Get access

Legal

Privacy Policy

Last updated: April 17, 2026

1. Definitions

  • "Sikker," "we," "us," "our" refers to Sikker, Inc., a Delaware company.
  • "Service" means our website, design partner program, and the sikker.me payment verification platform — including its API, webhooks, alert channels, and any related applications we provide.
  • "Client" means a payment team, financial institution, or platform that accesses the Service under a separate agreement.
  • "Vendor Data" means business entity information submitted by Clients for verification — such as company names, registered addresses, director names, and IBAN or account details.
  • "Personal Information" means information that identifies, relates to, or could reasonably be linked with an individual or household.

2. Scope

This Privacy Policy covers how we collect, use, and share information when you visit our website, request access to the design partner program, use the Service, or communicate with us. It does not cover information processed by Clients in their own systems.

3. Information We Collect

We collect information in three contexts:

(a) Information you provide

  • Contact and access-request details — name, work email, company name, role, payment volume, and organisation type — submitted when applying to the design partner program or communicating with us.
  • Communications you send us, including support requests, feedback, and survey responses.

(b) Website usage and device data

  • Usage data — pages viewed, interaction telemetry, referrers, and UTM parameters.
  • Device and browser details — browser type, operating system, language, and approximate location derived from IP address.

(c) API and product telemetry

  • Vendor Data submitted by Clients — company names, director names, IBANs, and other counterparty attributes passed to the verification API. This data is processed on behalf of the Client and returned as a verification verdict (Confirmed, Mismatch, or Unverifiable).
  • API metadata and system logs — request timestamps, request identifiers, IP addresses, latency metrics, webhook delivery status, and error logs.

(d) What we do not collect

We do not collect or store payment credentials, banking login details, or transaction amounts. We do not have access to Client payment accounts. Vendor Data is used solely to produce a verification verdict and is not used for any secondary purpose.

4. How We Use Information

We use information to:

  • Operate and improve the Service — including verification accuracy, graph coverage, API reliability, and latency.
  • Process access requests and manage design partner onboarding.
  • Respond to inquiries and communications.
  • Detect and prevent misuse, abuse, and security incidents.
  • Comply with legal obligations and enforce our agreements.

5. Sharing of Information

We do not sell Personal Information.

We may share information:

  • With infrastructure and service providers — hosting, security, analytics, and communications vendors acting on our instructions.
  • With professional advisors (legal, accounting) where necessary.
  • With public authorities when required by law, court order, or to protect the rights and safety of our users or third parties.
  • In connection with a business transfer — financing, merger, acquisition, or asset sale — subject to confidentiality obligations and notice where required.

6. Cookies and Similar Technologies

We use cookies and similar technologies for core site functionality, performance measurement, and service improvement. You can control cookies through your browser settings; disabling certain cookies may affect site functionality.

7. Automated Processing and Verification Verdicts

The Service uses automated graph traversal and entity-matching logic to produce verification verdicts — Confirmed, Mismatch, or Unverifiable — for each counterparty submitted by a Client. These verdicts are informational signals returned to the Client. All payment decisions remain with the Client; sikker.me does not approve, block, or execute payments.

Where a Mismatch or Unverifiable result involves a natural person (e.g., a director whose identity cannot be confirmed), the verdict reflects a structural discrepancy in public registry data — not a finding of wrongdoing by that individual.

8. Data Retention

We retain Personal Information for as long as necessary for the purposes described in this policy — including to maintain the Service, meet legal obligations, resolve disputes, and enforce agreements.

  • Design partner and access-request records are retained while the relationship is active or until you request deletion or withdraw consent.
  • API logs and verification metadata are retained as needed for reliability, security audit, and dispute resolution purposes.
  • Vendor Data submitted via the API is not retained beyond what is required to return the verification verdict, unless otherwise agreed with the Client in writing.

9. Security

We apply administrative, technical, and organisational safeguards appropriate to the sensitivity of the data we process — including access controls, encryption in transit and at rest, and audit logging. No system is completely secure; we cannot guarantee absolute security.

10. Your Rights and Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your Personal Information, or to object to certain uses. You may opt out of non-essential communications at any time by contacting us. We will verify your identity before responding to rights requests.

EEA / UK residents (GDPR / UK GDPR)

Where we process Personal Information of individuals in the EEA or UK, we do so on the lawful bases of legitimate interests (operating and improving the Service), contractual necessity (fulfilling access agreements), and compliance with legal obligations. You have the right to lodge a complaint with your local supervisory authority.

California residents (CCPA / CPRA)

We do not sell Personal Information and do not share Personal Information for cross-context behavioural advertising. California residents may have additional rights regarding access, deletion, and correction, subject to verification and applicable exceptions.

11. International Transfers

sikker.me operates as a global B2B service. Your information may be processed in countries where we or our service providers operate, including the United States. Where transfers from the EEA or UK are required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

12. Children's Privacy

The Service is directed exclusively at businesses and their authorised personnel. We do not knowingly collect Personal Information from individuals under 18.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material updates will be communicated by revising the "Last updated" date at the top of this page. Continued use of the Service after an update constitutes acceptance of the revised policy.

14. Contact Us

For privacy questions, rights requests, or concerns, contact us at privacy@sikker.me.