Privacy Policy

Last updated: 30 April 2025

Xoala is committed to protecting the privacy and security of your Personal Data.

The privacy notice (“notice”) explains the types of personal data we collect and how we use and share it. It also tells you about your rights and choices you can make about how we process your personnel data.

This notice applies to all services provided by the Xoala group of companies to our customers globally (hereinafter referred to as “Xoala Group”. Xoala Group, in relation to Xoala, means, that company, any subsidiary or any holding company from time to time of that company, and any subsidiary from time to time of a holding company of that company).

We want to ensure that you clearly understand how we handle your personnel information. This Privacy Policy (the “Policy”) explains what data we collect, how we use and share it, and the choices available to you regarding your information. We encourage you to read it carefully.

Below is a brief overview of what’s included in this policy, please note that this summary is not a substitute for reviewing the full policy.

What does this Policy apply to? This policy applies to all users of our products, services technologies, or features globally. If the user is a business entity, this includes any individual who owns or represents that entity. It also applies to anyone who visits our website, mobile application, or any other platform we operate.
Who is the data controller? “We” or “us” in this Policy refers to Xoala. The data controller of your personal information varies by your location:

EEA/Sweden - Steven AB

UK - Swipe International Ltd and Steven FS ltd

Malaysia - MyMy Payments Malaysia Sdn.Bhd

New Zealand - Steven AB (Branch) - New Zealand

Poland – Xoala Digital sp. z o.o
What types of information do we collect and why? When you create an account to access our Services, we collect certain information—such as your name, address, government-issued identification, tax identification number, and business details necessary to set up and manage your account.

As part of our Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations, we also process identity verification data. In addition, we handle information related to your transactions, including payment details and beneficiary information.

To ensure the security and functionality of our Services, we collect network, device, and usage data.

You can find more details about the types of personal information we collect and how we use it in the sections below
How is your information shared? To deliver our Services effectively, we work with affiliates and carefully selected third parties. In doing so, it may be necessary to share your personal information to facilitate the Services or to enable third-party services you have requested or consented to.

When third parties are engaged to support our Services, they do so solely for that purpose and are required to implement appropriate safeguards to protect your personal information. These third-party services may include customer support, transaction processing, account information services, payment initiation, cloud storage, analytics, market research, fraud prevention, business services, and other operational functions.

Our global affiliates also support the delivery of our Services. In certain situations, we may be legally required—by court order or applicable law—to disclose specific information.

You can find more details about how we share your personal information in the section below.
Where do we store your information? Your personal information is primarily stored and processed in the United Kingdom, the European Union, and other designated jurisdictions. However, as part of our global operations, we may transfer your information to, and process it in, countries outside of your country of residence, incorporation, or business activity—particularly where our affiliates, service providers, financial partners, or other ecosystem partners are located. Please contact us at dataprotection@xoala.com for more information
How long do we retain information for? We only retain personal information for so long as it is required to fulfil the purpose for which it was collected, unless we are subject to legal or regulatory obligations to retain such information. You can read more about how long we retain specific categories of personal information below.
What rights do I have to processing of my information? Depending on where you are located, you may have certain rights with respect to your personal information, such as rights of access, to receive a copy of your information, or to delete your information or restrict or object to our processing of your information. You can read more about your rights below.
How can I contact Xoala? If you have questions or concerns about this Policy or a specific request related to your personal information, please contact us at dataprotection@xoala.com
How will we notify you of changes to this Policy? We reserve the right to make changes to this Policy at any time by posting a revised version to our Site and updating the “Last Updated” date at the top of this Policy.
Are there specific terms that apply to certain countries? Yes. You can read more about the specific processing activities for certain jurisdictions in the Jurisdiction-Specific Addenda below.