Global Privacy Policy for PayJSR This Privacy Policy explains how PayJSR collects, uses, stores, protects, shares, transfers and retains personal information, business information, transaction data, device data, security data, compliance data and payment metadata when people use the PayJSR website, dashboard, hosted checkout, payment links, customer portal, seller tools, buyer tools, APIs, developer tools, commerce tools, billing tools, subscription tools, artificial intelligence features, provider connections, risk tools, dispute tools, payout workflows, documentation and any related products, services, software or infrastructure made available under the PayJSR brand.
PayJSR is designed as software as a service, commerce infrastructure, billing infrastructure, hosted checkout infrastructure and payment orchestration infrastructure. PayJSR is not designed to collect, store or process full card numbers, full card security codes, PINs, full magnetic stripe data, full EMV chip data or sensitive authentication data on PayJSR servers. Where card, wallet, bank, mobile money or payment credentials are required for a transaction, PayJSR is designed to use approved payment providers, gateways, processors, acquirers, banks, wallets, open banking providers, mobile money providers, tokenization services, hosted payment components, secure payment pages or provider-managed vaults. PayJSR may store provider tokens, payment method references, transaction identifiers, authorization identifiers, customer identifiers, last four digits, card brand, expiry metadata, billing metadata, risk metadata, provider response data, webhook data, checkout status, refund status, dispute status, settlement status and reconciliation metadata needed to operate the platform.
This Privacy Policy is one of the five core PayJSR legal documents and should be read together with the PayJSR Terms of Service, the PayJSR Commerce & Supplier Addendum, the PayJSR Buyer Terms, Buyer Protection, Refund, Delivery & Dispute Policy, the PayJSR Payment Orchestration Documentation, product-specific checkout disclosures, provider rules, payment network rules, regional terms and any separate written agreement or notice provided by PayJSR.
1.PayJSR entities and privacy roles
The PayJSR platform is built, owned, licensed or controlled through JSR Technologies, LLC, a Delaware limited liability company with file number 10508370 and registered office at 131 Continental Dr, Suite 305, Newark, Delaware 19713, United States. JSR Technologies, LLC owns or licenses the PayJSR technology, software, APIs, platform infrastructure, intellectual property, product architecture, documentation, workflows and related technical systems.
PayJSR (Pty) Ltd is a South African private company with registration number 2025/759018/07 and tax number 9172095292, with registered office at 11 Arundel Road, West Beach, Cape Town, Western Cape, 7441, South Africa. PayJSR (Pty) Ltd operates independently as a regional operating company for approved PayJSR operations, South African managed commerce operations, local commercial activities and related regional workflows where enabled and permitted.
Depending on the service, country, transaction, account, product, provider, data flow and legal context, a PayJSR entity may act as an independent controller, responsible party, operator, processor, service provider, technology provider, commerce operator, merchant of record or similar role under applicable privacy and data protection laws. Sellers, suppliers and connected businesses may also act as independent controllers or responsible parties for their own product data, customer data, marketing data, customer support data, employee data, contractor data, uploaded content and buyer communications. Where PayJSR processes personal information on behalf of a seller under documented instructions, PayJSR may act as a processor, operator or service provider for that processing activity. Where PayJSR determines why and how personal information is processed for PayJSR account creation, checkout, security, fraud prevention, risk review, provider routing, legal compliance, receipts, refunds, delivery evidence, disputes, chargebacks, tax records, platform analytics, platform safety or PayJSR Commerce operations, PayJSR may act as an independent controller or responsible party.
2.Scope of this Policy
This Policy applies to sellers, suppliers, buyers, customers, users, developers, visitors, account owners, directors, beneficial owners, representatives, employees, contractors, support users, API users and other people whose personal information is processed through PayJSR.
This Policy applies to PayJSR websites, dashboards, hosted checkout pages, checkout sessions, payment links, order pages, seller tools, buyer accounts, customer portal, APIs, developer tools, provider connections, product tools, billing tools, subscription tools, AI features, support channels, fraud and risk tools, refund and delivery workflows, dispute workflows, communications and related platform operations.
