Privacy Policy
Effective Date: April 24, 2026
This Privacy Policy explains how Omninal ("Omninal," "we," "us," or "our") collects, uses, shares, stores, and protects information when merchants, merchant representatives, administrators, and other authorized users access or use the Omninal Payment Gateway mobile application, websites, dashboards, APIs, payment pages, QR checkout flows, wallet features, settlement tools, support channels, and related services (collectively, the "Services").
Omninal is designed primarily for business and merchant use. By using the Services on behalf of a company or other organization, you confirm that you are authorized to provide information and use the Services for that organization.
1.1 Scope of this Privacy Policy
This Privacy Policy applies to information processed by Omninal in connection with the Services. It does not apply to third-party websites, wallets, exchanges, banks, payment networks, blockchain networks, or merchant websites that are not controlled by Omninal, even if they are linked from or integrated with the Services.
1.2 Information We Collect
The information we collect depends on how you use the Services, the features available in your region, and the verification level required for your account.
| Category | Examples |
|---|---|
| Account and business contact information | Company name, merchant ID, contact person, role/title, email address, phone number, business address, username, password credentials, authentication status, and communication preferences. |
| KYB, KYC, and compliance information | Business registration number, business license, beneficial owner or legal representative information, identification documents, date of birth where required, nationality or jurisdiction of formation where required, sanctions/PEP screening results, fraud-risk indicators, tax or regulatory identifiers where required, and review status. |
| Payment, settlement, and transaction information | Order IDs, payment links, QR payment records, amounts, currency, merchant/customer references, payment method, card/payment channel metadata, fees, refunds, chargebacks, settlement schedules, withdrawal requests, bank transfer references, and ledger records. |
| Banking and payout information | Bank name, routing number, account number, account holder name, beneficiary information, payout destination, and verification results. |
| Digital asset and wallet information | Supported asset type, network, deposit address, withdrawal address, whitelist address, transaction hash, blockchain confirmation status, balance information, and on-chain transfer metadata. |
| Rebate and loyalty information | Eligible order information, rebate rate, rebate status, POSX or other supported reward balance, referral level where applicable, processing time, and records of reward issuance or failed issuance. |
| Device, usage, and log information | IP address, device type, operating system, app version, language, approximate region based on IP, crash reports, login history, security logs, feature usage, and diagnostic events. |
| Communications and support information | Support messages, email correspondence, call notes, feedback, attachments you provide, and records of customer service interactions. |
| Information from third parties | Information received from banking partners, payment processors, card networks, Bridge API or similar payment infrastructure providers, identity verification vendors, fraud-prevention vendors, blockchain analytics providers, sanctions screening providers, merchants, or your authorized representatives. |
1.3 App Permissions and Device Access
The App requests device permissions only when they are needed for user-facing features. Depending on your device and settings, the App may request access to:
- Camera: to scan QR codes or capture documents for merchant verification when you choose to use those features.
- Photos or files: to upload business licenses, identity documents, or supporting records when you choose to submit them.
- Notifications: to send transaction alerts, security alerts, account updates, and service messages.
- Biometric authentication, if enabled by your device: to help protect account access. Omninal does not receive or store your biometric templates.
The App should not request SMS, call log, contacts, microphone, background location, or broad photo library access unless a future feature requires it and the purpose is clearly disclosed before collection. You can manage permissions through your device settings. Some features may not function if a necessary permission is denied, but we will make reasonable alternatives available where practical.
1.4 How We Use Information
- Create, authenticate, secure, and manage merchant accounts.
- Review KYB/KYC information and determine eligibility for payment, wallet, settlement, payout, and other regulated features.
- Process payments, payment links, QR checkout, deposits, withdrawals, internal transfers, settlement, refunds, chargebacks, rebates, and related ledger activity.
- Provide compliance, anti-money laundering, sanctions screening, fraud monitoring, risk management, dispute handling, and transaction monitoring.
- Integrate with banks, card networks, payment processors, digital asset infrastructure providers, blockchain networks, identity vendors, and other service providers necessary to deliver the Services.
- Send security codes, service notifications, account alerts, transaction receipts, KYB status updates, support messages, and legally required communications.
- Maintain records required by law, regulation, accounting, audit, tax, dispute resolution, and contractual obligations.
- Improve, debug, monitor, secure, and develop the Services.
- Enforce our agreements, protect rights and safety, and prevent misuse of the Services.
1.5 Legal Bases for Processing
Where privacy laws require a legal basis, we process information under one or more of the following bases: performance of a contract; compliance with legal and regulatory obligations; legitimate interests such as fraud prevention, service security, product improvement, and dispute resolution; consent where required; and protection of vital interests or public interest where applicable.
1.6 How We Share Information
We do not sell personal information. We share information only as necessary for the purposes described in this Privacy Policy, including with:
- Payment processors, acquiring partners, banking partners, card networks, payment method providers, stablecoin/digital asset infrastructure providers, and settlement partners.
