Personal

Business

Premier

OTC

About

EN
Buy Crypto
Rapidz
Rapidz

Privacy Policy

Privacy Policy

Effective Date: December 29, 2025

Last Update: December 29, 2025

Privacy Policy

1.Introduction


Your privacy is important to us, and we are committed to protecting your personal information. This Privacy Policy explains how Rapidz Pay Inc. (“Rapidz”, “we”, “us”, “our”) collects, uses, processes, stores, and safeguards your personal information when you use the Rapidz Pay mobile application, our official website, or any related services (“Services”). We comply with the applicable requirements of the Labuan Financial Services Authority (LFSA), FATF standards, FinCEN MSB rules, Malaysia’s Personal Data Protection Act (PDPA), and other relevant global data protection frameworks.


For the purposes of this policy, personal information refers to any data that can identify you directly or indirectly, including your name, date of birth, identification number, contact details, residential address, payment or bank information, device identifiers, usage data, and other information related to your use of our fiat and virtual asset services.


This Privacy Policy applies solely to Rapidz Pay. If you access third-party websites, platforms, or services through our app or website, please note that they operate independently and follow their own privacy practices. We encourage you to review their respective privacy policies before sharing any personal information.



2.Information We Collect


  1. We may collect various types of information to provide and improve our services. This includes personal information such as your name, email address, phone number, date of birth, and government-issued identification if required for verification purposes. We may also collect financial information, including payment details, transaction history, and linked bank accounts.


  2. Additionally, we collect technical information such as IP addresses, device details, browser type, operating system, and cookies. This helps us enhance your experience, ensure security, and optimize our services. We also gather usage data, including interactions with our platform, preferences, and transaction behavior, to better understand user needs and improve our offerings.



  1. For legal entity customers, we are required by FinCEN’s Customer Due Diligence (CDD) Rule and global AML standards to identify and verify the 'beneficial owners'—defined as any individual who owns 25% or more of the equity interest, or an individual with significant responsibility to control or manage the entity. This includes collecting names, addresses, dates of birth, and identification numbers of such individuals.



  1. When you visit our website, our servers automatically log information such as browser details, IP address, pages visited, timestamps, and diagnostic data. This server log information may not identify you on its own but may become identifiable when combined with other data.



  1. We may also collect data about the devices used to access our website and services, which may include the type of device, operating system, and geo-location data, depending on your device and software settings.



  1. In certain cases, when you contact us for support or inquiries, we may collect additional information required to assist you, depending on the nature of your request.



  • To comply with applicable laws, including Anti-Money Laundering (AML), Counter-Financing of Terrorism (CFT), and Know-Your-Customer (KYC) requirements under the Labuan Financial Services Authority (LFSA), we collect and process additional identity verification data when you register for or continue using our services.


    This includes:


    • Government-issued identification documents (e.g., passport, national ID card, residency card where applicable)

    • Information extracted from ID documents such as full name, nationality, date of birth, gender, ID number, and document validity

    • Biometric information, including facial images and data generated through facial recognition, liveness detection, and ID-to-face matching

    • Identity verification results, risk scores, and authentication confirmations

    • Address information obtained from supporting documents (e.g., bank statements, utility bills), where required

    • Sanctions, PEP, and adverse media screening results

    • Device metadata and behavioural signals used to prevent fraud



  1. The checks are performed through our trusted KYC verification partner, Sumsub, which processes biometric and identity data strictly for verification and fraud-prevention purposes. Sumsub acts as our data processor and is contractually bound to handle your information securely and in accordance with applicable data protection laws.


    We use this information to:


    • Verify your identity

    • Comply with LFSA and global AML/CFT obligations

    • Detect and prevent fraud and account misuse

    • Assess and manage risk

    • Enable secure access to our platform and features

    • Ensure the safety and integrity of the Rapidz ecosystem



  1. We do not use biometric information for purposes other than identity verification, fraud prevention, and regulatory compliance.



3.Legitimate Reasons For Processing Your Personal Information


We process your personal information only when we have a valid and lawful basis to do so. Depending on the context, we may rely on one or more of the following legal bases:


  1. Performance of a Contract

    We process your information as necessary to provide our services and fulfil our contractual obligations to you. This includes enabling account creation, identity verification, transaction

    processing, customer support, security authentication, and access to all features of the Rapidz Pay application.


