Effective Date: January 29, 2026

Last Updated: January 29, 2026

1. Introduction

Yeecopay (hereinafter referred to as "we," "our," or "us") is an Operator of Payment Systems (OPS) registered with and regulated by the Bangko Sentral ng Pilipinas (BSP). We are committed to providing secure, convenient, and innovative payment solutions while upholding the highest standards of data privacy and security.

This Privacy Policy outlines how Yeecopay collects, uses, discloses, and protects the personal information of our users, partners, and visitors to our website, http://www.yeecopay.com (the "Site"). It is formulated in strict compliance with the Philippines' Data Privacy Act of 2012 (RA 10173), its Implementing Rules and Regulations, and relevant issuances from the BSP and the National Privacy Commission (NPC).

By accessing our Site, using our services, or partnering with us, you acknowledge that you have read, understood, and consented to the practices described in this policy.

2. Information We Collect

We collect information that is necessary and proportionate to provide our services, comply with our legal obligations, and fulfill our legitimate business interests. Given the nature of our payment services, the personal information we may collect includes, but is not limited to:

• Personal Identifiers: Full name, date of birth, nationality, gender, and government-issued identification numbers (e.g., TIN, SSS/GSIS, Driver's License, Passport details), including copies of these documents.
• Contact Information: Residential address, business address, email address, telephone number, and mobile number.
• Financial and Transactional Information: Bank account details, credit/debit card information (processed securely by our partners), transaction history, payment behavior, source of funds, and beneficiary details necessary for payout services.
• Technical and Device Information: When you use our services or visit our Site, we automatically collect information such as your IP address, browser type, device unique identifiers, operating system, pages visited, and cookies (see Section 6 for more details). This is crucial for security and fraud prevention.
• KYC/AML Information: Information required for customer due diligence under Anti-Money Laundering (AML) regulations, such as the nature of your business, beneficial ownership information, proof of address, and transaction monitoring data.

3. How We Use Your Information

We use the personal information we collect for the following specified and legitimate purposes:

• To Provide and Maintain Our Services: To process your transactions, manage your account, facilitate collections and payouts, and provide customer support.
• For Identity Verification and KYC Compliance: To verify your identity as required by BSP regulations and AML laws, and to perform ongoing customer due diligence, including screening against sanctions lists.
• For Risk Management, Security, and Fraud Prevention: To monitor, detect, prevent, and investigate fraudulent transactions, security breaches, and other potentially prohibited or illegal activities to protect your account and our systems.
• To Fulfill Legal and Regulatory Obligations: To comply with reporting, record-keeping, and disclosure requirements to the BSP, Anti-Money Laundering Council (AMLC), and other government agencies as mandated by law.
• For Communication: To send you important service-related notices, such as changes to our terms and policies, security alerts, and transactional confirmations. With your separate consent, we may also send promotional communications.
• For Service Improvement: To analyze aggregated and anonymized data and trends to improve our platform's functionality, develop new services, and enhance the user experience.

4. Legal Basis for Processing

Our processing of your personal information is based on one or more of the following legal grounds under the Data Privacy Act:

• Performance of a Contract: Processing is necessary to enter into and fulfill the service agreement with you.
• Compliance with a Legal Obligation: Processing is necessary to comply with our legal and regulatory requirements as a BSP-supervised OPS.
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, network and information security, and direct marketing, provided that such interests are not overridden by your fundamental rights and freedoms.
• Consent: For specific uses, such as certain marketing communications, we will rely on your explicit consent, which you may withdraw at any time.

5. How We Share and Disclose Information

We may share your personal information with third parties only under strict conditions and for the purposes outlined in this policy:

• With Your Consent: We will share information with third parties when we have your explicit consent to do so.
• With Service Providers: We engage trusted third-party vendors (e.g., for cloud hosting, data analytics, customer support, payment processing) who are contractually bound to handle your data confidentially and securely, and in accordance with this policy.
• For Legal and Regulatory Reasons: We will disclose information if required by law, regulation, legal process, or valid governmental request, including to the BSP, AMLC, and other law enforcement agencies.
• With Our Financial and Partner Institutions: To facilitate transactions, we may share necessary information with our partner banks, biller partners, collection agents, and payout networks, strictly as required to complete your instructions.
• For Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy commitments.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement a comprehensive framework of technical, physical, and organizational security measures designed to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to, encryption of data in transit and at rest, strict access controls, multi-factor authentication, secure software development practices, regular security audits, and employee training. Our security protocols are designed to meet or exceed the standards required by the BSP for financial service providers.

7. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, including to provide services, comply with our legal obligations (particularly under BSP and AML regulations which mandate retention for up to five (5) years after the transaction date or the termination of our business relationship), resolve disputes, and enforce our agreements. Thereafter, we will securely dispose of or anonymize your information.

8. Your Rights as a Data Subject

Under the Data Privacy Act of 2012, you have the following rights regarding your personal data:

• Right to Access: You can request access to the personal information we hold about you.
• Right to Rectification: You can request the correction of any inaccurate or incomplete data.
• Right to Erasure: You can request the deletion of your personal data under certain conditions (e.g., when the data is no longer necessary for the purpose of collection).
• Right to Object: You can object to the processing of your personal data, including for direct marketing purposes.
• Right to Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: If processing is based on consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to file a complaint with the National Privacy Commission (NPC).

To exercise any of these rights, please contact our Data Protection Officer using the details provided in Section 11. We may need to verify your identity before processing your request.

9. Cross-Border Data Transfers

Your personal information may be transferred to, stored, and processed in countries outside the Philippines by our service providers. In such cases, we will ensure that appropriate safeguards are in place to protect your data, consistent with the requirements of the Philippine Data Privacy Act. These safeguards may include contractual clauses or ensuring the recipient country has adequate data protection levels as recognized by the NPC.

10. Cookies and Similar Technologies

Our Site uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and personalize content. You can manage your cookie preferences through your browser settings. However, disabling cookies may limit your use of certain features on our Site. For more details, please see our separate Cookie Policy [link to Cookie Policy].

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or to exercise your data subject rights, please contact our designated Data Protection Officer (DPO):

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory guidance. We will notify you of any material changes by posting the new policy on our Site and updating the "Effective Date" at the top. We encourage you to review this policy periodically to stay informed about how we are protecting your information.