Privacy Notice

1. Identity and address of the data controller

Payefy, S.A.P.I. de C.V. is responsible for the processing of your personal data.

Address: Espacio Santa Fe Carretera México-Toluca 5420, 701-B, Col. El Yaqui, Cuajimalpa de Morelos, 05320, CDMX, Mexico.

Contact email: contacto@payefy.me

Business hours: Monday through Friday from 9:00 AM to 6:00 PM.

2. Personal data we collect

We may collect the following data, depending on the service you use and the obligations applicable to the operation of the App:

2.1 Identification and contact data

• First and last name(s).
• Date of birth.
• Nationality.
• CURP and/or RFC (Mexican tax IDs), when applicable.
• Address.
• Email address.
• Phone number.

2.2 Authentication and account data

• Username, passwords, security tokens.
• Access logs and activity records.

2.3 Financial and transactional data

• Funding and withdrawal information (including operations via card and SPEI).
• Transaction history in the App.
• Credit limits, rates, and conditions.

2.4 Information related to virtual assets (when applicable)

• Wallet addresses.
• Balances, operations, and events of collateral associated with the Payefy Card.

2.5 Technical and device data

• Device identifiers.
• Operating system, App version.
• IP address.
• Diagnostic and performance data.

In principle, we do not request sensitive personal data. If for compliance or security reasons it is necessary to collect it, we will inform you and request your express consent when appropriate.

3. Purposes of processing

3.1 Primary purposes (necessary)

Your personal data will be used to:

• Registration, identification, and verification of the User for access to the App.
• Parallel/shared onboarding of the ecosystem:
  • Validations related to issuance and credit operated by Payefy.
  • Validations related to virtual assets and collateral integrated with BitFin.
• Management of your account and access to the App.
• Issuance of the Payefy Card (virtual, physical, and tokenized when applicable).
• Granting and administration of collateralized credit, including calculation and adjustment of dynamic limits.
• Processing of funding and withdrawal operations through methods enabled in the App.
• Management of payments, clarifications, complaints, and customer service.
• Fraud prevention, App security, and risk control.
• Compliance with applicable legal obligations, including anti-money laundering prevention when applicable to the model and operations involved.

3.2 Secondary purposes (optional)

If you do not object, we may use your data to:

• Send commercial communications about products and improvements to the Payefy ecosystem.
• Quality surveys, satisfaction measurement, and usage analytics.
• Personalized offers based on your usage profile.

You may object to these secondary purposes by sending an email to contacto@payefy.me.

4. Transfers of personal data

Payefy may share your personal data with domestic or foreign third parties only for the purposes described and in accordance with the law.

4.1 Transfers necessary to operate the App

We may transfer data to:

BitFin, S.A.P.I. de C.V.

To enable the virtual asset component, conversion, and management of collateral associated with the Payefy Card.

Technological and operational providers of the ecosystem, such as:

• SPEI in/out provider to enable payments and withdrawals via SPEI.
• Card issuance/BIN sponsor provider and card technology components.
• Acquirers and processors when you interact with payment capabilities linked to the ecosystem.
• Fraud prevention, cybersecurity, hosting, and analytics providers.

These transfers are necessary for the provision of the service and do not require your additional consent when permitted by law.

4.2 Authorities

We may share information with competent authorities when there is a legal requirement or to comply with applicable obligations.

5. ARCO rights and revocation of consent

You have the right to Access, Rectify, Cancel, or Object to the processing of your personal data ("ARCO Rights"), as well as to revoke consent granted, where applicable.

To exercise these rights, send a request to contacto@payefy.me indicating:

• Full name.
• Relationship with the App (User).
• Right you wish to exercise.
• Clear description of the data regarding which you request the exercise.
• Means to receive response.
• Copy of official identification and, if applicable, documentation proving representation.

Deadlines and procedures will be addressed in accordance with applicable legislation.

6. Use of cookies, SDKs, and similar technologies

The App may use identifiers, SDKs, or equivalent technologies for:

• Authentication and security.
• Fraud prevention.
• Performance and usage analytics.

You can limit certain functions from your device settings; however, some capabilities may be affected.

7. Security measures

We implement reasonable administrative, technical, and physical measures to protect your personal data against damage, loss, alteration, destruction, or unauthorized use, access, or processing.

8. Data retention

We will retain your personal data for the time necessary to fulfill the purposes described, as well as to meet legal, contractual, and audit obligations.

9. Changes to the Privacy Notice

We may update this Privacy Notice. Modifications will be notified through the App or by reasonable means.

10. Contact

If you have questions about this Privacy Notice or the processing of your personal data:

Email: contacto@payefy.me

Address: Espacio Santa Fe Carretera México-Toluca 5420, 701-B, Col. El Yaqui, Cuajimalpa de Morelos, 05320, CDMX, Mexico

Hours: Monday through Friday from 9:00 AM to 6:00 PM