  2. Compliance with Legal and Regulatory Obligations

    We process personal data to comply with obligations imposed by applicable laws, including the Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) requirements of the Labuan Financial Services Authority (LFSA), FinCEN (where applicable), and global FATF standards.

    This includes:


    • Identity verification (KYC)

    • Biometric verification (face match, liveness)

    • Ongoing due diligence

    • Transaction monitoring

    • Sanctions, PEP, and adverse media screening

    • Compliance with Travel Rule obligations

    • Retention of records for statutory periods



  1. To comply with FATF Recommendation 15 and 16 (the 'Travel Rule'), Rapidz Pay is required to collect and share specific information during virtual asset transfers. When you send or receive virtual assets, we may transmit your name, account number, and physical address or national identity number to the beneficiary/originator Virtual Asset Service Provider (VASP) or financial institution to ensure payment transparency and prevent money laundering.



  1. Legitimate Interests
    We may process your information where it is reasonably necessary to protect our legitimate business interests, provided that such interests do not override your rights or freedoms. These include:



    • Fraud detection and prevention

    • Maintaining and improving platform security

    • Risk modelling and system integrity

    • Enhancing user experience and service performance

    • Analytics, troubleshooting, and platform optimisation

    • Preventing misuse of the Rapidz ecosystem


    Where we rely on this basis, we implement safeguards to ensure your rights are protected.



  1. Consent
    We may rely on your consent when legally required—for example, for sending marketing

    communications, enabling optional app features, or using cookies and tracking technologies where consent is required by local law.

    You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.



  1. Protection of Vital Interests
    In rare cases, we may process personal data where necessary to protect your safety or the safety of others, such as detecting harmful account compromise or illegal activity that may expose you or others to significant risk.



  1. Public Interest

    Where required, we may process data to support investigations, regulatory oversight, or public-interest activities authorised by law.


  1. Collection And Use Of Information


  1. We collect personal information through various interactions with our website and services. This may occur when you access our content via a mobile device or web browser, contact us through email, social media, or other communication channels, or mention us on social media platforms.



  1. The information we collect may be used for several purposes, including operating and maintaining our services, processing transactions, ensuring secure payments, verifying user identities, preventing fraud, and complying with applicable legal and regulatory obligations. We may also use this information to communicate with you regarding service updates and customer support matters.



  1. We may also utilize personal information for analytics, market research, and business development to improve our website, applications, and associated social media platforms. This helps us enhance user experience, personalize recommendations, and develop insights that allow us to refine our services. Furthermore, we may use this data for advertising and marketing purposes, including sending promotional materials about our products and services or those of third parties that may be of interest to you.



  1. To enhance the accuracy and relevance of our services, we may combine voluntarily provided and automatically collected data with general information or research data from trusted sources. For example, insights gained from market research activities may be integrated with website usage data to improve the overall experience on our platform.



5.Security Of Your Personal Information



  1. We are committed to protecting your personal information and implement commercially acceptable measures to prevent loss, theft, unauthorized access, disclosure, copying, use, or modification. Our security practices include encryption of sensitive information, secure servers, firewalls, regular security audits, and continuous monitoring of our systems. Additionally, we enforce strict access controls to safeguard personal and financial data, ensuring that only authorized personnel have access to such information.



  1. While we take all reasonable steps to protect the data you provide, it is important to acknowledge that no method of electronic transmission or storage is entirely secure. We cannot guarantee absolute data security, and we encourage you to take precautions to protect your own information. This includes selecting strong passwords, maintaining the confidentiality of your login credentials, and avoiding the public disclosure of personal details on our platform.



  1. In the event of a personal data breach that is likely to cause significant harm to you, we will notify the Malaysian Personal Data Protection Commissioner (PDPC) as soon as practicable and no later than 72 hours of becoming aware of the breach. Where the breach poses a high risk to your rights and freedoms, we will also notify you within 7 days of our notification to the Commissioner, providing you with details of the breach and recommended steps to mitigate potential harm.



  1. We continuously review and update our security measures to address emerging threats and ensure the highest level of data protection possible.



6.Data Breaches And Security Incident Notification

We take the protection of your personal information seriously and implement a range of technical and organisational measures designed to safeguard your data. Despite these efforts, no method of electronic transmission or storage is completely secure. In the unlikely event of a data breach or security incident that affects your personal information, we will take appropriate steps in accordance with our legal and regulatory obligations.



