Privacy Policy

MineSec Pte. Ltd. (collectively referred to as “MineSec”, “us”, “we”, or “our”) is committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data when you:

  • Use our MineSec SoftPOS (Software Point of Sale) applications, SDK, Payment Gateway services, or related payment processing services,
  • Use our MineSec Attestation & Monitoring (A&M) services,
  • Visit or interact with our website [https://minesecsoftpos.com/],
  • Communicate with us via email, phone, or other digital means.

MineSec may act as a technology service provider, payment gateway provider, and/or data processor depending on the specific service being used. In payment transactions, MineSec facilitates the secure transmission of transaction data between merchants, acquiring banks, payment networks, and other payment service providers.

We process personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Who We Are (Data Controller)

Company Name: MineSec Pte. Ltd.
Address: 10 Anson Road, #03-27 International Plaza, Singapore 079903
Email: [email protected]
Data Protection Officer (DPO): Stone Zhong

2. What Personal Data We Collect

a. Solution Users (Merchants, Payment Service Providers, and Payment Gateway Clients)

  • Full name and contact information (email, phone)
  • Business or store details
  • Business registration number / tax ID
  • Bank account details (for settlements)
  • Transaction records
  • Device information (e.g. Device name, Android ID, OS version)
  • Application usage data (e.g., IP address, geolocation)
  • Payment routing information (e.g., merchant identifiers, gateway transaction identifiers)

b. Customer Data (Processed on Behalf of Merchants)

  • Partial card numbers (tokenized or masked per PCI DSS)
  • Transaction time, amount, and location (if enabled)
  • Cardholder’s name (where applicable)
  • Payment authorization status and response codes
  • Payment method metadata (e.g., card brand, tokenized card reference)

c. Technology Solution(SDK) users

  • Login user information (email)

Note: We process customer data strictly as a data processor on behalf of the merchant (data controller).

c. Website Visitors

When you access MineSec website via a browser, application or other client, our servers automatically record certain information. This may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages and other statistics.

In addition, we may use third party Services such as Google Analytics that collect, monitor and analyse this type of information in order to increase our Site’s functionality. These third party Services providers have their own privacy policies addressing how they use such information.

d. Cookies and Tracking Technologies

Refer to Cookies and Web Tracking section.

3. Legal Basis for Processing

4. How We Use Your Data

Our purposes for using personal data include:

  • To provide and operate SoftPOS services, payment gateway services, and related payment processing infrastructure
  • To securely transmit payment transaction data between merchants, acquiring banks, card networks, and other payment service providers
  • To fulfill legal and regulatory obligations (e.g., AML, KYC)
  • To offer technical and customer support
  • To analyze and improve our website and services
  • To communicate with you about product updates, security issues, or marketing (if permitted)

5. Data Sharing and Third Parties

We may share personal data with trusted third-party service providers, including:

  • Payment processors, payment gateways, acquiring banks, and card networks (such as Visa, Mastercard, or other payment schemes)
  • Cloud hosting and IT infrastructure providers (e.g., AWS Cloud, Alibaba Cloud)
  • Customer support platforms
  • Regulatory or supervisory authorities (where required)
  • Fraud prevention and risk monitoring service providers
  • Web analytics and marketing tools (for website)

All third parties are bound by strict confidentiality and data processing agreements. No data is sold to third parties.

6. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. Please note that we may transfer the information, including personal data, to Singapore and other countries to process. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards, such as:

  • The receiving country has an adequacy decision from the EU Commission;
  • The use of Standard Contractual Clauses (SCCs) approved by the European Commission, which impose contractual obligations on the recipient to ensure the protection of personal data;
  • Where required, the implementation of supplementary technical and organizational measures, such as strong encryption, access control, and data minimization.

We conduct Transfer Impact Assessments (TIAs) where necessary to evaluate the legal environment of the recipient country and to determine if additional safeguards are needed to protect personal data.

A list of our sub-processors and details of applicable transfer mechanisms can be provided upon request. Please contact us at [email protected] for further information.

7. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected, including legal and regulatory retention requirements.

