MeowSolutions Payments
legal · 02

Personal Data Processing Policy

Обновлено · 2026-05-21

This document is the public Personal Data Processing Policy of MeowSolutions Payments (hereinafter — "the Operator") published in accordance with Article 18.1 of Federal Law of the Russian Federation № 152-FZ dated 27 July 2006 "On Personal Data" (hereinafter — "152-FZ").

1. General provisions

The Operator processes personal data on the basis of the principles of legality, fairness and limitation to specific purposes determined in advance. The Operator does not process personal data beyond what is necessary for the declared purposes and ensures the accuracy, sufficiency and, where required, the up-to-date status of personal data in relation to the purposes of processing.

2. Categories of data subjects

  • Payers (users) submitting payments through the gateway;
  • Authorised representatives of merchant organisations accessing the API;
  • Visitors of public pages on the Operator's domain.

3. Composition of personal data processed

  • surname, first name, middle name (where required for SBP / 3-D Secure compliance);
  • phone number, e-mail address;
  • card BIN and last 4 digits, brand, expiration month / year;
  • cryptocurrency address (if a crypto method is selected);
  • IP address, user-agent, language, timezone offset;
  • payment identifier and the merchant identifier issued by the Operator.

4. Purposes of processing

  • execution of payment instructions and rendering related financial services;
  • information exchange with banks, card networks, SBP, PayPal and blockchain networks;
  • refunds, charge-backs, dispute resolution;
  • compliance with AML / CTF / tax obligations;
  • protection against fraud and information security incidents.

5. Legal basis

The processing is performed without the data subject's separate written consent on the basis of Art. 6(1)(2) (performance of the agreement) and Art. 6(1)(5) (performance of functions assigned by federal law) of 152-FZ. Where the basis is consent, such consent is obtained in the form provided by Art. 9 of 152-FZ (electronic acceptance with an unequivocal opt-in action).

6. Methods and term

Processing is automated, with and without the use of automated means. The term of processing is determined by the purpose, and in any case shall not exceed the maximum periods established by Russian law for the corresponding category (in particular, 5 years for AML-relevant transaction records).

7. Cross-border transfer

Cross-border transfer of personal data is performed only to states ensuring an adequate level of protection (according to Roskomnadzor's official list) or, in the absence of such adequacy, on the basis of the explicit consent of the data subject.

8. Security measures

  • cryptographic protection in transit (TLS 1.3) and at rest (AES-256);
  • strict role-based access control with audit logging;
  • compliance with PCI-DSS v4.0 for the card-data environment;
  • regular penetration testing and vulnerability scans;
  • physical localisation of databases on territory of the Russian Federation in accordance with Art. 18(5) of 152-FZ for data of residents of the Russian Federation.

9. Rights of data subjects

In accordance with Chapter 3 of 152-FZ, every data subject is entitled to access their personal data, request rectification or destruction of their data, and to withdraw consent at any time. To exercise these rights, please contact us at commerce@meowsolutions.limited.

10. Final provisions

This Policy is a public document and is freely accessible without prior identification. The current version is always available on this page. Disputes are resolved through negotiation; if not resolved — in court according to the rules of jurisdiction established by Russian law for protection of subjects' rights under 152-FZ.