Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Data Protection

            Created by Kalin Ivanov, Modified on Thu, 18 Jun at 7:21 PM by Kalin Ivanov

            What SwissPay holds when you use the API.

            Data we hold

            About your account

            • The legal entity associated with your SwissPay account.
            • Authentication and team data (email addresses, hashed passwords, MFA state, sign-in history).
            • Your API keys — stored encrypted; the plaintext key is shown only once at creation.

            About your customers

            • Customer email, name, locale, phone, and (optionally) billing_address, delivery_address, date_of_birth.
            • metadata you attach to a customer.
            • The external_id you provide to map customers back to your own system.

            About your payments

            • Per payment: amount, currency, status, your reference, processor reference, payment-method metadata (brand, last 4, expiry month/year), and any metadata you attached.
            • Operational signals you pass on the request: shopper_ip, browser_info, and risk_data — forwarded to our risk engine.

            What we never store

            • The full card number (PAN).
            • The card security code (CVV / CVC).
            • Any sensitive authentication data such as magnetic-stripe data, PIN, or raw 3-D Secure authentication values.

            Where the data lives

            • Region: Microsoft Azure, Switzerland North.
            • Encryption at rest: All databases and storage are encrypted at rest.
            • Encryption in transit: Every connection in and out of SwissPay uses TLS 1.2 or higher.

            How long we keep it

            • Audit log: indefinitely.
            • Payments and customers: retained for as long as your account is active. Specific retention windows beyond that follow financial recordkeeping obligations.
            • API access logs: rolling window for security investigation purposes.

            What you can request

            Under GDPR / FADP and similar laws, you and your customers can request:

            • A copy of personal data we hold.
            • Correction of inaccurate data.
            • Deletion of personal data where legally permitted (subject to financial recordkeeping obligations).

            Requests go to privacy@swisspay.ai. We respond within statutory deadlines.

            Sub-processors

            SwissPay uses sub-processors for hosting, payment processing, and operational tooling (transactional email, error monitoring). The current list is available on request from privacy@swisspay.ai. Each sub-processor is bound by a Data Processing Agreement.

            Data export

            You can export the data we hold about your customers and payments through the API itself — GET /api/v1/customers and GET /api/v1/payments are paginated lists you can walk.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0