Privacy Policy

Last modified on Jan 8, 2024


This Privacy Policy (“Policy”) describes how Payhawk Inc. (“we”, “us”, “Payhawk”) collects and uses your personal information, as well as what are your privacy rights when you are interacting with our products and services.

A separate agreement governs the (i) delivery, type, access and use of our Services (the “Terms of Use”) and (ii) access to any information, files, and personal information provided to us by our Clients or other content collected and uploaded by the Clients in the Payhawk Account (the Data Processing Addendum/ “DPA”.

At Payhawk Inc., we value your privacy and your rights under the US Privacy laws, such as the California Consumer Privacy Act (CCPA), the Colorado Privacy Act (CPA) and the Virginia Consumer Data Protection Act (VCDPA). In that regard, we recommend that you carefully read the present Privacy Policy, as it describes why and how we use your personal information at Payhawk Inc.
This Privacy Policy applies to your personal information we collect about you when you use:

  • our website “” (the “Website”);
  • the Payhawk mobile app;
  • the Payhawk web app;
  • when we contact you to promote our products and services.

Should you have any questions related to the present Policy or you would wish to exercise any of your privacy right, please address those queries to:


When you interact with us, we collect certain personal information from you.
Example: When you apply at Payhawk, we may require you to verify your identity by providing us with an ID document (passport, driving license, ID card, etc.), as part of our KYC process.

At Payhawk we process the following categories of personal data related to you:

  • contact data, such as first name, last name, e-mail address, phone number;
  • data about your device (for ex. If you are using a computer or a mobile device);
  • your Payhawk userID (this ID is assigned to you by our systems when you register for the first time on our website);
  • your Payhawk card details: card number, cardholder, issuance date, expiry date, CVC code;
  • your identification documents, such as your passport, your ID card, your driving license;
  • your selfie image, when you are applying for a Payhawk account as part of our KYC process;
  • data collected from your device, such as your IP address, your log-in information, version and type of your browser, version and type of your operational system; your mobile device operational system and version;
  • information about your visit, such as your navigation through our platforms, your activity on our platforms (for ex. the pages you visit) and information about the length of your session;
  • information stored on your computer or mobile device in the form of “cookies” – for more information on the types of cookies we use, please see our Cookie Policy);
  • information about your transactions as a Payhawk Cardholder, such as payments into and out of your account, incl. the date, time, amount, currency, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender's and receiver's name and registration information, the device used for the payment and the payment method used;
  • when your employer has nominated you as a Payhawk Cardholder or account user, we shall collect from your employer your fist name, last name, phone number, e-mail address, your postcode, your city of residence and your country of residence;
  • information about you, collected from publicly available sources, such as public registers, media and websites, as part of our KYC process;
  • information about you, collected from recorded phone calls;
  • information about you from social media (for ex. when you have applied at Payhawk and we are unable to verify your business nature, we could check your personal Linkedin profile, your personal Facebook profile or other social media profile to confirm that your business exists, as part of our KYC process);