  1. A data breach may involve the loss, theft, or unauthorised access to personal information, as well as the accidental or unlawful destruction, alteration, or disclosure of data. It may also include situations where credentials, account access, or authentication systems are compromised, or where a cybersecurity incident affects Rapidz systems or those of a third-party service provider.



  1. If we become aware of a data breach involving your personal information, we will immediately activate our internal incident response procedures, take steps to contain and mitigate the breach, investigate its root cause, and assess the extent of its impact. We will secure affected systems to prevent further unauthorised access and, where necessary, engage with security experts, regulators, and law enforcement authorities.



  1. Where required by applicable law, or where the breach poses a material risk to your rights or interests, we will notify you as soon as reasonably practicable. Such notifications may describe the nature of the incident, the types of data affected, any potential consequences, and the steps we have taken or will take to address the matter. We may also provide guidance on steps you can take to protect yourself. Notifications may be delivered through email, in-app alerts, or other appropriate communication channels.



  1. Where legally required, we will notify relevant regulatory authorities, including the Labuan Financial Services Authority (LFSA) or other competent bodies, in accordance with applicable reporting timelines and AML/CFT governance requirements.



  1. We continuously monitor our systems for vulnerabilities and update our security controls in line with industry best practices. Findings from any incident will be incorporated into future prevention and mitigation strategies.



7.Information Sharing And Disclosure


  1. We do not sell or rent your personal information. However, we may share data with third parties under specific circumstances where necessary to facilitate our services, comply with legal and regulatory obligations, or enhance the overall user experience. All disclosures of personal information are carried out in accordance with applicable laws and with appropriate safeguards in place.



  1. We may share personal information with third-party service providers who assist us in delivering our services. These include IT and infrastructure providers, cloud storage and hosting services, payment processors, fraud-prevention and security partners, analytics companies, marketing and advertising vendors, and professional advisors. These service providers are permitted to use your information only to the extent necessary to perform services on our behalf and must do so in accordance with strict confidentiality and data protection obligations.



  1. We may also disclose information to our affiliates, subsidiaries, employees, contractors, and business partners where necessary to operate, improve, or secure our services and to ensure regulatory compliance. Where we collaborate with business partners to develop new financial products or services, we will obtain user consent before sharing personal information in such contexts.



  1. Additionally, we may share information with legal authorities, regulatory bodies, courts, or law enforcement agencies when required by law, in relation to legal proceedings, or when necessary to establish, exercise, or defend our legal rights. If a user fails to meet financial obligations owed to us, we may disclose relevant information to credit reporting agencies, debt collection agencies, or legal representatives.



  1. In the event of a merger, acquisition, restructuring, or other business transfer, personal information may be transferred to the acquiring or successor entity to ensure continuity of service. Where required by law, we will notify users in advance of such transfers.



  1. To maintain transparency, a complete and current list of third-party service providers engaged by Rapidz Pay is available upon request or accessible through your account settings, where applicable.



  1. We take reasonable steps to ensure that any third parties with whom we share personal information uphold the same standards of privacy, security, and data protection that we adhere to, and that they process such information only for authorised and legitimate purposes.




8.Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including providing our services, meeting legal, regulatory, and accounting requirements, resolving disputes, and enforcing our agreements.



  1. AML/CFT and Regulatory Retention Requirements
    As a regulated financial services provider, we are required under LFSA AML/CFT rules, FATF recommendations, and other applicable laws to retain certain records for a minimum of five (5) to seven (7) years after the end of the customer relationship or the completion of a transaction.


    This includes:


    • KYC/identity verification records

    • Biometric verification outcomes and related logs

    • Account information

    • Transaction histories

    • AML/CFT monitoring and review notes

    • Suspicious transaction reports and regulatory submissions

    • Correspondence related to compliance reviews


    Where applicable laws require longer retention, we will comply with those requirements.



  1. Operational and Contractual Retention

    We may retain certain information for operational, security, auditing, or legal purposes, such as:


    • Fraud prevention and investigation

    • Chargeback, dispute, or error resolution

    • System integrity and logging

    • Incident/security event records

    • Enforcement of our Terms of Use


    Retention periods may differ based on the nature of the data and operational needs.




