Privacy Policy

This Privacy Policy describes how Aventis Pay, Inc. collects, uses, discloses, and protects information about businesses and individuals who use the Aventis platform. It applies to our website, platform, API, and all related services.

1. Who We Are

Aventis Pay, Inc. ("Aventis") is a Delaware corporation operating a B2B payment orchestration platform. We are the data controller for personal and business data processed through the Aventis platform. We are not a bank, money transmitter, or financial institution - we are a software platform that coordinates licensed third-party payment services.

2. Information We Collect

2.1 Information You Provide Directly

Business registration information: legal company name, country of incorporation, industry, registered address, EIN or Tax ID, and company registration number.

Contact information: work email address, phone number, and names and contact details of authorised users and beneficial owners.

Identity documents: for KYB purposes, documents such as Certificate of Incorporation, Proof of Address, government-issued ID, and liveness check data. Processed by AIPRISE on our behalf.

Vendor information: names, email addresses, bank details (account number, IFSC code), and KYC information of your vendors. Vendor KYC is processed by Saber Money.

Payment information: invoice details, payment amounts, payment instructions, and related transaction data.

ERP credentials: OAuth tokens or API credentials used to connect your ERP. Encrypted at rest and in transit.

Communications: emails, support tickets, and other communications you send to us.

2.2 Information Collected Automatically

Usage data: pages visited, features used, session duration, and interaction patterns within the platform.

Device and technical data: IP address, browser type, operating system, device identifiers, and time zone.

Log data: server logs, error reports, and performance data.

Wallet address: your non-custodial Privy wallet address on the Base network (public blockchain data). We do not hold or access your private keys.

On-chain transaction data: transaction hashes associated with your wallet address, which is publicly available on the Base blockchain.

2.3 Information from Third Parties

• KYB results and risk scores from AIPRISE.
• Compliance screening results from TRM Labs.
• Transaction status and confirmation data from Bridge and Saber Money.
• Sanctions and watchlist data from OFAC and other regulatory sources.

3. How We Use Your Information

Account creation and onboarding

To create and manage your account, verify identity through KYB, and configure your wallet and ERP connections.

Payment orchestration

To instruct Bridge to process your on-ramp, to sign USDC transfers from your wallet to Saber Money via delegated session, and to instruct Saber Money to disburse INR to your vendors.

Vendor onboarding

To generate and send Saber KYC links to your vendors and to track their verification status.

Compliance and fraud prevention

To screen transactions against sanctions lists and blockchain risk databases, and to comply with legal obligations.

Platform operation and improvement

To operate, maintain, secure, and improve the platform; to diagnose and fix technical issues; and to develop new features.

Customer support

To respond to enquiries and resolve issues.

Communications

To send transactional notifications, security alerts, and - where you have opted in - product updates.

Legal and regulatory compliance

To comply with applicable laws, respond to legal process, and cooperate with regulatory authorities.

4. Legal Bases for Processing

Where applicable law requires a legal basis (including under GDPR and UK GDPR), we process data on the following bases:

Contract: processing necessary to perform our agreement with you, including providing the Services.

Legal obligation: processing necessary to comply with AML laws, sanctions screening requirements, and other legal obligations.

Legitimate interests: processing for fraud prevention, platform security, and product improvement.

Consent: where relied upon (e.g., marketing emails), you may withdraw consent at any time.

5. How We Share Your Information

5.1 Third-Party Service Providers

Bridge Financial Technologies, Inc.
Receives Customer name, business details, and payment instructions to process fiat on-ramp transactions.

Saber Money
Receives Customer and vendor details, including vendor KYC information and bank details, to process INR disbursements.

Privy, Inc.
Provides wallet infrastructure. Receives user email or authentication identifier. Privy does not hold your private keys or funds.

AIPRISE
Receives business details and identity documents for KYB verification.

TRM Labs
Receives wallet addresses and transaction data for compliance screening.

Cloud infrastructure
We use cloud providers to host the platform. Data is stored in encrypted form.

5.2 Legal Disclosures

We may disclose your information to law enforcement or regulatory authorities where required by applicable law, including disclosures required under the Bank Secrecy Act and OFAC regulations.

5.3 Business Transfers

In a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity subject to the same protections.

5.4 No Sale of Personal Data

Aventis does not sell, rent, or trade personal data to third parties for their own marketing or commercial purposes.

6. Data Retention

We retain data for as long as necessary to provide Services and comply with legal obligations:

• KYB records and identity documents: minimum 5 years following end of customer relationship, as required under AML regulations.
• Transaction records: minimum 5 years following each transaction, as required under applicable financial regulations.
• Account and usage data: duration of the customer relationship plus up to 3 years following account closure.
• Communications: up to 3 years for support and audit purposes.

7. Data Security

We implement appropriate technical and organisational security measures including:

• Encryption at rest (AES-256) and in transit (TLS 1.2 or higher);
• Role-based access controls limiting internal access to authorised personnel on a need-to-know basis;
• Regular security assessments and penetration testing;
• Incident response procedures and breach notification processes.

8. International Data Transfers

Aventis processes data in the United States. If you are in the EEA, UK, or another jurisdiction with data transfer restrictions, we rely on appropriate safeguards including Standard Contractual Clauses where required. Vendor data processed by Saber Money is subject to Indian data protection laws including the Digital Personal Data Protection Act 2023.

9. Your Rights

Depending on your jurisdiction, you may have rights to: access your data; correct inaccurate data; delete your data (subject to retention obligations); restrict processing; receive your data in a portable format; object to processing based on legitimate interests; and withdraw consent. Contact privacy@aventispay.com to exercise any of these rights.

10. Cookies and Tracking

The Platform uses only essential cookies required for functionality (session management and authentication). We do not use advertising or tracking cookies.

11. Children's Privacy

The Services are not directed to individuals under 18. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Policy and will notify you of material changes by email or platform notice. Your continued use of Services following notice constitutes acceptance.

13. Contact

Email:
privacy@aventispay.com

Post:
Aventis Pay, Inc., Privacy Team, [Address TBD], Wilmington, Delaware

Data Protection Officer:
dpo@aventispay.com