Privacy Policy

Overview

Wedi ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our payment orchestration platform. By using our services, you agree to the collection and use of information in accordance with this policy.

1.1 Information You Provide

• Account Information: Name, email address, phone number, business details, and authentication credentials
• Payment Information: Bank account details, payment method information (processed and encrypted per PCI DSS standards)
• Business Information: Company name, tax identification numbers, business type, and incorporation documents
• Identity Verification: Government-issued ID, proof of address, and beneficial ownership information (for KYC/AML compliance)

1.2 Information Automatically Collected

• Usage Data: IP address, browser type, device information, and operating system
• Transaction Data: Payment amounts, currencies, timestamps, and transaction status
• Log Data: Access times, pages viewed, and actions taken within the platform
• Cookies and Similar Technologies: Session cookies, analytics cookies, and preference cookies

We use the collected information for the following purposes:

• Service Provision: To create and manage your account, process transactions, and provide customer support
• Compliance: To verify your identity (KYC), prevent fraud, and comply with AML regulations and legal obligations
• Communication: To send transaction confirmations, account updates, security alerts, and service announcements
• Platform Improvement: To analyze usage patterns, improve features, and enhance user experience
• Security: To detect, prevent, and respond to fraud, security incidents, and illegal activities
• Legal Basis (GDPR): Contract performance, legal compliance, legitimate interests, and consent where required

We may share your information with:

• Payment Processors: Velafi, Circle, and other payment partners to facilitate transactions
• Service Providers: Cloud hosting (Vercel), database services (Neon), authentication services (Clerk), and analytics providers
• Regulatory Authorities: When required by law or to comply with legal processes
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with advance notice)
• Fraud Prevention: With security and fraud detection services to protect our platform and users

We do not sell your personal information to third parties for marketing purposes.

We implement industry-leading security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• PCI DSS Compliance: We maintain PCI DSS Level 1 compliance for payment card data
• Access Controls: Role-based access control and multi-factor authentication
• Regular Audits: Third-party security audits and vulnerability assessments
• Incident Response: 24/7 monitoring and incident response procedures
• Data Minimization: We collect only the minimum necessary data for our services

Your information may be transferred to and processed in the United States and other countries where we or our service providers operate. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) for GDPR compliance
• Data Processing Agreements with all service providers
• Privacy Shield principles where applicable
• Encryption and security measures during transfer

GDPR Rights (EU Users)

• Right to Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

CCPA Rights (California Users)

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise

To exercise these rights, contact us at privacy@wedi.la

7. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for platform functionality and security
• Analytics Cookies: Help us understand how users interact with our platform (Google Analytics, Mixpanel)
• Preference Cookies: Remember your settings and preferences
• Security Cookies: Detect fraud and protect against malicious activity

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

8. Data Retention

We retain your information for as long as:

• Your account is active
• Needed to provide you services
• Required for legal, tax, or regulatory purposes (typically 7 years for financial records)
• Necessary for fraud prevention and security purposes

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

10. Third-Party Services

Our platform integrates with third-party services:

• Clerk: Authentication and user management
• Vercel: Hosting and infrastructure
• Neon: Database services
• Velafi: Payment processing and cross-border transfers
• Resend: Transactional email delivery

These third parties have their own privacy policies. We recommend reviewing their policies to understand how they handle your data.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by email or through a prominent notice on our platform at least 30 days before the changes take effect. Continued use of our services after changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related requests, we will respond within 30 days as required by law. For CCPA requests, we will respond within 45 days.