Data Protection

Privacy Policy

How CargoPay collects, processes, and safeguards your personal and business data across the European freight network. Full GDPR compliance for all logistics payment operations.

GDPR Compliant

Full EU data protection compliance

Data Encrypted

All data protected with AES-256 encryption

User Rights

Full control over your personal data

1. Introduction
2. Information We Collect
3. How We Use Your Information
4. Legal Basis for Processing
5. Data Security
6. Data Sharing & Disclosure

7. Your Data Rights
8. Data Retention
9. Cookies & Tracking
10. International Transfers
11. Changes to Policy
12. Contact Information

1. Introduction

CargoPay ("we", "us", or "our") is committed to protecting your privacy and safeguarding your personal and business data. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our payment platform for freight and logistics services.

This policy applies to all users of the CargoPay platform, including carriers, shippers, brokers, and other registered participants in our verified network. We comply with the General Data Protection Regulation (GDPR) and all applicable data protection laws across the 27 EU member states.

2. Information We Collect

We collect the following categories of information to operate our platform and comply with regulatory obligations:

2.1 Personal Information

Name, email address, phone number, and contact details
Company registration details, VAT numbers, and tax identification
Billing addresses and payment account information
Verification documents including government-issued ID and proof of address

2.2 Transaction Information

Payment request details, amounts, and transaction history
Shipment details, route information, and delivery confirmations
Communication records and audit trails through the platform

2.3 Technical Information

IP address, browser type, device identifiers, and connection data
Server log data, usage patterns, and platform interaction metrics
Cookie information as described in our Cookie Policy

3. How We Use Your Information

We process your personal data for the following purposes:

To create, verify, and manage your user account within the CargoPay network
To process payment requests, facilitate transactions, and settle funds via Stripe Connect
To verify your identity, validate company credentials, and maintain platform security
To provide customer support, respond to inquiries, and resolve disputes
To send service notifications, payment confirmations, and compliance updates
To detect, prevent, and investigate fraud and unauthorised activities
To comply with legal, regulatory, and tax obligations across EU jurisdictions

4. Legal Basis for Processing

Under GDPR Article 6, we rely on the following legal bases for processing your personal data:

Purpose	Legal Basis
Account creation, verification, and management	Performance of contract (Art. 6(1)(b))
Payment processing and fund settlement	Performance of contract (Art. 6(1)(b))
Fraud prevention, risk scoring, and security	Legitimate interests (Art. 6(1)(f))
Compliance with legal and tax obligations	Legal obligation (Art. 6(1)(c))
Marketing communications and platform updates	Consent (Art. 6(1)(a))

5. Data Security

We implement robust technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse:

End-to-end encryption for all payment transactions and sensitive data at rest (AES-256)
TLS 1.3 encryption for all data in transit between platform, users, and payment processors
Regular security audits, penetration testing, and vulnerability assessments
Role-based access controls, multi-factor authentication, and session management
Employee training on data protection, confidentiality obligations, and incident response

6. Data Sharing & Disclosure

We may share your personal information with the following categories of recipients:

Payment Processors: Stripe and other authorised payment service providers for transaction processing
Service Providers: IT infrastructure, hosting, analytics, and customer support partners under data processing agreements
Legal Authorities: When required by law, regulation, or to protect our rights and the safety of our users
Verification Partners: Company registries, VAT validation services (VIES), and identity verification providers

Important: We never sell your personal data to third parties for marketing or commercial purposes. Your data is shared only as necessary to operate the platform and comply with legal obligations.

7. Your Data Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you, including processing purposes and data categories.

Right to Rectification

Request correction of inaccurate, incomplete, or outdated personal data without undue delay.

Right to Erasure

Request deletion of your personal data where processing is no longer necessary ("right to be forgotten").

Right to Restriction

Request restriction of processing your data in certain circumstances, including during accuracy disputes.

To exercise any of these rights, please contact our Data Protection Officer at privacy@cargopay.com. We will respond within 30 days of receiving your verified request.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with legal and regulatory requirements:

7 years for accounting, tax, and financial records per EU directive requirements
5 years for transaction records and payment history after account closure
3 years for customer support communications and dispute resolution records
Verification documents retained for the duration of your active membership plus applicable legal retention periods

9. Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience on our platform, analyse usage patterns, and maintain session security. Essential cookies are required for platform functionality. You can manage your cookie preferences through your browser settings. For detailed information, please refer to our Cookie Policy.

10. International Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms under GDPR Chapter V.

11. Changes to Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or platform features. We will notify you of significant changes via email or platform notification. Your continued use of the platform after changes are published constitutes acceptance of the updated policy.

12. Contact Information

For privacy-related inquiries, data subject requests, or to exercise your rights under GDPR, contact our Data Protection Officer:

Email: privacy@cargopay.com

Last Updated: April 2026