Privacy Policy

ARCA PRIVACY POLICY

Last Updated: 4th December 2025

Arca Payment Services Pty Ltd (“Arca”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our website, products, services, or by otherwise interacting with Arca, you agree to the terms of this Privacy Policy.

1. What Personal Information We Collect

The type of personal information we collect depends on how you interact with Arca. This may include:

1.1 Information You Provide Directly

Name

Email address

Phone number

Company name

Billing details (excluding full credit card data)

Enquiries submitted via website or customer support

Identity information provided during onboarding where required

1.2 Information Collected Automatically

When you visit our website or use our digital services, we may collect:

IP address

Device and browser information

Geolocation (approximate)

Pages viewed and time spent on site

Cookies and similar tracking technologies

Log data for security and debugging

1.3 Payment & Transaction Data (If applicable)

If you interact with Arca’s payment services, we may process:

Transaction details (amount, date, payer/payee identifiers)

Account identifiers (tokenised or anonymised where possible)

Card lifecycle events (activation, suspension, tokenisation, etc.)

Arca does not store full credit card numbers on its servers. Tokenisation and secure PCI-compliant partners may be used for processing.

1.4 Sensitive Information

Arca generally does not collect sensitive information unless required by law or platform functionality (e.g., identity verification within our SDK).
Any such information is handled with heightened security controls.

2. How We Use Your Personal Information

Arca collects and uses data for the following purposes:

2.1 To Provide Our Products and Services

Enabling card issuance and digital wallet provisioning

Supporting account and payment orchestration

Delivering SDK-based security features

Transaction processing and system notifications

2.2 To Improve Our Services

Enhancing user experience

Troubleshooting issues

Analysing product performance

Developing new features

2.3 To Communicate With You

Responding to enquiries

Sending product updates or announcements

Providing technical support

2.4 For Legal and Compliance Obligations

Anti-money laundering (AML) and counter-terrorism financing (CTF) requirements (if applicable)

Preventing fraud or unauthorised access

Meeting regulatory obligations under Australian law

2.5 For Marketing (optional)

We may use anonymised or aggregated information for marketing insights.
You can opt out of direct marketing at any time.

3. How We Disclose Personal Information

We may disclose your personal information to:

3.1 Service Providers & Partners

Cloud hosting providers

Payment processors

Digital wallet providers (e.g., Apple, Google)

Identity verification partners

Customer support platforms

Security and analytics tools

These providers are required to comply with privacy obligations consistent with the APPs.

3.2 Regulatory or Legal Authorities

Arca may disclose personal information:

If required by law, regulation, or court order

To comply with AML/CTF or financial services regulations

To enforce our agreements or protect rights, safety, and security

3.3 Corporate Transactions

If Arca is involved in a merger, acquisition, restructuring, or asset sale, personal information may be transferred as part of that transaction.

3.4 Third-Party Websites or Integrations

Our website may contain links to third-party sites.
Arca is not responsible for their privacy practices.

We do not sell, rent, or trade personal information.

4. International Data Transfers

Some of Arca’s service providers may store or process information outside Australia, including in jurisdictions such as:

United States

European Union

Singapore

Other cloud infrastructure regions

Where this occurs, Arca ensures that:

Appropriate contractual safeguards are in place, and

Overseas recipients comply with privacy standards substantially similar to the APPs.

5. Data Security

Arca takes data protection seriously and employs robust security measures, including:

Encryption of data in transit and at rest

Secure server environments

Device binding and secure storage via SDK where applicable

Access controls and authentication policies

Network monitoring and threat detection

Regular penetration testing and auditing

Despite our efforts, no system can guarantee absolute security. You are responsible for maintaining the confidentiality of any login credentials.

6. Data Retention

We retain personal information only for as long as required to:

Provide services

Meet legal and regulatory obligations

Resolve disputes

Enforce agreements

When information is no longer needed, it is securely destroyed or anonymised.

7. Access to and Correction of Your Information

Under the Australian Privacy Act, you have the right to:

Request access to personal information we hold about you

Request correction of inaccurate, outdated, or incomplete information

Requests must be submitted in writing.
We will respond within a reasonable timeframe.

8. Cookies and Tracking Technologies

Arca uses cookies and similar technologies to:

Improve website functionality

Understand user behaviour

Enhance security

Deliver a personalised experience

You may disable cookies in your browser, but this may affect website usability.

9. Children’s Privacy

Arca’s website and services are not intended for individuals under 18.
We do not knowingly collect personal information from minors without consent and legal justification.

10. Changes to This Privacy Policy

Arca may update this Privacy Policy from time to time.
Revisions will be posted on this page with an updated “Last Updated” date.