This Policy does not replace the privacy policies of sellers, suppliers, payment providers, banks, wallets, card networks, couriers, advertising platforms, social media platforms, cloud providers or other third parties. Those third parties may process personal information under their own terms, privacy notices, regulatory obligations and provider rules.
3.Information PayJSR collects
PayJSR may collect and process account information, including name, email address, phone number, password or authentication credentials, account role, company name, store name, legal entity details, address, country, language, dashboard settings, account status, support preferences and communication preferences.
PayJSR may collect seller and supplier verification information, including identity information, business registration information, beneficial ownership information, director information, tax information, payout information, bank account details, provider account details, websites, social media pages, product descriptions, supplier contracts, invoices, proof of stock, proof of fulfilment, proof of licensing, proof of authorization, support records, transaction history and any information required for KYC, KYB, AML, sanctions, fraud, product approval, category approval, provider-route approval, payout approval, tax review or risk review.
PayJSR may collect buyer and customer information, including name, email address, phone number if provided, billing details, shipping details, order number, checkout session ID, product ID, seller ID, customer account details, receipt details, customer portal activity, support messages, refund requests, delivery confirmations, access confirmations, return information, dispute records, subscription status and communications.
PayJSR may collect transaction, commerce and payment metadata, including amount, currency, product type, checkout status, payment method type, provider name, provider reference, authorization reference, settlement status, refund status, dispute status, chargeback status, payout status, fees, tax metadata, ledger reference, risk score, device signals, IP address, timestamps, webhook events, routing decisions and reconciliation data.
PayJSR may collect provider tokens and payment references, including payment method tokens, customer tokens, authorization tokens, provider customer IDs, provider payment IDs, last four digits, card brand, expiry metadata, payment method type and token status. PayJSR uses these references to operate checkout, subscriptions, authorized recurring billing, refunds, reconciliation, customer portal, chargeback responses, provider routing and payment orchestration. PayJSR does not use provider tokens to reconstruct, reveal or store full card numbers.
PayJSR may collect device, technical and usage data, including IP address, browser type, device type, operating system, language, approximate location derived from technical signals, pages viewed, clicks, session identifiers, login events, API requests, webhook delivery logs, error logs, fraud signals, rate limits, cookies, pixels, local storage identifiers and similar technical records.
PayJSR may collect product, content and AI-related data, including product pages, sales pages, uploaded files, product descriptions, images, videos, pricing, stock data, delivery terms, refund terms, cancellation terms, subscription terms, messages, prompts, AI-generated drafts, customer communications, support notes and other content created, uploaded, processed or transmitted through PayJSR.
PayJSR may collect refund, delivery, evidence and support data, including screenshots, photos, videos, courier records, tracking numbers, proof of shipment, proof of delivery, delivery confirmations, return records, access logs, download logs, license activation logs, login records, customer support messages, live chat records, refund policy acceptance, subscription authorization, buyer communications, seller responses and internal review notes.
4.Payment credentials, provider tokens and card data
PayJSR is designed to avoid direct storage of sensitive card data on PayJSR servers. Unless PayJSR expressly states otherwise in writing, PayJSR does not store full card numbers, full CVV or CVC codes, full magnetic stripe data, full EMV chip data, PIN data, PIN blocks or sensitive authentication data.
When a buyer enters payment information at checkout, the payment data may be collected by an approved provider through hosted payment fields, embedded provider components, redirect checkout, secure payment pages, wallet flows, open banking interfaces, mobile money interfaces, tokenization services or provider-managed vaults. The provider may return to PayJSR a token, reference, status message, last four digits, card brand, expiry metadata, payment method type, authorization ID, customer ID or other transaction metadata needed to operate the platform.
PayJSR may store provider tokens and references because they are necessary to support subscriptions, recurring billing where authorized, refunds, reconciliation, dispute handling, customer portal functions, routing, fraud review, provider reporting and operational support. Those tokens are not intended to be card numbers, bank account credentials, stored value or a PayJSR financial account. PayJSR does not sell payment tokens and does not use them outside legitimate platform operations.
Sellers, suppliers, developers and buyers must not send full card numbers, CVV codes, bank credentials, PINs, authentication data or other restricted payment data to PayJSR through email, chat, support tickets, documents, API fields, metadata fields, product descriptions or unapproved interfaces. If PayJSR receives restricted payment data improperly, PayJSR may delete, mask, quarantine, secure or report it, and may suspend access or require remediation.
PayJSR may require sellers and connected businesses to use only approved provider integrations, tokenized payment flows, secure checkout components, encrypted transport, access controls, API key security, webhook signing, least-privilege permissions and other controls required by provider rules, card network rules, PCI DSS obligations and PayJSR security standards.
5.Why PayJSR uses information
PayJSR may process personal information and related data to create and manage accounts, verify users, authenticate logins, operate dashboards, create products, host checkout pages, process orders, send receipts, create buyer accounts, operate the customer portal, support subscriptions, provide product access, route transactions, connect providers, normalize webhooks, maintain ledger records, show balances, support payouts, reconcile settlements, calculate fees, handle taxes, process refunds, manage delivery evidence, respond to disputes, manage chargebacks, detect fraud, monitor risk, enforce product approval rules, prevent prohibited activity, provide customer support, improve platform functionality, maintain security, comply with law, cooperate with providers and protect PayJSR, buyers, sellers, suppliers, providers, banks, networks and the platform. PayJSR may use information to perform KYC, KYB, sanctions screening, fraud checks, transaction monitoring, velocity checks, device checks, provider review, product review, category review, compliance review, tax review, payout review, refund review, delivery review, evidence review and account monitoring.
PayJSR may use information to communicate with users, including sending account notices, receipts, order confirmations, support messages, security alerts, refund notices, delivery notices, dispute notices, chargeback notices, payout notices, tax requests, provider notices, policy updates, legal notices and operational messages.
PayJSR may use aggregated, anonymized or de-identified information to analyze platform performance, approval rates, checkout conversion, product categories, provider performance, fraud trends, refund trends, dispute ratios, delivery performance, service quality and platform reliability. PayJSR will not intentionally use anonymized or de-identified data to identify an individual unless needed for security, fraud prevention, legal compliance or abuse investigation.
6.Legal bases for processing
Where applicable data protection law requires a legal basis, PayJSR may rely on one or more of the following bases:
performance of a contract, steps taken before entering into a contract, compliance with legal obligations, legitimate interests, consent, protection of rights, defence of legal claims, public interest where required by law, or another lawful basis available under applicable law.
Contractual processing includes account creation, checkout, product access, receipts, customer portal, subscriptions, support, refunds, delivery evidence, disputes, provider routing, settlement records, payout workflows, API services and platform operations.
Legal obligation processing includes tax records, accounting records, AML controls, sanctions screening, KYC/KYB checks, provider obligations, card network rules, payment network rules, court orders, regulator requests, law enforcement requests and mandatory consumer protection obligations.
Legitimate interest processing includes fraud prevention, platform security, risk monitoring, dispute evidence, chargeback defence, abuse prevention, service improvement, provider protection, debt recovery, enforcement of terms, product review, business analytics and communications necessary to operate a safe commerce infrastructure platform.
Consent-based processing may apply to optional marketing, optional cookies, optional promotional communications, certain sensitive data if ever required, or other processing activities where applicable law requires consent. Users may withdraw consent where the processing is based on consent, but withdrawal does not affect processing already performed or processing that PayJSR must continue for contract, legal, risk, fraud, security, accounting, tax, dispute or provider reasons.
7.How PayJSR shares information
PayJSR may share personal information, business information, transaction data and metadata with payment providers, gateways, processors, acquirers, banks, wallets, mobile money providers, open banking providers, payout providers, card networks, fraud providers, identity verification providers, KYC providers, KYB providers, sanctions screening providers, tax providers, accounting providers, cloud hosting providers, email providers, SMS providers, communications providers, analytics providers, customer support tools, courier or delivery providers, legal advisors, auditors, insurers, collection providers, regulators, courts, law enforcement, tax authorities and other service providers or partners where necessary to operate PayJSR.
PayJSR may share buyer information with sellers or suppliers where necessary to fulfil orders, provide product access, ship physical products, provide customer support, process refunds, respond to disputes, verify delivery, prevent fraud, comply with product terms or meet legal obligations. Sellers and suppliers must use buyer information only for lawful fulfilment, support, compliance, refund, delivery, dispute and approved business purposes.
