image2vector (3)

Privacy Policy

Scan & Pay — operated by Senax Enterprises Pty Ltd
ABN: 31 613 143 105

Effective Date: 31 March 2026

Scan & Pay is committed to protecting the privacy and security of your personal and business information. This Privacy Policy explains how we collect, use, store, and disclose information when you use our website, Android application, WooCommerce plugin, merchant dashboard, and payment verification services (collectively, the “Service”).

This policy applies to all users of the Service, including Merchants, their customers, and website visitors. By using the Service, you consent to the practices described in this policy.

1. Who We Are

This website and Service are operated by Senax Enterprises Pty Ltd, trading as Scan & Pay, located at 121 King Street, Melbourne, VIC 3000, Australia. We are the data controller responsible for the personal information collected through the Service.

For any privacy-related enquiries, contact us at hi@scanandpay.com.au.

2. Information We Collect

2.1 Merchant Registration Data
When you register as a Merchant, we collect:

  • Full name and contact details (email, phone number, address)
  • Business name, ABN, and business type
  • PayID details (email or phone number registered with your bank)
  • Bank account details for subscription billing via PayTo
  • Identity verification documents as required by our KYC process

2.2 Transaction Data
When payments are verified through the Service, we collect:

  • Transaction reference numbers and verification status
  • Transaction amounts and timestamps
  • Merchant and payer PayID identifiers
  • QR code generation and scan metadata

2.3 Technical and Usage Data
When you access the Service, we automatically collect:

  • IP address, browser type, and device information
  • Operating system and screen resolution
  • Pages visited, access times, and referring URLs
  • App usage data and crash reports (Android application)

2.4 Website Visitor Data
When you leave a comment or submit a contact form, we collect your name, email address, and message content. Your IP address and browser information may be collected for spam detection purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Verify payments in real time via PayID
  • Process subscription billing and transaction fees
  • Verify your identity and complete KYC obligations
  • Communicate with you about your account, updates, and support enquiries
  • Detect, prevent, and investigate fraud or unauthorised activity
  • Comply with legal and regulatory obligations
  • Improve the Service, fix bugs, and develop new features
  • Generate anonymised, aggregated analytics for internal reporting

We do not use your personal information for automated decision-making or profiling.

4. Legal Basis for Processing

We process your personal information under the following legal bases as permitted by the Australian Privacy Act 1988 (Cth):

  • Contractual necessity — to provide the Service you have signed up for
  • Legal obligation — to comply with KYC, AML/CTF, and tax reporting requirements
  • Legitimate interest — to improve the Service, prevent fraud, and ensure security
  • Consent — where you have provided explicit consent (e.g. marketing communications)

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information with the following parties only as necessary to provide the Service:

5.1 Payment Processing Partners
We share necessary transaction and merchant data with Global Payments (Ezidebit) to facilitate payment verification and subscription billing. Ezidebit processes this data under their own privacy policy and in accordance with Australian privacy law.

5.2 Banking Infrastructure
Payment verification is conducted via the New Payments Platform (NPP) and the PayID system operated by NPP Australia Limited. Transaction data passes through NPP infrastructure as part of the verification process.

5.3 Hosting and Infrastructure Providers
We use third-party cloud hosting and infrastructure services to operate the Service. These providers are contractually bound to protect your data and process it only on our instructions.

5.4 Legal and Regulatory Authorities
We may disclose your information where required by law, regulation, legal process, or enforceable government request, including to comply with AML/CTF obligations.

5.5 Professional Advisers
We may share information with our legal, accounting, and compliance advisers on a confidential basis as necessary.

6. Cookies and Tracking

We use cookies and similar technologies to:

  • Save your login session and display preferences
  • Analyse website traffic and usage patterns
  • Detect and prevent fraudulent activity

Login session cookies expire after 2 days (or 2 weeks if “Remember Me” is selected). Preference cookies are retained for 1 year. A temporary cookie is set on login page visits to check browser compatibility — it contains no personal data and expires when you close your browser.

Pages may include embedded content from third-party sites (such as YouTube videos). These sites may collect data, use cookies, and track your interaction as if you visited them directly.

7. Data Security

We take the security of your information seriously and implement commercially reasonable technical and organisational measures to protect it, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure API authentication and HMAC verification
  • Access controls limiting data access to authorised personnel only
  • Regular security reviews and monitoring

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

We retain your information only for as long as necessary to fulfil the purposes outlined in this policy:

  • Merchant account data — retained for the duration of your account and for 7 years after closure to comply with Australian tax and financial record-keeping requirements
  • Transaction records — retained for 7 years in accordance with ATO and AML/CTF obligations
  • KYC and identity documents — retained for 7 years after the business relationship ends, as required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006
  • Website comments and contact form data — retained indefinitely unless you request deletion
  • Technical and usage data — retained for up to 24 months

9. Your Rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — request correction of inaccurate or incomplete information
  • Deletion — request deletion of your personal information, subject to our legal retention obligations
  • Data export — request a copy of your data in a portable format
  • Withdraw consent — withdraw consent for optional processing activities at any time
  • Complain — lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, contact us at hi@scanandpay.com.au. We will respond within 30 days.

10. Media Uploads

If you upload images to the website, please avoid uploading images with embedded GPS location data (EXIF). Visitors may be able to extract location data from such images.

11. Children’s Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.

12. International Data Transfers

Your data is primarily stored and processed in Australia. If any data is transferred to servers located outside Australia (for example, through cloud infrastructure providers), we ensure that appropriate safeguards are in place in accordance with the Australian Privacy Principles.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the merchant dashboard at least 14 days before the changes take effect. The updated policy will be posted on this page with a revised effective date.

14. Contact

If you have any questions about this Privacy Policy or wish to make a privacy-related request, please contact us:

Email: hi@scanandpay.com.au
Phone: +61 3 9112 5975
Address: 121 King Street, Melbourne, VIC 3000
Website: scanandpay.com.au

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).