Privacy Policy

Effective date: 08/2025

Neotech Enterprises (“Neotech,” “we,” “us,” “our”) provides an administrative and service as Merchant of Record for digital services fulfilled by independent third-party vendors. This Privacy Policy explains what we collect, how we use and share information, and the choices available to you.

This Policy applies to:

• Visitors to our websites and hosted payment pages.
  

• Individuals who pay Neotech for services fulfilled by independent vendors.
  

• Vendors and partners who work with Neotech.
  

If you do not agree with this Policy, please do not use our sites or submit personal information.

Data We Collect

A. Website visitors

• Identifiers & contact (if you submit them): name, email, phone.

• Technical data: IP address, device/OS/browser information, pages viewed, timestamps, general location derived from IP.

• Cookies: currently only those needed for site and checkout functionality (see Cookies below).

B. Customers (payers)

• Transaction data: name, email, amount, currency, invoice/payment-link details, order/brand descriptors (e.g., the statement descriptor showing Neotech and/or brand), refund/chargeback outcomes.

• Payment data: card type and last four digits or other tokenized payment identifiers and authorization results.
  We do not store full primary account numbers or CVV. Card details are transmitted directly to our PCI DSS-validated payment processors; we receive tokens/limited metadata to complete the transaction. PCI Security Standards Council
  

C. Vendors/partners

• Business & contact: names, emails, phone, company/brand details, roles.
  

• Payout & compliance: payout instructions as needed by our payment platforms, tax/verification information where required, service deliverables metadata (e.g., general proof-of-sale/proof-of-delivery identifiers).

D. Communications

• Support & disputes: messages, attachments, timestamps, internal notes for fraud/chargeback handling and compliance.

How We Collect It

• Directly from you (forms, email, support).

• Automatically via essential cookies and server logs (security, performance).

• From payment processors during checkout and chargeback flows.

• From vendors/partners when they provide order status or delivery confirmations.
  

How We Use Information (Purposes & Legal Bases)

We use personal information to:

1. Provide and operate our services
   Generate invoices/payment links, process payments, manage orders, coordinate vendor payouts and confirmations.
   Legal bases: contract performance; legitimate interests; legal obligations (e.g., tax, accounting).
   

2. Fraud prevention and platform security
   Risk checks, anomaly detection, manual reviews.
   Legal bases: legitimate interests; legal obligations.
   

3. Customer support and disputes
   Respond to requests, process refunds, and handle chargebacks with payment platforms and card networks.
   Legal bases: contract performance; legitimate interests.
   

4. Compliance and recordkeeping
   Tax/accounting, regulatory requests, and audit defense.
   Legal bases: legal obligations.
   

5. Service improvement (non-profiling)
   Diagnose availability/performance issues, maintain and improve reliability.
   Legal bases: legitimate interests.

Marketing: We do not send marketing emails or SMS today.

Cookies & Similar Technologies

• Today: We use only strictly necessary cookies (for session, security, and checkout).
  

• If this changes: We will update this Policy and, where required, request consent for optional cookies (e.g., analytics/advertising).
  

• Global signals: Where required by law (e.g., California and Colorado), we honor recognized universal opt-out mechanisms such as Global Privacy Control (GPC) that communicate a user’s choice to opt out of “sale”/“sharing” or targeted advertising. California DOJFuture of Privacy Forum
  

Sharing & Disclosure (Categories)

We share personal information only as necessary to operate our services, comply with law, or protect rights:

• Payment platforms and financial entities (e.g., card processors, digital wallet providers, acquiring/issuing banks, card networks) to process payments, refunds, chargebacks, and vendor payouts.
  

• Service providers that support our operations (e.g., secure hosting/infrastructure, email delivery for transactional notices, customer support tools, document storage) under written agreements and only per our instructions.
  

• Independent vendors who fulfill services you purchase—limited to information they need to provide/confirm the service and address support issues.
  

• Compliance and safety: auditors, accountants, legal counsel, regulators, and law enforcement where required by law.
  

• Business transfers: in a merger, acquisition, or asset sale, data may transfer consistent with this Policy.
  

We do not sell personal information or “share” it for cross-context behavioral advertising as defined by California law; if that changes, we will update this Policy and honor required opt-outs (including recognized global signals). California DOJ

International Data Transfers

We may process and store information in countries other than yours. Where required (e.g., EU/EEA/UK data transfers), we implement appropriate safeguards such as the European Commission Standard Contractual Clauses (SCCs) and, for the UK, the International Data Transfer Agreement/Addendum (IDTA). European CommissionInformation Commissioner's Offic

Data Retention

• Financial/transaction records: retained 10 years for tax, accounting, fraud, and chargeback defense.

• Customer support/dispute records: retained for the transaction lifecycle and applicable legal periods.

• Operational logs (security/performance): kept for the shortest practical period consistent with operations and security.
  When retention ends, we delete or de-identify data unless a legal obligation requires longer storage.

Security

We use administrative, technical, and organizational measures to protect information, including TLS encryption in transit, principle-of-least-privilege access, and vendor due-diligence and contracts. Payment card data is handled by PCI DSS-validated payment processors; Neotech does not store full card numbers or CVV in its systems. PCI Security Standards Council

Your Privacy Rights

A. EU/UK (GDPR/UK GDPR)

Subject to conditions and exceptions, you may have rights to access, rectify, erase, restrict, object, data portability, and to withdraw consent (where processing is based on consent). We will respond within statutory timelines. EDPBGDPR

B. United States (state privacy laws)

Depending on your state, you may have rights to know/access, correct, delete, and opt out of sale/sharing/targeted advertising, plus the right to appeal a denied request. We verify identity and respond within required timelines.

• California/Colorado: we recognize legally approved universal opt-out mechanisms such as GPC. California DOJFuture of Privacy Forum
  
  

• Texas (TDPSA): Texans have consumer privacy rights effective July 1, 2024; we comply with applicable duties under the Act. Texas Attorney GeneralTexas DIR
  
  

How to exercise your rights: See Contact Us below. Authorized agents may submit requests where permitted by law; we may request proof of authority and identity

Children’s Privacy

Our services are not directed to children under 13 (or the age defined by local law). We do not knowingly collect personal information from children; if you believe a child provided information, contact us to delete it

Automated Decision-Making

We do not make decisions with legal or similarly significant effects solely by automated means. Automated fraud/risk signals may be used, but adverse actions involve human review.

Third-Party Links

If our pages link to other sites, their privacy practices are governed by their own policies.

Changes to This Policy

We may update this Policy to reflect legal or operational changes. We will post the updated version with a new Effective date and, where required, provide additional notice.

Contact Us (and Data Controller)

Data Controller: Neotech Digital Incorporated
Email:info@neotechinc.co