Privacy Policy
Last updated: 13 July 2026
1. About this policy
This Privacy Policy explains how CPoI (“CPoI”, “we”, “us” or “our”) collects, uses, discloses and protects your personal information when you visit this website, request early access, sign up as a merchant, or otherwise interact with us.
We are committed to handling personal information in accordance with the laws of the markets we serve, including:
- Australia — the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).
- United Kingdom — the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Where those regimes use different terms for the same idea (for example “personal information” in Australia and “personal data” in the UK), we use the terms interchangeably in this policy.
2. Who we are
CPoI is the data controller responsible for your personal information (in Australian terms, the entity that collects and holds it). Our registered legal entity, business number (ABN / company number) and postal address are set out in the Contact us section below.
If you have any questions about this policy or how we handle your information, you can reach our privacy contact at hello@paywithcpoi.com.
3. Information we collect
We only collect personal information that is reasonably necessary for our functions and activities. This includes:
Information you give us
- Early-access requests — your name, work email address, company name and the role you select.
- Merchant sign-ups — your name, business name, work email, business location, indicative monthly online volume, your current ecommerce platform, your payment service provider (PSP) and any notes you choose to add.
- Correspondence — information contained in emails or other messages you send us.
Information we collect automatically
- Technical and usage data such as your IP address, browser type, device information, pages viewed and the date and time of access, collected through cookies and similar technologies (see Cookies & analytics).
We do not intentionally collect sensitive information (such as health, biometric, racial or political information) and ask that you do not provide it to us. CPoI does not ask you to enter card numbers, PINs or other payment credentials on this website.
4. How we collect it
We collect personal information:
- directly from you, when you complete a form, email us or otherwise contact us;
- automatically, through cookies and analytics when you use this website; and
- occasionally from third parties (for example a colleague who refers you, or publicly available business sources), where it is reasonable and practicable to do so.
Where it is lawful and practicable, you may deal with us anonymously or using a pseudonym — although we may not be able to provide early access or onboarding without the information marked as required.
5. Why we use it & our lawful basis
We use personal information to:
- respond to early-access requests and manage the waitlist;
- assess and onboard merchants, and map CPoI to your ecommerce platform and PSP;
- communicate with you, provide support and answer enquiries;
- operate, secure, analyse and improve our website and services; and
- comply with our legal obligations.
For individuals in the UK, UK GDPR requires us to have a lawful basis for processing. We rely on:
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Responding to your request or enquiry | Steps taken at your request prior to entering a contract; our legitimate interests |
| Onboarding and providing services to merchants | Performance of a contract; legitimate interests |
| Website security, analytics and improvement | Our legitimate interests in running a safe, effective service |
| Marketing communications | Your consent, or our legitimate interests where permitted by law |
| Meeting legal or regulatory obligations | Compliance with a legal obligation |
Where we rely on legitimate interests, we balance those interests against your rights and freedoms. You may object to that processing at any time (see Your rights).
6. Cookies & analytics
We use cookies and similar technologies to keep the website working, remember your preferences and understand how the site is used. Some cookies are strictly necessary; others (such as analytics) are only set with your consent where required by law.
You can control or delete cookies through your browser settings. Blocking some cookies may affect how the website functions.
Our forms are protected by Google reCAPTCHA to prevent spam and abuse. reCAPTCHA collects hardware and software information (such as device and application data) and sends it to Google for analysis; its use is subject to the Google Privacy Policy and Terms of Service.
7. When we share information
We do not sell your personal information. We may disclose it to:
- Service providers who help us operate the business — for example hosting, email, form processing, customer-relationship and analytics providers — under contracts that require them to protect your information and use it only on our instructions;
- Professional advisers such as lawyers, accountants and auditors;
- Acquirers, PSPs and payment partners where necessary to progress an onboarding you have requested;
- Authorities or other parties where required or authorised by law, or to protect our rights, safety or property; and
- A successor entity in connection with a business sale, merger or restructure.
8. Overseas & international transfers
We operate across Australia and the United Kingdom, and some of our service providers are located in, or store data in, other countries. This means your personal information may be transferred to, and processed in, locations outside your home country.
For Australian individuals (APP 8): before disclosing personal information overseas we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles.
For UK individuals (UK GDPR Chapter V): where we transfer personal data outside the UK, we rely on an adequacy decision or appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum. You can contact us for more information about the safeguards in place.
9. How we protect it
We take reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure — including encryption in transit, access controls and provider due diligence. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
If a data breach occurs that is likely to result in serious harm (Australia) or a risk to your rights and freedoms (UK), we will notify the relevant regulator and affected individuals as required by law.
10. How long we keep it
We keep personal information only for as long as it is needed for the purposes described in this policy, or as required by law. When it is no longer needed, we take reasonable steps to securely delete or de-identify it.
11. Your rights & choices
Depending on where you live, you have rights over your personal information. These may include the right to:
- access the personal information we hold about you and request a copy;
- ask us to correct information that is inaccurate, out of date or incomplete;
- request erasure of your information (“right to be forgotten”, UK);
- restrict or object to our processing, including for direct marketing;
- request portability of information you provided to us (UK);
- withdraw consent at any time, where we rely on consent; and
- not be subject to solely automated decisions that produce legal or similarly significant effects (UK).
To exercise any of these rights, email hello@paywithcpoi.com. We may need to verify your identity first. We will respond within the timeframes required by law (generally 30 days in Australia and one month in the UK). We do not charge a fee to make a request, although a reasonable charge may apply in limited circumstances permitted by law.
12. Direct marketing
We may send you information about CPoI that we think is relevant to you. You can opt out at any time by using the unsubscribe link in our emails or by contacting us. We will action opt-outs promptly and will not use sensitive information for marketing without your consent.
13. Complaints
If you have a concern about how we have handled your personal information, please contact us first at hello@paywithcpoi.com so we can try to resolve it. If you are not satisfied with our response, you can complain to the relevant regulator:
- Australia — the Office of the Australian Information Commissioner (OAIC), oaic.gov.au.
- United Kingdom — the Information Commissioner’s Office (ICO), ico.org.uk.
14. Children's privacy
This website and our services are intended for businesses and are not directed at children. We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us and we will delete it.
15. Changes to this policy
We may update this policy from time to time to reflect changes in our practices or the law. The “Last updated” date at the top shows when it was last revised. Material changes will be highlighted on this page.
16. Contact us
To contact our privacy team, or to exercise your rights:
- Email: hello@paywithcpoi.com
- Entity: CPoI — [registered legal entity name]
- ABN / company number: [insert ABN (Australia) / company number (UK)]
- Postal address: [insert registered address]
If you are in the UK or EU and we are required to appoint a representative, their details will be provided on request.