Store Contact Terms Sign In

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: April 7, 2026 · Effective immediately

1. Overview

This Privacy Policy describes how MKPAYZ ("MKPAYZ", "we", "us", or "our") collects, uses, and protects information about you when you use our website and services (the "Platform").

By using our Platform, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.

We are committed to protecting your privacy. We do not sell your personal data to third parties, and we only collect what is necessary to provide our services.

2. Information We Collect

2.1 Information You Provide

When you register or use our services, we collect:

Data TypePurposeRequired?
Full nameAccount identification and communicationsYes
Email addressAccount login, order delivery, supportYes
UsernameAlternative login identifierNo
Phone numberAlternative login and account recoveryNo
CountryRegional pricing and complianceNo
Password (hashed)Authentication — never stored in plain textYes
Delivery emailSending purchased gift cardsYes (per order)

2.2 Payment Information

Payment card details are processed directly by Stripe, Inc. and are never stored on our servers. We only receive a payment confirmation reference and masked card details (last 4 digits, expiry) for display purposes.

For bank transfers, you provide your bank reference manually and we verify it manually — no bank credentials are shared with us.

2.3 Automatically Collected Information

When you use our Platform, we may automatically collect:

  • IP address and approximate location (country/region)
  • Browser type, version, and operating system
  • Pages visited and time spent on those pages
  • Referring URL and search terms
  • Device identifiers (for mobile browsers)

3. How We Use Your Data

We use the information we collect to:

  • Provide our services — process orders, deliver gift cards, and manage your account
  • Communicate with you — send order confirmations, support replies, and service announcements
  • Improve our Platform — analyze usage patterns, fix bugs, and develop new features
  • Prevent fraud — detect and block fraudulent transactions and account abuse
  • Comply with legal obligations — respond to lawful requests from authorities and maintain required records
  • Send marketing communications — only with your explicit consent; you may opt out at any time

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.

4. Sharing Your Data

We do not sell, rent, or trade your personal information. We may share your data with:

4.1 Service Providers

Trusted third-party providers who assist us in operating our Platform:

ProviderPurposeData Shared
Stripe, Inc.Payment processingPayment details, email, name
Email provider (SMTP)Transactional emailsName, email address
RelogradeGift card fulfillmentOrder details (no personal data)
Hosting providerInfrastructureAll data (encrypted storage)

4.2 Legal Requirements

We may disclose your information when required by law, regulation, or a valid court order, or to protect the rights, property, or safety of our company, customers, or others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5. Data Storage & Security

Your data is stored on secure servers located in [DATA_STORAGE_LOCATION]. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction, including:

  • SSL/TLS encryption for all data in transit
  • Password hashing using bcrypt (never stored in plain text)
  • JWT-based authentication with expiring tokens
  • Regular security reviews and access controls
  • Database encryption at rest where supported

Despite these measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we work continuously to protect your information.

6. Cookies

We use a minimal number of cookies and localStorage to:

  • Keep you logged in (authentication token stored in localStorage)
  • Remember dismissed announcements and notification states
  • Maintain your preferences across sessions

We do not use third-party tracking cookies or advertising cookies. You may clear localStorage data at any time through your browser settings, which will log you out of the Platform.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

  • Account data — retained until you request deletion
  • Order records — retained for 7 years for financial and legal compliance purposes
  • Support communications — retained for 2 years
  • Log data — retained for up to 90 days

After account deletion, we may retain anonymized data for analytics and compliance for up to 7 years.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access — request a copy of the personal data we hold about you
  • Right to Rectification — request correction of inaccurate or incomplete data
  • Right to Erasure — request deletion of your personal data ("right to be forgotten")
  • Right to Restriction — request that we limit processing of your data
  • Right to Portability — receive your data in a machine-readable format
  • Right to Object — object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent — withdraw consent for processing at any time

To exercise any of these rights, contact us via the contact page. We will respond within 30 days. We may need to verify your identity before processing your request.

9. Children's Privacy

Our Platform is not directed at children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

If you believe a child has provided us with personal information, please contact us immediately at the address below.

10. Third-Party Services

Our Platform may contain links to third-party websites or integrate third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

Key third-party services we use:

  • Stripestripe.com/privacy
  • Google Fonts — font delivery (no personal data collected)

11. International Data Transfers

Your data may be processed in countries outside of your own, including countries that may not have the same data protection laws as your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

If you are located in the European Economic Area (EEA), transfers to countries outside the EEA are made pursuant to Standard Contractual Clauses or other approved transfer mechanisms.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page and, where appropriate, sending you an email notification.

Your continued use of the Platform after changes are made constitutes your acceptance of the updated policy.

13. Contact Us

For privacy-related questions, data requests, or complaints, please contact us:

  • Company: MKPAYZ
  • Address: Lilongwe, Malawi
  • Data Controller: MKPAYZ
  • Contact Form: MKPAYZ Contact Page

If you are located in the EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.