Privacy Policy

Last Updated: February 2026

This Privacy Policy explains how Pin4 processes personal data in connection with payout orders processed through the Pin4 platform. This Privacy Policy applies globally unless supplemented by jurisdiction-specific disclosures.

1. Scope

This Privacy Policy applies to recipients of payout orders (“Orders”) processed using Pin4’s technology platform. It describes how personal data is collected, used, shared, transferred, and protected.

2. Roles and Responsibilities

In most cases, the Sending Entity that issued your Order determines the purposes and means of processing personal data and acts as the data controller. Pin4 processes personal data on behalf of the Sending Entity in accordance with its contractual instructions.

In limited circumstances, Pin4 may act as an independent controller where necessary to comply with legal obligations, maintain platform security, ensure system integrity, prevent fraud, or meet regulatory recordkeeping requirements.

3. Personal Data We Process

We may process the following categories of personal data:

– Name

– Mobile phone number

– Order details (amount, currency, transaction identifiers)

– Country of payout

– Technical and transaction records necessary to operate the platform and comply with legal obligations

We may process government-issued identification details solely for the purpose of transmitting such information to payout partners where required. Pin4 does not retain government-issued identification details.

We do not collect geolocation data, device fingerprinting data, or use personal data for marketing purposes.

4. How We Use Personal Data

We use personal data to:

– Process and authorize payout Orders

– Deliver transactional communications (such as SMS notifications)

– Maintain system security and integrity

– Comply with legal and regulatory obligations

5. Legal Bases (EEA and UK)

Where applicable under the General Data Protection Regulation (GDPR) or UK GDPR, personal data is processed on the basis of: performance of a contract, compliance with legal obligations, and legitimate interests related to fraud prevention and system security.

6. Data Sharing and Subprocessors

Personal data may be shared with:

– The Sending Entity

– Regulated financial partners and payout networks

– Retail agents or ATM operators where necessary

– Technology service providers, including cloud hosting providers and SMS providers

Pin4 uses third-party subprocessors to provide hosting, messaging, and infrastructure services. These providers are contractually required to protect personal data.

We may disclose personal data where required to comply with applicable law, legal process, regulatory inquiry, or governmental request.

7. International Data Transfers

Personal data may be processed in Spain and the United States. Where personal data is transferred outside the European Economic Area or United Kingdom, Pin4 relies on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission and/or the UK International Data Transfer Addendum or other legally recognized transfer mechanisms.

8. Data Retention

Personal data is retained for as long as necessary to fulfill the purposes described in this Privacy Policy, including compliance with legal, accounting, and regulatory requirements. In general, transaction-related data is retained for five (5) to seven (7) years.

9. Security

Pin4 implements appropriate technical and organizational safeguards designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. These safeguards include encryption in transit, access controls, role-based permissions, and monitoring mechanisms.

10. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict processing of, or obtain a copy of your personal data. In most cases, requests should be directed to the Sending Entity that issued your Order. Pin4 will cooperate with the Sending Entity in responding to applicable data subject requests.

California Privacy Rights

In the preceding 12 months, Pin4 has collected the categories of personal information described in Section 3 above. Pin4 does not sell personal data or share personal data for cross-context behavioral advertising. California residents may have additional rights under applicable California law.

EEA and UK Rights

Individuals in the EEA and UK may have rights under GDPR, including rights of access, rectification, erasure, restriction, data portability, and objection. You also have the right to lodge a complaint with your local supervisory authority.

For individuals in the UK, complaints may be directed to the Information Commissioner’s Office (ICO).

11. Children’s Data

The Pin4 platform is not intended for individuals under the age of 18. If we become aware that personal data of an individual under 18 has been processed, we will take reasonable steps to delete such data.

12. Updates to This Policy

This Privacy Policy may be updated from time to time for legal, regulatory, or operational reasons. Updated versions will be made available through the applicable website or platform.

13. Contact Information

For questions regarding this Privacy Policy or to exercise applicable data rights, please contact: privacy@pin4.com.