Privacy Policy

We collect personal information directly from you, automatically through your use of our services, and from third parties for verification and compliance purposes.

When you create an account or engage with our services, we may collect:

• Full name
• Email address
• Date of birth
• Phone number
• Nationality and residential address
• Government-issued identification (passport, driver’s license)
• Biometric data (e.g., live photo, selfie video for facial verification)
• Proof of address (e.g., utility bill, bank statement)
• Financial information (e.g., bank account, card number)

For corporate or business accounts, we may also collect:

• Legal business name and registration documents
• Names and IDs of directors, shareholders, and beneficial owners
• Purpose of the account and nature of business

‍

Note: Biometric and other sensitive data is collected only with your explicit consent and used strictly for identity verification and legal compliance.

We collect data relating to the transactions you perform, including:

• Sender and recipient names and account details
• Transaction amount, time, and currency
• IP addresses involved in the transaction
• Payment instruments used
• Messages or notes sent with payments
• Geolocation and device metadata
• Login times and session durations

Automatically collected through your interaction with our website:

• IP address
• Device type and operating system
• Browser information
• Pages visited and navigation paths
• Cookie identifiers and tracking pixels
• Error logs and crash reports

We may receive additional information from:

• Identity verification providers
• Credit and fraud prevention agencies
• Public databases and watchlists (e.g., PEP, OFAC)
• Financial institutions linked to your payment accounts

We process your personal data for the following purposes, based on applicable legal grounds

Legal Basis: Contractual necessity; Legitimate interest

• Account creation and identity verification
• Transaction processing
• Customer support and dispute resolution
• AML/CTF and KYC compliance
• Monitoring of suspicious activity

Legal Basis: Legitimate interest; Consent

• Analyzing user behavior and usage patterns
• Customizing content, features, and offers
• Sending marketing emails (with your consent)
• Improving security and usability

Legal Basis: Legal obligation

• Financial reporting and audits
• Tax compliance
• Cooperation with law enforcement
• Sanctions screening and risk analysis

We may process your information for specific purposes when you have given your consent (e.g., receiving promotional offers). You can withdraw your consent at any time.

We may process your information for specific purposes when you have given your consent (e.g., receiving promotional offers). You can withdraw your consent at any time.

• Cloud hosting and infrastructure (e.g., AWS, Azure)
• Identity verification and KYC services
• Payment processors and card networks
• Customer support and communication platforms


All service providers are contractually bound to use your data only for the purposes specified.

• In response to a lawful request (e.g., subpoena, warrant)
• To comply with applicable financial and tax laws
• To investigate or prevent fraud, illegal activity, or violations of our terms

In the event of a merger, acquisition, or reorganization, your data may be transferred to the new entity, subject to the protections described in this policy.

We may transfer your personal data to countries outside your jurisdiction, including the United States, Canada, or the European Union. In such cases, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions under GDPR
• Binding corporate rules, where applicable

We retain personal data only as long as necessary for:

• Legal and regulatory compliance (e.g., 5–7 years for transaction records)
• Maintaining user accounts and resolving disputes
• Security, fraud prevention, and auditing


When no longer required, data is securely deleted or anonymized.

We use cookies and similar technologies to:

• Maintain session state
• Understand user preferences
• Analyze traffic and performance
• Deliver personalized content


You may manage cookie preferences via your browser settings or our Cookie Settings Tool.
See ourCookie Policyfor more information.

Your privacy rights may vary depending on the country or region in which you reside. We are committed to respecting and upholding all applicable privacy rights under laws such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Canada’s PIPEDA, Brazil’s LGPD, and others.

‍

For a detailed summary of your rights by jurisdiction, please refer to Section 13: Jurisdiction-Specific Rights.

‍

Depending on where you are located, and subject to applicable law, your rights may include:

‍

• The right to access personal data we hold about you
• The right to correct inaccurate or outdated information
• The right to delete your personal data (subject to lawful exceptions)
• The right to object to certain types of processing, including for marketing
• The right to restrict how your data is processed
• The right to data portability in a machine-readable format
• The right to withdraw consent at any time
• The right to lodge a complaint with a relevant data protection authority

‍

To exercise your rights, please contact us as described in Section 10: Contacting Us. We may request information to verify your identity before fulfilling your request. We aim to respond to all legitimate requests within 30 calendar days, or as otherwise required by law.

7A.1. Oxen, operated by Lapki Digital Pay Inc., maintains a formal Conflicts of Interest Policyto ensure the fair, objective, and transparent handling of customer data.

‍

7A.2. This policy includes safeguards to prevent the misuse, improper access, or unauthorized sharing of your personal or confidential information by our employees, affiliates, or partners.

‍

7A.3. The Conflicts of Interest Policy is available here and forms part of our commitment to data integrity and ethical business practices.

Oxen’s services are intendedonly for users aged 18 and above. We do not knowingly collect or process personal information from minors under 18. If we become aware that we have collected data from a child, we will delete it promptly. Parents or guardians may contact us to request deletion.

We implement strong security measures to protect your data, including:

‍

• End-to-end encryption
• Secure access controls and authentication
• Intrusion detection and firewalls
• Data minimization and role-based access
• Regular security audits and penetration testing


‍

In the event of a data breach that may impact your rights, we will notify you and relevant authorities as required by law.

