Orion Pay ("we", "our" or "Platform") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store and protect your personal information when using our PIX gateway, cryptocurrency exchange, DePix stablecoin services.
Português: This policy complies with United States privacy laws and, when applicable, with Brazil's General Data Protection Law (LGPD) for Brazilian users.
English: This policy complies with United States privacy laws and, when applicable, with Brazil's General Data Protection Law (LGPD) for Brazilian users.
Primary Jurisdiction: United States (New Mexico)
1. Information We Collect
1.1. Information Provided by You
- Registration Data: Name, email, password (encrypted)
- Financial Data: PIX keys, crypto wallet information
- Transaction Data: History of deposits, withdrawals and conversions
1.2. Automatically Collected Information
- IP address and approximate geographic location
- Device type, browser and operating system
- Pages visited and browsing time
- Cookies and unique identifiers
- Access logs and Platform activities
1.3. Blockchain Information
Transactions on the Liquid Network are permanently recorded on the public blockchain, but are protected by advanced encryption where only transaction participants can see the traded values. Another advantage is that an attacker with your address cannot see which tokens you have. It's digital money privacy for the plebs!
2. How We Use Your Information
We use your information to:
- Provide and operate our services
- Process PIX and cryptocurrency transactions
- Respect your privacy without requiring documents or KYC
- Prevent fraud and illicit activities
- Improve our services and user experience
- Send notifications about transactions and important updates
- Comply with legal and regulatory obligations
- Resolve disputes and enforce our Terms of Use
3. Data Sharing
We do not sell your personal information. We may share limited data with:
- Service Providers: Payment processors, hosting services, analytics tools (only necessary data)
- Legal Authorities: When required by law, court order or to prevent fraud
- Blockchain Partners: Wallet addresses may be visible on public blockchain (not directly associated with you)
4. Data Security
We implement advanced technical and organizational measures to protect your data:
Encryption
TLS/SSL for all communications
2FA Authentication
Mandatory two-factor authentication
Blockchain
Liquid Network for privacy
Protected Passwords
Bcrypt hash with salt
5. Cookies and Tracking Technologies
We use cookies to:
- Keep your session active (essential cookies)
- Remember your preferences
- Analyze Platform usage (Google Analytics)
- Prevent fraud and increase security
You can manage cookies through your browser settings. Note that disabling essential cookies may affect Platform functionality.
6. Your Rights (LGPD)
According to LGPD, you have the following rights:
Access
Confirm and access your data
Correction
Correct incomplete or incorrect data
Anonymization/Deletion
Request data removal
Portability
Export your data
Revocation
Revoke consent
Opposition
Oppose data processing
To exercise your rights, contact us at [email protected]
7. Data Retention
We retain your personal information for the time necessary to:
- Provide our services while your account is active
- Comply with legal obligations (minimum 5 years for financial data)
- Resolve disputes and enforce agreements
- Prevent fraud and ensure security
Blockchain Note: Blockchain transactions are permanent and cannot be deleted. However, we do not publicly associate these transactions with your identity.
8. International Data Transfer
Your data may be transferred and stored on servers located outside Brazil, including United States and European Union. We ensure that all international transfers are carried out with adequate protections, including standard contractual clauses and encryption.
Data stored on blockchain (Liquid Network) is globally distributed by design.
9. Data from Minors
Our services are not intended for minors under 18 years old. We do not intentionally collect information from minors. If we become aware that we have collected data from a minor, we will take steps to delete such information.
10. Technical Security Measures
🔐 End-to-End Encryption
All communications are encrypted with TLS 1.3. Sensitive data is encrypted at rest with AES-256.
🔑 Key Management
Crypto wallet private keys are stored encrypted. We use Liquid Wallet Kit (LWK) for secure wallet management.
🛡️ Strong Authentication
Mandatory 2FA (two-factor authentication). Passwords hashed with bcrypt. JWT tokens with short expiration.
📊 Monitoring
24/7 monitoring of suspicious activities, real-time fraud detection and complete audit logs.
11. How to Exercise Your Rights
To exercise any of your rights under LGPD:
- Access your account settings in the dashboard
- Or send an email to [email protected] with your request
- We will respond within 15 business days
- We will process your request maintaining our privacy policy (without requiring additional documents)
12. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated by email or prominent notification on the Platform with a minimum of 30 days notice. The date of last update is always visible at the top of this page.
13. Privacy Contact
Português: For privacy and data protection questions, our team is available to clarify doubts about this policy and data processing.
