HomeLegalPrivacy Policy

Privacy Policy

Last updated: June 30, 2026

This policy explains what personal information Bolrach collects when you use our payment and financial services, how we use it, who we share it with, and the choices and rights you have over your data.

01Overview

Bolrach is operated by Bolrach Technologies Ltd. We build payment links, invoicing, wallets, payouts, and the developer tools that let businesses and platforms move money. Handling personal and financial data is at the heart of what we do, so we take the trust you place in us seriously.

This policy applies to the Bolrach website, dashboard, hosted checkout, mobile apps, and APIs. It covers people who open a Bolrach account, their team members, and the customers who pay a Bolrach merchant. If you use Bolrach through a business that already has an account, that business is the controller of your data and its own privacy notice may apply alongside this one.

02Information We Collect

We collect information you give us directly, information we generate as you use the platform, and a limited amount we receive from partners such as banks, card networks, and identity providers.

  • Account details. Your name, business name, email, phone number, password, and role when you sign up.
  • Identity and compliance data. Government ID, date of birth, address, tax numbers, and ownership details we need to verify you and meet know-your-customer rules.
  • Transaction data. Amounts, currencies, payment methods, timestamps, descriptions, and the parties involved in each payment or payout.
  • Device and usage data. IP address, browser type, device identifiers, pages viewed, and how you move through the dashboard.
  • Support and communications. Messages, ticket history, and call notes when you reach out to our team.

We do not store full card numbers on our own systems. Card data flows through PCI DSS certified processors and is tokenised before it reaches us.

03How We Use Information

Most of what we collect is used simply to run the service you signed up for. That means creating and securing your account, processing payments and settlements, sending receipts, and showing you accurate reports and balances.

We also use data to keep the platform safe. Fraud scoring, anomaly checks, and manual review all rely on transaction and device signals. Beyond that, we use aggregated and de-identified data to understand what is working, fix bugs, and decide what to build next.

Where you have opted in, we may send product updates, tips, and offers. You can turn these off at any time from your notification settings without losing access to the core service.

04Legal Bases

When privacy laws such as the GDPR or Canada's PIPEDA apply, we rely on one of a few grounds to process your data. We handle most account and payment activity because it is needed to deliver the contract you have with us.

  • Contract. To open your account, process transactions, and provide support.
  • Legal obligation. To meet anti money laundering, tax, and financial reporting duties.
  • Legitimate interests. To prevent fraud, secure the platform, and improve our products, balanced against your rights.
  • Consent. For optional marketing and certain cookies, which you can withdraw whenever you like.

05Sharing and Disclosure

We share personal data only when there is a clear reason to, and only with parties who are bound to protect it. We never sell your personal information.

  • Financial partners. Banks, card networks, and settlement providers that move money on your behalf.
  • Service providers. Vetted vendors for hosting, identity checks, analytics, and communications, acting on our instructions.
  • Legal and regulatory bodies. Where we are required by law, court order, or a valid request from a regulator.
  • Business transfers. If Bolrach is involved in a merger or acquisition, data may pass to the successor under this same policy.

06International Transfers

Bolrach operates across several regions, so your data may be stored or processed in countries other than where you live, including Canada and the countries where our infrastructure partners run.

When we move personal data across borders, we put safeguards in place such as standard contractual clauses and adequacy decisions, so the protection travels with the data no matter where it is handled.

07Data Retention

We keep personal data for as long as your account is active and for as long as we need it to provide the service. After that, retention is driven mostly by law.

Financial and compliance records are held for the period required by regulation, which is commonly up to seven years after a transaction. Once no legal or operational reason remains, we delete the data or make it anonymous so it can no longer be linked back to you.

08Your Rights

Depending on where you live, you have rights over the personal data we hold about you. We will always try to honour a valid request, though some data must stay with us to meet legal duties.

  • Access. Ask for a copy of the data we hold about you.
  • Correction. Fix details that are wrong or out of date.
  • Deletion. Ask us to erase data we no longer need to keep.
  • Portability. Receive certain data in a machine readable format.
  • Objection and restriction. Limit how we use your data in some cases.

You can act on most of these directly from your dashboard, or raise a request through our support center. If you believe we have mishandled your data, you also have the right to complain to your local privacy regulator.

09Security

Protecting money and data is not optional for us. We encrypt data in transit and at rest, run the card side of our platform under PCI DSS controls, and limit access to personal data on a strict need to know basis.

We monitor our systems around the clock, require multi factor authentication for sensitive actions, and test our defenses through regular reviews and independent audits. No system is ever perfectly safe, so if a breach ever affects your data, we will notify you and the relevant authorities as the law requires.

10Cookies

We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the site is used. Some cookies are strictly needed for the platform to work, while others help us measure and improve it.

You can manage non essential cookies through the banner shown on your first visit or from your browser settings at any time. For the full breakdown, see our Cookie Policy.

11Children

Bolrach is built for businesses and is not directed at children. You must be at least 18 years old, or the age of majority where you live, to open an account or transact with us.

We do not knowingly collect data from children. If you think a minor has given us personal information without the right consent, tell us through the support center and we will remove it.

12Changes

We update this policy from time to time as our products, partners, and the law evolve. When we make a change, we revise the date at the top of the page.

If a change is significant, we will give you clearer notice, usually through your dashboard or by email, before it takes effect. Using Bolrach after an update means you accept the revised policy.

13Contact

Questions about this policy, or want to act on one of your rights? Our team is the fastest way to get a clear answer, and every request is tracked from start to finish.

Bolrach Support Center

Open a ticket and our privacy and compliance team will pick it up. Please do not send sensitive data by other channels. Tickets keep your request secure and give you a record you can follow.

Open a Ticket
Data controller: Bolrach Technologies Ltd. For formal privacy notices under applicable law, raise a ticket marked Privacy Request and reference this policy dated June 30, 2026.