Privacy Policy
1. Who We Are and What This Policy Covers
1.1. This Privacy Policy (the “Privacy Policy”) is issued by WebWise, which is provided by NovaCyber Ltd, a company incorporated in the British Virgin Islands (BVI) (BVI Company Number: 2113531), with its registered office at Vistra Corporate Services Centre, Wickhams Cay II, Tortola, VG1110, British Virgin Islands (“WebWise”, “we”, “us”, “our”).
1.2. This Privacy Policy forms part of and is incorporated by reference into the WebWise Terms of Use. It explains how we collect, use, share, and otherwise process Personal Data when you use: (i) the WebWise mobile application (the “App”); and (ii) the related features that enable you to apply for, receive, manage, and use virtual/physical payment cards and related account functions (collectively, the “Services”).
1.3. Partner-run components. Certain parts of the Services are delivered by a licensed third-party provider (the “Partner”). In particular, card issuance, processing, settlement, safeguarding/holding of funds (where applicable), and certain compliance controls may be performed by the Partner and/or its regulated counterparties. This Privacy Policy describes our processing and, where relevant, the processing performed by the Partner or upstream providers in connection with the Services.
1.4. Effective date. This Privacy Policy is effective as of 27 March 2026 and may be updated in accordance with Section 12.
2. Definitions
In this Privacy Policy:
- Account
- means your WebWise user profile and (where applicable) the related card account(s) made available through the Partner.
- App
- means the WebWise mobile application and any updates or related mobile features we provide.
- Device Data
- means limited technical information associated with your use of the App and/or Services, such as IP address, device model, operating system and version, app version, language, timestamps, and (where applicable) basic diagnostic logs needed to operate, secure, and troubleshoot the Services. For clarity, we do not access content stored on your device.
- Partner
- means the licensed third-party provider that delivers certain parts of the Services (including card issuance and processing) and/or its regulated counterparties.
- Personal Data
- means information that identifies you or can reasonably be used to identify you, directly or indirectly.
- Platform
- means the WebWise web interface and any related pages or dashboards, as described in the Terms of Use.
- Services
- means the card-related and account features made available through the App and/or Platform, as described in the Terms of Use.
- Terms of Use
- means the WebWise Terms of Use governing access to and use of the Platform, App, and Services.
- Verification Data
- means information and documents used to verify identity or business details under our KYC Policy (including, where applicable, government-issued ID, selfie/liveness checks, proof of address, beneficial ownership information, and source-of-funds/source-of-wealth information).
3. What Personal Data We Collect
3.1. Data you provide. Depending on the Services you use and the checks we perform, we may collect:
- Account and contact details (such as first name, last name, email address, phone number, and account credentials).
- Verification Data and related information (such as date of birth, nationality, residential address, ID documents, proof of address, selfie/liveness, business and beneficial ownership information, and source-of-funds/source-of-wealth information), as described in our KYC Policy.
- Transaction and card-related information (such as card request details, funding/spending details, merchant information, and dispute/chargeback information).
- Communications and support content (such as messages you send to us via Telegram, email, in-app support (if available), or other channels we make available from time to time, and any attachments you provide).
3.2. Limited technical data (where applicable). The App is designed to operate without requesting access to device permissions and without collecting analytics or advertising data. However, when the App communicates with our systems (for example, to display content or provide Service functionality), our servers and security tools may receive limited Device Data necessary to operate, secure, and troubleshoot the Services, such as:
- Network and log data (such as IP address, timestamps, and basic authentication/security events).
- Basic diagnostics (where applicable) used to maintain service reliability and investigate errors or incidents.
- Security and fraud signals (where applicable), such as unusual access patterns or risk indicators, to protect you, the Partner, and the Services.
3.3. Data from the Partner and third parties. We may receive Personal Data from the Partner, identity verification and sanctions-screening vendors, fraud-prevention providers, card networks, and other service providers, including: verification results (pass/fail, risk scores), sanctions/PEP screening matches, transaction confirmations, and dispute outcomes.
3.4. App permissions. The App does not request access to device permissions (such as camera, photos/media, contacts, microphone, location, Bluetooth, or similar device features). If we introduce features in the future that require permissions, we will request your permission at that time and update this Privacy Policy as needed.
4. How We Use Personal Data
We use Personal Data for the following purposes (and any compatible purposes permitted by applicable law):
- To provide, operate, and improve the App and Services (including account creation, card issuance/management, transaction processing, and dispute handling).