PayJSR may share seller or supplier information with providers, banks, networks, KYC/KYB providers, regulators, tax authorities and compliance partners where necessary for onboarding, product approval, risk review, provider approval, settlement, payout, refund, dispute handling, chargeback response, AML, sanctions, tax compliance, audit, investigation or legal defence.
PayJSR may share information between JSR Technologies, LLC, PayJSR (Pty) Ltd, future PayJSR regional entities, affiliates, service providers, contractors and approved partners where necessary to provide the platform, operate regional services, support users, manage risk, comply with law, maintain security and enforce agreements. Each PayJSR entity remains responsible only for the services, obligations and processing activities it controls or accepts, unless mandatory law requires otherwise.
8.Provider integrations and third-party services
PayJSR depends on approved third-party providers to support payment acceptance, payment method tokenization, provider routing, settlement records, fraud controls, KYC/KYB, messaging, hosting, analytics, customer support, delivery evidence and related operations. These providers may process personal information under their own terms, privacy policies, security requirements and regulatory obligations.
PayJSR expects providers and service providers to maintain appropriate security, confidentiality, access control, data protection, incident response and compliance measures. Where required, PayJSR may enter into data processing agreements, service provider agreements, provider terms, confidentiality agreements, security addenda or similar arrangements.
PayJSR may change, add, remove, disable or route away from providers where necessary for compliance, risk, security, availability, performance, pricing, provider requirements, legal requirements or business operations.
9.Seller and supplier privacy responsibilities
Sellers and suppliers are responsible for the privacy notices, lawful basis, consents, disclosures and permissions required for their own products, buyers, customers, marketing, customer support, uploaded data, employee data, contractor data, fulfilment data and communications.
Sellers and suppliers must not upload, transmit, sell, disclose or process personal information through PayJSR unless they have the lawful right to do so. They must not use PayJSR to process unlawful data, stolen data, unauthorized marketing lists, scraped personal information, sensitive personal information without lawful basis, children's data without required permissions, prohibited content, card data outside approved provider interfaces or data that violates PayJSR rules.
Sellers and suppliers must provide clear product disclosures, support contacts, refund rules, delivery information, subscription terms and privacy disclosures where required. Sellers and suppliers must cooperate with PayJSR in privacy requests, buyer support, delivery review, disputes, fraud investigations, provider reviews, regulator requests and deletion or correction requests where applicable.
10.Buyer privacy and Customer Dashboard
A valid email address may be required for PayJSR Commerce checkout transactions. PayJSR may use that email address to send receipts, order confirmations, product access instructions, customer account links, password creation links, refund updates, delivery updates, dispute updates, support messages and security notices.
The PayJSR Customer Dashboard may allow a buyer to view order history, receipts, digital products, subscription status, support history, refund requests, delivery status, dispute records, seller information and product access. PayJSR may connect purchases made with the same verified email address to a single buyer account, subject to identity, security and privacy controls.
PayJSR may keep buyer support, refund, delivery and dispute communications inside the dashboard to preserve evidence, reduce fraud, reduce chargebacks, protect buyers, support sellers and maintain an audit trail for providers, banks, networks, regulators and courts where necessary.
11.Product-specific checkout, refund and delivery data
PayJSR may process information connected to product-specific checkout disclosures, refund rules, delivery rules, cancellation terms, subscription terms, access terms and category-specific requirements. Product-specific terms may differ by product type, supplier, country, provider, payment method, delivery method and risk level.
For digital products, PayJSR may process access links, download logs, license activation records, login events, IP/device data, timestamps, support messages and usage evidence to verify whether access was delivered and whether a refund or dispute is eligible.
For physical products, PayJSR may process stock evidence, shipping details, courier records, tracking numbers, proof of shipment, proof of delivery, buyer delivery confirmation, return records, damage evidence, photos, videos and packaging evidence to support delivery, refunds, disputes, chargebacks and payout decisions.
For services, subscriptions and recurring billing, PayJSR may process service descriptions, start dates, billing frequency, renewal terms, authorization records, cancellation requests, trial terms, support history, usage records and customer communications.
