Legal

Privacy Policy

Last updated: 1 January 2024

Touch2Pay PTY LTD ("Touch2Pay", "we", "us", or "our") is committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

Personal Information

We may collect the following types of personal information:

  • Full name, date of birth, and contact details (email address, phone number, postal address)
  • Business name, ABN/ACN, and business address
  • Bank account and financial details for payment processing and settlement
  • Identity verification documents (driver licence, passport)
  • Transaction data, including amounts, dates, card types, and merchant details
  • Technical information such as IP address, browser type, device identifiers, and usage data when you visit our website or use our services

How We Collect Information

We collect personal information directly from you when you:

  • Apply for a Touch2Pay merchant account
  • Use our payment terminals, SoftPOS app, or online payment services
  • Contact us via our website, email, or phone
  • Subscribe to our newsletters or marketing communications

We may also collect information from third parties such as credit reporting agencies, identity verification services, and our banking partners.

2. How We Use Your Information

We use your personal information for the following purposes:

  • To provide, maintain, and improve our payment processing services
  • To process transactions and settle funds to your nominated bank account
  • To verify your identity and comply with anti-money laundering (AML) and know-your-customer (KYC) requirements
  • To communicate with you about your account, services, and support requests
  • To send you marketing and promotional materials (with your consent)
  • To detect, prevent, and investigate fraud and security incidents
  • To comply with legal obligations, including tax reporting and regulatory requirements
  • To improve our products, services, and website experience through analytics

3. Data Security

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it, including:

  • PCI-DSS Level 1 compliance for all payment data handling
  • End-to-end encryption (E2EE) for all payment transactions
  • Tokenisation of sensitive card data — we never store full card numbers
  • Secure data centres located in Australia
  • Regular security audits and penetration testing
  • Access controls and employee training on data protection

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you and any applicable regulator of a breach where we are legally required to do so.

4. Third Parties

We may share your personal information with the following third parties:

  • Banking and payment network partners — to process transactions and settle funds (e.g., Visa, Mastercard, eftpos, acquiring banks)
  • Identity verification providers — to verify your identity during onboarding
  • Cloud service providers — for hosting and data storage (Australian-based where possible)
  • Professional advisors — such as lawyers, accountants, and auditors
  • Regulatory authorities — where required by law (e.g., AUSTRAC, ATO)

We do not sell your personal information to third parties. We require all third-party service providers to protect your personal information in accordance with this policy and applicable laws.

5. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — request that we correct any inaccurate or incomplete personal information
  • Opt out — unsubscribe from marketing communications at any time
  • Complaint — lodge a complaint if you believe your privacy has been breached

To exercise any of these rights, please contact us using the details below. We will respond to your request within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

6. Cookies and Analytics

Our website uses cookies and similar technologies to improve your browsing experience and collect analytics data. You can control cookie settings through your browser preferences. We use analytics tools to understand how visitors use our website, which helps us improve our services.

7. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

8. Contact Us

If you have any questions about this Privacy Policy or wish to make a privacy-related request, please contact us: