Privacy Policy
Last Updated: January 2026
1. Introduction
PayUnit, a product of Seven Common Factor Sarl, is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our payment aggregation services, including our website, mobile applications, APIs, and related services.
This Privacy Policy applies to:
- Merchants who register for and use our payment processing
- End customers who make payments through our platform
- Developers who integrate with our APIs
- Visitors to our website and applications
By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and disclosure practices as described herein. If you do not agree with this Privacy Policy, please do not use our Services.
Important Notice: This Privacy Policy is designed to comply with applicable data protection laws, including Cameroonian Law No. 2010/012 on Cybersecurity and Cybercrime, OHADA regulations, and international data protection standards. We are committed to transparency in our data handling practices.
2. Data Controller Information
The data controller responsible for processing your personal information is:
Seven Common Factor Sarl
Trading as: PayUnit
Registered Address: Douala, Cameroon
Email: [email protected]
Website: www.payunit.com
For data protection inquiries, please contact our Data Protection Officer at [email protected] with the subject line "Data Protection Inquiry."
3. Information We Collect
3.1 Personal Information
We collect personal information that you provide directly to us, including:
| Category | Specific Information | Source |
|---|---|---|
| Identity Information | Full name, date of birth, nationality, government ID number (CNI/Passport), photograph | Directly from you during registration |
| Contact Information | Email address, phone number, physical address | Directly from you during registration |
| Account Information | Username, password (encrypted), account preferences | Directly from you when creating account |
| Financial Information | Bank account details, mobile money wallet information, transaction history | Directly from you and from transactions |
| Verification | KYC documents, proof of address, business registration, tax documentation | Directly from you |
3.2 Business Information
For business merchants, we collect:
- Company name and trading name
- RCCM registration number
- NIU (tax identification number)
- Articles of Association
- Director and beneficial owner information
- Business bank account details
- Business category and description
- Company’s proof of address
3.3 Transaction Information
When processing payments, we collect:
- Transaction amount and currency
- Transaction date and time
- Payment method used (Mobile Money, Card)
- Merchant and customer identifiers
- Transaction status and history
- Device information used for the transaction
- IP address and location data
3.4 Technical Information
We automatically collect certain technical information when you use our Services:
- IP address and geographic location
- Device type, operating system, and browser information
- Mobile device identifiers (where applicable)
- Log files and usage data
- Cookies and similar tracking technologies
- API interaction logs
4. How We Collect Information
We collect information through various methods:
Direct Collection
- Information you provide when registering for an account
- Information submitted through our KYC verification process
- Information provided when contacting customer support
- Information entered through our dashboard or API
Automatic Collection
- Technical data collected through cookies and similar technologies
- Transaction data generated through payment processing
- Log data from server interactions
- Analytics data from website and application usage
Third-Party Sources
- Identity verification services
- Credit reference agencies (where permitted by law)
- Public registers (RCCM, sanctions lists)
- Our banking partners for settlement purposes
5. Purpose of Data Processing
We process your personal information for the following purposes
| Purpose | Description |
|---|---|
| Service Provision | To provide, maintain, and improve our payment aggregation services, including processing transactions, managing accounts, and providing customer support. |
| Identity Verification | To verify your identity and comply with KYC (Know Your Customer) and AML (Anti-Money Laundering) regulations. |
| Fraud Prevention | To detect, prevent, and investigate fraudulent transactions, security breaches, and other prohibited activities. |
| Legal Compliance | To comply with applicable laws, regulations, court orders, and government requests, including reporting to regulatory authorities such as ANIF. |
| Communication | To communicate with you about your account, transactions, service updates, security alerts, and promotional materials (where you have consented). |
| Analytics | To analyze usage patterns, improve our services, and develop new features. |
| Dispute Resolution | To handle chargebacks, disputes, and customer complaints. |
6. Legal Basis for Processing
We process your personal information based on the following legal grounds:
Contractual Necessity
Processing is necessary to perform our contract with you, including providing payment services, processing transactions, and maintaining your account.
Legal Obligation
We are required by law to process certain information for:
- KYC and identity verification requirements Anti-money laundering (AML) compliance
- Anti-money laundering (AML) compliance
- Tax reporting obligations
- Regulatory reporting to ANIF and other authorities
- Record-keeping requirements under OHADA and CEMAC regulations
Legitimate Interests
We process data based on our legitimate interests in:
- Preventing fraud and ensuring security
- Improving and developing our services
- Network and information security
- Enforcing our terms and conditions
Consent
Where required, we obtain your explicit consent for:
- Marketing communications
- Certain types of data processing not covered by other legal bases
- Sharing data with third parties beyond what is necessary for service provision
7. Data Sharing and Third Parties
We may share your information with the following categories of recipients:
Service Providers
We engage trusted third-party service providers to perform functions on our behalf, including:
- Payment processing partners (Mobile Money operators, card networks) Cloud hosting and infrastructure providers
- Identity verification services
- Customer support platforms
- Analytics and monitoring services
- All service providers are contractually bound to process data only according to our instructions and maintain appropriate security measures.