  1. Data We May Retain After Account Closure

    Even if you close your account or request deletion, we may retain information where necessary to comply with:


    • AML/CFT obligations

    • Legal reporting and record-keeping

    • Fraud detection and risk management

    • Regulatory inquiries or investigations

    • Enforcement of agreements or protection of our rights


    Where retention is no longer required, data will be securely deleted, anonymised, or archived.



  1. Data Deletion and Anonymisation

    When personal information is no longer required for lawful purposes, we will take reasonable steps to handle it appropriately, which may include irreversible anonymisation, aggregation for statistical purposes, or secure deletion from our systems and backups.



  1. User Requests for Deletion

    If you request deletion of your data, we will process your request in accordance with applicable laws. However, we may not be able to delete data that must be retained for AML/CFT, fraud prevention, or regulatory compliance purposes.


    We aim to ensure that personal data is retained no longer than necessary and handled in accordance with legal requirements and industry best practices.


9.Automated Decision-making And Risk Scoring


We use automated systems and risk-scoring technologies to help protect our platform, comply with regulatory obligations, and ensure the security of your account. These systems play a critical role in enabling efficient onboarding, fraud prevention, AML/CFT compliance, and secure transaction monitoring.



  1. Automated KYC and Biometric Verification

    As part of our identity verification process, certain information—including your ID document, biometric data (facial images), and liveness results—is processed automatically through our KYC partner (Sumsub). These automated checks may:


    • Verify the authenticity of ID documents

    • Match your selfie or facial image to your ID photo

    • Detect signs of spoofing, tampering, or fraudulent documents

    • Confirm liveness to ensure the user is a real person


    Automated results are combined with additional checks to determine eligibility for account creation and continued use of our services.



  1. AML/CFT Screening and Risk Assessment

    To meet legal and regulatory requirements, we use automated tools to conduct:


    • Sanctions screening

    • Politically Exposed Person (PEP) screening

    • Adverse media checks

    • Transaction and behavioural monitoring

    • Transaction risk scoring

    • Detection of unusual or suspicious activity


    These systems enable us to identify financial crime risks and ensure compliance with LFSA, FATF, FinCEN, and other global AML standards.



  1. Fraud Prevention and Security Controls

    We use automated decision-making for fraud and security purposes, including:


    • Device fingerprinting

    • IP/geolocation checks

    • Behavioural analytics

    • Login risk scoring

    • Detection of compromised accounts

    • Identification of abnormal usage patterns

    • Flags for bot activity, automation, or mass registration attempts


    These tools help us maintain platform integrity and prevent unauthorized activity.



  1. Significant Effects of Automated Decisions

    In some cases, decisions made by automated systems—such as those relating to identity verification, fraud detection, or AML/CFT risk—may have legal or significant effects on your ability to use our services. These decisions may:


    • Approve or reject KYC verification

    • Restrict or pause account access

    • Block or limit transactions

    • Trigger enhanced due diligence

    • Require manual review by our compliance team


    Where required by law, you may request human review of automated decisions that significantly affect you.



  1. Your Rights Regarding Automated Decisions

    You have the right to request:


    • An explanation of the automated decision

    • Human intervention or review

    • The opportunity to provide additional information or clarification

    • Reassessment of the decision, where permitted by law

To exercise these rights, please contact us using the details provided in this Privacy Policy.


We continuously monitor and refine our automated systems to ensure accuracy, fairness, transparency, and compliance with global privacy standards.


10. Third-party Processors And Service Providers

We work with trusted third-party service providers who support the operation of the Rapidz Pay platform. These partners process personal information solely on our behalf and in accordance with strict contractual obligations, including confidentiality, data protection, and security requirements.


Third-party processors may be located in other jurisdictions where Rapidz Group entities or their service providers operate. They may process limited categories of personal information as necessary to provide their services.



  1. Categories of Third-Party Processors We Use

    We rely on third-party service providers for the following categories of activities:


    1. Identity Verification & Biometric Processing (e.g., KYC vendors such as Sumsub) 

      These partners perform identity document checks, biometric verification (facial recognition, liveness), sanctions and PEP screening, and other AML/CFT verification tasks.

    2. Cloud Hosting & Infrastructure Providers

      Secure hosting services that store and process personal data, provide servers, content delivery networks, backup systems, and general infrastructure support.

