This policy explains what personal information Bolrach collects when you use our payment and financial services, how we use it, who we share it with, and the choices and rights you have over your data.
Bolrach is operated by Bolrach Technologies Ltd. We build payment links, invoicing, wallets, payouts, and the developer tools that let businesses and platforms move money. Handling personal and financial data is at the heart of what we do, so we take the trust you place in us seriously.
This policy applies to the Bolrach website, dashboard, hosted checkout, mobile apps, and APIs. It covers people who open a Bolrach account, their team members, and the customers who pay a Bolrach merchant. If you use Bolrach through a business that already has an account, that business is the controller of your data and its own privacy notice may apply alongside this one.
We collect information you give us directly, information we generate as you use the platform, and a limited amount we receive from partners such as banks, card networks, and identity providers.
We do not store full card numbers on our own systems. Card data flows through PCI DSS certified processors and is tokenised before it reaches us.
Most of what we collect is used simply to run the service you signed up for. That means creating and securing your account, processing payments and settlements, sending receipts, and showing you accurate reports and balances.
We also use data to keep the platform safe. Fraud scoring, anomaly checks, and manual review all rely on transaction and device signals. Beyond that, we use aggregated and de-identified data to understand what is working, fix bugs, and decide what to build next.
Where you have opted in, we may send product updates, tips, and offers. You can turn these off at any time from your notification settings without losing access to the core service.
When privacy laws such as the GDPR or Canada's PIPEDA apply, we rely on one of a few grounds to process your data. We handle most account and payment activity because it is needed to deliver the contract you have with us.
Bolrach operates across several regions, so your data may be stored or processed in countries other than where you live, including Canada and the countries where our infrastructure partners run.
When we move personal data across borders, we put safeguards in place such as standard contractual clauses and adequacy decisions, so the protection travels with the data no matter where it is handled.
We keep personal data for as long as your account is active and for as long as we need it to provide the service. After that, retention is driven mostly by law.
Financial and compliance records are held for the period required by regulation, which is commonly up to seven years after a transaction. Once no legal or operational reason remains, we delete the data or make it anonymous so it can no longer be linked back to you.
Depending on where you live, you have rights over the personal data we hold about you. We will always try to honour a valid request, though some data must stay with us to meet legal duties.
You can act on most of these directly from your dashboard, or raise a request through our support center. If you believe we have mishandled your data, you also have the right to complain to your local privacy regulator.
Protecting money and data is not optional for us. We encrypt data in transit and at rest, run the card side of our platform under PCI DSS controls, and limit access to personal data on a strict need to know basis.
We monitor our systems around the clock, require multi factor authentication for sensitive actions, and test our defenses through regular reviews and independent audits. No system is ever perfectly safe, so if a breach ever affects your data, we will notify you and the relevant authorities as the law requires.
Bolrach is built for businesses and is not directed at children. You must be at least 18 years old, or the age of majority where you live, to open an account or transact with us.
We do not knowingly collect data from children. If you think a minor has given us personal information without the right consent, tell us through the support center and we will remove it.
We update this policy from time to time as our products, partners, and the law evolve. When we make a change, we revise the date at the top of the page.
If a change is significant, we will give you clearer notice, usually through your dashboard or by email, before it takes effect. Using Bolrach after an update means you accept the revised policy.
Questions about this policy, or want to act on one of your rights? Our team is the fastest way to get a clear answer, and every request is tracked from start to finish.
Open a ticket and our privacy and compliance team will pick it up. Please do not send sensitive data by other channels. Tickets keep your request secure and give you a record you can follow.
Open a Ticket