Examples:

  • Merchant account data: up to 10 years after closure
  • Transaction data: 7 years (for tax and regulatory purposes)
  • Website analytics data: typically 14 months (if consented)

8. Your Rights Under the GDPR

You have the following rights:

  • Access: Request a copy of the personal data we hold
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion (“right to be forgotten”), where applicable
  • Restriction: Request limitation of processing
  • Objection: Object to processing based on legitimate interest
  • Data Portability: Request data in a structured, machine-readable format
  • Withdraw Consent: At any time, where processing is based on consent
  • File a Complaint: With your national Data Protection Authority

To exercise your rights, please contact us at [email protected].

9. Security Measures

We take the protection of personal data very seriously and follow strict security practices to keep it safe. As a SoftPOS provider, we use a mix of technical and organizational safeguards to ensure that personal data is secure and handled properly, in line with the General Data Protection Regulation (GDPR).

Where MineSec processes personal data on behalf of a customer, such processing shall be governed by a Data Processing Agreement (DPA) between MineSec and the customer in accordance with Article 28 of the GDPR.

Here’s how we protect your data:

Encryption

  • All personal data is encrypted during transfer and storage.
  • Sensitive payment data is tokenized or masked — we never store full card details.

Access Controls

  • Only authorized staff can access personal data, and only when necessary.
  • Access is protected with strong passwords and multi-factor authentication.

Secure Infrastructure

  • We host our services on secure cloud platforms with strong security certifications (like ISO 27001).
  • Our systems are protected with firewalls and other security tools.

Regular Testing

  • We regularly test our systems for vulnerabilities and fix any issues quickly.
  • Security checks and audits help us stay ahead of potential risks.

Breach Response

  • We have a data breach plan in place.
  • If there’s ever a data breach, we will quickly inform our clients (data controllers) and help manage the situation.

Staff Training

  • Our team receives regular training on data protection and security.
  • Everyone handling personal data signs confidentiality agreements.

Sub-Processor Controls

  • We only work with trusted partners and service providers who meet our security and GDPR standards.
  • Any international data transfers are protected by legal safeguards, like Standard Contractual Clauses (SCCs).

We follow industry payment security standards, including PCI DSS (Payment Card Industry Data Security Standard) requirements where applicable. Sensitive cardholder data is tokenized, encrypted, or masked and is not stored in full by MineSec systems.

We continuously improve our security to match industry best practices and evolving threats. For more details, contact us at [email protected].

10. Cookies and Web Tracking

We use cookies and similar tools on our website to make it work properly, help us understand how people use it, and improve your experience.

What are cookies?

Cookies are small files stored on your device when you visit a website. They help the site remember your preferences and activity.

Types of cookies we use

  • Essential cookies: Needed for the website to work (like login and security).
  • Analytics cookies: Help us understand how visitors use the site so we can make it better.
  • Functional cookies: Remember things like your language or region.
  • Marketing cookies (if used): Help show relevant ads and track how they perform.

Third-party tools

We may use trusted partners like Google Analytics or Hotjar to collect anonymous usage data. These tools may also use their own cookies.

Your choices

You can:

  • Accept or reject non-essential cookies using our cookie banner.
  • Change your browser settings to block or delete cookies.
  • Use tools like Google Analytics Opt-out to stop certain tracking.

Note: Turning off cookies might affect how our website works for you.

11. Minor’s Privacy

MineSec does not need or want to collect any sensitive personal information (called special category data in the EU) through the Site. Minors under the age of 18 should not provide any personal information to MineSec through the Site. 

​The Site does not knowingly collect personally identifiable information from minors. If you are a parent or guardian and you are aware that your child/ward has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from minors without verification of parental consent, we take steps to remove that information from our servers.

12. Changes to This Policy

We may update our Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If you have any questions about this Privacy Policy, please contact us at [email protected].  

Contact Us

For any questions, concerns, or to exercise your rights under GDPR, contact us at:

MineSec Pte. Ltd.
10 Anson Road, #03-27 International Plaza, Singapore 079903
Email: [email protected]