Privacy Policy
Last Updated: January 15, 2025
At Energyluminous, we understand that trust is everything when handling your financial data. This policy explains how we collect, use, and protect your information when you use our payment processing automation services. We've written this in plain language because we believe transparency shouldn't require a law degree.
Our operations in Vietnam follow both international data protection standards and local regulations. But more importantly, we treat your data the way we'd want ours treated – with respect and care.
Information We Collect
When you work with us, we collect different types of information depending on what services you use. Here's what that looks like in practice:
Business Information
- Company registration details and business documentation
- Tax identification numbers required for compliance
- Business contact information including authorized representatives
- Bank account details for payment processing operations
- Transaction history and payment records
Technical Data
- IP addresses and device information for security monitoring
- Browser types and operating system details
- Access logs showing when and how you use our platform
- API integration data for system connectivity
- Performance metrics to improve service reliability
Communication Records
We keep records of emails, support tickets, and phone conversations. This helps us provide better service and resolve issues quickly. If you'd rather we didn't record a particular conversation, just let us know beforehand.
How We Use Your Information
We're not in the business of selling data or using your information for anything beyond what's needed to run our services properly. Here's exactly what we do with it:
Payment Processing: This is our core function. We use your data to route payments, verify transactions, detect fraud, and ensure money gets where it needs to go securely.
Service Improvement: We analyze usage patterns to find bottlenecks and improve system performance. This is always done with aggregated, non-identifying data.
Compliance Requirements: Financial regulations in Vietnam require us to maintain certain records and perform identity verification. We only collect what's legally required.
Security Monitoring: We watch for unusual activity that might indicate fraud or security threats. This protects both you and us.
Customer Support: When you contact us, we use your information to help solve problems and answer questions effectively.
Data Sharing and Disclosure
We don't hand your data out freely. But there are specific situations where we need to share information with others:
| Who We Share With | What We Share | Why We Share It |
|---|---|---|
| Banking Partners | Transaction details, account information | To process payments and settlements through the financial system |
| Payment Networks | Card data, transaction amounts, merchant details | To route payments through card networks like Visa and Mastercard |
| Compliance Authorities | Business records, transaction history when required | To meet legal obligations under Vietnam financial regulations |
| Service Providers | Limited technical data necessary for operations | For cloud hosting, security monitoring, and system maintenance |
| Fraud Prevention Services | Transaction patterns and risk indicators | To detect and prevent fraudulent activity across the network |
We never sell your data to marketers or data brokers. That's not our business model, and frankly, it never will be.
Your Rights Regarding Your Data
Your information belongs to you. We're just temporary custodians. Here's what you can do with it:
Access Your Data
Request a complete copy of all personal and business information we hold about you. We'll provide this in a readable format within 30 days.
Correct Inaccuracies
If something's wrong in your records, tell us. We'll update it promptly. Some changes might require verification for security reasons.
Request Deletion
Ask us to delete your data when our business relationship ends. Some records must be kept for legal compliance, but we'll remove what we can.
Object to Processing
You can object to certain uses of your data. We'll honor this unless we have legitimate legal obligations that prevent it.
Data Portability
Request your data in a machine-readable format to transfer to another service provider if you choose to switch.
Withdraw Consent
For any processing based on your consent, you can withdraw that consent at any time through your account settings or by contacting us.
To exercise any of these rights, email us at support@energyluminous.com with your request. We'll need to verify your identity first – standard security practice.
Data Security Measures
Protecting your data isn't just about compliance. It's about earning and keeping your trust. Here's how we do it:
Encryption
All data in transit uses TLS 1.3 encryption. Data at rest is encrypted using AES-256 standards. Your payment credentials never touch our servers in plain text.
Access Controls
We use role-based access control. Employees only see the data they need for their specific job functions. Every access is logged and reviewed.
Infrastructure Security
- Regular security audits by independent third parties
- Automated vulnerability scanning and patch management
- Network segmentation to isolate sensitive systems
- Multi-factor authentication for all administrative access
- Real-time intrusion detection and response systems
Incident Response
If something goes wrong, we have a detailed incident response plan. You'll be notified within 72 hours of discovering any breach that affects your data. We'll explain what happened, what data was involved, and what we're doing about it.
Data Retention
We don't keep data longer than necessary. But "necessary" varies depending on the type of information:
Active Account Data: Retained while your account is active and for 90 days after closure, unless you request earlier deletion.
Transaction Records: Kept for seven years as required by Vietnam financial regulations and tax law.
Compliance Documents: Business verification documents are retained for five years after the business relationship ends.
Support Communications: Kept for three years to help resolve recurring issues and improve service quality.
System Logs: Retained for 18 months for security analysis and troubleshooting purposes.
After these periods, data is securely deleted through multi-pass overwriting methods that make recovery impossible.
International Data Transfers
Our primary servers are located in Vietnam. However, some service providers we work with operate globally. When your data crosses borders, we ensure:
- Transfers only occur to countries with adequate data protection laws
- Standard contractual clauses are in place with all international partners
- Additional encryption protects data during international transmission
- You're notified if your data will be processed outside Vietnam
- Regular audits verify partners comply with their obligations
If you have concerns about international transfers, contact us. In some cases, we can arrange for your data to remain within Vietnam.
Cookies and Tracking
We use cookies, but we're selective about it. Here's what we use and why:
Essential Cookies
These keep you logged in and maintain session security. They're necessary for the platform to function, so they're not optional.
Performance Cookies
These help us understand how people use the platform so we can fix problems and improve performance. You can disable these if you prefer.
What We Don't Use
We don't use advertising cookies or third-party tracking scripts. No data is shared with ad networks or social media platforms for targeting purposes.
Third-Party Services
We work with carefully selected partners who help us deliver our services. Each one is bound by strict data protection agreements:
- Cloud hosting providers for infrastructure (data center locations in Singapore and Vietnam)
- Email service providers for transactional communications
- Security monitoring services for threat detection
- Backup services for disaster recovery
- Identity verification services for compliance purposes
We audit these partners regularly and maintain the right to inspect their security practices. If a partner can't meet our standards, we find someone who can.
Children's Privacy
Our services are designed for businesses, not individuals under 18. We don't knowingly collect data from children. If we discover we've accidentally collected such data, we delete it immediately.
Changes to This Policy
We update this policy when our practices change or regulations evolve. When we make significant changes:
- You'll receive an email notification at least 30 days before changes take effect
- We'll post a notice on our platform highlighting what changed
- The "Last Updated" date at the top of this page will reflect the revision
- Previous versions will be archived and available upon request
Minor updates like clarifying language or fixing typos won't trigger notifications, but we'll still update the date.
Compliance with Vietnam Regulations
We comply with Vietnam's data protection requirements, including:
- Law on Cybersecurity (No. 24/2018/QH14)
- Decree 13/2023/ND-CP on personal data protection
- State Bank of Vietnam regulations on financial data security
- Ministry of Public Security guidelines on data localization
We maintain regular communication with regulatory authorities and participate in industry working groups to stay ahead of compliance requirements.
Legal Basis for Processing: We process your data based on contractual necessity (to provide our services), legal compliance (to meet financial regulations), and legitimate interests (to improve our services and prevent fraud). Where required, we obtain your explicit consent.
Questions About Your Privacy?
We genuinely want to hear from you if something in this policy isn't clear or if you have concerns about how we handle your data. Our team actually reads and responds to privacy inquiries – you won't get a form letter.
Response time is typically within 48 hours for privacy inquiries. For urgent security concerns, call us directly.