Privacy Policy

AGA PayWise Inc. ("AGA PayWise", "we", "us", or "our") operates the QRwise platform and related services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

By using our Services, you consent to the collection and use of personal information as described in this Policy.

1. Information We Collect

1.1 Merchant Account Holders

When you create a merchant account, we collect:

• Account information: name, email address, business name, and business address.
• Billing information: subscription plan details. Payment card data is collected and processed exclusively by Stripe, Inc. We do not store full card numbers or CVV codes on our servers.
• Usage data: dashboard activity, menu configurations, table setups, and order history associated with your store.

1.2 Restaurant Guests

When a guest scans a QR code and places an order, we collect:

• Order data: items ordered, table identifier, order total, and order status.
• Payment information: payment status and Stripe session identifiers. Full card details are never transmitted to or stored by AGA PayWise.
• Device and session data: IP address, browser type, and session tokens used to process and confirm the order.

1.3 Automatically Collected Information

We use Google Tag Manager to collect anonymous analytics data about how visitors interact with our marketing website. This may include page views, click events, and general device information. No personally identifiable information is linked to this analytics data.

2. How We Use Your Information

We use the personal information we collect to:

• Provide, maintain, and improve our Services;
• Process payments and manage subscriptions through Stripe;
• Send transactional communications (e.g., order confirmations, billing receipts);
• Respond to support inquiries;
• Comply with applicable laws, regulations, and legal obligations in Canada; and
• Detect and prevent fraud, security incidents, or other harmful activity.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

3. Disclosure of Personal Information

We may share personal information with:

• Stripe, Inc.: to process payments. Stripe's privacy policy is available at stripe.com/en-ca/privacy.
• Service providers: cloud hosting and infrastructure providers who process data on our behalf under confidentiality obligations.
• Legal authorities: when required by applicable Canadian law, court order, or government authority.
• Business transfers: in connection with a merger, acquisition, or sale of all or substantially all of our assets, with prior notice to affected individuals.

4. Cookies and Tracking Technologies

Our marketing website uses cookies and similar technologies for analytics (via Google Tag Manager) and to maintain your language preference. Essential session cookies are used to authenticate merchant accounts and maintain secure sessions.

You may disable non-essential cookies through your browser settings. Disabling cookies may affect certain features of the Services.

5. Data Retention

We retain personal information for as long as necessary to provide the Services and comply with our legal obligations. Merchant account data is retained for the duration of the subscription and for up to seven (7) years thereafter for tax and regulatory purposes. Guest order data is retained for up to two (2) years or as required by applicable law.

You may request deletion of your account and associated data by contacting us at privacy@agapaywise.com.

6. Your Rights Under PIPEDA

Under PIPEDA, you have the right to:

• Access: request access to the personal information we hold about you;
• Correction: request that we correct inaccurate or incomplete personal information;
• Withdrawal of consent: withdraw consent to certain processing activities, subject to legal or contractual restrictions; and
• Complaint: file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

To exercise any of these rights, please contact our Privacy Officer at privacy@agapaywise.com.

7. Security

We implement administrative, technical, and physical safeguards to protect personal information against unauthorized access, use, disclosure, or destruction. Merchant sessions are protected with signed JWT tokens and HTTPS encryption in transit. Payment card data is handled exclusively by Stripe and is subject to PCI DSS compliance.

8. Cross-Border Data Transfers

Our infrastructure and third-party service providers (including Stripe) may process data outside of Canada, including in the United States. When personal information is transferred outside Canada, we take steps to ensure it receives a comparable level of protection through contractual obligations.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated Policy on this page with a revised "Last updated" date. Continued use of the Services after any change constitutes acceptance of the updated Policy.

11. Contact Us

For questions, concerns, or requests related to this Privacy Policy, please contact our Privacy Officer: