Californiaprivacynotice.
Categories of PI we collect
- Identifiers — name, email, MettaTag, IP, device ID.
- Government IDs — for KYC/KYB verification.
- Commercial info — transaction history, invoices, disputes.
- Internet activity — logs, referrers, feature usage.
- Geolocation — approximate, from IP.
- Financial info — wallet addresses, on-chain history.
- Biometric / sensitive PI — selfie/liveness capture for identity verification.
- Inferences — risk scores derived from the above.
Sensitive PI and the Right to Limit
We use sensitive PI (government IDs, biometric verification) only to verify identity, prevent fraud, and comply with AML/KYC law — the purposes permitted by CPRA §7027. You may still submit a request to limit use; if the use is required by law we will explain why we cannot fully honor it.
Your rights
- Know what PI we hold about you
- Delete PI (subject to legal retention)
- Correct inaccurate PI
- Opt out of sale/share (see above)
- Limit use of sensitive PI
- Non-discrimination for exercising these rights
- Portability — receive PI in a structured, commonly used format
How to submit a request
Submit via our Data Subject Access Request form or email privacy@mettapays.com. We respond within 45 days (extendable by an additional 45 days when reasonably necessary, with notice). We may need to verify your identity before releasing data.
Authorized agents
You may designate an authorized agent by providing (a) written permission signed by you and (b) verification of your identity. We may deny requests from unverified agents.
Minors under 16
MettaPay is not directed at children. We do not knowingly collect PI from anyone under 18. Accounts are only opened by adults.
Global Privacy Control (GPC)
We honor GPC as a valid opt-out signal for sale/sharing preferences. Our cookie consent banner detects GPC automatically.
