Cards
APMs
Treasury
Chargeback Management
Dispute Representment
Subscriptions
Antifraud
Tax
QR Payments
Pricing
Documentation
API Reference
Support
Status Page
Blog
Glossary
Payment Page demoPrivacy Policy
March 2025
1. Introduction
This Privacy Policy describes Solidgate’s policies and procedures on the collection, use and disclosure of Personal Data when You use the Service and tells You about Your privacy rights and how the law protects You.
We use Your Personal Data to comply with applicable laws and to provide and improve the Service. BY USING THE SERVICE, YOU PROMISE US THAT (I) YOU HAVE READ, UNDERSTAND AND AGREE TO THIS PRIVACY POLICY, AND (II) YOU ARE OVER 18 YEARS OF AGE. If You do not agree, or are unable to make this promise, You must not use the Service. In such case, You must contact Solidgate to request the deletion of Your data.
The words of which the initial letter is capitalized have meanings defined under the following conditions.
The following definitions shall have the same meaning regardless of whether they appear in singular or plural.
2. Definitions
For the purposes of this Privacy Policy:
| Customer | means a person who makes a payment for Merchant’s online goods and/or services. |
| You | means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. |
| Solidgate (referred to as either “Solidgate”, “We”, “Us” or “Our” in this Agreement) | When we process Your transaction as a payment service provider (acquirer) or payment аccount provider, when we collect Your Personal Data for onboarding of Merchant for acquiring services or payment account services – Solid Processing Limited; In all other cases – GTWS Tech Limited. |
| GDPR | means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. |
| EEA | includes all current member states of the European Union and the European Economic Area. |
| Process | in respect of Personal Data, includes collecting, storing, using, restricting, erasing, destructing and disclosing to others. |
| Controller | means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. |
| Processor | means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller. |
| Merchant | means a business that sells online goods and/or services to Customers and accepts Customers’ payments using Solidgate’s services. |
| Website | refers to Solidgate’s website accessible from: https://hub.solidgate.com/ – for gateway and acquiring purposes or https://treasury.solidgate.com – for payment account services |
| Affiliate | means an entity that controls, is controlled by or is under common control with the Company, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority. |
| Service | refers to the services provided by Solidgate, such as acquiring, gateway, payment account services, and other related technical services, as well as the Website infrastructure, where applicable. |
| Country | refers to the Republic of Cyprus. |
| Service Provider | means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. |
| Personal Data | means any information that relates to an identified or identifiable individual, such as a name, email, a telephone number, IP address, etc. |
| Cookies | meaans small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses. |
| Usage Data | refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). |
| Authorized Users | individuals designated by corporate clients to access User interface or initiate transactions, solely in relation to payment account services. |
3. Data we collect/process
a. Personal Data provided by You through the Website
While registering an account or using Our Website, We may ask You to provide Us with certain Personal Data that can be used to contact or identify You, as well as to reply to your inquiries. Personal Data may include, but is not limited to Your:
- Full name;
- Email address;
- Other data You provide when using Our Website, such as the messages you sent to our support team or directed to us in letters, emails, via our electronic channels such as any user dashboards we provide for communications etc.;
- Permissions, authorisations or consents given to us.
b. Personal Data of Customers
When You shop at Our Merchants, we also process the Personal Data which is necessary to process payment transactions. We receive these data partially from Customers and partially from Merchants. Personal Data may include, but is not limited to the Customers’:
- Name and cardholder name (if different);
- Email address;
- Telephone number;
- IP address;
- Address (state, zip code, city);
- Date of birth;
- Order description;
- Date and amount of transaction;
- User ID;
- Card Number;
- Chosen language;
- Time zone;
- Device (e.g., operating system and browser).
c. Personal Data for Merchant’s/Client’s onboarding
While onboarding Merchant’s/Client’s company, We may ask You to provide certain Personal Data that are necessary to facilitate the process of Your company’s processing account(s) opening and advising on its maintenance. We collect only such data related to your beneficial owners, principals, officers, authorized representatives, Authorized Users (i) that are requested by acquirers to comply with their regulatory requirements (when We provide gateway Services) and (ii) that are required by regulatory requirements directly applicable to Us (when We provide acquiring Services or payment account services). Personal Data may include, but it not limited to:
- Name;
- Telephone number;
- Email address;
- Residence address;
- ID / passport details;
- Residence permit;
- Utility bill;
- Tax number;
- Bank details, personal income and source of wealth;
- Employment history and education;
- Ownership and directorship in Your company and/or other companies;
- Adverse media and law enforcement information;
- Presence in PEP, sanction, and watch lists;
- Geolocation;
- Our correspondence;
- Information related to fraud detection and risk assessments;
- Publicly available Data.