12.Cookies, pixels and analytics
PayJSR may use cookies, pixels, local storage, session identifiers, device identifiers, analytics tools and similar technologies to operate websites, remember sessions, authenticate accounts, protect checkout, prevent fraud, measure performance, debug errors, improve the user experience, support marketing attribution, understand traffic and maintain security.
Some cookies and technologies are necessary for website, checkout, account, security, fraud prevention and platform operations. Optional analytics, marketing or advertising cookies may be subject to consent or preference controls where required by applicable law.
Sellers who use PayJSR tools to connect advertising pixels, analytics tags, server-side events or marketing integrations must comply with applicable privacy, cookie, advertising, consumer protection and electronic communications laws. Sellers must not use PayJSR to send false events, unauthorized tracking data or misleading conversion data.
This section is intended to operate as PayJSR's cookie and tracking notice for general platform use unless PayJSR publishes a separate cookie notice for a particular country, feature or website.
13.Artificial intelligence and automation data
PayJSR may provide AI-assisted tools, automation tools, product creation tools, sales page builders, support tools, routing suggestions, risk insights, marketing assistance and operational prompts. Data entered into AI tools may be processed to generate, edit, classify, summarize, analyze, route or improve platform workflows.
Sellers are responsible for reviewing and approving AI-assisted content before publishing or sending it. PayJSR may restrict or remove AI-assisted content where it may be illegal, misleading, high risk, infringing, deceptive, harmful, prohibited or non- compliant.
PayJSR does not use AI tools as a substitute for required legal, tax, privacy, consumer, payment, provider, product or professional review. PayJSR may use human review where necessary for fraud, security, safety, support, compliance, dispute handling or quality control.
14.International data transfers
PayJSR operates globally through separate legal entities, providers, cloud services, payment providers, support tools, compliance providers and regional arrangements. Personal information may be processed in South Africa, the United States, Mozambique, the European Economic Area, the United Kingdom or other countries where PayJSR, providers or service providers operate.
Where required, PayJSR may use appropriate safeguards for international transfers, including contractual protections, data processing agreements, standard contractual clauses, provider terms, regional terms, adequacy mechanisms, transfer risk assessments, security measures, encryption, access controls, minimization, pseudonymization or other lawful transfer mechanisms.
Users understand that cross-border commerce may require cross-border processing of personal information, payment metadata, transaction records, provider references, support records, delivery evidence and compliance records.
15.Data retention
PayJSR retains personal information and related records only as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law, provider rules, tax obligations, accounting rules, payment network rules, AML requirements, sanctions requirements, fraud prevention, dispute handling, chargeback windows, legal claims, audit, security, regulatory requests or platform protection.
PayJSR may retain transaction records, receipts, order data, payment metadata, provider references, refund records, delivery records, dispute records, chargeback evidence, ledger entries, payout records, tax records, KYC/KYB records, account logs, support records and security logs for as long as reasonably necessary to defend legal claims, satisfy provider requirements, support audits, prevent fraud, protect the platform and comply with mandatory obligations.
PayJSR may delete, de-identify, aggregate or anonymize data when it is no longer required for the purposes for which it was collected, subject to lawful retention requirements.
16.Security measures
PayJSR uses administrative, technical and organizational measures designed to protect personal information, business information, transaction records, provider tokens, API credentials and platform systems against unauthorized access, loss, misuse, alteration, disclosure or destruction.
Security measures may include encrypted transport, access controls, least-privilege permissions, authentication controls, password controls, optional multi-factor authentication, API key restrictions, webhook signing, logging, monitoring, vulnerability management, secure development practices, provider tokenization, cloud security controls, backups, incident response procedures, employee and contractor access limitations, confidentiality obligations and vendor review.
PayJSR does not guarantee that any system is completely secure. Users must protect their own accounts, passwords, devices, API keys, webhooks, integrations, email accounts and access permissions. Users must notify PayJSR promptly if they suspect unauthorized access, credential compromise, API key exposure, fraudulent activity, data leakage or misuse.
