Skiroskiro
Legal

Privacy Policy

Last updated: May 29, 2026

This Privacy Policy explains how Skiro Inc. (“Skiro”, “we”, “us”) collects, uses, and shares information when you use our payment processing platform. We take privacy seriously and try to keep this policy in plain language.

This policy covers two groups of people: merchants who sign up for Skiro to accept payments, and end customers who pay merchants through Skiro’s checkout. Different parts of this policy apply to each.

1. Information we collect from merchants

When you create a Skiro account, we collect:

  • Account information: business name, email address, password (hashed), and any optional profile details you add.
  • Verification information: if KYC or KYB is required, government-issued ID, proof of address, business registration documents, and beneficial ownership details.
  • Payout details: the cryptocurrency wallet address you configure to receive payouts.
  • Usage data: how you interact with the dashboard, which features you use, browser type, IP address, and approximate location.
  • Communications: messages you send to support, feedback, and any documents you provide.

2. Information we collect from end customers

When someone pays through a Skiro-powered checkout, we receive:

  • Card details (entered directly into our PCI-compliant processing partner’s tokenization layer; we never store full card numbers).
  • The amount, currency, and any metadata the merchant attached to the transaction.
  • Email address, if provided.
  • IP address, browser fingerprint, and device information used for fraud prevention.
  • Billing address and country, if collected by the checkout.

We use this information to process the payment, prevent fraud, and provide receipts. End customers should also review the privacy policy of the merchant they are paying.

3. How we use this information

We use the information we collect to:

  • Operate the Services, process transactions, and send payouts to your configured wallet.
  • Verify identities and meet our legal obligations under anti-money laundering and counter-terrorism financing laws.
  • Detect and prevent fraud, abuse, and unauthorized access.
  • Provide customer support and respond to your messages.
  • Improve the Services, analyze usage patterns, and develop new features.
  • Send service updates, security notices, and (if you opt in) product news.

If you are in a region governed by the GDPR or similar privacy law, we rely on the following legal bases:

  • Contract performance for processing payments and providing the Services you signed up for.
  • Legal obligation for KYC, AML, sanctions screening, and tax reporting.
  • Legitimate interests for fraud prevention, product analytics, and security.
  • Consent for optional things like marketing emails. You can withdraw consent at any time.

5. Who we share information with

We only share information when needed. Specifically:

  • Processing partners: card networks, acquiring banks, and crypto liquidity providers who help us complete transactions.
  • Identity verification providers: third-party KYC/KYB services that confirm the documents you submit.
  • Cloud infrastructure: AWS, Supabase, and similar providers that host our data and services.
  • Fraud and security tools: services that help us detect chargebacks, account takeovers, and abuse patterns.
  • Government and law enforcement: when we receive a valid legal request (subpoena, court order, or regulatory inquiry) and we are required to comply.
  • Acquirers in a merger or acquisition: if Skiro is acquired, sold, or restructured, your data may transfer to the new entity, subject to this policy.

We do not sell personal information. We do not share end customer information with merchants beyond what they need to process and reconcile their transactions.

6. How we protect your data

We use industry-standard security practices:

  • All data is encrypted in transit using TLS 1.2 or higher.
  • Sensitive data at rest is encrypted using AES-256.
  • API keys are hashed using SHA-256 before storage.
  • Passwords are hashed using bcrypt with per-user salts.
  • We enforce role-based access controls and audit administrative actions.
  • We perform regular security reviews and accept reports through our responsible disclosure program.

No system is perfectly secure. If you believe your account has been compromised, contact us at security@skiro.io.

7. How long we keep data

We keep merchant account data for as long as your account is active and for a reasonable period after closure to comply with legal and regulatory requirements (typically 5 to 7 years for financial records).

Transaction records are retained as required by financial regulations. Communications and support tickets are kept for up to 3 years. Aggregated, non-identifying analytics may be kept indefinitely.

8. Your privacy rights

Depending on where you live, you may have the right to:

  • Access the information we hold about you.
  • Correct inaccurate information.
  • Delete your information (subject to our legal record-keeping obligations).
  • Restrict or object to certain processing.
  • Receive your information in a portable format.
  • Withdraw consent for optional processing like marketing.

To exercise these rights, email privacy@skiro.io. We will respond within 30 days. If you are not satisfied with our response, you can lodge a complaint with your local data protection authority.

9. Cookies and tracking

We use a small number of cookies and similar technologies:

  • Essential cookies for authentication, session management, and security. These cannot be disabled.
  • Functional cookies to remember your preferences (theme, dashboard layout).
  • Analytics cookies to understand which features merchants use and where to improve. We use first-party analytics; we do not use ad-tracking pixels.

10. International data transfers

Skiro operates globally. Your information may be processed in the United States, the European Union, or other regions where our service providers operate. When we transfer data out of your region, we use appropriate safeguards such as Standard Contractual Clauses to make sure your data stays protected.

11. Children

Skiro is not for use by anyone under 18. We do not knowingly collect information from minors. If we learn we have collected information from a minor, we will delete it.

12. Changes to this policy

We may update this Privacy Policy as our Services change or as required by law. If we make material changes, we will notify you by email or through the dashboard. The “last updated” date at the top reflects the most recent version.

13. Contact us

Questions about privacy? Email privacy@skiro.io. For data protection authority contact details in your region, see the GDPR or CCPA reference pages.

← Back to skiro.io
TermsPrivacyAcceptable Use