Legal

Privacy Policy

Pocket Pass Digital, OPC. ("Company", "We", "Us", or "Our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, and disclose your information when you use the DigiFI Open Banking API Accelerator platform, including the Developer Portal, APIs, Subscription dashboard, and related services (collectively, the "Platform").

1. Information We Collect

1.1. Account Information

When you register as a partner developer, we collect:

  • Personal details: Name, email address, phone number, and physical address.
  • Professional details: Company name, role/title, and business address.
  • Authentication credentials: Username and password (stored in hashed form).
1.2. Organization and Subscription Information

When your account is created, we generate and maintain:

  • Organization data: Organization name, slug, membership roles (Owner, Admin, Member), and activation status.
  • Subscription data: Selected plan, billing period, subscription status, and PayPal subscription identifiers for paid plans.
1.3. API Usage and Transaction Data

When you use our APIs, we collect:

  • API call records: Request counts per billing period, tracked at the Organization level for plan enforcement and billing.
  • Resource counts: Number of accounts, applications, and transactions created by your Organization.
  • Application data: Registered application names, descriptions, Client IDs, approval status, and auto-generated test data credentials.
  • Financial data: Account numbers, balances, currencies, and transaction records processed through the APIs. This data is created and managed by you through the API and stored on your behalf.
1.4. Technical Information
  • Device and browser data: IP address, browser type and version, operating system, and device identifiers.
  • Authentication tokens: API tokens issued via the authentication system, including token expiry timestamps and associated client identifiers.
  • Server logs: Request paths, response codes, timestamps, and performance metrics.
1.5. Payment Information

Paid subscription payments are processed through PayPal. We store your PayPal subscription ID for billing management but do not store your PayPal account credentials, credit card numbers, or other payment details on our servers. Payment processing is governed by PayPal's Privacy Policy.

2. How We Use Your Information

  • Platform operations: To authenticate you, process API requests, manage your Organization, enforce Subscription Plan limits, and provide the services you have subscribed to.
  • Billing and subscription management: To process subscription payments via PayPal, track usage against your plan limits, and manage plan upgrades, downgrades, and cancellations.
  • Account lifecycle: To verify your email, activate your partner account, manage application registrations, and provide backoffice administration capabilities to our staff.
  • Security and fraud prevention: To detect and prevent unauthorized access, abuse, or fraudulent activity on the Platform.
  • Communications: To send you account activation emails, application approval/revocation notices, subscription confirmations, and service-related announcements.
  • Platform improvement: To analyze usage patterns, diagnose technical issues, and improve the performance, reliability, and features of the Platform.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

  • Payment processor (PayPal): We share your subscription information with PayPal to process recurring payments for paid plans. PayPal's handling of your data is governed by their own privacy policy.
  • Infrastructure providers: We use third-party hosting (Heroku), database (PostgreSQL), caching (Redis), and email delivery services to operate the Platform. These providers process data on our behalf under appropriate data processing agreements.
  • Within your Organization: Organization members and administrators can view shared Organization data including subscription status, usage metrics, and registered applications.
  • Backoffice administration: Our authorized staff members access partner, application, account, and Organization data through the Backoffice admin panel for account activation, application approval, and platform management purposes.
  • Legal obligations: We may disclose your information to comply with legal obligations, enforce our Terms and Conditions, respond to lawful requests from public authorities, or protect our rights, property, or safety.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity with prior notice.

We do not sell your personal information to third parties.

4. Data Retention

  • Active accounts: We retain your information for as long as your account is active and your Organization maintains an active subscription.
  • After termination: Upon account closure or termination, we retain your data for 90 days to allow for account recovery. After 90 days, personal data and Organization data may be permanently deleted.
  • Usage and billing records: API usage records, subscription history, and billing data are retained for 24 months after the end of the relevant billing period for audit and dispute resolution purposes.
  • Legal requirements: We may retain certain data for longer periods as required by applicable laws, regulations, or legal proceedings.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit: All data transmitted between your systems and the Platform is encrypted using TLS 1.2 or higher (HTTPS).
  • Authentication: API access is secured via token-based authentication with configurable token expiry. Passwords are stored using strong one-way hashing algorithms.
  • Access controls: Backoffice access is restricted to authorized staff members. API access is scoped to Organization membership and ownership.
  • Infrastructure security: The Platform is hosted on Heroku with managed PostgreSQL and Redis, benefiting from their enterprise-grade security infrastructure.

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.

6. Your Rights and Choices

  • Access and update: You can review and update your account information through the Developer Portal at any time.
  • Subscription management: You can upgrade, downgrade, or cancel your Subscription Plan through the Subscription dashboard.
  • Application management: You can view and manage your registered applications through the App Registry.
  • Account deletion: You may request account deletion by contacting us at the email address below. Deletion is subject to the data retention periods described in Section 4.
  • Communications: Transactional emails (account activation, application approval, subscription confirmations) cannot be opted out of while your account is active, as they are essential to Platform operations. We do not send marketing emails.
  • Data portability: You may request an export of your Organization data by contacting us.

7. Cookies and Tracking

The Platform uses session cookies for authentication and maintaining your login state. These are essential cookies required for the Platform to function. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. International Data Transfers

The Platform is hosted on infrastructure that may process data in regions outside your country of residence. By using the Platform, you consent to the transfer of your information to these locations. We ensure appropriate safeguards are in place for international data transfers.

9. Children's Privacy

The Platform is designed for business use by partner developers and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected such information, please contact us immediately.

10. Third-Party Links and Services

The Platform may contain links to third-party services, including PayPal for payment processing. We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies before providing them with your information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email to the address associated with your account or through a prominent notice on the Platform at least 30 days before taking effect. Your continued use of the Platform after the effective date of any changes constitutes acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:

Pocket Pass Digital, OPC.

Data Protection Inquiries

One Global Place, BGC Taguig

Philippines 1630

wecare@pocketpass.app

By registering for an account or using the Platform, you acknowledge that you have read and understood this Privacy Policy.

Effective date: April 9, 2026.