  • To register and manage your Payhawk Account – whether you are the Company account Admin or account User, we shall process your personal data to be able to deliver the services under our Platform agreement.
    Example: When you are appointed as the Company’s Payhawk account Admin, we will process your personal data, so that we are able to set your desired card limits.
  • To register and manage your Payhawk physical cards – when your Company has ordered Payhawk physical cards, we shall process the personal data of the cardholders, so that we are able to register and deliver the requested cards.
    *Please note that upon the acceptance of the Cards Terms and Conditions via the Payhawk Platform, the Company enters into direct contractual relations with the respective Credit Card Issuer (Cross River Bank). You should also refer to the respective privacy policy published by the Issuer regarding the collection and use of personal information in relation to their services. *
  • To communicate with you and notify you about important changes to our services (service messages) – we will process your personal information to send you important messages and notifications related to the delivery of our services under the Payhawk Terms of Use.
    Example: When your Company has appointed you as a Payhawk User, we will notify you by e-mail and send you an invitation to our Platform.
  • To fulfill our Know Your Customer (“KYC”) obligations under the anti-money laundering legislation - we are obliged to comply with our obligations resulting from the AML and CFT regulations. In this respect, we must perform certain identification procedures to verify the identity of the representatives of the Company, the cardholders and the ultimate beneficial owners (“UBOs”) by following the steps of our KYC process. As part of our KYC process, we may also use external service providers to check and collect data via external sources of information, such as official registers, social media, public databases, etc.
    Example: When you apply for a Payhawk account with us, we will use your personal information to verify your identity (as part of our KYC process).
  • To monitor our transactions under the anti-money laundering legislation - under the AML and CFT regulations we are obligated to monitor your card and/or bank payments into and out of your Payhawk account to make sure they are not involved by any means in money laundering, financing of terrorism or bypassing imposed sanctions.
  • To detect and prevent fraud – we will process your personal information to ensure that your card transactions and/or bank payment are not by any means involved in fraud.
    *Example: If you have made multiple payment attempts to various merchants, we may require further confirmation to ensure that the payments are not fraudulent. *
  • To ensure the effective and secure functioning of our Services – we will process your personal data for the maintenance and administration of our Services. This includes activities related to detection and prevention of malicious activities; detection and repair of technical or functionality related issues; prevention of unauthorized access to the Services; as well as improvement of the functioning and the quality of the Services.
    Example: We will process your IP and other login information to verify that this is a legitimate traffic and to prevent malicious or fraudulent activities such as account compromise.
  • To manage and respond to complaints, signals, requests, and queries – we will process your personal information, when you have submitted either of the above, so that we are able to resolve the issues that you are facing.
  • To establish, exercise or defend our legal claims, rights and interests - we will process your personal data, so that we are able to protect and exercise our legal interests if a legal dispute has arisen. Your data may also be processed for exercise or defense of legal claims.
  • To be able to collect any receivables payable to us - we will process your personal information to be able to collect our receivables in execution proceedings, as well as for debt collection (incl. via third parties such as debt collection companies) and debt assignment.
  • To improve our services – we will process your personal information to improve our services and deliver the best customer experience.
    *Example: We may record our phone calls with you, so that we can analyze where we can improve. *
  • Cookies for improving our Service – we may from time to time use cookies. To become aware of what types of cookies we may use, for what purposes and how to control their use, please check our Cookie Policy.
  • To perform our direct marketing activities – we will use your personal data to provide you with information about our products and services that you might be interested in. When you have contacted us at first and you have provided us with means of contacting you or if you have indicated interest, we may process the information provided by you for direct marketing activities, such as sending marketing communications, offers and other similar news and updates. In such a case, you clearly and distinctly will be given the opportunity to object, free of charge and in an easy manner, to such use of electronic contact details at the time of their collection and on the occasion of each message in case you have not initially refused such use. Also, if you do not want to receive communications from us, you can indicate your preference at any time by unsubscribing or by sending an email to:


We will not collect any personal information, unless it has been voluntarily provided by you personally. However, in some specific cases, we may collect information about you from third party sources, such as providers, your Company or public and/or official registers, as part of our KYC process.
You are not allowed to enter third party personal information, including signing up third party (Users, Admins, employees, etc.,) without due authorization by such a third party. It is your sole responsibility to provide and guarantee that the processing activities performed by you and the provision of third party personal information are compliant with the requirements of the applicable privacy legislation.


Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential and are properly trained and authorized. We also take appropriate technical and organizational measures to protect your personal information against loss or other forms of unlawful processing.


We may share your personal information with:

  • The Company and other Company’s Users and Admins – The personal information stored into the Payhawk Account, such as the data about Admis, Users, Cardholders, requested Services, expenses and other details uploaded or generated within the Company’s Payhawk Account, are available to that Company and to other Company’s Users and Administrators who have access to the Payhawk Account as determined with their access permissions.
  • **Issuers **– In the contexts of the acceptance, performance and termination of the Company’s agreement with the Issuers under their Cards Terms and Conditions, the provision of their services, the performance of our duties as Agent/Card Distributor of these Issuers and compliance with the AML and other regulatory requirements we exchange data with the Issuers.
  • Where required by law – We may store and disclose any information that we believe is necessary to comply with applicable law or court order. In such cases we may disclose personal data to competent state and court authorities, auditors or other types of recipients provided by law.
  • Where necessary for protection of the rights and legal interests of Payhawk or for rendering assistance to third parties for protecting their rights and legal interest – when your personal information is necessary to enforce or apply our Agreement, to protect our rights, property, or safety and/or to establish, exercise or defend a legal claim we may disclose your personal information to attorneys and legal consultants; bailiffs; notaries or persons performing similar public functions; competent authorities.
  • Suppliers and subcontractors
    * We may use service providers as specialized data centers for reliable and secure colocation of server and network equipment, providers of quality assurance testing services, providers of technical support, cloud service providers, etc. When working with such suppliers and subcontractors, they act as Data Processors on our behalf, and Payhawk engages into contractual relations with them, which include obligations for the Processors to strictly comply with our instructions, in accordance with this Policy, the Terms of Use and the applicable data protection rules.
    * Some of our suppliers and service providers that we may share your personal data with act as Data Controllers and determine on their own or by virtue of the applicable law their own purposes to process personal data. For example, such providers are electronic communications service and network providers that are necessary for the Internet connection and communications between us, banks and other payment processing companies that we use to receive payments, postal services, etc. In such cases, we share personal data only to the extent that is necessary for the performance of the data processing purposes specified in this Policy and only as far as we have a respective legal basis for sharing that personal data.
    In other cases, required by law - We might share your personal data in any other cases as required and to the extent permitted under applicable law.


Payhawk applies the storage limitation principle, namely stores personal information in minimal volume and for a period no longer than the necessary for the purposes for which they are processed, ensuring that they are stored securely and in compliance with the applicable legislation.



Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers can request from the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at


Notice of Collection
The CCPA (California Consumer Privacy Act of 2018) provides additional privacy rights and requires businesses collecting or disclosing personal information to provide notices and means to exercise consumer privacy rights. In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:

  • Identifiers, including name, postal address, email address, and online identifiers (such as IP address);
  • Customer records, including phone number, billing address, bank account and credit or debit card information;
  • Characteristics of protected classifications under California or federal law, including gender;
  • Commercial or transactions information, including records of products or services purchased, obtained, or considered;
  • Internet activity, including browsing history, search history, and interactions with a website, email, application, or advertisement;
  • Geolocation data;
  • Employment and education information;
  • Inferences drawn from the above information about your predicted characteristics and preferences.

For all the details related to the information we collect, please refer to the “PERSONAL INFORMATION PAYHAWK COLLECTS” section of this Policy. We do not sell information collected through the Service or Product.

Right to Know and Delete

You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific pieces of personal information we have collected about you.

In addition, you have the right to delete the personal information we have collected from you.

To exercise any of these rights, please submit a request by sending us an email to with "CCPA Request" in the subject line and specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. If personal information about you has been processed by us as a service provider on behalf of a business customer, we will follow the procedure set out above. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.


For the delivery of the Payhawk Export addon for Google Workspaces, we receive your personal data from Google and any processing of your personal data, received from Google APIs to the Payhawk Export addon will adhere to Google API Services User Data Policy, including the Limited Use requirements.


We’ll post any changes we make to our privacy notice on this page and, if they’re significant changes we’ll let you know by email. We are constantly trying to improve our Services and need to comply with all the changes in the applicable data protection legislation, so we may need to change this Privacy Policy from time to time as well, but we will alert you to changes by placing a notice on:, by sending you an email, and/or by some other appropriate means.