1. Controller
The data controller is FastPay Lab, Inc., a Wyoming (USA) corporation, operator of the TopUp.Cash service. Contact: privacy@topup.cash.
2. Who this notice covers
- Account Managers — registered business users of the Service.
- Payers — members of the public who open a payment link prepared by an Account Manager. Payers do not register an account and provide only what is strictly needed to complete a single transfer.
3. What we collect
We deliberately minimise what we collect. We do not ask for a username, a phone number, a date of birth, government IDs, or social-network identifiers.
From Account Managers
- email address (verified by one-time code) used to sign in;
- display name they choose to show on their own payment links;
- bank-account details they enter so their own clients can pay them;
- operational data created by use of the Service (payment links, tickets, references, credit balance, audit log of admin actions).
From Payers
- the destination top-up account details the Payer chooses to enter (for example, a Wise / Revolut email or account reference);
- the amount and currency of the requested top-up, and the reference the Payer attaches to the bank transfer.
Automatically
- IP address, browser/user-agent and basic timestamps for security and audit;
- strictly necessary cookies and local storage to keep an Account Manager signed in (see our Cookie Policy).
4. Why we use it (purposes and legal bases)
- Provide the Service — creating accounts, generating payment links, tracking tickets (performance of a contract).
- Security & fraud prevention — abuse detection, rate-limiting, audit logs (legitimate interest).
- Legal compliance — responding to lawful requests and keeping records required by applicable law (legal obligation).
We do not sell personal data and we do not use it for advertising or profiling.
5. Sharing
We share data only with infrastructure providers strictly needed to run the Service (hosting, database, transactional email and WhatsApp delivery) under written contracts that restrict them to processing on our instructions. We may disclose information when legally compelled — see Legal Request Form.
6. International transfers
FastPay Lab, Inc. operates from the United States. Hosting and processing infrastructure may be located in the EU, the UK or the US. Where required, transfers are protected by standard contractual clauses or equivalent safeguards.
7. Retention
Account-Manager account data is retained for as long as the account is active and for a reasonable period afterwards for reconciliation and legal purposes. Payment-link and ticket data is retained as part of the financial record of the Account Manager. Payers can request deletion of data tied to a specific payment link they used by writing to privacy@topup.cash.
8. Your rights
Subject to applicable law (including the EU/UK GDPR and the California CCPA where they apply), you may request access, correction, deletion, restriction or portability of your personal data, and object to certain processing. To exercise these rights, contact privacy@topup.cash. You may also lodge a complaint with your local data-protection authority.
9. Security
Data in transit is encrypted with TLS. Access to production data is restricted to a small number of administrators and is logged. We never store passwords — sign-in uses a one-time code sent by email.
10. Changes
We will update the "Last updated" date above whenever this notice changes materially.