d. Personal Data for Payment account services
When providing payment account services, We collect and process certain categories of Personal Data necessary to facilitate financial transactions, ensure compliance with regulatory requirements, and maintain the security of Our systems. This may include the following:
i. Transactional and Financial Data
We collect and process transaction-related data necessary for the execution and management of business payments, including but not limited to:
- Date, time, and amount of transactions;
- Currency details;
- Beneficiary details (including account information and payment reference);
- Supporting documentary evidence related to transactions;
- Information required for contractual obligations between Solidgate and payment account users.
ii. Authentication and Access Control Data
For security and compliance purposes, We process authentication data of Authorized Users. This may include:
- User logins and credentials;
- Role-based access permissions;
- Signature specimens (where applicable);
- Device identifiers and login timestamps;
- IP address and geolocation data for security monitoring.
e. Usage Data
Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Website that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data, Your interactions with the Website (e.g., mouse movements, clicks, scrolls, and inputs).
f. Cookies
We use Cookies to track the activity on Our Website and store certain information.
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser.
We use both session and persistent Cookies for the purposes set out below:
- Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
- Functionality Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
- Analytical Cookies
Type: Persistent / Session Cookies
Administered by: Google, Getsitecontrol, and Microsoft
Purpose: These Cookies are used to understand how visitors interact with the Website. These Cookies help provide information on different metrics, such as the number of visitors, bounce rate, traffic source, etc.
You can find more information about the individual cookies We use and the purposes for which We use them in the table below:
| Source | Name | Purpose | Expiration |
| Solidgate | access_token_authn | This Cookie stores a signed JWT access token used to authorize API requests made by the logged-in user. It enables secure access to protected resources during an active session. | Session |
| Solidgate | authn_session_id | This Cookie holds a unique numeric identifier of the current authentication session. It is used to track the user’s session state and ensure session continuity between client and server. | Session |
| Solidgate | authn_session_token | This Cookie contains a signed session token that links the browser session with the server session and validates incoming requests. It helps ensure the integrity and authenticity of user actions during the session. | Session |
| Solidgate | refresh_token_authn | This Cookie stores a refresh token used to obtain a new access token without requiring the user to log in again. It helps maintain continuous authentication for the user session. | Session |
| Google* | _ga | This Cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of Website usage for the Website’s analytics report. The Cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. | 2 years |
| _ga_Q3CFQ9REPW | This Cookie is set by Google Analytics and is used to maintain session state. It helps track user interactions with the Website across multiple pages and visits. The Cookie stores information anonymously and assists in generating accurate analytics reports. | 2 years | |
| Microsoft** | _clck | This Cookie, installed by Microsoft Clarity, persists the Clarity User ID and preferences, unique to that site is attributed to the same user ID. | 1 year |
| Microsoft | _clsk | This Cookie, installed by Microsoft Clarity, connects multiple page views by a user into a single Clarity session recording. | 24 hours |
* This service may also collect information regarding the use of other sites, apps and online resources. You can learn about Google’s practices on the Google website.
** This service may also collect information regarding the use of other sites, apps and online resources, including but not limited to, for site optimization, fraud/security purposes, and advertising. You can learn about Microsoft’s practices on the Microsoft Clarity website.
Your Choice Regarding Cookies
If You prefer to avoid the use of Cookies on the Website, first You can tick the respective button of our Cookie banner. This will let You set up Your Cookie preferences. In addition, You may disable the use of Cookies in your browser and then delete the Cookies saved in your browser associated with this website. You may use this option for preventing the use of Cookies at any time.
If You do not accept Our Cookies, You may experience some inconvenience in your use of the Website and some features may not function properly.
If You’d like to delete Cookies or instruct your web browser to delete or refuse Cookies, please visit the help pages of your web browser.
- For the Chrome web browser, please visit this page from Google.
- For the Internet Explorer web browser, please visit this page from Microsoft.
- For the Firefox web browser, please visit this page from Mozilla.
For any other web browser, please visit your web browser’s official web pages.