17.PCI, tokenization and payment data security
PayJSR's payment architecture is designed to reduce payment data risk by using approved providers, hosted payment components, secure provider interfaces, provider tokenization and provider-managed vaults where supported. PayJSR does not intentionally store full card numbers or CVV/CVC codes on PayJSR servers.
PayJSR may store non-sensitive payment metadata and provider references needed for platform operation, including tokenized payment references, provider IDs, payment method type, last four digits, brand, expiry metadata, authorization status, settlement status, refund status, dispute status and reconciliation records.
PayJSR expects sellers, suppliers, developers and connected businesses to comply with applicable PCI DSS responsibilities, provider security terms, card network rules, API security requirements and PayJSR security instructions. If a seller or developer collects, stores, transmits or processes payment credentials outside approved provider flows, that seller or developer may create additional PCI DSS obligations and may be suspended or terminated.
18.Data processing terms for sellers and partners
This section is intended to provide embedded data processing terms for sellers, suppliers, developers and business partners using PayJSR. If PayJSR and a seller or partner sign a separate data processing agreement, that signed agreement may supplement or override this section for the covered processing activity.
When PayJSR processes personal information on behalf of a seller as processor, operator or service provider, PayJSR will process the information only for the purposes of providing PayJSR services, following documented instructions to the extent required by applicable law, protecting the platform, complying with law, supporting providers, handling disputes and maintaining security.
PayJSR may use subprocessors and service providers to provide hosting, payment orchestration, provider integrations, fraud detection, KYC/KYB, customer support, analytics, messaging, tax, accounting, delivery evidence and security functions. PayJSR will require appropriate confidentiality, security and data protection commitments where required by applicable law. Sellers remain responsible for determining whether they need additional privacy notices, consents, lawful bases, data processing agreements, transfer mechanisms or customer disclosures for their own products, marketing, fulfilment, support and use of PayJSR.
19.Data incidents and breach response
If PayJSR becomes aware of a security incident affecting personal information, PayJSR may investigate, contain, mitigate, preserve evidence, notify providers, notify affected users, notify regulators, notify law enforcement, reset credentials, rotate keys, disable integrations, require remediation or take other steps required or permitted by applicable law.
Notification timing and content may depend on the nature of the incident, the information affected, the risk of harm, the countries involved, provider requirements, legal requirements, law enforcement needs and PayJSR's investigation.
Users must promptly report suspected security incidents to support@payjsr.com, including unauthorized account access, exposed API keys, suspicious checkout activity, fraudulent transactions, lost devices, phishing attempts or accidental disclosure of restricted data.
20.User rights and privacy requests
Depending on the law that applies, users may have rights to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, information about processing, information about sharing, or complaint to a regulator. PayJSR may need to verify identity before responding to a privacy request. PayJSR may refuse, limit or delay a request where permitted by law, including where retention is necessary for contract performance, legal compliance, tax records, accounting records, AML obligations, sanctions screening, fraud prevention, chargeback defence, dispute handling, provider requirements, security, legal claims, evidence preservation or platform protection.
Buyers may use the Customer Dashboard or support@payjsr.com for privacy, support, refund, delivery and dispute requests. Sellers and suppliers may use the dashboard or support channels for account-related privacy requests. PayJSR may direct a person to the relevant seller, supplier, provider or third party if that party controls the relevant data.
21.Marketing communications
PayJSR may send service messages necessary to operate the platform, including receipts, account notices, security notices, transaction notices, refund notices, delivery notices, dispute notices, payout notices, legal notices and policy updates. These are not optional marketing messages.
PayJSR may send marketing or promotional communications where permitted by law or with consent where required. Users may unsubscribe from marketing communications using the method provided in the message or by contacting PayJSR.
Unsubscribing from marketing does not stop operational, legal, security, receipt, transaction or account communications. Sellers and suppliers are responsible for ensuring that their own marketing, email, SMS, social media, advertising, tracking and customer communications comply with applicable law and permissions.
22.Children's and minors' data
PayJSR is intended for business users, approved sellers and buyers who are legally able to enter into the relevant transaction or who use the platform with any consent required by applicable law. PayJSR does not knowingly allow children to create seller accounts or use seller tools without required legal authority.
