Privacy Policy

Last Updated:  May 15, 2026 

1. Introduction

This Privacy Policy (the "Policy") describes how personal data is handled by Operator of Corytech Platform (the "Company," "we," "us," or "our"). Corytech is a payment technology provider and orchestration platform (SaaS) that prioritizes privacy by design and technical data minimization.

2. Company Status and Regulatory Role

Corytech’s role in data processing depends strictly on the technical architecture chosen by the Merchant:

• Technical Infrastructure Provider: In most orchestration scenarios, Corytech acts as a technical gateway. We provide the "pipes" for data transmission where data is often encrypted or tokenized by the Merchant or the Acquiring Bank. In such cases, Corytech does not process or store personal identifiable information (PII) of end-users.
• Data Controller: We act as a Controller only for business-related data: Merchant onboarding (KYB) information and website visitor data.

3. Data Minimization and Metadata Handling

To ensure maximum privacy, our orchestration engine is optimized to work with technical metadata rather than personal data.

• Tokenization: We encourage the use of tokens. When tokens are used, Corytech has no visibility into the underlying data.
• Encrypted Transit: For the majority of services, data passes through our infrastructure in an encrypted state (End-to-End Encryption), meaning we provide the connectivity without accessing the content.
• No PII Storage: We do not store full names, addresses, or complete card numbers (PAN) of our Merchants' customers.

4. Categories of Information Handled

• Merchant Business Data: Legal entity details, UBO information, and contact data for KYB purposes.
• Orchestration Metadata: Technical identifiers (Transaction IDs), currency, amount, and masked card identifiers (BIN/Last 4) for routing logic and reconciliation.
• Security Logs: Technical logs (IP addresses, timestamps) used exclusively for platform security and fraud prevention.

5. Third-Party Interactions

Corytech facilitates technical connectivity between Merchants and licensed financial institutions. We do not "share" data in the traditional sense; rather, we route encrypted commands to the partners selected and contracted by the Merchant.

6. Strict Prohibitions and Sanctions

Corytech maintains a zero-tolerance policy regarding high-risk and sanctioned territories.

• No Data Flow: Technical filters are in place to ensure no data is routed through or stored within these jurisdictions.

7. Data Retention

Corporate KYB data is retained as required by international standards (typically 5 years). Technical transaction metadata is retained for the minimum period necessary for reconciliation and is then purged or anonymized.

8. Security Standards

• PCI DSS Compliant Environment: Even when not touching full PII, our infrastructure adheres to top-tier security standards.
• Zero-Knowledge Principles: We strive to implement technical flows where Corytech has "zero knowledge" of the sensitive user data passing through the orchestration layer.

9. Contact Information

For any inquiries regarding this Policy or our technical data handling practices, please contact: