

We may use automated tools to support fraud prevention, sanctions screening, risk scoring, account security and compliance workflows. We do not intend to make decisions based solely on automated processing that produce legal or similarly significant effects unless we provide additional information and rights required by applicable law.

We may refuse, suspend or terminate access to features, request further information, restrict activity, report information to competent authorities or retain records where required or permitted by applicable law, internal policy or regulated partner requirements.

6. Cookies and similar technologies

We use cookies and similar technologies to operate and secure our website, remember preferences, understand website usage and improve our digital services. Non-essential cookies are used only where permitted by applicable law and, where required, after you have given consent.

Further information is available in our Cookie Notice, including the categories of cookies used, their purposes, retention periods and how you can manage your preferences.

7. How we share personal data

We do not sell personal data. We may share personal data where necessary for the purposes described in this Privacy Notice, including with:

  • Service providers: hosting, cloud infrastructure, IT support, cybersecurity, analytics, communication tools, customer support, document management and operational vendors.
  • Verification and compliance providers: KYC, KYB, sanctions screening, fraud prevention, adverse media, blockchain analytics and risk-monitoring providers, where applicable.
  • Payment, banking, PSP or regulated partners: where SkenderPay uses or integrates with regulated partners or service providers for future payment, settlement, merchant or financial-service functionality.
  • Business customers, merchants and partners: where necessary to operate beta, pilot, merchant or partner-supported services and subject to applicable terms.
  • Professional advisers: lawyers, accountants, auditors, insurers, consultants and other professional advisers.
  • Authorities and courts: law enforcement, regulators, courts, tax authorities, sanctions authorities or other competent authorities where required or permitted by law.
  • Corporate transaction parties: potential buyers, investors, lenders, counterparties or advisers in connection with financing, restructuring, merger, acquisition, sale of assets or similar corporate transactions.
  • Affiliates: companies under common ownership or control with SkenderPay, if any, for internal administration and the purposes described in this Privacy Notice.

Third-party platforms, websites or services may process personal data as independent controllers. Their processing is governed by their own privacy notices and terms, not by this Privacy Notice.

8. International transfers

SkenderPay is an Arizona limited liability company. Personal data may be processed in the United States, Switzerland, the European Economic Area, the United Kingdom, Albania or other countries where SkenderPay, its personnel, service providers, partners or infrastructure providers are located.

Where applicable law requires safeguards for international transfers, we use appropriate mechanisms such as standard contractual clauses, adequacy decisions, contractual commitments, technical and organisational safeguards, transfer impact assessments or other lawful transfer mechanisms.

9. Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Notice, unless a longer retention period is required or permitted by law. Retention periods depend on the type of data, the nature of the relationship, legal obligations, limitation periods, dispute risk, security needs and operational requirements.

Website and technical logs

Usually retained for a limited operational period, unless needed for security, fraud prevention, troubleshooting or legal reasons.

Cookie data

Retained according to the duration stated in the Cookie Notice and the cookie preference tool.

Inquiry and communication data

Retained for the period needed to respond and maintain business records, then deleted or archived according to internal retention rules.

Marketing data

Retained until you unsubscribe or withdraw consent, subject to maintaining suppression records to respect opt-outs.

Account, pilot and merchant data

Retained for the duration of the account, pilot or business relationship and then for a period needed for audit, dispute, accounting, legal or compliance purposes.

Verification and compliance data

Retained for the period required or permitted under applicable AML, sanctions, tax, accounting, fraud prevention, regulatory or legal requirements.

Legal and dispute records

Retained as long as necessary for legal claims, investigations, audits, regulatory matters or statutory limitation periods.

When personal data is no longer required, we delete, anonymise or securely archive it. If deletion is not immediately possible, for example because data is stored in backup systems, we restrict further processing until deletion becomes practicable.

10. Data security

We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These may include access controls, encryption where appropriate, secure hosting, logging, monitoring, vendor due diligence, internal policies and staff access restrictions.

No website, network, system or transmission method is completely secure. You are responsible for keeping any account credentials confidential and for notifying us promptly if you suspect unauthorised access or misuse.

11. Your privacy rights

Depending on your location and applicable law, you may have rights in relation to your personal data, including:

  • access to personal data and information about how we process it;
  • correction of inaccurate or incomplete personal data;
  • deletion of personal data, subject to legal retention obligations and exceptions;
  • restriction of processing in certain circumstances;
  • objection to processing based on legitimate interests or direct marketing;
  • withdrawal of consent where processing is based on consent;
  • data portability where applicable;
  • the right not to be subject to certain solely automated decisions where applicable;
  • the right to lodge a complaint with a competent data protection authority.

To exercise rights, contact us at privacy@skenderpay.com. We may need to verify your identity and may request additional information to process your request. We will respond within the period required by applicable law. If we cannot fulfil a request, we will explain the reason unless prohibited by law.

Where SkenderPay acts as processor on behalf of a business customer, we may direct your request to that customer or assist the customer in responding, depending on the applicable contractual and legal framework.

12. Additional information for certain regions

12.1 European Economic Area, United Kingdom and Switzerland

If EU, UK or Swiss data protection laws apply, SkenderPay provides this Notice to explain the identity of the controller, categories of personal data, purposes and legal bases of processing, recipients, international transfers, retention criteria and applicable rights. You may also have the right to complain to your local data protection authority. In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner where applicable. In the United Kingdom, the competent authority is the Information Commissioner’s Office where applicable.

If SkenderPay is legally required to appoint an EU, UK or Swiss representative or data protection officer, we will update this Notice with the relevant details.

12.2 California and other US state privacy laws

SkenderPay does not sell personal information. If we later use personal information in a way that constitutes a "sale", "sharing" for cross-context behavioural advertising, or targeted advertising under applicable US state privacy laws, we will provide the required notices and opt-out mechanisms.

Where applicable US state privacy laws apply to SkenderPay, residents may have rights to know, access, correct, delete, obtain a portable copy of personal information, opt out of certain processing activities and not be discriminated against for exercising privacy rights. These rights may be subject to exceptions and verification requirements.

13. Marketing communications

We may send you marketing communications, newsletters, product updates, event invitations or similar communications where permitted by applicable law. You may unsubscribe at any time by using the unsubscribe link in the message or contacting us at privacy@skenderpay.com. We may continue to send non-marketing communications, such as security notices, administrative messages, service updates or legally required notices.

14. Children

SkenderPay’s website and services are not intended for children or persons under 18 years of age. We do not knowingly collect personal data from children. If we become aware that personal data of a child has been collected, we will take reasonable steps to delete it unless retention is required by law.

15. Changes to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our business, technology, legal requirements or data processing practices. The updated version will be indicated by a revised "Last updated" date. If we make material changes to how we process personal data, we may provide additional notice or request consent where required by applicable law.

16. Contact information

For privacy questions, requests or complaints, please contact:

SkenderPay LLC

Email: privacy@skenderpay.com

Postal address: [insert registered or principal business address]

Website: www.skenderpay.com

Requests from government, regulatory or law enforcement authorities should be sent to support@skenderpay.com or another channel designated by SkenderPay for legal notices.