Privacy Policy

Privacy Policy

Last Updated: October 2025 | Version 1.1

Table of Contents

1. Quick Summary
2. Who We Are
3. What Information We Collect
4. How We Collect Your Information
5. Why We Use Your Information
6. Legal Basis for Processing
7. Who We Share Information With
8. International Data Transfers
9. How We Protect Your Information
10. How Long We Keep Your Information
11. Your Privacy Rights
12. Marketing Communications
13. Automated Decision Making
14. Children’s Privacy
15. Changes to This Policy
16. Additional Information for California Residents
17. Cross-References
18. Contact

At Instarails, your privacy matters. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our cross-border payment services.

1. Quick Summary

We collect personal information to provide secure international payment services. We protect your data with industry-leading security measures and comply with US, EU, UK, and Indian data protection laws including GDPR. You have rights to access, correct, or delete your information at any time.

2. Who We Are

Instarails Inc and its affiliated companies (collectively “Instarails“) provide cross-border payment infrastructure and services. We’re committed to protecting your personal data and complying with data privacy laws including GDPR (EU/UK), CCPA (California), and India’s SPDI regulations.

3. What Information We Collect

The personal data we collect depends on how you interact with us:

3.1 Identity Verification Data

• Name, address, date of birth
• Government ID numbers and tax identification
• Copies of ID documents and selfie photos
• Information from credit bureaus and verification services

3.2 Financial Data

• Bank account information
• Transaction history and balances
• Payment details and risk scores
• Information needed for anti-money laundering compliance

3.3 Transaction Data

• Payment amounts and recipients
• Transaction history and status
• Products and services purchased

3.4 Technical Data

• IP address and device information
• Browser type, version, and settings
• Login data and app usage
• Cookies and tracking technologies

3.5 Marketing Data

• Email address and preferences
• Marketing opt-in/opt-out choices
• Information about how you found us

4. How We Collect Your Information

We collect information when you:

• Send or receive international payments through our partners
• Create an account or complete identity verification
• Contact our support team
• Apply for employment
• Visit our website or use our mobile app
• Interact with our sales representatives or social media
• Subscribe to marketing communications

We also collect information from credit bureaus, identity verification services, public databases, and our partner network when necessary for compliance or service delivery.

5. Why We Use Your Information

We use your personal data to:

• Process your international payment transactions
• Verify your identity and prevent fraud
• Comply with anti-money laundering and regulatory requirements
• Provide customer support and resolve issues
• Improve our services and develop new features
• Send service updates and marketing communications (with your consent)
• Protect our business and comply with legal obligations

6. Legal Basis for Processing

We process your personal data based on:

• Contract fulfillment: Processing necessary to provide our services
• Legal compliance: Meeting regulatory and legal requirements
• Legitimate interests: Operating and improving our business
• Your consent: When you’ve given explicit permission

7. Who We Share Information With

We share your information only when necessary:

7.1 Payment Partners

Our network of payment providers worldwide to complete your transactions.

7.2 Service Providers

Companies that help us operate our platform (hosting, data analysis, customer support, fraud prevention).

7.3 Regulatory Authorities

Government agencies and law enforcement when required by law.

7.4 Instarails Group

Our subsidiaries and affiliated companies for operational purposes.

7.5 Business Transfers

In the event of a merger, acquisition, or sale of assets.

We never sell your personal data to third parties. All partners must maintain the same security and confidentiality standards we uphold.

8. International Data Transfers

Instarails is headquartered in the United States. Your data may be transferred to and processed in countries outside your residence, including the US, EU, and other jurisdictions where we operate. We ensure adequate protection through:

• Standard contractual clauses
• Data protection agreements
• Compliance with GDPR and other international regulations

9. How We Protect Your Information

We implement industry-leading security measures including:

• SOC2 Type II certification
• Data encryption in transit and at rest
• Multi-factor authentication
• Firewalls and intrusion detection systems
• Regular security audits and penetration testing
• Employee training and access controls
• 24/7 monitoring and incident response

While we maintain robust security, no system is 100% secure. If you suspect unauthorized access, contact us immediately at support@instarails.io.

10. How Long We Keep Your Information

We retain personal data only as long as necessary for:

• Providing our services
• Meeting legal and regulatory requirements (typically 7 years for financial records)
• Resolving disputes and enforcing agreements

Once no longer needed, we securely delete or anonymize your information according to our data retention policies.

11. Your Privacy Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update incorrect or incomplete information
• Deletion: Request deletion of your data (subject to legal requirements)
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Opt out of certain processing activities
• Withdraw consent: Revoke consent for marketing or optional processing
• Complain: Lodge a complaint with your data protection authority

To exercise your rights, email us at support@instarails.io. We’ll respond within 30 days and may need to verify your identity.

