CORPYO← Back to Home

Last updated:

Privacy Policy

Last updated: June 1, 2026

CORPYO ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our services. We comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA).

1. Data We Collect

We collect data you provide directly (name, email, phone, billing address, identity documents required for company formation), data collected automatically (IP address, browser type, device identifiers, pages visited, referral source), and data from third parties (payment processors, KYC providers, government registries that confirm filings).

2. How We Use Your Data

We use your data to deliver the services you've requested (company formation, eVisa, consultations), process payments and refunds, comply with legal obligations (KYC, anti-money-laundering, tax reporting), send transactional emails, prevent fraud and abuse, and — with your consent — send marketing communications and personalize the experience.

3. Legal Basis (GDPR)

We process your data on the following bases: contract (to deliver services you've purchased), legitimate interest (fraud prevention, service improvement), legal obligation (KYC, tax law), and consent (marketing emails, optional analytics).

4. Data Sharing

We share your data only with: licensed partners executing your formation/visa request, payment processors (Stripe, PayPal) for billing, infrastructure providers (Vercel, AWS, our database host) under data-processing agreements, government registries when filing is required, and law enforcement when legally compelled. We do not sell your personal data.

5. International Transfers

Your data may be processed in countries outside your own. When we transfer data outside the EU/UK, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards approved by data-protection authorities.

6. Data Retention

We retain your data only as long as necessary for the purposes collected, plus the periods required by tax and corporate-record law (typically 7–10 years for financial records). After that, data is securely deleted or anonymized.

7. Your Rights

Under GDPR / CCPA you have the right to: access the data we hold about you, rectify inaccurate data, erase your data ("right to be forgotten") subject to legal retention requirements, restrict or object to processing, portability of your data in a structured format, and withdraw consent at any time. Submit a request to privacy@corpyo.com — we respond within 30 days.

California residents additionally have the right to know what data we sell (we don't), to opt out of sale (not applicable), and to non-discrimination for exercising their rights.

8. Cookies

We use cookies for essential functionality, analytics (Google Analytics 4), and — with your consent — marketing. You can manage cookie preferences via the cookie banner or your browser settings. See our Cookie Policy for details.

9. Security

We protect your data with industry-standard measures: TLS encryption in transit, AES-256 encryption at rest, role-based access control, mandatory 2FA for staff with data access, regular security audits, and a documented incident response plan. No system is 100% secure — we'll notify you and the relevant authorities within 72 hours of any breach affecting your data.

10. Children

Our services are not directed at children under 16. We do not knowingly collect data from children. If you believe we have, contact privacy@corpyo.com and we'll delete it.

11. Changes to This Policy

We may update this policy as our services and the regulatory environment evolve. Material changes will be notified 30 days in advance.

12. Contact

Data Protection Officer: dpo@corpyo.com General Privacy Inquiries: privacy@corpyo.com