Banking Partners
- We share necessary information with Afriland First Bank and other banking partners for:
- Holding and safeguarding customer funds Processing settlements
- Compliance with banking regulations
Regulatory and Legal Authorities
We may disclose information to:
- ANIF (National Financial Investigation Agency) Tax authorities
- Law enforcement agencies
- Courts and legal authorities
- Other regulatory bodies as required by law
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal information.
Important: We do not sell your personal information to third parties for marketing purposes. Any sharing of data is strictly limited to the purposes described in this Privacy Policy.
8. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:
Data Retention
| Data Category | Retention Period | Basis |
|---|---|---|
| Account information | Duration of account + 5 years after closure | Legal and regulatory requirements |
| Transaction records | 10 years from the transaction date | OHADA accounting requirements, AML laws |
| KYC documents | 5 years after account closure | AML and regulatory compliance |
| Communication records | 3 years | Customer service and dispute resolution |
| Technical logs | 1 year | Security and fraud prevention |
After the retention period expires, we securely delete or anonymize your information in accordance with our data destruction policies.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:
Technical Measures
- Encryption: All data in transit is protected using TLS 1.3 encryption. Sensitive data at rest is encrypted using AES-256.
- Access Controls: Role-based access controls ensure employees only access data necessary for their functions.
- Firewalls and Network Security: Industry-standard firewalls and intrusion detection systems protect our network.
- Secure Development: Our applications follow secure coding practices and undergo regular security testing.
- API Security: API access is protected through authentication, rate limiting, and IP whitelisting.
Organizational Measures
- Regular security awareness training for employees
- Data protection policies and procedures
- Incident response and breach notification procedures
- Regular security audits and penetration testing
- Vendor security assessments
PCI-DSS Compliance
For card payment processing, we maintain compliance with the Payment Card Industry Data Security Standard (PCI-DSS). We do not store raw credit card numbers on our servers; all card data is tokenized and processed through certified payment gateways.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
Right to Access
You have the right to request a copy of the personal information we hold about you.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal information.
Right to Erasure (Right to be Forgotten)
You may request deletion of your personal information, subject to our legal and regulatory retention obligations.
Right to Restrict Processing
You have the right to request that we limit the processing of your personal information in certain circumstances.
Right to Data Portability
You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw consent at any time.
Exercising Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may require verification of your identity before processing your request.
Note: Certain rights may be limited by legal and regulatory requirements. For example, we cannot delete transaction records that we are legally required to retain for tax or AML compliance purposes.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience and collect information about how you use our Services.
Types of Cookies We Use
| Category | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for the operation of our Services, including authentication and security | Session to 1 year |
| Functional Cookies | Enable enhanced functionality and personalization | Up to 1 year |
| Analytics Cookies | Help us understand how visitors interact with our Services | Up to 2 years |
| Marketing Cookies | Used to deliver relevant advertisements (only with consent) | Up to 1 year |
Managing Cookies
Most web browsers allow you to control cookies through their settings. You can typically:
- View cookies stored on your device
- Delete existing cookies
- Block all or specific cookies
- Configure browser to notify you when cookies are set
Please note that disabling certain cookies may affect the functionality of our Services.
12. International Data Transfers
As a payment service provider operating in Cameroon and the CEMAC region, your information is primarily stored and processed within Cameroon. However, we may transfer your information to other countries in the following circumstances:
Transfers Within CEMAC
We may transfer data to other CEMAC member states (Chad, Central African Republic, Congo, Equatorial Guinea, Gabon) for service provision and regulatory compliance purposes.
International Transfers
We may transfer data outside the CEMAC region to:
- Cloud service providers with data centers in other regions
- Payment partners (e.g., PayPal, international card networks)
- Technical support providers
Safeguards
For international transfers, we implement appropriate safeguards including:
- Standard contractual clauses approved by relevant authorities Data
- Processing agreements with adequate protection provisions
- Verification that recipient countries provide adequate data protection
13. Children's Privacy
Our Services are not intended for individuals under the age of 21. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 21 without parental consent, we will take steps to delete that information promptly.
If you believe we may have collected information from a child under 21, please contact us at [email protected].
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes:
- We will post the updated Privacy Policy on our website with a revised "Last Updated" date
- We will notify you via email or through our Services of material changes
- For significant changes, we may require your acknowledgment
We encourage you to review this Privacy Policy periodically. Your continued use of our Services after any changes constitutes acceptance of the updated Privacy Policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:
Data Protection Contact
Email: [email protected]
Subject Line: Please include "Data Protection" or "Privacy Inquiry" in your subject line
Postal Address:
Seven Common Factor Sarl
Attn: Data Protection Officer
Douala, Cameroon
Response Time
We aim to respond to all privacy-related inquiries within 30 days. For complex requests or high volumes, this may take longer, but we will keep you informed of progress.
Complaints
If you are not satisfied with our response to your privacy concern, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.
Thank you for trusting PayUnit with your payment processing needs. We are committed to protecting your privacy and maintaining the security of your personal information.