    3. Fraud Prevention, Security & Risk Scoring Tools

      Providers that support device fingerprinting, behavioural analytics, authentication, bot detection, compliance monitoring, and risk scoring models.

    4. Transaction Processing & Payment Partners

      Banks, payment gateways, virtual asset service providers (VASPs), liquidity partners, and financial intermediaries that enable fiat and virtual asset transactions.

    5. Analytics, Performance Measurement & App Functionality

      Mobile SDKs, analytics engines, crash reporting tools, and attribution platforms used to improve app performance, diagnose errors, and enhance user experience.

    6. Customer Support & Communication Tools

      Email delivery services, support ticket platforms, chat tools, notification services, and other communication systems.



  1. Obligations of Our Service Providers

    All third-party processors engaged by Rapidz must:


    • Process personal data only in accordance with our documented instructions

    • Protect personal data using appropriate technical and organisational measures

    • Maintain confidentiality and security controls

    • Comply with applicable data protection laws

    • Assist us in fulfilling regulatory obligations (e.g., AML/CFT, fraud investigations)

    • Not use personal data for their own purposes


    We conduct due diligence on our processors and monitor their compliance on an ongoing basis.



  1. Third-Party Processors for Regulatory Compliance

    As part of our AML/CFT obligations, we may share data with:


    • Sanctions and PEP screening vendors

    • Transaction monitoring systems

    • Travel Rule solution providers

    • Fraud-risk and AML analytics partners

    These partners enable us to comply with LFSA, FATF, and global financial regulations.



  1. No Selling of Personal Information

    We do not sell, rent, or trade your personal information. Any sharing with third-party processors is strictly limited to what is necessary to operate our services, maintain security, or comply with regulatory requirements.




11.International Transfers Of Personal Information

We operate in multiple jurisdictions and may transfer, store, or process your personal information in countries outside your country of residence. These locations may have different data protection laws that provide varying levels of privacy safeguards. Regardless of where your information is processed, we remain committed to protecting it in accordance with this Privacy Policy and applicable laws.



  1. Your information may be processed by Rapidz Pay Inc. (Labuan), Rapidz Pay Inc. (United States), and other Rapidz Group entities where necessary to provide our services, perform AML/CFT checks, support customer operations, or maintain platform functionality.



  1. These include providers supporting identity verification, cloud hosting, security and fraud detection, payment processing, analytics, and customer support functions.



  1. When transferring personal information internationally, we implement appropriate safeguards in accordance with applicable laws and industry practices. These measures may include:


    • Contractual obligations requiring data receivers to meet privacy and security standards

    • Encryption of data during transfer and at rest

    • Use of secure cloud environments with strong access controls

    • Compliance with LFSA AML/KYC data protection expectations

    • Additional protection measures where required by local regulations


  2. We may transfer your information to authorities or regulated institutions in other jurisdictions when required to comply with legal, regulatory, or law-enforcement obligations, including:


    • AML/CFT reporting

    • Travel Rule information exchange

    • Sanctions screening

    • Financial crime investigations

    • Cross-border payment processing


  3. By using our services, you acknowledge that your personal information may be processed in countries with privacy laws that differ from those in your home jurisdiction. Nevertheless, we will continue to apply safeguards to ensure your information is handled securely and responsibly. We remain committed to maintaining the confidentiality, integrity, and availability of your information regardless of where it is processed.




12.Your Rights And Controlling Your Personal Information

You have certain rights regarding how we collect, use, store, and process your personal information. We are committed to respecting these rights and ensuring that you remain informed and in control of your data. While some rights may apply differently depending on your jurisdiction, we will take reasonable steps to honour valid requests in accordance with applicable laws.




  1. You have the right to request confirmation of whether we hold personal information about you and to obtain a copy of such information, subject to any legal or regulatory limitations.



  1. You may request the correction or updating of any personal information that you believe is inaccurate, incomplete, or outdated. We will take reasonable steps to ensure your information is accurate and current.



  1. You may request deletion of your personal information where legally permitted. We may not be able to delete certain data where we are required to retain it to comply with AML/CFT obligations, record-keeping requirements, legal claims, or regulatory reporting.



  1. You may request that we restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of the information or where the processing is no longer necessary.



  1. You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format. Where technically feasible, you may also request that we transmit this data directly to another data controller of your choice, provided the processing is based on your consent or the performance of a contract



  1. Where we rely on your consent to process your personal information (for example, marketing), you may withdraw your consent at any time. This will not affect the lawfulness of processing carried out before consent was withdrawn.



