Legal

Privacy Policy

Effective date: 12 May 2026

PayGuard is committed to protecting your personal data. This policy explains what data we collect, why we collect it, how we use it, and your rights under the Ghana Data Protection Act 2012 (Act 843) and applicable international standards.

1. Who We Are

PayGuard (“PayGuard”, “we”, “us”, or “our”) is an escrow-backed payments platform operating in Ghana and across West Africa. We act as the data controller for personal data processed through our website (payguardgh.com) and mobile application.

Our Data Protection Officer (“DPO”) can be reached at privacy@payguardgh.com.

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Identity and contact data

Full name, email address, phone number
Date of birth (where required for age verification)
Profile photograph (optional)

2.2 Financial and transaction data

Deal amounts, order history, and escrow records
Bank account details for seller payouts (account number, bank name)
Mobile money wallet details where used for payouts
Paystack payment references (we do not store raw card numbers)

2.3 Verification and KYC data (sellers only)

Ghana Card or national ID number and photograph
Business registration certificate (where applicable)
Proof of address documents

2.4 Technical and usage data

IP address, browser type, operating system, device identifiers
Pages visited, features used, session timestamps
Error and performance data (anonymised before transmission to monitoring tools)

2.5 Communications

Support messages, dispute submissions, and review content
SMS and email notification delivery logs

We do not collect special categories of personal data (e.g. health, biometric, religious, or political data) and do not use your data for automated profiling that produces legal or similarly significant effects.

3. Legal Basis for Processing

Contract performance: Processing necessary to operate your escrow account, facilitate deals, process payments, and manage disputes.
Legal obligation: Retaining financial records as required by the Anti-Money Laundering Act 2020 (Act 1044), Bank of Ghana regulations, and applicable tax law.
Legitimate interests: Fraud prevention, platform security, abuse detection, and improving our services — balanced against your rights.
Consent: Where we send optional marketing communications. You may withdraw consent at any time.

4. How We Use Your Data

Create and manage your account and identity
Process escrow payments and release or refund funds
Verify seller identity and comply with KYC/AML obligations
Send transactional notifications — order updates, delivery confirmations, dispute alerts — via SMS and email
Detect and prevent fraud, money laundering, and prohibited transactions
Resolve disputes and maintain the integrity of the escrow process
Generate anonymised analytics to improve platform performance
Comply with court orders, regulatory requests, or legal obligations

5. Third-Party Data Processors

We share only the minimum data necessary with the following processors, each bound by data processing agreements:

Processor	Purpose	Location
Paystack	Payment processing (PCI-DSS Level 1 certified)	Nigeria / global
Clerk Inc.	Authentication, session management, MFA	United States
Hubtel	SMS notifications	Ghana
Resend	Transactional email delivery	United States
Vercel Inc.	Web hosting and serverless infrastructure	United States / global
Neon Inc.	PostgreSQL database hosting	United States
Upstash	Redis caching layer	United States / EU
Sentry	Error monitoring (PII stripped before transmission)	United States
Vercel Analytics	Aggregate usage analytics (no cross-site tracking)	United States

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. International Data Transfers

Some of our processors are located outside Ghana. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses, processor certifications (e.g. PCI-DSS for Paystack), and privacy frameworks where applicable.

Your data is stored in encrypted databases hosted by Neon on AWS infrastructure in the United States, with replication controls to minimise data residency risk.

7. Data Retention

Transaction records: Retained for 7 years from deal completion to comply with the Anti-Money Laundering Act 2020 and Bank of Ghana financial record requirements.
Audit logs: Append-only and retained for the same 7-year period as the associated transaction.
KYC documents: Retained for 5 years after the associated seller account is closed, per AML obligations.
Account data: Retained while your account is active. Upon account deletion, non-transactional data (profile, preferences, contact details) is purged within 30 days.
Support messages: Retained for 2 years from the date of the last interaction.
Technical / usage data: Aggregated within 90 days; raw logs purged within 30 days.

8. Your Rights

Under the Ghana Data Protection Act 2012 (Act 843), you have the following rights. To exercise any of them, email privacy@payguardgh.com — we will respond within 30 days.

Access: Request a copy of the personal data we hold about you.
Rectification: Ask us to correct inaccurate or incomplete data.
Erasure: Request deletion of your data. Note: transaction records, audit logs, and KYC documents cannot be deleted during their mandatory retention period.
Restriction: Ask us to pause processing of your data while a dispute is resolved.
Portability: Receive your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests. We will stop unless we can demonstrate compelling grounds.
Withdraw consent: Where processing is based on consent (e.g. marketing), you may withdraw at any time without affecting prior processing.

You also have the right to lodge a complaint with the Data Protection Commission of Ghana (dataprotection.org.gh).

To request account or data deletion, see our Data Deletion page.

9. Cookies and Tracking

We use essential cookies only — specifically the session cookies issued by Clerk for authentication. We do not use advertising, tracking, or third-party analytics cookies.

Vercel Analytics collects aggregate, anonymised page-view metrics. No personally identifiable information is transmitted to Vercel Analytics and no cross-site tracking occurs.

Disabling cookies in your browser will prevent you from staying signed in but will not otherwise affect public pages.

10. Security

All data is encrypted in transit using TLS 1.2 or higher.
Database storage is encrypted at rest by Neon.
Payment credentials are handled exclusively by Paystack (PCI-DSS Level 1). We never store raw card numbers.
KYC documents are stored under access-controlled paths and served only via authenticated signed URLs.
Admin accounts require multi-factor authentication (MFA).
We use anomaly detection and risk scoring to identify suspicious transaction patterns.

If you suspect a security breach involving your data, notify us immediately at security@payguardgh.com.

11. Children's Privacy

PayGuard is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has registered, contact us at support@payguardgh.com and we will promptly delete the account.

12. Changes to This Policy

We may update this policy to reflect changes in our practices or applicable law. When we make material changes, we will notify registered users by email and display a notice on the platform at least 14 days before the changes take effect. The “Effective date” at the top of this page reflects the most recent revision.

13. Contact

Privacy & DPO: privacy@payguardgh.com
General support: support@payguardgh.com
Security issues: security@payguardgh.com
Data deletion: payguardgh.com/data-deletion

Postal address: PayGuard, Accra, Ghana. We aim to respond to all privacy enquiries within 5 business days.