Privacy Policy

We respect the sphere of privacy to which every individual is entitled. This policy explains how Dolabyte LLC collects, uses, stores and protects personal information in connection with our payment-related services, and how we uphold the rights of data subjects. It is designed to align with the requirements of the Agencia de Protección de Datos de los Habitantes (PRODHAB) and applicable data protection law.

Who we are and how to contact us

• Controller: Dolabyte LLC
• Address: Province 01 San Jose, Canton 01 San Jose, Mata Redonda, Neighborhood Las Vegas, Blue Building Of Two Floors, Diagonal To La Salle High School, Costa Rica
• Email: contact@dolabyte.com
• Registration Number: 3-102-945296
• If you have questions about this policy or wish to exercise your rights, contact us using the details above.

Scope and definitions

• “Personal information” means any information relating to an identified or identifiable individual.
• “Processing” includes collection, use, disclosure, storage, access, transfer, deletion or any operation performed on personal information.
• “Data subject” means the individual to whom personal information relates.

This policy applies to personal information we process in providing our services (including transaction monitoring, fraud detection and prevention, risk audits and reconciliation services), our website, and our business operations.

Principles

We uphold the following principles at all times:

• Respect for the sphere of privacy: We process only what is necessary for specified, explicit and legitimate purposes, and we do so fairly and lawfully.
• Purpose limitation: We use personal information only for clearly stated purposes explained at or before the time of collection.
• Data minimisation: We limit collection to what is adequate and relevant.
• Accuracy: We maintain information so that it is materially truthful, complete and accurate, with mechanisms to update or correct records promptly.
• Storage limitation: We retain personal information only as long as necessary for the stated purposes or as required by law.
• Security: We apply technical and organisational measures to keep information secure.

Legal basis and consent

Prior, unequivocal, express and valid consent: Before collecting or processing personal information, we obtain the data subject’s prior, explicit consent in written form (handwritten or electronic). We record consent, including date, method and scope, and make a copy available upon request.

Separate consents: We seek separate, specific consents for distinct purposes where appropriate.

Withdrawal: Data subjects may withdraw consent at any time using the contact details above. Withdrawal does not affect processing carried out before withdrawal, and may affect our ability to provide certain services; we will explain any consequences clearly.

What we collect and why

Depending on the context, we may collect:

• Identity and contact details: name, email, phone, role, employer, identifiers for administration and communications.
• Transactional and technical signals: pseudonymised transaction references, device attributes, IP/network data, authorisation metadata and risk indicators used to provide our services.
• KYC/KYB related information: where required for compliance and risk assessment, in accordance with consent and law. Purposes include:
  • Delivering and improving our services.
  • Client onboarding, support and billing.
  • Security monitoring, fraud prevention and service integrity.
  • Regulatory compliance and audits.

Data accuracy and upkeep

• We maintain controls and workflows to ensure personal information is materially truthful, complete and accurate.
• We verify data on collection where feasible, run periodic quality checks, and provide user-facing mechanisms to request updates.
• If we learn information is erroneous or misleading, we correct it without undue delay.

Data subject rights

Data subjects have the right to:

• Access: Obtain confirmation of processing and access to their personal information in a readable copy.
• Rectification: Dispute and request correction of any erroneous or misleading information at any time; we will rectify, update or annotate records accordingly.
• Erasure and restriction: Request deletion or restriction where appropriate, subject to legal retention requirements.
• Objection and withdrawal of consent: Object to processing and withdraw consent as described above.

How to exercise rights:

• Submit a request to contact@dolabyte.com, describing the right you wish to exercise and providing sufficient information to verify identity. We may request additional details to protect privacy.
• We will respond within the timelines required by law and will provide reasons where we cannot fulfil a request (for example, due to legal or regulatory constraints).

Sharing and transfers

• Not a transfer requiring authorisation: The communication of personal information by the database controller to service suppliers, technological intermediaries, or entities within the same economic interest group is not considered a transfer of personal information and does not require data subject authorisation. We nonetheless ensure such recipients act under contract and follow equivalent safeguards.
• Service providers: We share personal information with vetted providers and affiliates strictly for the purposes described, subject to confidentiality, security and data protection obligations.
• Other disclosures: We may disclose information as required by law, to protect rights and safety, or with the data subject’s further written consent.
• International data movement: Where information is hosted or accessed from outside the country, we implement appropriate safeguards, ensure enforceable rights and effective remedies, and maintain records of cross-border flows.

Security and internal protocol

We take all necessary technical and organisational measures to ensure a secure environment, including access controls, encryption in transit and at rest (where appropriate), network security, logging, vulnerability and patch management, secure development practices, data minimisation and staff training.

We maintain an internal protocol detailing the procedures for collection, storage, access, retention, disposal, incident response and third-party management. This protocol is reviewed regularly and updated to reflect changes in risk, technology and law.

Personal data breaches

• Notification: We will inform PRODHAB and affected data subjects of any breach of personal information (including loss, destruction or misplacement) within five business days of becoming aware of the breach.
• Incident handling: We investigate promptly, contain the incident, assess impact, implement remediation, and document root causes and actions taken. We maintain records of all incidents and notifications.

Retention and deletion

• We retain personal information only for as long as necessary for the stated purposes, to comply with legal, regulatory and contractual obligations, and to establish or defend legal claims.
• When retention is no longer required, we delete or irreversibly anonymise information in accordance with our internal protocol and secure disposal standards.

Children’s data

• Our services are not directed to children. We do not knowingly collect personal information from individuals under the age permitted by applicable law without appropriate authorisation.

Automated decision-making

Where our services support automated risk assessments, we ensure meaningful human oversight. Upon request, we will provide information about the logic involved, the significance and the envisaged consequences, and we will accommodate rights to challenge or seek human review where required.

Record-keeping and accountability

We maintain records of processing activities, consent logs, data flows, third-party disclosures, risk assessments, and controls testing to demonstrate compliance. We conduct periodic reviews and audits of our privacy programme.

Changes to this policy

We may update this policy to reflect changes in law, guidance or our practices. We will post updates on our website and, where material changes occur, provide appropriate notice.

How to raise a concern

Contact us at contact@dolabyte.com. We will investigate and respond promptly. You may also contact PRODHAB (Agencia de Protección de Datos de los Habitantes) regarding your rights and our compliance.