Privacy Policy
Last updated — 2026
What we collect, why we collect it, and the choices you have. Written plainly and kept generic on purpose — a placeholder for illustration, not legal advice. Sensitive identity data is tokenized in your browser and held by our payment partners, so Folio stores as little as possible.
Who we are
Folio operates a merchant payments platform. In this policy, “Folio”, “we”, and “us” mean the entity that provides the service to you; “you” means the merchant or visitor whose data we handle. We act as a data controller for the account information we hold, and as a processor for certain data we handle on behalf of our merchants.
What we collect
We collect what an account needs to function: contact details, business identity for verification, and the technical records a payments service must keep. Sensitive identity material gathered during onboarding (KYB) is tokenized in your browser and passed to our regulated payment partners. Folio stores tokens and verification outcomes rather than raw documents — keeping sensitive personal information off our systems and with the partners equipped to hold it, and minimising what Folio itself retains.
How we use data
We use data to provide and secure the service, to verify businesses, to process payments and payouts, to prevent fraud, to meet our legal and regulatory duties, and to communicate about your account. We do not sell your personal information.
Payment data & PCI
Cardholder data is handled within a PCI DSS compliant environment operated by us and our processing partners. Folio is designed so that full card numbers do not touch our servers; payment credentials are exchanged as tokens, narrowing the surface that must be secured.
Cookies & analytics
We use a small set of cookies and similar technologies to keep you signed in, remember preferences, and understand how the service is used in aggregate. Non-essential cookies are set only with consent where required, and you can adjust your choices in your browser at any time.
Sharing with banking & processing partners
To move money we share necessary data with banks, card networks, and processing partners, and with service providers that support fraud prevention, identity verification, hosting, and support. They may use the data only to perform their role for us, under contract.
International transfers
Payments are global, so your data may be processed in countries other than your own. When we transfer personal data across borders we rely on appropriate safeguards, such as standard contractual clauses or an adequacy decision, to protect it.
Your rights
Depending on where you live, you may have rights to access, correct, delete, port, or object to the use of your personal data, and to withdraw consent. Residents of the EU/EEA and UK (GDPR) and California (CCPA/CPRA) have specific rights, including the right not to be discriminated against for exercising them. Contact the desk to make a request.
Retention
We keep personal data for as long as your account is active and thereafter only as long as needed to meet legal, accounting, fraud-prevention, and dispute-resolution obligations. When data is no longer required, we delete or anonymise it.
Security
We protect data with encryption in transit and at rest, access controls, network segmentation, and routine review. No system is perfect, but we work to limit what we hold and to respond promptly should something go wrong.
Children
Folio is a service for businesses and is not directed to children. We do not knowingly collect personal data from anyone under the age of majority in their jurisdiction. If you believe a child has provided us data, contact the desk and we will remove it.
Changes
We may revise this policy as the service and the law evolve. Material changes will be posted here with an updated revision date, and where appropriate we will tell you directly. Continued use after a change means you accept the revised policy.
Contact
Questions, requests, or complaints can be sent to our desk at [email protected]. We aim to answer within a reasonable time, and you may also have the right to complain to your local data protection authority. This policy sits alongside our Terms of Service.