Last updated: 1 February 2026
Niyogate Tech Solutions - FZCO (“NiyoGate,” “we,” “us”) is the data controller responsible for the personal data processed in connection with our B2B cross-border payment infrastructure services. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, who we share it with, how long we retain it, and what rights you have in relation to your data.
This policy applies to all individuals and business entities that interact with our platform, including account holders, authorised users, beneficial owners identified during KYB verification, and beneficiaries of payments processed through our Services. It also applies to visitors to our website and individuals who correspond with us.
Our registered office is at IFZA Properties, 73 Street, Dubai Silicon Oasis, Dubai, United Arab Emirates. For data protection enquiries, contact our Data Protection Officer at team@niyogate.com.
Full legal name, date of birth, nationality, country of residence, gender, government-issued identification documents (passport, national identity card, driving licence), photographs, and — where required for enhanced verification — biometric data derived from identity documents. For corporate clients, this includes the identity data of all beneficial owners holding 25% or more of the entity, directors, and authorised signatories.
Email addresses, telephone numbers, physical business addresses, and correspondence postal addresses.
Company name, registration number, jurisdiction of incorporation, date of incorporation, registered office address, business type and industry classification (including MCC codes where applicable), corporate structure and organisational charts, memorandum and articles of association, beneficial ownership declarations, board resolutions authorising the use of our Services, and financial statements or bank reference letters provided during onboarding.
Bank account details (account numbers, sort codes, IBAN, SWIFT/BIC codes, IFSC codes), payment amounts, source and destination currencies, FX rates applied, transaction fees, beneficiary details, payment references, transaction timestamps, settlement status, banking partner reference numbers, and local clearing references.
KYB/KYC verification results and status, sanctions screening outcomes (including partial match records), PEP screening results, adverse media screening results, risk assessment scores and classifications, transaction monitoring flags and alert records, Enhanced Due Diligence documentation, source of funds and source of wealth declarations, and any correspondence related to compliance queries or investigations.
IP addresses, device identifiers, browser type and version, operating system, API authentication tokens, API request and response logs, session identifiers, login timestamps, and access patterns. For API users, this includes request headers, payload structures (excluding sensitive financial data which is separately encrypted), and error logs.
Records of correspondence between you and our team (email, support tickets, chat), including the content of communications, timestamps, and any attachments. Where calls are recorded for quality and training purposes, we will inform you at the start of the call.
We process personal data on the following legal bases, depending on the purpose of processing:
Processing that is necessary to perform our obligations under the Terms of Service: processing payments, managing accounts, executing FX conversions, settling transactions, providing transaction reports, and communicating with you about the status of your account and transactions.
Processing that we are required to perform under applicable law: AML/KYC verification and ongoing monitoring, sanctions screening, PEP screening, suspicious activity reporting (SAR/STR), tax reporting obligations, regulatory record-keeping requirements, and responses to lawful requests from regulatory authorities, financial intelligence units, law enforcement agencies, and courts.
Processing that is necessary for our legitimate business interests, provided those interests are not overridden by your rights: fraud prevention and detection, security monitoring and threat detection, service improvement and operational analytics, maintaining and improving the accuracy of our compliance screening systems, and internal audit and risk management.
Where we rely on your consent for processing — specifically for marketing communications and non-essential analytics cookies — you may withdraw your consent at any time by contacting us at team@niyogate.com or using the unsubscribe mechanism in any marketing communication. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
We share personal data only where there is a legitimate and lawful reason to do so. The categories of recipients include:
We do not sell, rent, or trade personal data to any third party. We do not share personal data with third parties for their independent marketing purposes.
As a cross-border payments infrastructure provider, the nature of our business requires the transfer of personal data between jurisdictions. When you initiate a payment to a beneficiary in another country, the transaction data necessarily flows to banking partners and clearing systems in the destination jurisdiction.
Where personal data is transferred from a jurisdiction with data transfer restrictions to a jurisdiction without an equivalent level of data protection, we implement appropriate safeguards including: contractual protections (Standard Contractual Clauses where applicable), data processing agreements with all recipients, technical measures including encryption in transit and at rest, and access controls limiting who can view personal data to those with a legitimate need. We conduct transfer impact assessments for new corridors and data flows.
We retain personal data for the minimum period required to fulfil the purposes for which it was collected, subject to regulatory minimum retention requirements:
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised such that it can no longer be associated with an identifiable individual.
Subject to applicable law and the specific data protection regime in your jurisdiction, you may have the following rights in relation to your personal data:
To exercise any of these rights, contact our Data Protection Officer at team@niyogate.com. We will respond to requests within 30 days, or within the timeframe required by applicable law. We may need to verify your identity before processing your request. In some cases, we may not be able to fully comply with your request where we have a legal obligation to retain the data (for example, AML record-keeping requirements).
We implement technical and organisational measures appropriate to the sensitivity of the data we process. These include: AES-256 encryption at rest for all stored personal and financial data; TLS 1.3 for all data in transit (API, dashboard, webhooks, internal services); tokenisation of personally identifiable information (PII), stored in isolated encrypted vaults separate from transactional data; role-based access controls with principle of least privilege; multi-factor authentication for internal system access; comprehensive audit logging on all data access events; regular penetration testing by independent security firms; and incident response procedures with defined escalation paths and notification timelines.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and we will notify you directly where the breach is likely to result in a high risk to your rights and freedoms.
Our website uses essential cookies that are necessary for the website to function (session management, security). We do not use third-party advertising cookies. Where we use analytics cookies to understand website usage patterns, we obtain your consent before placing these cookies. You can manage your cookie preferences through your browser settings.
We may update this Privacy Policy from time to time. Material changes will be notified by email to the address associated with your account at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the date of the most recent revision.
Data Protection Officer: team@niyogate.com
Niyogate Tech Solutions - FZCO
IFZA Properties, 73 Street, Dubai Silicon Oasis, Dubai
United Arab Emirates