English: For privacy and data protection questions, our team is available to clarify doubts about this policy and data processing.
Privacy Email
[email protected]Note: As a U.S. company, we are not required to appoint a DPO (Data Protection Officer), but we maintain a dedicated team for privacy matters.
14. Legal Basis for Processing
Português: We process your personal data based on the following legal bases:
- Consent: You consent by accepting these terms
- Contract Performance: Necessary to provide our services
- Legal Obligation: Compliance with U.S. laws and regulations
- Legitimate Interest: Fraud prevention, security, and AML/OFAC compliance
English: We process your personal data based on the following legal bases:
- Consent: You consent by accepting these terms
- Contract Performance: Necessary to provide our services
- Legal Obligation: Compliance with U.S. laws and regulations
- Legitimate Interest: Fraud prevention, security, and AML/OFAC compliance
For Brazilian users: The legal bases above also meet LGPD (General Data Protection Law) requirements.
15. Contact
For questions about this Privacy Policy or data processing:
General Email
[email protected]Orion Pay
16. Jurisdiction and Applicable Law
16.1 Primary Jurisdiction
Português: Orion Pay is a company registered in the United States:
- Jurisdiction: New Mexico, United States
- Subject to U.S. federal and state laws
English: Orion Pay is a company registered in the United States:
- Jurisdiction: New Mexico, United States
- Subject to U.S. federal and state laws
16.2 For Brazilian Users
Português: While we operate under U.S. jurisdiction, we voluntarily respect LGPD principles for users residing in Brazil, as a commitment to privacy.
English: While we operate under U.S. jurisdiction, we voluntarily respect LGPD principles for users residing in Brazil, as a commitment to privacy.
16.3 Important
Português: Orion Pay is NOT subject to legal proceedings in Brazil. Disputes must be resolved under United States jurisdiction, in accordance with the laws of the State of New Mexico.
English: Orion Pay is NOT subject to legal proceedings in Brazil. Disputes must be resolved under United States jurisdiction, in accordance with the laws of the State of New Mexico.
16.4 Other Jurisdictions
We also observe international privacy principles including GDPR (European Union) and CCPA (California, USA) when applicable. International users have similar rights to those described in this policy.
17. Compliance and Monitoring
17.1 Privacy by Default
Português: Orion Pay minimizes data collection: for most services, you do not need to provide documents, selfies, or proof of residence, which preserves your privacy. When necessary or required by law, we may request identification of the ultimate beneficiary of deposits (see 17.3).
English: Orion Pay minimizes data collection: for most services, you do not need to provide documents, selfies, or proof of residence, which preserves your privacy. When necessary or required by law, we may request identification of the ultimate beneficiary of deposits (see 17.3).
17.2 Transaction Monitoring
Português: Even with minimized data collection, we monitor transactions for:
- Detection of suspicious activities
- OFAC sanctions compliance
- Anti-Money Laundering (AML)
- Transaction limits enforcement
English: Even with minimized data collection, we monitor transactions for:
- Detection of suspicious activities
- OFAC sanctions compliance
- Anti-Money Laundering (AML)
- Transaction limits enforcement
17.3 When We May Request Information
Português: We may collect additional information if:
- Transactions exceed established limits
- There is suspicion of illegal activity
- Required by law or U.S. competent authorities
- Necessary to investigate fraud
English: We may collect additional information if:
- Transactions exceed established limits
- There is suspicion of illegal activity
- Required by law or U.S. competent authorities
- Necessary to investigate fraud
17.4 OFAC Compliance
All transactions are automatically screened against OFAC (Office of Foreign Assets Control) sanctions lists. We do not provide services to individuals or entities sanctioned by the United States.
17.5 Continuous User Monitoring
Português: Orion Pay performs continuous monitoring of all platform users, including but not limited to: transaction patterns, usage behavior, IP addresses, devices, geolocation and correlation between accounts. This monitoring is performed for security purposes, fraud prevention, AML/OFAC compliance and platform integrity protection. Creating multiple accounts to bypass limits is automatically detected and may result in immediate blocking of all related accounts.
English: Orion Pay performs continuous monitoring of all platform users, including but not limited to: transaction patterns, usage behavior, IP addresses, devices, geolocation and correlation between accounts. This monitoring is performed for security purposes, fraud prevention, AML/OFAC compliance and platform integrity protection. Creating multiple accounts to bypass limits is automatically detected and may result in immediate blocking of all related accounts.
By using Orion Pay, you agree to this Privacy Policy and our Terms of Use.
This policy is an integral part of Orion Pay's Terms of Use