Privacy Policy

Effective date: April 9, 2026 — Last updated: April 9, 2026

1. Introduction

This Privacy Policy explains how Osmosia Venture LLC ("we", "us", or "our") collects, uses, shares, and protects information in connection with the Pay Oren platform ("Platform"). It applies to merchants who register for an account and to end customers who interact with a checkout powered by the Platform.

By using the Platform, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Platform.

2. Information We Collect

We collect information in the following ways:

• Account registration: When a merchant signs up, we collect name, email address, business name, business address, and Shopify store URL.
• Payment onboarding: To facilitate Stripe Express onboarding, we collect and pass identity and business verification information to Stripe as required by their Know Your Customer (KYC) process. We do not store full card numbers or sensitive financial credentials.
• Checkout data: When a customer completes a checkout, we collect name, email address, phone number, shipping address, and order details in order to create the order and process the payment.
• Usage data: We automatically collect log data including IP addresses, browser type, pages visited, and timestamps when you interact with the Platform.
• Cookies and local storage: We use cookies and browser local storage to maintain session state, remember dark mode preferences, and improve Platform performance. See Section 8 for details.

3. How We Use Your Information

We use the information we collect to:

• Create and manage merchant accounts and Stripe Express connected accounts.
• Process payments and sync completed orders to the merchant's Shopify store.
• Calculate real-time shipping rates and apply discount codes during checkout.
• Send transactional communications such as account confirmations and payment receipts.
• Detect and prevent fraud, chargebacks, and misuse of the Platform.
• Comply with legal obligations, including those imposed by Stripe and applicable financial regulations.
• Improve and maintain the Platform, including diagnosing errors and analysing usage patterns.

4. Sharing Your Information

We do not sell your personal information. We share information only in the following circumstances:

• Stripe: We share merchant identity, business, and banking information with Stripe, Inc. as required to create and operate Stripe Express connected accounts and process payments. Stripe's use of this data is governed by the Stripe Privacy Policy.
• Shopify: We share order and customer data with the merchant's Shopify store via the Shopify API to create and mark orders as paid. Shopify's use of this data is governed by the Shopify Privacy Policy.
• Service providers: We may share data with trusted third-party providers (e.g. hosting, error monitoring, email delivery) who assist us in operating the Platform, under confidentiality obligations.
• Legal requirements: We may disclose information if required to do so by law, court order, or governmental authority, or to protect the rights, property, or safety of the Platform, its users, or the public.
• Business transfers: If the Platform is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify affected users before any such transfer.

5. Data Retention

We retain merchant account data for as long as the account is active and for a reasonable period thereafter to fulfil legal, tax, and audit obligations. Checkout and order data is retained for as long as required by applicable financial regulations, typically a minimum of five (5) years. You may request deletion of your data at any time (see Section 7), subject to any legal retention requirements.

6. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. Payment card data is handled exclusively by Stripe and is never stored on our servers. Despite these measures, no system is completely secure and we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that inaccurate or incomplete data be corrected.
• Deletion: Request that your personal data be deleted, subject to legal retention obligations.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your data for certain purposes.
• Withdrawal of consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. Note that some data may need to be retained to comply with our legal obligations or to complete transactions already in progress.

8. Cookies and Tracking

We use the following types of cookies and storage mechanisms:

• Essential cookies: Required for the Platform to function, including session management and CSRF protection.
• Preference storage: We use browser local storage to remember your display preferences (e.g. dark mode).
• Analytics: We may use anonymised usage data to understand how the Platform is used. No personally identifiable information is shared with analytics providers.

You can control cookie behaviour through your browser settings. Disabling essential cookies may affect Platform functionality.

9. Third-Party Links

The Platform may contain links to third-party websites, including Stripe and Shopify. We are not responsible for the privacy practices of those sites. We encourage you to review their respective privacy policies before providing any personal information.

10. Children's Privacy

The Platform is intended for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where changes are material, notify you by email or via the Platform dashboard. Continued use of the Platform after any changes constitutes acceptance of the updated policy.

12. Contact

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us at:

Osmosia Venture LLC
P.O. Box 571, Nassau, DE 19969, United States
[email protected]