1. Commitment to Data Integrity

PayQuanta ("the Company") provides enterprise-grade payment orchestration and financial software solutions. This policy outlines our commitment to processing data in strict compliance with PCI-DSS v4.0, GDPR, and global financial regulations. We operate primarily as a Data Processor for our institutional partners.

2. Categories of Processed Data

We adhere to strict data minimization principles, collecting only what is essential for secure financial operations:

• Transaction Telemetry: IP addresses and device fingerprints used exclusively for our Real-Time Risk Logic.
• Institutional KYC: Corporate documentation and authorized personnel identifiers required for regulatory onboarding.
• Payment Information: We utilize advanced tokenization. We do not store raw Primary Account Numbers (PAN) or CVV codes.

3. Cryptographic & Physical Security

Your data is protected by multi-layered institutional safeguards:

• At-Rest: All sensitive database entries are secured via AES-256 bit encryption.
• In-Transit: Mandatory TLS 1.3 protocols for all API communications and dashboard sessions.
• Audits: Quarterly ASV scans and annual third-party penetration testing to satisfy PCI-DSS Requirement 11.

4. Data Lifecycle Management

Operational logs and telemetry metadata are purged every 90 days. Institutional account data is retained for the duration of the service agreement and erased within 30 days of termination using NIST-compliant digital shredding protocols.

5. Compliance and Redress

Data is stored in high-security, EU-based environments. Inquiries regarding data access or the "Right to be Forgotten" should be directed to our compliance team:
Email: [email protected]