Your continued use of our website or services signifies acceptance of any changes.

11. How to Contact Us

For privacy enquiries, requests, or complaints, please contact:

Arca Privacy Officer
Email: [Insert Email]
Address: [Insert Address]
Website: [Insert URL]

We aim to respond to all privacy concerns promptly and transparently.
If you are unsatisfied with our response, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC).

Products & Solutions

Card Issuance

Virtual Accounts

Payment Orchestration

Digital Wallet Tokenisation

Compliance & Security

Disclosure:

Information provided on this website is for general information purposes only and does not take into account your objectives, financial situation or needs. You should consider the appropriateness of this information in light of your own needs, objectives and financial situation and review our Product Disclosure Statement before acquiring the product or service.

Privacy Policy

Privacy Policy

ARCA PRIVACY POLICY

Last Updated: 4th December 2025

By using our website, products, services, or by otherwise interacting with Arca, you agree to the terms of this Privacy Policy.

1. What Personal Information We Collect

The type of personal information we collect depends on how you interact with Arca. This may include:

1.1 Information You Provide Directly

1.2 Information Collected Automatically

When you visit our website or use our digital services, we may collect:

1.3 Payment & Transaction Data (If applicable)

If you interact with Arca’s payment services, we may process:

Arca does not store full credit card numbers on its servers. Tokenisation and secure PCI-compliant partners may be used for processing.

1.4 Sensitive Information

Arca generally does not collect sensitive information unless required by law or platform functionality (e.g., identity verification within our SDK).Any such information is handled with heightened security controls.

2. How We Use Your Personal Information

Arca collects and uses data for the following purposes:

2.1 To Provide Our Products and Services

2.2 To Improve Our Services

2.3 To Communicate With You

2.4 For Legal and Compliance Obligations

2.5 For Marketing (optional)

We may use anonymised or aggregated information for marketing insights.You can opt out of direct marketing at any time.

3. How We Disclose Personal Information

We may disclose your personal information to:

3.1 Service Providers & Partners

These providers are required to comply with privacy obligations consistent with the APPs.

3.2 Regulatory or Legal Authorities

Arca may disclose personal information:

3.3 Corporate Transactions

If Arca is involved in a merger, acquisition, restructuring, or asset sale, personal information may be transferred as part of that transaction.

3.4 Third-Party Websites or Integrations

Our website may contain links to third-party sites.Arca is not responsible for their privacy practices.

We do not sell, rent, or trade personal information.

4. International Data Transfers

Some of Arca’s service providers may store or process information outside Australia, including in jurisdictions such as:

Where this occurs, Arca ensures that:

5. Data Security

Arca takes data protection seriously and employs robust security measures, including:

Despite our efforts, no system can guarantee absolute security. You are responsible for maintaining the confidentiality of any login credentials.

6. Data Retention

We retain personal information only for as long as required to:

When information is no longer needed, it is securely destroyed or anonymised.

7. Access to and Correction of Your Information

Under the Australian Privacy Act, you have the right to:

Requests must be submitted in writing.We will respond within a reasonable timeframe.

8. Cookies and Tracking Technologies

Arca uses cookies and similar technologies to:

You may disable cookies in your browser, but this may affect website usability.

9. Children’s Privacy

Arca’s website and services are not intended for individuals under 18.We do not knowingly collect personal information from minors without consent and legal justification.

10. Changes to This Privacy Policy

Arca may update this Privacy Policy from time to time.Revisions will be posted on this page with an updated “Last Updated” date.

Your continued use of our website or services signifies acceptance of any changes.

11. How to Contact Us

For privacy enquiries, requests, or complaints, please contact:

Arca Privacy OfficerEmail: [Insert Email]Address: [Insert Address]Website: [Insert URL]

We aim to respond to all privacy concerns promptly and transparently.If you are unsatisfied with our response, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC).

Arca generally does not collect sensitive information unless required by law or platform functionality (e.g., identity verification within our SDK).
Any such information is handled with heightened security controls.

We may use anonymised or aggregated information for marketing insights.
You can opt out of direct marketing at any time.

Our website may contain links to third-party sites.
Arca is not responsible for their privacy practices.

Requests must be submitted in writing.
We will respond within a reasonable timeframe.

Arca’s website and services are not intended for individuals under 18.
We do not knowingly collect personal information from minors without consent and legal justification.

Arca may update this Privacy Policy from time to time.
Revisions will be posted on this page with an updated “Last Updated” date.

Arca Privacy Officer
Email: [Insert Email]
Address: [Insert Address]
Website: [Insert URL]

We aim to respond to all privacy concerns promptly and transparently.
If you are unsatisfied with our response, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC).