Privacy Policy

1. Who We Are

Bankee Technologies OÜ ("Bankee", "we", "us", "our") is a private limited company registered in Estonia. We provide payment infrastructure software and SDKs to device manufacturers and technology partners.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at privacy@bankee.ai.

2. Data We Collect

We may collect and process the following categories of personal data:

• Identity data: name, job title, company name. • Contact data: email address, telephone number, postal address. • Technical data: IP address, browser type and version, device identifiers, operating system. • Usage data: pages visited, features used, time spent on our platform. • Communications data: records of correspondence when you contact us. • Partner and integration data: API keys, webhook endpoints, and configuration data provided during SDK integration.

We do not collect or store end-user payment card data. All payment processing is handled by regulated third-party providers in accordance with PCI-DSS standards.

3. How We Use Your Data

We use your personal data for the following purposes:

• To provide and maintain our platform and SDK services. • To manage our relationship with you, including processing enquiries and support requests. • To send service-related communications, including technical notices and security alerts. • To improve our products and services through analytics and usage data. • To comply with legal and regulatory obligations. • To detect and prevent fraud, abuse, or unauthorised access to our systems.

4. Legal Basis for Processing

We process your personal data on the following legal bases under the EU General Data Protection Regulation (GDPR):

• Contractual necessity: processing required to perform a contract with you or your organisation. • Legitimate interests: improving our services, ensuring security, and business development activities, where these are not overridden by your rights. • Legal obligation: compliance with applicable laws and regulatory requirements. • Consent: where you have given explicit consent, such as for marketing communications.

5. Data Sharing

We do not sell your personal data. We may share your data with:

• Service providers who process data on our behalf (e.g. cloud infrastructure, analytics, customer support tooling), bound by data processing agreements. • Regulatory authorities, law enforcement, or courts where required by applicable Estonian or EU law. • Successor entities in the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections.

All third-party processors are subject to contractual obligations consistent with GDPR Article 28.

6. International Transfers

Bankee operates within the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) approved by the European Commission, or other mechanisms recognised under GDPR Chapter V.

7. Data Retention

We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by applicable law. Typical retention periods are:

• Customer and partner data: for the duration of the relationship plus 7 years. • Marketing data: until you withdraw consent or opt out. • Security and access logs: up to 12 months.

When data is no longer required, it is securely deleted or anonymised.

8. Your Rights

Under the EU GDPR and the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus), you have the following rights:

• Right of access: to request a copy of the personal data we hold about you. • Right to rectification: to correct inaccurate or incomplete data. • Right to erasure: to request deletion of your data where there is no lawful basis for continued processing. • Right to restriction: to limit how we use your data in certain circumstances. • Right to data portability: to receive your data in a structured, machine-readable format. • Right to object: to processing based on legitimate interests or for direct marketing. • Rights related to automated decision-making: to not be subject to solely automated decisions that significantly affect you.

To exercise any of these rights, please contact privacy@bankee.ai. We will respond within 30 days.

9. Cookies

We use cookies and similar tracking technologies on our website. Please refer to our Cookie Policy for full details of what cookies we use and how you can manage them.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include encryption in transit and at rest, access controls, and regular security assessments. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or by direct communication where appropriate. The date at the top of this page indicates when the policy was last updated.

12. Contact Us

For questions, concerns, or to exercise your data rights:

Email: privacy@bankee.ai Post: Bankee Technologies OÜ, Estonia

If you are not satisfied with our response, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at aki.ee.