Privacy Policy
Last updated: May 2026
Who we are
Black Stripe is a global payments platform that helps businesses send, receive, and manage money across borders. We operate across the United Kingdom, Canada, and Europe as part of the Black Stripe Group, and we are authorised and regulated by the Financial Transactions and Reports Analysis Centre of Canada ("FINTRAC") as a Money Services Business under registration number C100000647.
When this policy refers to "Black Stripe", "we", "us", or "our", it means and the relevant members of the Black Stripe Group providing services to you.
We take your privacy seriously. This policy explains what personal data we collect about you, why we collect it, who we share it with, and what rights you have over it. Please read it carefully.
If you have any questions, our Data Protection Officer Terence Cave is available at terry@blackstripe.io
What personal data do we collect?
The personal data we collect about you depends on how you interact with us.
When you visit our website, we automatically collect:
- your IP address and approximate location;
- the device and browser you are using;
- the pages you visit and how long you spend on them; and
- how you arrived at our website (for example, from a search engine or a link).
When you sign up or apply to use Black Stripe, we collect:
- your name, email address, phone number, and business address;
- identity documents such as a passport or national identity card;
- company registration details, tax identification numbers, and beneficial ownership information; and
- source of funds and financial background information required for regulatory checks.
When you use the Black Stripe Platform, we collect:
- transaction data, including payment amounts, currencies, recipients, and timestamps;
- wallet and account balance information; and
- records of instructions you give us and how you use the platform.
When you contact us, we keep records of your messages, emails, and calls, including any complaints or feedback you share with us.
We do not collect sensitive personal data such as health information, racial or ethnic origin, religious beliefs, or political opinions, unless this is strictly required by law.
Why do we use your personal data?
We use your personal data for the following reasons:
To provide and manage our services. When you sign up to use Black Stripe, we need your personal data to open and manage your account, process payments, and deliver the services you have asked for. The legal basis for this is that it is necessary to perform our contract with you.
To meet our legal and regulatory obligations. As a regulated financial services business, we are required by law to verify your identity, carry out anti-money laundering ("AML") checks, screen against sanctions lists, and report certain transactions to FINTRAC, the Financial Conduct Authority ("FCA"), the Komisja Nadzoru Finansowego ("KNF"), and other applicable regulators. We have no choice but to carry out this processing, and we cannot switch it off if you object. The legal basis is compliance with a legal obligation.
To keep Black Stripe and its users safe. We monitor activity on our platform to detect and prevent fraud, financial crime, and security threats. This is in our legitimate interest and the legitimate interest of our users.
To communicate with you. We use your contact details to send you important updates about your account, changes to our services, and regulatory notices. We may also send you marketing communications about Black Stripe products and services, but only where you have given us your consent to do so. You can withdraw that consent at any time by contacting us at terry@blackstripe.io or by clicking unsubscribe in any marketing email.
To improve our services. We analyse how people use our website and platform so we can make them better. This is in our legitimate interest as a business.
Who do we share your personal data with?
We do not sell your personal data to anyone. We only share it where necessary, and we set out below who we may share it with.
Regulatory and public authorities. We are legally required to share certain information with regulators and law enforcement agencies, including FINTRAC, the FCA, and the KNF, as part of our AML and financial crime compliance obligations.
Other companies in the Black Stripe Group. Where relevant to the services being provided to you, your data may be shared between entities within the Black Stripe Group.
Service providers who work on our behalf. We use trusted third-party companies to help us run our business, including providers of IT and cloud infrastructure, identity verification and KYC services, payment processing and banking infrastructure, fraud detection and sanctions screening, and accounting and legal services. These companies can only use your data to carry out work for us and are contractually required to keep it secure.
Banking and liquidity partners. To process certain payments, we work with banking partners and liquidity providers. These partners may receive limited transaction data as necessary to execute your payment instructions.
We never share your data with third parties for their own marketing purposes.
Do we transfer your data outside the UK or EEA?
Black Stripe operates internationally, which means your personal data may be processed in countries outside the United Kingdom or the European Economic Area, including Canada.
Canada is recognised by the European Commission as providing an adequate level of data protection, so transfers there do not require additional safeguards.
For transfers to other countries, we put in place appropriate protections such as Standard Contractual Clauses approved by the European Commission, or the International Data Transfer Agreement issued by the UK Information Commissioner's Office, to make sure your data remains protected to the same standard as in the UK and EEA.
If you would like more information about how we protect data during international transfers, please contact terry@blackstripe.io.
How long do we keep your data?
We only keep your personal data for as long as we need it.
As a regulated financial services business, we are required by law to keep records of customer identity information and transaction data for a minimum of five years after our relationship with you ends. In some circumstances, applicable law may require us to keep data for longer.
For data collected on the basis of your consent, such as marketing preferences, we keep it until you withdraw your consent.
For data processed in our legitimate interests, we keep it until you object, or until the purpose for which it was collected no longer applies.
When data is no longer needed and we have no legal obligation to keep it, we securely delete or anonymise it.
Cookie
We use cookies and similar technologies on our website to make it work properly, to understand how visitors use it, and where you have given your consent, to show you relevant marketing.
| Type | Purpose |
|---|---|
| Strictly necessary | These make the website work and cannot be switched off |
| Analytics and performance | These help us understand how visitors use our site so we can improve |
| Functionality | These remember your preferences and settings |
| Marketing | These are used to show you relevant content and measure the effectiveness of our communications |
You can manage your cookie preferences using the tool on our website, or by adjusting your browser settings. Switching off certain cookies may affect how the website works for you.
For full details on the cookies we use, see our Cookie Policy at www.blackstripe.io.
Your rights
You have rights over your personal data under UK and EU data protection law. Here is what you can do:
| Right | What it means |
|---|---|
| Access | Ask us for a copy of the personal data we hold about you |
| Correction | Ask us to correct any inaccurate or incomplete data |
| Deletion | Ask us to delete your data where we no longer have a legal reason to keep it |
| Restriction | Ask us to pause processing your data while a dispute is resolved |
| Objection | Object to us processing your data for marketing or on the basis of our legitimate interests |
| Portability | Ask us to send your data to you or another provider in a usable format |
| Withdraw consent | Change your mind about any consent you have previously given us |
To exercise any of these rights, contact Terence Cave at terry@blackstripe.io. We will respond within one month.
If you are unhappy with how we have handled your data, you have the right to complain to your local data protection regulator:
If you are unhappy with how we have handled your data, you have the right to complain to your local data protection regulator:
- United KingdomInformation Commissioner's Office at www.ico.org.uk
- PolandPresident of the Office for Personal Data Protection (UODO) at www.uodo.gov.pl
- CanadaOffice of the Privacy Commissioner at www.priv.gc.ca
Changes to this policy
We may update this Privacy Policy from time to time. When we make significant changes, we will let you know via our website or by email. The date at the top of this page always shows when it was last updated.
Contact us
If you have any questions about this Privacy Policy or how we handle your personal data, please get in touch:
| Data Protection Officer |
Terence Cave |
| terry@blackstripe.io | |
| General enquiries | support@blackstripe.io |
| Complaints | complaints@blackstripe.io |
| Website | www.blackstripe.io |