Guides
Guides
Start typing to search…

DEUNA USA LLC - Privacy Policy (U.S.)

Effective Date: October 1st 2025


Entity: DEUNA USA LLC (“DEUNA”, “we”, “us” “our”)


Contact: [email protected] 8 The Green, 16227 Dover, Delaware 19901.

1. Scope & Audience

This Privacy Policy explains how DEUNA collects, uses, discloses, and protects information in the United States when you:

  • Visit our websites, apps, and online properties (the “Sites”); and/or
  • Use our cloud-hosted software and services, including payment infrastructure for ecommerce and AI-enabled features (the “Services”).

Enterprise Customers (Processor/Service Provider Role).

For enterprise implementations where DEUNA processes data on behalf of a business customer under an Order Form and a Data Processing Agreement (DPA”), DEUNA acts as a service provider/processor and handles Customer Data pursuant to the DPA and the customer’s instructions. If this Policy conflicts with a DPA regarding Customer Data, the DPA controls.

DEUNA as Business/Controller.

For our own Sites, sales/marketing, account management, billing, and security operations (not governed by a DPA), DEUNA acts as a business/controller and this Policy applies.

2. Categories of Information We Collect

Depending on your interactions with DEUNA, we may collect:

  • Account & Contact Data: name, business email, phone, company, role, billing details.
  • Service/Usage Data: device/browser info, IP address, identifiers, configuration, logs, event telemetry, performance and reliability metrics.
  • Operational Content: support tickets, forms, feedback, and (where applicable) configuration inputs for payment routing or AI-enabled features.
  • Payment Operations Data (from merchants): transaction metadata, merchant identifiers, and other data provided by merchants to operate payment infrastructure (card data is handled per applicable payment rules and is typically tokenized or processed by PCI-certified partners).
  • Integration Data (if enabled by the customer): data from enterprise systems (e.g., gateways, antifraud tools, email/calendar/CRM, data lakes) strictly under DPA-governed configurations.
  • Public/Third-Party Sources: business contact info, fraud-prevention, security and risk signals.
  • Commercial Purchasing Information: records of products or services purchased from DEUNA and related billing/transaction records (where applicable).
  • Employment Information: role, title, employer/organization information, and related professional details. Inferences: inferences drawn from other information (e.g., general preferences or buying intent) used to market, provide, or improve the Sites and Services where permitted by law.
  • Communications Data: information related to our correspondence with you (e.g., emails and messages sent to or from DEUNA, including metadata such as date/time and delivery status).
  • Information Typically Detected by Senses: where permitted by law and applicable to the engagement, call recordings or audio information (e.g., recorded support or sales calls).

Sensitive Data. DEUNA does not seek to collect sensitive personal information through the Sites. Any sensitive data processed for enterprise customers is handled only under customer instruction and the DPA.

3. How We Use Information

We use information to:

  • Provide, operate, secure, maintain, and improve the Sites and Services;
  • Configure and support enterprise deployments (payments and AI-enabled features);
  • Detect, prevent, and investigate fraud, abuse, and security incidents;
  • Communicate about updates, security, and transactional matters;
  • Perform analytics to improve reliability, performance, and user experience;
  • Comply with legal obligations and enforce agreements.

4. AI Outputs and Accuracy

Where AI-enabled features are used, outputs may be probabilistic and can be incorrect, incomplete, or biased. Outputs are provided “AS IS” for informational purposes. Customers are responsible for validating outputs and for downstream decisions, per the governing Agreement/DPA.

Responsible AI Use: where DEUNA uses AI tools for internal processes, we implement safeguards appropriate to the use case, which may include meaningful human review of automated recommendations, data minimization, honoring opt-out requests where required, and testing for accuracy, fairness, and bias.

Customer Choice: where AI is incorporated into the Services, DEUNA may provide customers choices and configuration controls on whether to utilize certain AI-enabled features, subject to the Agreement/DPA and technical availability.

5. Disclosures of Information

We may disclose information to:

  • Service Providers/Subprocessors (hosting, support, security, fraud-prevention), bound by confidentiality and data-protection obligations;
  • Affiliates for enterprise operations consistent with this Policy/DPA;
  • Professional Advisors (legal, audit, insurance);
  • Corporate Transactions (merger, acquisition, financing, or sale of assets);
  • Regulators/Law Enforcement where required by law or necessary to protect rights, safety, or security.

DEUNA does not sell personal information and does not share it for cross-context behavioral advertising. If this changes, we will update this Policy and provide required opt-outs.

6. Data Security

We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, or destruction. Measures are reviewed periodically. No system is 100% secure.

Security measures may include (as appropriate) access controls, encryption in transit (e.g., TLS/SSL), encryption at rest where feasible, network monitoring, logging, vulnerability management, incident response procedures, and periodic assessments.

7. Data Retention

We retain information as needed for the purposes described above, to comply with legal requirements, resolve disputes, and enforce agreements. For Customer Data, retention and deletion follow the DPA and customer instructions.

Where we have an ongoing legitimate business need, we may retain certain information for purposes such as security, compliance, tax/accounting, and dispute resolution.

