Privacy Policy

1. Who we are

Paynet operates a payment aggregation platform in the Republic of Armenia. For merchant account data, Paynet is the data controller. For payment data processed on behalf of merchants during checkout, Paynet acts as a processor for the merchant.

2. Data we collect — merchants

Account data: name, email address, phone, company name, and password (stored hashed). Business verification data where required: legal name, tax identification number (TIN), registration documents. Operational data: domains, API key metadata, webhook endpoints, session and device information (IP address, browser type), and an audit log of security-relevant actions.

3. Data we collect — paying customers

When a customer pays through a Paynet checkout we process: order reference, amount and currency, the customer email address provided by the merchant or customer, the chosen payment method, and the payment result.

Card numbers and card security codes are entered on the payment pages of the licensed processor (e.g., ARCA) or wallet provider and are never received or stored by Paynet.

4. Fiscal receipt data

Where the merchant has activated the e-HDM service, receipt data (items, quantities, prices, tax regime) is transmitted to the State Revenue Committee electronic cash register system as required by Armenian tax law. Receipt identifiers and verification QR codes are stored so receipts can be re-displayed.

5. Why we process data

To provide the Services under our contract with the merchant; to comply with legal obligations (tax, accounting, anti-money-laundering); to secure the platform (fraud prevention, abuse detection, login alerts); and, with consent where required, to send service communications.

6. Sharing and recipients

Payment data is shared with the payment processor selected for the transaction (ARCA, Idram, Telcell, or a partner bank) to execute the payment, and fiscal data with the State Revenue Committee where e-HDM is activated. We use infrastructure and email service providers under data processing terms. We do not sell personal data.

7. International transfers

Data is primarily stored on servers located in the European Union. Where data is transferred outside Armenia or the EU, we ensure appropriate safeguards consistent with applicable law.

8. Retention

Merchant account data is kept for the life of the account and as required thereafter by law. Transaction and fiscal records are retained for the periods required by Armenian tax and accounting legislation. Security logs (sessions, device history, audit trail) are kept up to 12 months unless needed for an investigation.

9. Security

We protect data with encryption in transit (TLS) and at rest for sensitive fields (processor credentials, fiscal certificates), hashed credentials and API keys, role-based access for administrators with mandatory two-factor authentication, audit logging, and monitored infrastructure.

10. Your rights

Subject to applicable law, you may request access to, correction of, or deletion of your personal data, object to certain processing, and request a copy of data you provided. Paying customers should direct requests about their purchase data to the merchant they bought from; we assist merchants in fulfilling such requests.

11. Cookies

The website and dashboard use strictly necessary cookies: session authentication, CSRF protection, and a language preference cookie. We do not use third-party advertising or cross-site tracking cookies.

12. Changes and contact

We may update this Policy from time to time; material changes are announced on the website or by email. The current version always applies.