Legal

Privacy Policy

Last updated: January 1, 2026

Orchestrate Payments Ltd (“Orchestrate”, “we”, “us”, or “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our payment services.

1. Who we are

Orchestrate Payments Ltd is registered in England and Wales (Company No. 14000001). Our registered address is 1 Canada Square, London, E14 5AB, United Kingdom. We are the data controller for information processed through our platform.

Our Data Protection Officer can be contacted at dpo@orchestrate.global.

2. Information we collect

Information you provide

  • Account registration details (name, email address, password)
  • Business information (company name, registration number, address)
  • Identity verification documents (passport, driving licence, utility bills)
  • Payment and banking information (bank account details, card information)
  • Communications with our support team

Information collected automatically

  • Log data (IP address, browser type, pages visited, timestamps)
  • Device information (hardware model, operating system, unique identifiers)
  • Transaction data processed through the platform
  • Cookies and similar tracking technologies (see our Cookie Policy)

3. How we use your information

We use your personal data to:

  • Provide and maintain our payment services
  • Verify your identity and comply with KYC/AML obligations
  • Process transactions and manage your account
  • Send transactional communications (receipts, alerts, security notices)
  • Detect and prevent fraud and abuse
  • Improve our services through analytics
  • Comply with legal and regulatory obligations
  • Send marketing communications where you have consented

4. Legal basis for processing

We process your personal data under the following legal bases:

  • Contract performance — to provide the services you have contracted for
  • Legal obligation — to comply with AML, KYC, and other regulatory requirements
  • Legitimate interests — for fraud prevention, security, and service improvement
  • Consent — for marketing communications and non-essential cookies

5. Data sharing

We share your personal data with:

  • Payment processors and acquirers — to route and settle transactions
  • Identity verification providers — to complete KYC checks
  • Cloud infrastructure providers — AWS for hosting and data storage
  • Fraud detection services — to screen transactions
  • Regulatory and law enforcement authorities — where required by law

We do not sell your personal data to third parties for marketing purposes.

6. Data transfers

We operate globally and may transfer your data to countries outside the UK and EEA. Where we do so, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or equivalent UK mechanisms.

7. Data retention

We retain personal data for as long as necessary to provide our services and comply with legal obligations. Transaction and KYC data is retained for a minimum of 5 years in accordance with AML regulations. You may request deletion of data not subject to a legal retention requirement.

8. Your rights

Under GDPR and UK data protection law, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request erasure (subject to legal obligations)
  • Object to or restrict processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with your supervisory authority

To exercise your rights, email privacy@orchestrate.global. We will respond within 30 days.

9. Security

We implement industry-standard security measures including AES-256 encryption, TLS 1.3, access controls, and regular penetration testing. We are PCI DSS Level 1 certified. See our Security page for details.

10. Children

Our services are not directed at individuals under 18. We do not knowingly collect data from minors.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or prominent notice on our website. Continued use of our services after notification constitutes acceptance of the updated policy.

12. Contact us

For privacy-related enquiries: privacy@orchestrate.global
Orchestrate Payments Ltd, 1 Canada Square, London, E14 5AB, UK