When we no longer have an ongoing legitimate business need to process personal data, we will delete or anonymize it, or, if deletion is not feasible (e.g., backups), we will securely store and isolate it until deletion becomes feasible.

We may retain de-identified or aggregated data for analytics, security, and service improvement purposes.

8. Your Privacy Rights (U.S. State Laws)

Depending on where you reside (e.g., CA, CO, CT, UT, VA), you may have rights to access, correct, delete, and obtain a copy of certain personal information, and to opt out of targeted advertising, sales, or profiling. To exercise rights, contact: [email protected]. We will verify requests and respond within applicable timelines. We will not discriminate for exercising privacy rights.

California Disclosures. We provide the categories collected, purposes, and disclosures in this Policy. We do not sell/share personal information under CCPA. Authorized agents may submit requests as permitted by law.

9. Children’s Privacy

The Sites and Services are not directed to children under 13 (or a higher age as required by local law), and we do not knowingly collect personal information from them.

10. Cross-Border Transfers

DEUNA may process information in the United States and in other jurisdictions where we or our providers operate. Where applicable, transfers occur under appropriate safeguards (e.g., contractual commitments). For Customer Data, transfer mechanisms are governed by the DPA and applicable data-transfer instruments.

11. Third-Party Links and Integrations

The Sites may link to third-party websites or services. DEUNA is not responsible for their privacy practices. For enterprise integrations, data flows are governed by the DPA and customer-approved configurations.

12. Legal Basis for Processing (Where Applicable)

Where non-U.S. data protection laws apply (e.g., where DEUNA processes personal data subject to GDPR/UK GDPR or similar frameworks), DEUNA’s legal bases for processing may include:

Contract: to perform a contract with you or to take steps at your request prior to entering into a contract (e.g., providing Services, support, account administration).

Legitimate Interests: to operate, secure, and improve the Sites/Services; conduct internal analytics; prevent fraud/misuse; and communicate with you as necessary, provided such interests are not overridden by your rights.

Consent: where required (e.g., certain cookies/trackers, certain marketing communications), which you may withdraw at any time (without affecting prior processing).

Legal Obligation: to comply with applicable laws and regulatory requirements (e.g., tax, accounting, security, lawful requests).

Vital Interests: where necessary to protect your vital interests or those of another person (rare).

If we ask you to provide personal data to comply with a legal requirement or to perform a contract, we will indicate whether the provision is mandatory and the consequences of not providing it (e.g., inability to provide Services or certain features).

13. Subprocessors (Enterprise Services)

Use of Subprocessors. DEUNA may engage third-party subprocessors to process Customer Data on its behalf for purposes consistent with the Services and the DPA (e.g., cloud hosting, security monitoring, customer support tools).

Contractual Safeguards. Subprocessors are bound by written agreements that impose confidentiality, data protection, and security obligations consistent with the DPA and applicable law. Transparency and Updates. DEUNA maintains information regarding its subprocessors and will provide notice of material changes (additions or replacements) in accordance with the DPA, including any objection rights provided therein.

Data Residency and Transfers. Where applicable, DEUNA supports data residency options and implements appropriate cross-border transfer safeguards (e.g., standard contractual clauses or equivalent lawful mechanisms), as governed by the DPA.

Responsibility. DEUNA remains responsible for the performance of its subprocessors with respect to Customer Data, subject to the terms of the DPA.

14. Data Subject Requests & Law Enforcement Requests (Operational Details)

Data Subject Requests. Requests to exercise privacy rights may be submitted to [email protected]. DEUNA verifies requests using reasonable methods designed to confirm identity while minimizing the collection of additional personal data.

Authorized Agents. Where permitted by law, authorized agents may submit requests on your behalf; proof of authorization may be required.

Law Enforcement / Government Requests. Requests from law enforcement or government authorities should be directed to [email protected] and will be reviewed for legal validity; DEUNA may disclose information where required by law or to protect rights, safety, or security.

15. Changes to this Policy

We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

16. How to Contact Us

Questions or requests: [email protected] | 8 The Green, 16227 Dover, Delaware 19901.

Enterprise Appendix (Summary) – Role & Commitments

  • Role: For Customer Data, DEUNA acts as service provider/processor to the enterprise customer (controller/business).
  • DPA Controls: Collection, use, retention, disclosure, subprocessors, security, breach notice, deletion and data-transfer mechanisms follow the DPA.
  • No Training on Customer Data: No use of Customer Data for model training unless expressly agreed in writing.
  • Subprocessors: Subject to contractual obligations and customer notice/consent per the DPA.
  • Security & Retention: Governed by the DPA and customer instructions.
  • Subprocessor Transparency: where applicable, DEUNA will provide information about subprocessors used to process Customer Data and will manage changes in accordance with the DPA.

Cookies and Similar Tracking Technology (Sites). DEUNA may use cookies, pixels, web beacons, tags, scripts, and similar technologies on the Sites to operate the Sites, remember preferences, conduct analytics, measure campaign effectiveness, and improve user experience. You can control cookies through your browser settings and, where available, through a cookie settings tool on the Sites. If you disable cookies, certain Site features may not function properly. Do Not Track / Global Privacy Control: where technically feasible and required by law, DEUNA will honor applicable opt-out preference signals.

Updated 15 days ago