  1. You may object to certain types of processing based on legitimate interests, including direct marketing. Where legally required, we will stop processing your information unless we have compelling legitimate grounds or a legal obligation to continue.



  1. Where applicable and technically feasible, you may request that we provide your personal information in a structured, commonly used, and machine-readable format, or request that we transfer it directly to another service provider.



  1. You have the right to request human review of decisions that are made solely through automated means, such as risk scoring, fraud detection, or transaction monitoring, where such decisions produce legal or significant effects.



  1. If you have concerns regarding the way we handle your personal information, you may contact us using the details provided in this policy. You also have the right to lodge a complaint with a relevant data protection authority or regulatory body.



  1. To protect your personal information, we may need to verify your identity before processing requests related to your rights. This ensures that your data is not disclosed to unauthorized individuals.



  1. You may opt out of receiving marketing or promotional communications from us at any time by using the unsubscribe option included in our messages or by contacting us directly. Opting out will not affect your access to our core services.


We aim to respond to all valid requests within a reasonable period, in accordance with applicable law.



13.Age Limits And Children’s Data


  1. You must be at least 18 years old (or the age of legal majority in your jurisdiction) to register for or use the Rapidz Pay application and its services. We do not knowingly collect, process, or maintain personal information from individuals under this age.



  1. If we become aware that we have collected personal information from a minor who does not meet the minimum age requirement, we will:


    1. Immediately close the account

    2. Remove or delete the personal information where legally permitted

    3. Take reasonable steps to prevent further processing


    This may include requesting additional documentation to verify age.



  1. We do not offer services targeted toward minors and do not accept parental or guardian consent as a substitute for minimum-age requirements under financial regulations.



  1. As part of our AML/CFT and KYC obligations, we may use automated and manual methods to verify the age of users through identity documents, biometric verification, and other checks.



  1. If you believe that a minor has registered or that we have unintentionally collected a minor’s personal information, please contact us immediately using the details provided in this Privacy Policy.



14.Use Of Cookies, Mobile Identifiers, And Tracking Technologies


We use cookies, mobile identifiers, SDKs, and other tracking technologies to enhance your experience, improve security, and personalize the Rapidz Pay platform. These technologies help us understand how our services are used, maintain system integrity, detect fraud, and deliver a seamless user experience across web and mobile platforms.This section explains how these technologies work and how you can manage your preferences.



  1. Cookies are small data files stored on your device when you visit our website. We may use the following types:



    1. Essential Cookies

      Required for the website to function, such as maintaining sessions, preventing fraudulent requests, and enabling secure login.

    2. Performance & Analytics Cookies

      Used to understand how users interact with the website, diagnose performance issues, and improve user experience (e.g., page loading, error tracking).

    3. Functional Cookies

      Help remember your preferences, language settings, or previously used features.

    4. Advertising or Marketing Cookies

      Used to measure the effectiveness of campaigns, improve attribution, or present relevant content. We do not use advertising cookies without your consent where required by local law.


    You may manage or disable cookies through your browser settings. However, some features of the website may not function properly if essential cookies are disabled.



  1. In addition to cookies, our mobile application uses SDKs and device-based technologies that help us operate securely and efficiently. These include:


    1. Device Identifiers (e.g., IDFA for iOS, GAID for Android) 

      Used for analytics, app functionality, and fraud prevention.

    2. In-App Analytics Tools (e.g., Firebase, Appsflyer, Amplitude, or similar)

      Used to understand how the app is used, detect crashes, and improve performance.

    3. Security & Fraud Prevention Signals (e.g., device fingerprinting, IP checks, geolocation consistency, emulator/jailbreak/root detection)

      Used strictly for security, AML/CFT monitoring, and preventing unauthorized access.

    4. Push Token Identifiers

      Used to deliver security alerts, KYC updates, transaction notifications, and account-related messages.

      These tools do not give us direct access to your device contents, photos, contacts, or personal files.



  1. As part of our legal obligations, we may use tracking technologies to support automated risk scoring, identity verification, AML/CFT compliance checks, device binding, and behavioural analysis to detect fraud.

    These measures help protect users and maintain the security of the Rapidz ecosystem.



