Privacy Policy

Last updated: 28 April 2026

SKN Pay is a payment platform operated by CenPOS that lets Caribbean merchants accept card payments and issue invoices. This policy explains what information we collect when you use the platform — as a merchant or as a customer paying a merchant — and how we use, share, and protect it.

1. Who we are

“SKN Pay,” “we,” “us,” or “our” refers to the SKN Pay platform operated by CenPOS. The merchant dashboard is at app.sknpay.com; the hosted payment pages and customer wallet are at pay.sknpay.com.

2. Information we collect

Information from merchants

• Account & business information: name, email, phone, business name, business address, currency preference, branding (logo, colours).
• Authentication data: hashed passwords (never plaintext), two-factor authentication settings.
• Operational data: payment links, invoices, transactions, refunds, customer records you create.

Information from customers paying merchants

• Identifiers: name, email address, optional phone number.
• Billing address (when collected by the merchant): street, city, region, postal code, country — used for AVS verification.
• Card metadata only: card brand, last four digits, expiry, cardholder name. Full card numbers and CVVs are never stored on SKN Pay servers — they are tokenised directly by NMI’s PCI-compliant payment iframes.
• Saved-card vault tokens: if a customer opts to save a card, a vault reference (not the card number) is stored so the card can be charged again at SKN Pay merchants.

Automatically collected

• IP address, browser type, device information, timestamps for security event logging and rate limiting.
• Cookies for authentication, session management, and bot protection (see Cookies below).

3. How we use information

• To process payments, refunds, and issue invoices.
• To authenticate merchants and verify customer identity (one-time email codes for the saved-card wallet).
• To send transactional emails: payment receipts, invoice notifications, password resets, security alerts, customer-merchant inquiries.
• To prevent fraud, abuse, and unauthorised access (rate limiting, CAPTCHA, security event logging).
• To meet legal, accounting, and tax obligations.

4. How we share information

We share data only with service providers who help us operate the platform, and only the minimum needed for each function:

• NMI (payment processing & customer vault) — receives the card data directly via secure iframes. Card numbers never pass through SKN Pay.
• Resend — sends transactional emails on our behalf.
• Cloudflare Turnstile — bot protection on login, registration, and payment pages.
• Hosting & infrastructure providers — for the platform itself (database, cache, application hosting).

We do not sell personal information. We do not share customer data with merchants beyond what is required to process the customer’s payment to that merchant.

5. Cross-merchant saved cards

Customers paying SKN Pay merchants may opt in to save a card. If they do, that card is stored under the customer’s email at the platform vault level, which means the same saved card can be reused at any SKN Pay merchant — only after the customer verifies ownership of the email by entering a one-time code. Customers can view and remove their saved cards at any time at pay.sknpay.com/wallet.

6. Cookies

• Authentication cookies on app.sknpay.com — keep merchants signed in.
• Vault session cookie on pay.sknpay.com — short-lived (10 minutes), set after a customer verifies a one-time code; lets the customer review or pay with saved cards.
• Cloudflare Turnstile cookies — bot protection.

7. Data retention

Transactional records (payments, refunds, invoices) are retained for as long as the merchant’s account remains active and for as long as required by law (typically 7 years for accounting). Customer card vault entries are retained until the customer removes them via the wallet or the merchant relationship ends. Security event logs are retained for at least 12 months.

8. Security

All traffic is encrypted in transit with TLS. Sensitive merchant credentials and second-factor secrets are encrypted at rest with AES-256-GCM. Card numbers and CVVs never touch SKN Pay servers — they are tokenised by NMI’s PCI-compliant iframes. Platform admins are required to use multi-factor authentication.

9. Your rights

Depending on where you live, you may have the right to access, correct, or delete your personal information. Some records (transactional payments, invoices, security logs) we are legally required to retain. To make a request, email privacy@sknpay.com.

10. Children

SKN Pay is intended for businesses and adult customers. We do not knowingly collect personal information from anyone under 18.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced via the merchant dashboard or by email. The “Last updated” date at the top reflects the most recent revision.

12. Contact

Questions about this policy or how we handle your data: privacy@sknpay.com.