If you have questions about this Privacy Policy or would like to exercise your data protection rights (e.g., request access, correction, deletion, or objection), you may contact us using the details below.

‍

‍Please note:All requests and legal correspondence must be directed to Lapki Digital Pay Inc., the legal operator of the Oxen platform.



‍

Email: privacy@oxen.finance
‍Mailing Address:
Lapki Digital Pay Inc.
205 – 50 Lonsdale Ave #2630
Vancouver, BC V6M 2E6
Canada
Subject Line for Privacy Requests:
Please include the phrase “Privacy Rights Request” in your subject line for faster processing.
We may require you to verify your identity before fulfilling your request. We respond to all legitimate privacy-related requests within 30 calendar days, unless a longer period is required or permitted by law.

We reserve the right to update or modify this Privacy Policy at any time. All changes will be posted on our website with the “Effective Date” at the top of this page.

‍

Where legally required, we will seek your renewed consent for material changes.

‍

You are encouraged to review this policy periodically.

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on personal data, including collection, use, sharing, or deletion.
• Controller: The entity that determines the purpose and means of processing personal data.
• Processor: A third party that processes data on behalf of the controller.
• "Oxen" refers to the online platform, website, and brand identity under which Lapki Digital Pay Inc. markets its services. Oxen is a registered trademark and does not represent a separate legal entity. All contracts, transactions, and legal obligations related to the use of Oxen are undertaken by Lapki Digital Pay Inc.


For additional terms and definitions, please refer to our Terms and Conditions.

Depending on your location, you may be entitled to additional privacy rights under your local laws. The following outlines specific rights and notices applicable to users in various jurisdictions:

Law: General Data Protection Regulation (EU) 2016/679 (GDPR), UK GDPR
If you are located in the EU or UK, you have the following rights:


• Right to access your personal data
• Right to correct inaccurate or incomplete data
• Right to delete your personal data ("right to be forgotten")
• Right to restrict processing of your data
• Right to data portability
• Right to object to certain processing activities
• Right not to be subject to automated decision-making (including profiling)
• Right to lodge a complaint with your data protection authority


We may require additional verification of your identity before responding to requests.

Law: California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)

‍

If you are a California resident, you have the right to:


• Know what personal information we collect and how we use it
• Access specific pieces of personal information we hold about you
• Delete your personal information (with certain exceptions)
• Correct inaccurate personal information
• Opt out of the sale or sharing of your personal information
• Limit the use of your sensitive personal information
• Not be discriminated against for exercising your privacy rights


We do not sell your personal data for monetary consideration. However, we may share your information for purposes of targeted advertising, which may be considered "selling or sharing" under California law.
‍

🔘 To exercise your rights or submit a request, email us at: privacy@oxen.finance

🔘 To opt out of sale or sharing of your information, click here: Do Not Sell or Share My Personal Information
‍

Notice at Collection:
‍We collect personal identifiers, financial data, and internet or network activity. This information is used for account creation, service delivery, fraud prevention, marketing, and legal compliance. We retain your information as long as necessary to fulfill these purposes unless a longer retention period is required by law.

Law: California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
‍

If you are a California resident, you have the right to:


• Know what personal information we collect and how we use it
• Access specific pieces of personal information we hold about you
• Delete your personal information (with certain exceptions)
• Correct inaccurate personal information
• Opt out of the sale or sharing of your personal information
• Limit the use of your sensitive personal information
• Not be discriminated against for exercising your privacy rights


We do not sell your personal data for monetary consideration. However, we may share your information for purposes of targeted advertising, which may be considered "selling or sharing" under California law.
‍

🔘 To exercise your rights or submit a request, email us at: privacy@oxen.finance

‍🔘 To opt out of sale or sharing of your information, click here: Do Not Sell or Share My Personal Information

Notice at Collection:
‍We collect personal identifiers, financial data, and internet or network activity. This information is used for account creation, service delivery, fraud prevention, marketing, and legal compliance. We retain your information as long as necessary to fulfill these purposes unless a longer retention period is required by law.

Law: Lei Geral de Proteção de Dados Pessoais (LGPD)
‍

Brazilian users have the following rights:

• Confirm whether we process your data
• Access personal data we hold about you
• Correct incomplete, inaccurate, or outdated data
• Request anonymization, blocking, or deletion of unnecessary data
• Port your data to another service or product provider
• Withdraw consent at any time
• File complaints with Brazil’s ANPD (Data Protection Authority)


We will provide responses in Portuguese upon request.

Law: Australian Privacy Act 1988 and the Australian Privacy Principles (APPs)


You have the right to:


• Request access to your personal data
• Correct inaccurate personal information
• Remain anonymous (where practical)
• Make a privacy complaint to the Office of the Australian Information Commissioner (OAIC)


We will handle your data in compliance with the APPs and may transfer your data overseas with appropriate safeguards.

To exercise your rights in any jurisdiction, contact us via:
Email: [privacy@oxen.finance]
Mail: Lapki Digital Pay Inc.
205 – 50 Lonsdale Ave #2630
Vancouver, BC V6M 2E6
Canada
We may require verification of your identity before processing your request. In most cases, we will respond within30 days.