LegalPrivacy Policy

Privacy Policy

Effective date: 2026-04-17. Operator: Max Systems LLC, dpo@maxsystems.az.

1. What we collect

From Merchants: company details, beneficial-owner information, bank coordinates, API usage telemetry. From End Customers, on Merchant's behalf: card BIN/last4 (never PAN/CVV in our logs), billing email, IP, device fingerprint, 3DS authentication factors. From visitors of this site: anonymised analytics (no behavioural advertising cookies).

2. Why we collect it

To provide the payment service, comply with KYC/AML obligations under the laws of merchant incorporation and acquiring banks, prevent fraud, calculate settlements, respond to support requests, and improve the product through aggregated analytics.

3. Data retention

Transaction records — 10 years (regulatory requirement).
KYC artifacts — 5 years after termination.
API request logs — 30 days (live), 7 days (test mode).
Webhook delivery attempts — 90 days.
Audit trail of dashboard actions — 2 years.

4. Sub-processors

We use a small number of certified sub-processors for hosting (DigitalOcean), email (transactional), and KYC enrichment (sanctions list providers). The full list with the data category each receives is published in the merchant portal under Settings → Data & Privacy.

5. Your rights

End Customers and Merchants can request export, correction or deletion of personal data via our contact form. We respond within 30 days. Some data — transaction records subject to mandatory retention — cannot be deleted before the regulatory period elapses; in those cases we restrict processing instead.

6. International transfers

Production data is stored in EU data centres (Frankfurt). Backups are encrypted and stored in the same region. We do not transfer personal data to jurisdictions without adequate protection unless explicitly authorised in the order form.

7. Card data scope

Full PANs and CVVs are not stored anywhere in our infrastructure. Tokenisation happens at the moment of card entry on our hosted checkout page. We are PCI DSS Level 1 audited annually.

8. Cookies on this site

We use a single cookie maxfi_lang to remember your language preference on dev.exezine.az. No tracking, ads or third-party analytics on this site.

9. Contact

Data protection inquiries: contact form, topic "Security & compliance".