If PayJSR learns that it has collected personal information from a child in a way that violates applicable law, PayJSR may delete the information, restrict the account, cancel the transaction, request verification, require guardian consent where appropriate or take other lawful action.
23.Automated decisions, risk review and fraud controls
PayJSR may use automated systems, rules, models, provider responses, risk scores, device signals, velocity checks, transaction monitoring and manual review to detect fraud, prevent abuse, decide whether to route or reject transactions, request evidence, hold funds, restrict accounts, suspend products, delay payouts, request verification, approve refunds or escalate disputes.
PayJSR may review decisions manually where appropriate, especially where a decision materially affects access, payouts, refunds, disputes or account status. Some decisions may also be driven by provider rules, network rules, bank requirements, sanctions obligations, AML obligations or legal requirements.
24.Legal frameworks referenced
This Policy is designed to support compliance with applicable privacy, electronic commerce, consumer protection, payment security, contract, tax, AML, sanctions, provider and payment network requirements. Depending on the country, user, product, transaction, provider, PayJSR entity and data flow, relevant frameworks may include, without limitation, the following. South Africa may include the Protection of Personal Information Act 4 of 2013, the Promotion of Access to Information Act 2 of 2000, the Electronic Communications and Transactions Act 25 of 2002, the Consumer Protection Act 68 of 2008, the Financial Intelligence Centre Act 38 of 2001, the National Payment System Act 78 of 1998, the Companies Act 71 of 2008, the Cybercrimes Act 19 of 2020 and applicable provider, bank, card network and payment network rules.
Mozambique may include the Constitution of the Republic of Mozambique, the Civil Code, Law No. 3/2017 of 9 January on Electronic Transactions, the Consumer Law No. 22/2009 of 28 September, the Consumer Law Regulations, the Penal Code, the Labour Law where relevant, the Credit Institutions and Financial Companies Law where relevant, the Advertising Code where relevant and applicable digital platform, electronic services, provider, bank and payment rules. Mozambique does not currently have the same type of comprehensive standalone data protection law as the GDPR or POPIA, so PayJSR applies privacy-by-design, data minimization, security, transparency, purpose limitation, user-rights and proportionality principles where reasonably applicable to Mozambique-related data.
European and United Kingdom data may be subject to Regulation (EU) 2016/679, known as the General Data Protection Regulation, the UK GDPR, the UK Data Protection Act 2018, ePrivacy and cookie rules, controller and processor obligations, data subject rights, cross-border transfer requirements and supervisory authority rules where applicable.
United States and Delaware-related operations may include the Federal Trade Commission Act, the Electronic Signatures in Global and National Commerce Act, the Delaware Limited Liability Company Act, applicable state privacy and consumer protection laws, data breach notification laws, provider rules and payment network rules.
Payment security and provider rules may include PCI DSS, PCI tokenization guidance, card network rules, payment network rules, gateway terms, processor terms, acquirer terms, bank requirements, wallet rules, mobile money rules, open banking provider rules and other applicable security or provider requirements.
Nothing in this Policy limits mandatory privacy, consumer, security or data protection rights that cannot legally be waived. If a mandatory law gives a person stronger rights than this Policy, those rights apply to the minimum extent required by that law.
25.Changes to this Policy
PayJSR may update this Privacy Policy at any time to reflect changes in law, provider requirements, payment network rules, security standards, platform features, business operations, regional availability, data flows, technology or compliance expectations.
When PayJSR makes material changes, PayJSR may notify users by posting the updated policy on the website, sending an email, showing a dashboard notice or using another reasonable method. Continued use of PayJSR after the updated policy becomes effective means the user accepts the updated policy, except where mandatory law requires a different process.
26.Contact
Questions, privacy requests, support requests and security reports may be sent to support@payjsr.com. Business and partnership enquiries may be sent to partners@payjsr.com.
For privacy requests, please include enough information for PayJSR to identify the relevant account, transaction, email address, order number, seller account, buyer account or data record. PayJSR may request additional verification before responding.
This page reproduces the PayJSR Privacy Policy. PayJSR provides commerce, billing, checkout and payment-orchestration technology and is not a bank. Services described are available for approved accounts and are subject to provider availability, compliance review and applicable law. For questions, contact support@payjsr.com.