  1. We may use trusted third-party partners that deploy cookies or SDKs on our behalf. These include analytics providers, KYC processors, authentication providers, cloud services, and fraud-prevention tools. All third parties are contractually required to protect your data and may only process it for purposes aligned with this Privacy Policy.



  1. You may manage your cookie and tracking preferences as follows:


    • Web browser: disable or manage cookies through browser settings

    • Mobile app: disable certain permissions (e.g., location, biometrics) in device settings

    • Opt out of marketing or promotional messages via in-app settings or unsubscribe links

    • For certain SDKs, disable personalized tracking through OS-level privacy controls (e.g., “Limit Ad Tracking” or “Allow Apps to Track” settings)


    Please note that disabling essential or security-related tracking may affect your ability to use certain Rapidz Pay features.



  1. Where required by local regulations, we will obtain your consent before enabling non-essential tracking technologies. You may withdraw your consent at any time through your browser settings or device preferences.


    This section applies to users accessing Rapidz Pay via web browser. For mobile app users, equivalent tracking technologies may apply (e.g., device identifiers, analytics SDKs)



15.Third-party Links And External Sites

Our app and website may contain links to third-party websites or services that are not operated or controlled by us. These external sites have their own privacy practices and policies, which we encourage you to review before providing any personal information. We are not responsible for the privacy, security, accuracy, or content of third-party websites, and we do not endorse or guarantee any products or services offered by them. Your interactions with such sites are entirely at your own risk, and we recommend exercising caution when sharing personal data on external platforms.


We do not control how third-party sites collect, use, or process your information, and no data is shared with them unless explicitly stated elsewhere in this Privacy Policy.



16.Business Transfers

If Rapidz Pay Inc. undergoes a business transition, such as a merger, acquisition, restructuring, asset sale, or in the unlikely event of insolvency or bankruptcy, your personal information may be transferred as part of the relevant transaction. Such information may form part of the assets transferred to the acquiring or successor entity. Any entity that acquires our business or assets may continue to use your personal information, but only in accordance with this Privacy Policy and applicable data protection laws.



17.Policy Updates

We may update or amend this Privacy Policy from time to time to reflect changes in our practices, legal or regulatory requirements, or improvements to our services. Any modifications will be published on our website or within the Rapidz Pay application, and the “Last Updated” date at the top of the policy will be revised accordingly. Where a change is material, we will take reasonable steps to notify you, such as through in-app notifications, email, or other appropriate communication channels. Your continued use of our services after any changes take effect will constitute your acknowledgment and acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically to stay informed of how we protect and handle your personal information.



18.Contact Information And Data Protection Enquiries


If you have any questions, requests, or concerns about this Privacy Policy or how we process your personal information, you may contact us using the details below.


Data Protection and Privacy Enquiries:

For matters relating to personal data, privacy rights, or access/correction/deletion requests:



We will respond to valid requests within a reasonable period and in accordance with applicable laws.




Compliance, AML/CFT, or Security Enquiries:

For matters related to account verification, AML/CFT obligations, risk reviews, sanctions screening, or fraud:


  • Email: contact@rapidz.io 

  • Subject Line: “Compliance Enquiry – [Your Country]”




General Support:


For general questions or assistance with your account:



Or use the in-app support channel in the Rapidz Pay application.



Where required by applicable law, Rapidz Pay will designate a responsible data protection contact to oversee compliance with data protection obligations.

Explore

Personal

Business

Premier

OTC

Company

About Us

License

Legal

T&Cs

Privacy Policy

Cookie Policy

Support

Contact

FAQ

Get Rapidz App

Rapidz Pay Inc. is licensed as a Money Broking Business (Licence No. MB/25/0129) and authorised to operate in, from, or through the Federal Territory of Labuan, Malaysia, under the supervision of the Labuan Financial Services Authority (LFSA). Rapidz Pay Inc. is also registered as a Money Services Business (MSB) with the U.S. Financial Crimes Enforcement Network (FinCEN) (MSB Registration No. 31000283038917), where applicable.

Rapidz Pay apply comprehensive Anti-Money Laundering (AML), Counter-Financing of Terrorism (CFT), and Know-Your-Customer (KYC) controls in line with applicable regulatory requirements.

Rapidz Pay’s services may not be available in certain jurisdictions due to regulatory restrictions.

©2026 rapidz.io. All rights reserved