- To perform identity/business verification, sanctions screening, fraud prevention, and ongoing monitoring in accordance with our KYC Policy and AML/CTF Policy.
- To communicate with you about your Account, the App, security events, service announcements, and support requests.
- To enforce our Terms of Use and related policies, protect our rights and users, and maintain the safety and integrity of the Services.
- To comply with legal obligations and respond to lawful requests from regulators, law enforcement, courts, or other competent authorities.
- To troubleshoot, debug, and maintain service reliability and security, including investigating errors, incidents, and performance issues (where applicable).
5. Legal Bases (Where Applicable)
5.1. Depending on your location and the nature of the processing, we rely on one or more of the following legal bases: (i) performance of a contract (to provide the Services under the Terms of Use); (ii) compliance with legal obligations (including AML/CTF and sanctions requirements); (iii) legitimate interests (such as preventing fraud, securing the Services, and improving performance), balanced against your rights; and (iv) consent (for example, where you enable certain optional features or communications, if applicable).
5.2. Where we rely on consent (for example, if we introduce optional features that require permissions or notifications), you may withdraw it at any time via your device settings or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.
6. How We Share Personal Data
6.1. Partner and upstream providers. We may share Personal Data with the Partner and its regulated counterparties to deliver card issuance and processing, perform compliance checks, and operate the Services.
6.2. Service providers. We may share Personal Data with vendors that help us operate the App and Services, such as hosting, customer support, identity verification, sanctions screening, fraud prevention, security, and communications providers. They process Personal Data on our behalf under appropriate contractual protections.
6.3. Legal and compliance disclosures. We may disclose Personal Data where required or permitted by law, including to regulators, law enforcement, courts, card networks, or other competent authorities, and to protect our rights, users, or the integrity of the Services.
6.4. Corporate events. If we are involved in a merger, acquisition, reorganization, financing, or sale of assets, Personal Data may be transferred as part of that transaction, subject to applicable law.
6.5. App stores and operating systems. Your use of the App may involve processing by your device platform (such as Apple or Google) and the app store through which you download the App. Their processing is governed by their own terms and privacy policies.
7. International Transfers
7.1. We may process and store Personal Data in the British Virgin Islands and other countries where we, the Partner, or our service providers operate. These locations may have data protection laws that differ from those in your country.
7.2. Where required by applicable law, we will implement appropriate safeguards for international transfers (such as contractual protections) and take reasonable steps to ensure an adequate level of protection.
8. Data Retention
8.1. We retain Personal Data for as long as necessary to provide the Services and for legitimate and lawful business purposes.
8.2. Compliance retention. KYC/AML and transaction records may be retained for at least five (5) years after your Account is closed (or longer if required by applicable law, Partner program rules, or to establish, exercise, or defend legal claims).
8.3. Limited technical logs (if any) are typically retained for shorter periods, unless needed for security investigations, dispute handling, or legal compliance.
9. Security
9.1. We implement reasonable administrative, technical, and organizational measures designed to protect Personal Data against unauthorized access, loss, misuse, alteration, or disclosure.
9.2. No method of transmission or storage is completely secure. You are responsible for safeguarding your devices and login credentials and promptly notifying us if you suspect unauthorized access.
10. Your Choices and Rights
10.1. Account information. You may review and update certain account details through the App or by contacting support. Some changes may require verification for security and compliance reasons.
10.2. Permissions and notifications. The App does not request device permissions. If the App offers optional notifications in the future, you will be able to manage notification settings through your device settings.
10.3. Privacy rights. Depending on your location and applicable law, you may have rights to request access to, correction of, deletion of, or restriction of certain Personal Data, as well as to object to processing or request portability. We may need to verify your identity before responding, and some data cannot be deleted due to legal and compliance obligations.
10.4. How to exercise rights. To submit a request, contact us as described in Section 13. Where applicable, you may also have the right to lodge a complaint with a data protection authority in your jurisdiction.
11. Children
The App and Services are not intended for individuals under 18 years of age. We do not knowingly collect Personal Data from children. If you believe a child has provided us Personal Data, contact us and we will take appropriate steps.
12. Updates to This Privacy Policy
12.1. We may update this Privacy Policy from time to time to reflect changes to the Services, legal requirements, or our practices. The “Effective date” in Section 1.4 indicates when it was last updated.
12.2. Material changes. Where required by applicable law or where we deem it appropriate, we will provide notice of material changes (for example, via the App, Platform, or other communications channels).
13. Contact
For privacy-related questions, requests, or complaints, contact us via Telegram @WebWisePay_bot or email at [email protected].
