EN
繁中 繁體中文 简中 简体中文 EN English 日本語 日本語 한국어 한국어 Tiếng Việt Tiếng Việt ไทย ภาษาไทย Indonesia Bahasa Indonesia Melayu Bahasa Melayu
← Back to PayCore home
PayCore PayCore
PayCore Legal and Support Information

Privacy Policy

PayCore values data protection and payment-flow security. This policy explains how PayCore collects, uses, stores, and protects data when providing payment gateway, checkout page, status synchronization, notification, and support services.

Last updated:2026-06-21

1. Scope

This policy applies to PayCore websites, checkout pages, admin console, APIs, Webhooks, notification services, and related support processes. Merchant websites, products, services, and third-party pages remain the responsibility of the relevant merchant or third party.

2. Data we may process

PayCore may process payment numbers, merchant order numbers, transaction amounts, payment methods, payment status, IP addresses, device and browser data, operation logs, API request logs, Callback / Webhook logs, and contact information provided during support.

3. Purposes of use

Data is mainly used to create payments, display checkout pages, process transaction status, perform security checks, notify merchants, investigate issues, maintain system stability, retain audit records, and provide support. PayCore does not use the data for arbitrary purposes unrelated to payment services.

4. Third-party payment and service providers

Some transactions may be processed through Stripe, PLUS, PayPal, or other payment, messaging, email, hosting, and security providers. PayCore transfers necessary data for service purposes, while third-party processing remains governed by their own terms and policies.

5. Retention and records

PayCore may retain necessary records for transaction tracking, reconciliation, dispute handling, security audits, compliance, and operational needs. Retention periods depend on data type, agreements, legal requirements, and system security needs.

6. Security measures

PayCore applies reasonable technical and administrative measures such as HTTPS, access control, key protection, transaction traceability, log retention, and anomaly monitoring. However, no internet transmission or system can be guaranteed to be absolutely risk-free.

7. Merchant responsibility

Merchants must properly protect API Keys, Webhook Secrets, admin accounts, Callback URLs, and transaction data. Sensitive credentials must not be exposed in front-end code, public repositories, or to unauthorized personnel. Risks caused by merchant-side configuration or custody issues are the merchant’s responsibility.

8. Data rights and contact

Requests to access, update, delete, or restrict data related to PayCore services may be submitted through support. PayCore will handle requests within a reasonable scope based on identity verification, contractual obligations, and legal requirements.

9. Policy updates

PayCore may update this policy due to functional, legal, security, or operational needs. Updated versions will be published on this page. Continued use of PayCore services indicates awareness of the updated content.

This page is a baseline PayCore policy version. It may be expanded according to actual operations, merchant agreements, payment provider requirements, and applicable laws. If this page conflicts with a formal commercial agreement or mandatory rule, the stricter or official document should prevail.