ForgeFi LLC / PayForge

 

Effective Date: Thursday 19 March 2026

 

ForgeFi LLC, operating under the brand PayForge, respects your privacy and is committed to protecting personal data in accordance with applicable law.

 

This Privacy Policy explains how we collect, use, disclose, store, transfer, and protect personal information when you use our website, apply for or use a PayForge card, interact with customer support, or otherwise engage with our services.

 

1. Controller / Business Information

 

For the purposes of applicable data protection laws, including GDPR-style transparency requirements where applicable, ForgeFi LLC acts as the controller or equivalent data fiduciary/business for the personal information we process, unless stated otherwise in a specific notice.

 

2. Information We Collect

 

We may collect the following categories of information:

 

(a) identity information, such as full name, date of birth, nationality, passport or government ID details, and KYC verification data;

(b) contact information, such as email address, mobile number, residential address, and correspondence records;

(c) account and profile information, such as login credentials, preferences, card status, balance data, and support communications;

(d) transaction data, such as card loads, card purchases, refunds, declines, merchant data, timestamps, device and network details, and blockchain transaction references;

(e) digital asset information, such as wallet addresses, source-of-funds information, and transfer history;

(f) technical information, such as IP address, device identifiers, browser type, cookies, logs, and analytics data;

(g) compliance information, such as sanctions screening results, fraud alerts, disputes, chargebacks, and internal risk scores; and

(h) marketing and communications data, such as opt-in preferences and campaign interaction data.

 

3. How We Use Personal Data

 

We may use personal data to:

(a) verify identity and perform KYC/AML checks;

(b) issue, activate, manage, and support cards and related accounts;

(c) process top-ups, transactions, refunds, reversals, disputes, and chargebacks;

(d) detect, investigate, and prevent fraud, abuse, unauthorized access, and other security incidents;

(e) comply with legal, regulatory, tax, accounting, sanctions, and reporting obligations;

(f) communicate with you about your account, service updates, policies, and support requests;

(g) analyze usage, improve products, and maintain service quality;

(h) send marketing communications where permitted by law and, where required, with consent; and

(i) defend our legal rights, enforce our contracts, and resolve disputes.

 

4. Legal Bases for Processing

 

Where GDPR or similar laws apply, we rely on one or more of the following legal bases:

(a) performance of a contract;

(b) compliance with legal obligations;

(c) our legitimate interests, such as fraud prevention, security, business administration, and service improvement;

(d) consent, where required for specific processing such as certain marketing activities or optional cookies; and

(e) protection of vital interests or establishment, exercise, or defense of legal claims, where applicable.

 

5. Disclosure of Personal Data

 

We may share personal data with:

(a) identity verification and KYC vendors;

(b) payment processors, card program partners, issuing partners, network partners, and settlement providers;

(c) blockchain analytics, fraud prevention, and compliance providers;

(d) shipping, logistics, and fulfillment providers;

(e) cloud hosting, IT security, analytics, communications, and customer support providers;

(f) affiliates, professional advisers, auditors, insurers, and legal counsel; and

(g) regulators, courts, law enforcement, tax authorities, and other public authorities where required or permitted by law.

 

We do not sell personal information in the ordinary commercial sense unless we expressly state otherwise in a separate notice where required by law.

 

6. International Transfers

 

Because we operate internationally, your personal data may be transferred to and processed in countries other than your own, including countries that may have different data protection laws.

 

Where required, we use appropriate safeguards for cross-border transfers, such as contractual protections, transfer mechanisms, or other lawful methods permitted by applicable data protection law.

 

7. Data Retention

 

We retain personal data only for as long as necessary to:

(a) provide the services;

(b) comply with legal, regulatory, tax, accounting, AML, or sanctions obligations;

(c) resolve disputes and enforce agreements; and

(d) protect against fraud, abuse, or security incidents.

 

Retention periods may vary by data type and jurisdiction. When data is no longer required, we will delete, anonymize, or securely archive it in accordance with law and our internal retention procedures.

 

8. Cookies and Similar Technologies

 

We may use cookies, pixels, local storage, SDKs, and similar technologies to operate the website, remember preferences, analyze traffic, improve performance, and support security and marketing functions.

 

Where required by law, we will seek your consent before placing non-essential cookies. You may manage cookies through your browser settings or our cookie banner/preferences tool, where available.

 

9. Security

 

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

 

However, no transmission or storage system is completely secure. You are responsible for safeguarding your login credentials, device access, and account information.

 

10. Your Rights

 

Where applicable law provides data-subject rights, you may have rights to:

(a) access your personal data;

(b) correct inaccurate or incomplete data;

(c) delete personal data;

(d) restrict or object to certain processing;

(e) data portability;

(f) withdraw consent where processing is based on consent; and

(g) not be subject to certain solely automated decisions, where applicable.

 

Where California or similar U.S. privacy laws apply, you may also have rights relating to access, deletion, correction, and opt-out of sale or sharing, subject to legal exceptions and verification requirements.

 

To exercise your rights, contact us using the details below. We may need to verify your identity before responding.

 

11. Children’s Privacy

 

Our services are not intended for children. We do not knowingly collect personal data from individuals under the age of 18. If we learn that we have collected such information, we will take appropriate steps to delete it, subject to legal retention obligations.

 

12. Marketing Communications

 

Where permitted by law, we may send you service, promotional, or informational messages. You may opt out of marketing emails at any time by using the unsubscribe link or contacting us directly. Opting out of marketing does not stop essential service communications.

 

13. Third-Party Links

 

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or security of third-party sites.

 

14. Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised effective date.

 

15. Contact Us

 

Privacy Contact: [Insert Email]

Address: [Insert Registered Address]

Data Protection Contact / DPO (if appointed): [Insert Name or Email]

 

If you are dissatisfied with our handling of your personal data, you may also have the right to complain to your local data protection authority or other applicable regulator.