We value your privacy

    We use cookies to enhance your browsing experience, analyze site traffic, and personalize content. Essential cookies are always active. You can choose to accept or reject optional cookies. Learn more

    Skip to main content
    RGPD & PROTECTION DES DONNÉES

    Politique de confidentialité

    Dernière mise à jour : 11 janvier 2026

    1. Who we are

    Controller: Social Pay SAS, registered with the RCS of Paris.

    Address: 12 boulevard des Batignolles, 75017 Paris, France ("Social Pay", "we", "us").

    Contact (privacy): privacy@social-pay.io

    This Privacy Policy explains how we collect, use, share, and protect personal data when you:

    • use Social Pay on a merchant website (checkout, referral link creation, reward/cashback/commission), or
    • visit our websites and dashboards (including merchant back-office), or
    • interact with our support and communications.
    "Cashback" is a marketing term; depending on the jurisdiction and the program rules, it may correspond to a commission/reward paid to a consumer for verified referrals.

    2. Scope

    This policy applies to:

    • Consumers who pay using a Social Pay-enabled checkout and/or share referral links.
    • Merchants and their staff using Social Pay tools (dashboard, APIs, reporting).
    • Visitors to our websites.
    Merchant websites and third-party services have their own privacy policies. Where you pay on a merchant website, the merchant may also be a controller of your data for their own purposes.

    3. Data we collect

    3.1 Data you provide

    Consumers

    • Contact details if you choose to provide them (e.g., email for support): name, email, phone (optional).
    • Content of messages to support.

    Merchants

    • Business details for onboarding and compliance: company name, registration info, VAT number, address.
    • Admin/user account info: name, email, role, login credentials (hashed).

    3.2 Data collected automatically

    • Device and usage data: IP address, browser type, device identifiers, operating system, time zone, referring URLs, pages viewed, events (e.g., link generated, click, conversion).
    • Cookies and similar technologies (see Section 10).

    3.3 Payment and reward-related data

    Social Pay is designed to reduce friction and does not require you to provide your IBAN to receive rewards. Depending on the integration:

    • We may receive transaction identifiers, payment status, timestamps, amounts, currency, and merchant identifiers.
    • We may receive tokenized card information (e.g., a token, card brand, issuing country, and last 4 digits) from payment and tokenization partners — not the full card number.
    • For reward disbursement ("push-to-card" / card disbursement), we may receive and store payout status, reference IDs, and reconciliation data.

    The exact card and payout data we access depends on the merchant configuration and partners used.

    3.4 Referral and tracking data

    Referral link identifiers, share events, clicks, attribution data, conversions, anti-fraud signals, and aggregated performance metrics.

    4. Why we use your data (purposes)

    We process personal data to:

    • Provide Social Pay services (process checkout events, generate referral links, attribute conversions, calculate rewards, manage payouts).
    • Operate merchant tools (dashboards, reporting, API access, analytics).
    • Prevent fraud and abuse (duplicate/refund abuse, click fraud, suspicious patterns, chargeback risk).
    • Customer support (resolve issues, respond to requests).
    • Security (monitoring, incident prevention, access controls).
    • Compliance (accounting, audit logs, legal obligations, responding to lawful requests).
    • Improve the product (performance analytics, debugging, A/B testing where applicable).
    • Communications (service messages; marketing only where permitted and with appropriate consent/opt-out).

    5. Legal bases (GDPR)

    Depending on context, we rely on:

    • Contract (Art. 6(1)(b)) — to deliver Social Pay services (consumers and merchants).
    • Legitimate interests (Art. 6(1)(f)) — to prevent fraud, secure services, improve features, and maintain analytics. We balance these against your rights.
    • Legal obligation (Art. 6(1)(c)) — accounting, compliance, responding to lawful requests.
    • Consent (Art. 6(1)(a)) — for certain cookies/trackers or marketing where required. You can withdraw consent at any time.

    6. Who we share data with

    We share data only as needed with:

    • Payment processors and acquirers used by the merchant (e.g., PSPs/acquirers) for payment execution and status reporting.
    • Card tokenization and payout partners (push-to-card/disbursement) to deliver rewards to your card and confirm completion.
    • Infrastructure providers (hosting, databases, monitoring, email delivery, customer support tools).
    • Analytics and anti-fraud providers where enabled.
    • Professional advisers (lawyers, auditors) under confidentiality.
    • Authorities where required by law.

    We do not sell your personal data.

    7. International transfers

    Your data may be processed outside the EEA depending on our vendors. When we transfer data internationally, we use safeguards such as:

    • European Commission Standard Contractual Clauses (SCCs), and/or
    • adequacy decisions or other lawful mechanisms.

    8. Data retention

    We keep data only as long as necessary for the purposes above, including:

    • transaction and payout logs for accounting and audit obligations,
    • fraud and security logs for appropriate periods,
    • merchant account data while the account is active and for a reasonable period thereafter.

    Retention periods: 3–10 years depending on legal/accounting requirements.

    9. Your rights (EEA/UK)

    You may have the right to:

    • access your data, rectify it, delete it, restrict processing,
    • object to processing (including certain legitimate-interest processing),
    • data portability (where applicable),
    • withdraw consent (where processing is based on consent),
    • lodge a complaint with your supervisory authority (in France: CNIL).

    To exercise rights, contact: privacy@social-pay.io

    We may need to verify your identity.

    10. Cookies and tracking

    We use cookies and similar technologies for:

    • essential site functionality and security,
    • measuring performance and improving the user experience,
    • attribution and referral tracking (where enabled and permitted).

    Where required, we display a cookie banner and allow you to manage preferences. You can also control cookies through browser settings.

    11. Security

    We implement technical and organizational measures to protect data, such as access controls, encryption in transit, logging, and least-privilege permissions. No system is 100% secure, but we work to protect your information.

    12. Children

    Social Pay is not intended for children under the age required to consent to data processing in their country. If you believe a child has provided us data, contact us.

    13. Changes to this policy

    We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last updated" date.

    14. Contact

    Social Pay SAS

    12 boulevard des Batignolles, 75017 Paris

    privacy@social-pay.io