- Identity verification, KYB/KYC, fraud-prevention, risk, sanctions screening, blockchain analytics, and compliance vendors.
- Cloud hosting, security, analytics, customer support, communications, email delivery, logging, and infrastructure providers.
- Merchants, account administrators, authorized representatives, and recipients involved in a transaction or transfer.
- Government agencies, regulators, law enforcement, courts, arbitration bodies, and other parties where disclosure is required by law or necessary to protect rights, safety, or the integrity of the Services.
- Professional advisors, auditors, insurers, legal counsel, and potential parties to a merger, financing, acquisition, restructuring, or sale of assets.
1.7 Digital Assets and Public Blockchains
Digital asset transactions may be recorded on public blockchains. Blockchain transaction data, including wallet addresses and transaction hashes, may be public, permanent, and outside Omninal control. We cannot delete or reverse data recorded on public blockchain networks.
1.8 Data Retention
We retain information for as long as reasonably necessary to provide the Services, comply with legal and regulatory obligations, resolve disputes, enforce agreements, maintain business records, and protect against fraud and security incidents. Retention periods vary by data type and applicable law.
| Data Type | Typical Retention Approach |
|---|---|
| Account profile and merchant information | For the life of the account and for a reasonable period after closure. |
| KYB/KYC, AML, sanctions, and compliance records | For the legally required period, commonly five to seven years or longer where required by law, regulator, partner agreement, litigation hold, or investigation. |
| Payment, settlement, withdrawal, refund, chargeback, tax, and accounting records | For the legally required accounting, tax, audit, financial services, and dispute-resolution period. |
| Security logs and device/session records | For a period reasonably necessary for security, fraud prevention, troubleshooting, and compliance. |
| Support communications | For as long as needed to respond to requests, improve service quality, maintain evidence of communications, and comply with law. |
| Marketing preferences | Until you unsubscribe or your preference is otherwise updated, subject to legal recordkeeping requirements. |
1.9 Account Deletion and Data Deletion Requests
If the App allows account creation, users must be able to request account deletion. You may request account deletion through the in-app account deletion path where available, or by contacting [email protected].
Account deletion may require additional verification to protect the account and prevent unauthorized requests. Because Omninal provides financial, payment, settlement, compliance, and digital asset-related services, we may be required or permitted to retain certain information after account closure for legal, AML, sanctions, fraud-prevention, accounting, tax, audit, dispute, security, or regulatory reasons. When we retain information after a deletion request, we restrict it to the purposes required or permitted by law and delete or de-identify it when retention is no longer necessary.
1.10 Your Privacy Rights and Choices
Depending on your location and role, you may have rights to access, correct, update, export, delete, restrict, or object to certain processing of your information. You may also have the right to withdraw consent where processing is based on consent. To exercise rights, contact [email protected]. We may need to verify your identity and authority before responding.
You can also update certain account information inside the App, opt out of non-essential marketing communications, and manage device permissions through your device settings. Transactional, security, compliance, and service messages may still be sent even if you opt out of marketing messages.
1.11 Security
We use administrative, technical, and organizational safeguards designed to protect information, including encryption in transit, access controls, authentication controls, monitoring, logging, and vendor security reviews. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials and payment password and for promptly notifying us of unauthorized activity.
1.12 International Transfers
We may process, store, and transfer information in countries other than the country where you are located. Those countries may have different data protection laws. Where required, we use appropriate safeguards for cross-border transfers, such as contractual protections or other lawful transfer mechanisms.
1.13 Children
The Services are intended for business users and are not directed to children or anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact [email protected].
1.14 Automated Processing and Risk Review
We and our service providers may use automated tools, rules, models, or risk signals to support fraud prevention, KYB/KYC review, sanctions screening, transaction monitoring, security, and compliance decisions. Some decisions may result in additional review, delayed processing, declined transactions, account restrictions, or requests for more information. Where required by law, you may request human review or additional information by contacting [email protected].
1.15 U.S. State Privacy Notices
Depending on where you reside, you may have rights under U.S. state privacy laws. Omninal does not sell personal information or share personal information for cross-context behavioral advertising unless expressly disclosed in an updated notice. We use sensitive personal information only for permitted business purposes, such as providing the Services, verifying identity, preventing fraud, securing accounts, and complying with law.
1.16 EEA, UK, and Swiss Users
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have rights under applicable data protection laws, including the rights to access, rectify, erase, restrict, object, data portability, and lodge a complaint with a supervisory authority. Some rights may be limited where financial services, AML, sanctions, tax, accounting, legal claims, or other lawful retention obligations apply.
1.17 Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required by law, which may include in-app notice, website notice, or email. The updated Privacy Policy will be effective when posted unless a later date is stated.
1.18 Contact Us
For privacy questions, account deletion requests, data requests, or security concerns, contact us at: [email protected] or [email protected].