Privacy Policy

Last updated: February 08, 2026

1. What We Collect

We collect the following types of information:

  • Account information: Your name, email address, and password when you register
  • Payment metadata: Transaction amounts, currencies, statuses, and gateway references for payments processed through the platform. We do not store card numbers or bank account details.
  • Gateway credentials: API keys and secrets you provide to connect your payment gateways. These are stored encrypted at rest.
  • Usage data: API request logs, login activity, and feature usage to maintain and improve the service
  • Technical data: IP address, browser type, and device information collected automatically when you use the platform

2. How We Use Your Data

We use your information to:

  • Provide and operate the Mozart Pay platform
  • Process and route payments through your configured gateways
  • Send transactional emails (welcome emails, password resets, payment notifications)
  • Monitor for fraud, abuse, and security threats
  • Improve the platform based on usage patterns
  • Comply with legal obligations

3. Data Storage and Security

Your data is stored on secure servers with encryption at rest and in transit. Gateway credentials are encrypted using Active Record Encryption. We implement industry-standard security practices including regular security reviews, access controls, and monitoring.

4. Third-Party Services

We share data with third parties only as necessary to provide the service:

  • Payment gateways: We transmit payment details to the gateways you configure (Stripe, TrueLayer, Pay360, Fena, Trust Payments) to process transactions
  • Hosting provider: Our infrastructure runs on cloud hosting services that process data on our behalf
  • Email provider: We use a transactional email service to send account-related communications

We do not sell your personal data to third parties.

5. Data Retention

We retain your account data for as long as your account is active. Payment records are retained for seven years to comply with financial record-keeping requirements. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

6. Your Rights

Under applicable data protection laws (including GDPR if you are in the UK or EU), you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Ask us to correct inaccurate data
  • Erasure: Request deletion of your personal data, subject to legal retention requirements
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data in certain circumstances
  • Restriction: Request that we limit processing of your data

To exercise any of these rights, contact us at privacy@mozartpay.io.

7. Cookies

Mozart Pay uses only essential session cookies required for the platform to function (authentication and session management). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or through the platform. The "Last updated" date at the top of this page indicates when the policy was last revised.

9. Contact

If you have questions or concerns about this privacy policy or how we handle your data, please contact us at privacy@mozartpay.io.