Skip to main content
Pay with OrbitPay with Orbit

Privacy Policy

Last updated: March 1, 2026

Orbit Technologies Ltd. ("Orbit", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cryptocurrency-to-card platform, website (paywithorbit.com), mobile applications, and related services (collectively, the "Service"). Please read this policy carefully. By using the Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account, verify your identity, or use our services, we may collect the following personal information:

  • Full legal name, date of birth, and nationality
  • Email address and phone number
  • Residential address and proof of address documents
  • Government-issued identification (passport, national ID card, driver's license) for identity verification (KYC)
  • Selfie or biometric verification data for identity matching
  • Source of funds and source of wealth documentation (where required)
  • Cryptocurrency wallet addresses used in transactions with the Service
  • Payment and transaction information, including card details and transaction history
  • Communications you send to us, including support requests and feedback

1.2 Usage and Technical Data

We automatically collect certain information when you access or use the Service:

  • IP address, browser type and version, and operating system
  • Device identifiers, device type, and screen resolution
  • Pages visited, features used, links clicked, and time spent on the Service
  • Referring website or source that led you to the Service
  • Date, time, and frequency of access
  • Error logs and performance data

1.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your interactions with the Service. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

1.4 Information from Third Parties

We may receive information about you from third-party sources, including: identity verification providers, fraud prevention services, blockchain analytics companies, credit reference agencies, publicly available databases, and card network partners (Visa and Mastercard).

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the Service, process cryptocurrency-to-fiat conversions, issue and manage prepaid cards, and process transactions.
  • Identity Verification: To verify your identity as required by applicable anti-money laundering (AML) and know-your-customer (KYC) regulations.
  • Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
  • Compliance: To comply with applicable legal and regulatory obligations, including AML/CTF requirements, sanctions screening, tax reporting, and responding to lawful requests from authorities.
  • Communication: To send you transactional notifications, security alerts, account updates, and customer support responses.
  • Analytics and Improvement: To analyze usage patterns, monitor performance, and improve the functionality, security, and user experience of the Service.
  • Marketing: With your consent where required, to send you promotional communications about new features, products, or services. You may opt out of marketing communications at any time.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following bases:

  • Performance of Contract: Processing necessary to provide the Service and fulfill our contractual obligations to you, including account management, transaction processing, and card issuance.
  • Legal Obligation: Processing necessary to comply with legal requirements, such as AML/KYC regulations, tax obligations, and responding to lawful government requests.
  • Legitimate Interests: Processing necessary for our legitimate interests, including fraud prevention, security, analytics, and improving the Service, provided those interests are not overridden by your rights and freedoms.
  • Consent: Where we rely on your consent (e.g., for marketing communications or non-essential cookies), you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Data Sharing and Third Parties

We do not sell your personal information to third parties. We may share your information with the following categories of recipients:

  • Card Issuing Partners: Partner financial institutions and card program managers that issue Visa and Mastercard prepaid cards on our behalf.
  • Card Networks: Visa International and Mastercard International, as required for card issuance, transaction authorization, and dispute resolution.
  • Identity Verification Providers: Third-party KYC/AML service providers that assist with identity verification, document authentication, and sanctions screening.
  • Blockchain Analytics: Companies that provide blockchain monitoring and analytics services to help detect suspicious cryptocurrency transactions.
  • Payment Processors: Service providers that facilitate fiat currency transactions and payment processing.
  • Cloud and Infrastructure Providers: Hosting, storage, and content delivery providers that support our technical infrastructure.
  • Law Enforcement and Regulators: Government authorities, regulatory bodies, and law enforcement agencies when required by law, legal process, or to protect our rights and safety.
  • Professional Advisors: Lawyers, auditors, and consultants engaged to provide professional services to Orbit.

All third-party service providers are contractually required to protect your personal data and may only use it for the specific purposes for which it was shared.

5. International Data Transfers

Your personal data may be transferred to, stored in, and processed in countries other than the country in which it was collected. These countries may have data protection laws that differ from the laws of your jurisdiction. When we transfer personal data outside the EEA or United Kingdom, we ensure appropriate safeguards are in place, including:

  • Transfers to countries that have been recognized as providing an adequate level of data protection by the relevant authorities.
  • Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office (ICO).
  • Binding Corporate Rules where applicable.
  • Your explicit consent, where no other mechanism is available.

You may request a copy of the safeguards in place by contacting us at [email protected].

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. Specifically:

  • Account Data: Retained for the duration of your account and for a period of 5 years after account closure, as required by financial regulations.
  • Transaction Records: Retained for a minimum of 5 years from the date of the transaction, in accordance with AML regulations.
  • KYC/Identity Documents: Retained for a minimum of 5 years after the end of the business relationship, as required by applicable law.
  • Usage and Analytics Data: Retained for up to 2 years from the date of collection, unless a longer retention period is required.
  • Marketing Preferences: Retained until you withdraw your consent or unsubscribe.

When personal data is no longer needed for the purposes for which it was collected, we will securely delete or anonymize it.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure (Right to Be Forgotten): You may request that we delete your personal data, subject to legal and regulatory retention obligations.
  • Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, and machine-readable format, or that we transmit it to another controller.
  • Right to Object: You may object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days, or within the timeframe required by applicable law. We may ask you to verify your identity before processing your request.

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18 (or the age of legal majority in the applicable jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that information as promptly as possible. If you believe that a child has provided personal data to us, please contact us at [email protected].

9. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • AES-256 encryption for data at rest and TLS 1.2+ encryption for data in transit
  • PCI-DSS Level 1 compliance for card data handling (we never store full card numbers on our servers)
  • Multi-factor authentication for account access
  • Regular penetration testing and vulnerability assessments by independent security firms
  • Role-based access controls and audit logging for all employee access to personal data
  • Secure key management using hardware security modules (HSMs)
  • Incident response procedures and data breach notification protocols

While we strive to protect your personal data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining industry-leading standards.

10. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information:

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share your information.
  • Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions (such as data retained for legal or regulatory compliance).
  • Right to Correct: You have the right to request that we correct inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising as defined by the CCPA/CPRA.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a request under the CCPA/CPRA, please contact us at [email protected] with the subject line "CCPA Request." We will verify your identity before processing your request and respond within 45 days.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and notify you through the Service or by email. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

12. Data Protection Officer

Orbit has appointed a Data Protection Officer (DPO) to oversee compliance with data protection regulations. If you have questions or concerns about how we handle your personal data, or if you wish to exercise your data protection rights, you may contact our DPO at:

  • Email: [email protected]
  • Postal Address: Data Protection Officer, Orbit Technologies Ltd., 10, Harshal Heights, Pimpri Chinchwad Link Road, Chinchwad, Pune - 411 033, India

13. Contact Information

For general privacy inquiries, please contact us at:

  • Email: [email protected]
  • Company: Orbit Technologies Ltd.
  • Address: 10, Harshal Heights, Pimpri Chinchwad Link Road, Chinchwad, Pune - 411 033, India
  • Website: paywithorbit.com