4. How do we use Data
a. When You request us to contact You
Via our website, You can address Us Your questions, queries, comments or complaints. You can also contact us by e-mailing us using for example the contact details listed in this Privacy Policy or on our Website. When You do so, We will collect the information that You fill out, including Your name, email address and your message to attend and manage Your requests. Therefore, We use this data for our legitimate interest of conducting business with You or for the performance of a contract with You.
b. Data we collect automatically when You use this Website
When You access the Website, We may collect certain information automatically, including, the Usage Data, Cookies, and similar tracking technologies.
This information is collected for Solidgate’s legitimate interest to improve and to administer Our Service, including data analysis, troubleshooting, statistical and survey purposes.
You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some features of our Website.
c. Data we collect as a gateway service provider
As a gateway (technical) services provider, We process some Personal Data of Customers (e.g., cardholders), such as transaction data necessary to provide gateway services. We make these data available to Merchant through the Website so that it can manage payments with Customers, build analytics and customer support.
Also, We process certain Personal Data that are necessary to facilitate the process of Merchant company’s merchant processing account(s) opening and advising on its maintenance. We collect only such data related to the Merchant’s beneficial owners, principals, officers, authorized representatives that are requested by acquirers to comply with their regulatory requirements.
Please note, that as a Controller, Merchant shall bear primary responsibility for the processing of Customers’ Personal Data, including:
- Ensuring the protection of Personal Data in accordance with applicable data protection regulations (e.g., the GDPR);
- providing Customers with necessary information about the processing and the recipients of their Personal Data, such as Solidgate;
- supporting the exercise of the rights of Customers under the applicable legislation, etc.
To the extent that We are acting as a Processor, We will process Customers’ Personal Data in accordance with the terms of Our agreement with Merchant and Merchant’s lawful instructions.
d. Data we collect as a payment service provider (acquirer)
As an acquirer, We process some Personal Data of Customers and cardholders, such as transaction data necessary to accept Customers’ payments for our Merchants. We make these data available to Merchant through the Website so that it can manage payments with Customers, build analytics and customer support. Therefore, We use this data for our legitimate interest of providing acquiring services to Merchants.
Also, We process certain Personal Data that are necessary to facilitate the process of Merchant company’s merchant processing account(s) opening and advising on its maintenance. We collect only such data related to the Merchant’s beneficial owners, principals, officers, authorized representatives that are necessary to comply with Our regulatory requirements. We process such Personal Data to comply with our legal obligations as a financial institution, such as the applicable the European Union and/or EU member states’ legislation to combat money laundering and terrorist financing.
e. Data we collect as a payment account service provider
As a Payment account service provider, We process certain Personal Data of payment account users and their Authorized Users to facilitate the management of payment accounts, execute financial transactions, and ensure compliance with applicable financial regulations. We make these data available to payment account users through the Website so that they can oversee transactions, manage user access permissions, and maintain regulatory compliance. Therefore, We use this data for our Legitimate Interest, Legal Obligations and for Performance of contract in providing payment account services, ensuring fraud prevention, and enabling efficient financial operations for corporate clients.
Additionally, We process certain Personal Data necessary to facilitate the process of clients’ payment account opening and advising on its maintenance. We collect only such data related to the client’s beneficial owners, principals, officers, Authorized Users that are necessary to comply with Our regulatory requirements. We process such Personal Data to comply with our legal obligations as a financial institution, including applicable European Union and/or EU member states’ legislation to combat money laundering and terrorist financing.
5. Recipients of Data
a. Service Providers. If necessary, we may share Personal Data with Service Providers to monitor and analyze the use of our Service, store Personal Data, display advertisements to You, support and maintain Our Service, contact You, and for other relevant purposes. Our Service Providers include, but are not limited to Google, Microsoft, Amazon, Getsitecontrol, etc. We have concluded agreements with our Service Providers to protect Personal Data.
b. Business Transfers. If the Company is involved in a merger, acquisition, reorganization, assignment, transfer, change of control, or asset sale, Personal Data may be transferred to third parties in connection with such transactions. We will provide notice before Personal Data is transferred and becomes subject to a different Privacy Policy.
c. Affiliates. We may share Personal Data with Our Affiliates, in which case we will require them to honor this Privacy Policy. Affiliates include Our parent company and any subsidiaries, joint venture partners, or other companies that We control or that are under common control with Us.
d. Business Partners. We may share Personal Data with Our business partners to offer You certain products, services, or promotions.
e. Banks and Payment Service Providers. We may share Personal Data (e.g., transaction data, KYC data) with payment service providers to provide our gateway services or payment account services.
f. Card Schemes. We may share Personal Data, such as personal details and transactional data, with international card schemes (e.g., Visa and Mastercard) to the extent necessary to process Customers’ payments made on Merchants’ websites.
g. Payment Systems. We may share Personal Data (e.g., payment data) with payment systems (e.g., SWIFT, SEPA) and payment service providers to facilitate our payment account services.
h. Law Enforcement. Under certain circumstances, the Company may be required to disclose Personal Data if mandated by law or in response to valid requests from public authorities (e.g., a court or a government agency).
i. Other Legal Requirements. The Company may disclose Personal Data in good faith if such action is necessary to:
- Comply with a legal obligation,
- Protect and defend the rights or property of the Company,
- Prevent or investigate possible wrongdoing in connection with the Service,
- Protect the personal safety of Users of the Service or the public, or
- Protect against legal liability.
6. Data retention
We will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. For example, We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
We will retain the Personal Data of Customers (e.g., transaction data) and representatives (e.g., KYC data) only to the extent and for such period as required by applicable laws (when we act as a payment service provider) and our legal agreement concluded with Merchant (when we act as a gateway service provider).
7. Data transfers
We will take all steps reasonably necessary to ensure that Your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your Personal Data and other information.
Your Personal Data may be shared with other companies outside of the European Economic Area (“EEA”), when this is necessary for the purposes of providing Our Service. It may include the countries in which some of Our Affiliates and/or Service Providers are located, such as the United States. In case of such transfer we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to third countries. We rely on Data Privacy Framework (for EU-US transfers) or Standard Contractual Clauses as approved by the European Commission in order to offer sufficient safeguards on data protection for the data to be transferred internationally.
8. Data security
We put security at the forefront of business operations. The Company has implemented a range of technical and organizational measures appropriate to secure Your Personal Data in a manner that takes account of the potential risks for Your interests and rights. We are certified with Payment Card Industry Data Security Standard (PCI Service Provider Level 1). Even though We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
9. Your rights
You may have the following rights with regard to Your Personal Data:
- to obtain confirmation as to whether or not We process Your Personal Data, and, where that is the case, the information about such processing;
- to request rectification of inaccurate Personal Data;
- to request erasure of Your Personal Data in certain circumstances provided by law;
- to restrict the processing, for example when the processing is unlawful;
- to object to processing of Your Personal Data which is based on a legitimate interest;
- to receive Your Personal Data We process in a structured, commonly used and machine-readable format and to transmit those data to another controller;
- to withdraw any consent that was given at any time.
If you wish to exercise any of the rights set out above, please contact Us by email: legal@solidgate.com.
You also have the right to lodge a complaint with a supervisory authority of the country in which You live or work or the country in which We are located (Cyprus).
10. Children
Our Service does not address anyone under the age of 13, and we request that they not provide Personal Data through the Service. We do not knowingly collect Personal Data from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.
11. California residents
a. Information on Our privacy practices. You may find in this Privacy Policy and in Our Cookies Policy the information on Our privacy practices and access information as required by the California Consumer Privacy Act (“CCPA”), in particular the information about:
- the categories of Personal Data to be collected;
- the purposes for which the categories of Personal Data shall be used;
- the categories of sources from which the Personal Data are being collected;
- the categories of third parties with whom We may share Personal Data.
b. Access to Your Personal Data. We may also provide You with specific pieces of Personal Data We has collected about You but no more than twice in a year. To obtain this information from Us, please send an email to legal@solidgate.com which includes “Request for California Privacy Information” on the subject line and Your state of residence and email address in the body of your message. If You are a California resident, We will provide the requested information to You at your email address in response.
c. We do not sell Your Personal Data.
d. Your right to deletion. You can request that We delete any Personal Data about You which We have collected from You, except for the cases explicitly provided for by the CCPA (e.g., when We need such data to detect security incidents, protect against illegal activity, comply with a legal obligation, etc).
e. Non-discrimination. Solidgate does not discriminate against You in case You exercise any of the consumer’s rights under this Privacy Policy and/or the CCPA in any way.
If you wish to exercise any of the rights set out above, please contact Us by email: legal@solidgate.com.
12. Third-party websites
Our Service may contain links to other websites that are not operated by Us. For example, third-party service for customer support. If You click on a third-party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
13. Updates
We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
14. Contact Us
If you have any comments or questions about this Privacy Policy or our data protection practices, You can contact us by email: legal@solidgate.com