12. Marketing Communications

You can opt out of marketing emails by:

• Clicking “unsubscribe” in any marketing email
• Emailing support@instarails.io

Note: You’ll still receive important service-related messages even if you opt out of marketing.

13. Automated Decision Making

We use automated systems for fraud detection and risk assessment, but significant decisions always involve human review. You have the right to request human intervention in automated decisions.

14. Children’s Privacy

Our services are not intended for minors. We don’t knowingly collect information from anyone under 18 (or the age of majority in your jurisdiction).

15. Changes to This Policy

We may update this Privacy Policy periodically. Changes become effective when posted. We’ll notify you of significant changes via email or prominent notice on our website.

16. Additional Information for California Residents

16.1 California Consumer Privacy Act (CCPA) Notice

This CCPA Notice supplements our Privacy Policy and applies solely to California residents. It describes the categories of personal information we collect, how we use it, your rights under California law, and how to exercise those rights.

16.2 Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, phone number, IP address, government ID numbers
• Personal Information (Cal. Civ. Code § 1798.80): Name, address, bank account number, financial information
• Protected Classification Characteristics: Age, date of birth, citizenship, national origin
• Commercial Information: Transaction history, payment records, products/services purchased
• Internet or Network Activity: Browsing history on our site, interactions with our platform, device information
• Geolocation Data: Approximate location based on IP address
• Professional or Employment Information: Business name, job title (for business accounts)
• Inferences: Risk profiles, fraud scores, preferences derived from other data
• Sensitive Personal Information: Government ID numbers, financial account credentials, precise geolocation

16.3 Sources of Personal Information

We collect personal information from:

• Directly from you when you create an account, complete transactions, or contact us
• Automatically when you use our website or services (cookies, device info, usage data)
• Third-party sources including identity verification services, credit bureaus, and our payment network partners
• Publicly available sources and government databases

16.4 How We Use Personal Information

We use the personal information we collect for the following business purposes:

• Processing international payment transactions
• Verifying your identity and preventing fraud
• Complying with legal and regulatory requirements (AML/KYC)
• Providing customer support
• Improving our services and developing new features
• Communicating with you about your account and transactions
• Marketing our services (with your consent where required)
• Protecting our business and enforcing our terms

16.5 Disclosure of Personal Information

We may disclose your personal information to the following categories of third parties for business purposes:

• Payment network partners to complete your transactions
• Service providers (hosting, analytics, customer support, fraud prevention)
• Identity verification and credit reporting agencies
• Regulatory authorities and law enforcement as required by law
• Professional advisors (lawyers, accountants, auditors)
• Affiliated companies within the Instarails group

16.6 Sale and Sharing of Personal Information

We do not sell your personal information. Instarails has not sold personal information in the preceding 12 months and does not sell personal information.

We do not share your personal information for cross-context behavioral advertising. Instarails does not share personal information with third parties for targeted advertising purposes.

16.7 Sensitive Personal Information

We collect sensitive personal information (such as government ID numbers and financial account information) solely for the purposes of providing our payment services, verifying your identity, and complying with legal requirements. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA.

16.8 Your California Privacy Rights

As a California resident, you have the following rights:

• Right to Know: You can request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You can request that we delete the personal information we have collected from you, subject to certain exceptions (such as legal compliance requirements).
• Right to Correct: You can request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: While we do not sell or share personal information, you have the right to opt out of any future sale or sharing.
• Right to Limit Use of Sensitive Personal Information: You can request that we limit our use of sensitive personal information to what is necessary to provide our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

16.9 How to Exercise Your Rights

To submit a request to know, delete, or correct your personal information, you may:

• Email us at support@instarails.io with the subject line “CCPA Request”
• Write to us at: Instarails Inc., 131 Continental Drive, Suite 305, Newark DE 19713

We will verify your identity before processing your request. This may require you to provide information that matches our records. For requests submitted by an authorized agent, we may require proof of authorization and verify the agent’s identity.

We will respond to verifiable requests within 45 days. If we need additional time (up to 90 days total), we will notify you of the reason and extension period.

16.10 Retention of Personal Information

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations (typically 5-7 years for financial records), resolve disputes, and enforce our agreements.

17. Cross-References

This Privacy Policy should be read in conjunction with:

• General Terms of Service — Master legal agreement
• E-Sign Disclosure and Consent — Electronic delivery of documents
• Data Processing Addendum — GDPR/CCPA compliance details
• Acceptable Use Policy — Prohibited activities

18. Contact

Questions about this Privacy Policy or how we handle your data?

Email: support@instarails.io

Instarails Inc.
131 Continental Drive, Suite 305
Newark, DE 19713