Privacy Policy (v1.0.0)


This policy describes how AtomicPay ("we", "our" or "us") collect, store, use and protect Personal Data. The purpose of this policy is to ensure that AtomicPay complies with applicable Thailand (TH) regulations, and European Union (hereinafter, "EU") data protection laws such as the General Data Protection Regulation (hereinafter, "GDPR"). AtomicPay's Services include merchant processing services, products, and any other features, technologies or functionalities (hereinafter: "Services") offered by AtomicPay. Users accept this Policy by visiting our website and/or by using our Services.

There are three types of data subjects whose personal data we may process:

  1. Visitors of our website (;
  2. Merchants that sign up and use our Services;
  3. Purchasers who indirectly interact with AtomicPay when paying a merchant's invoice that is hosted by AtomicPay during checkout (refer to Section 2.3 for more details

1. What is "personally identifiable information?"

"Personally Identifiable Information" (hereinafter: "Personal Data") is any information that can be directly associated with a specific person and can be used to identify that person. A prime example of identifiable information is a person's name.

2. What kind of personal data do we collect?

The Personal Data we collect depends on the type of user:

2.1 Visitors

We may collect the following Personal Data from visitors to our website (

  1. IP address, device and browser information
  2. Email address (e.g. when you subscribe to our blog or opt in to receive other marketing materials)
  3. Phone number (e.g. when you contact our sales team or media team or opt in to our media list)
  4. Name (e.g. when you submit a support or enquiry request)
2.2 Merchants

When opening an account or requesting KYC verification, we may collect the following types of Personal Data of the beneficial owner or any user that is added to the account:

  1. Name
  2. Email address
  3. Nationality (Optional)
  4. Date of birth (Optional)
  5. Identification documents (such as a passport) (Optional)
2.3 Purchasers

When a purchaser is paying an AtomicPay invoice, we may collect the following Personal Data:

  1. Email address (Optional)
  2. IP address, device and browser information

An email address is only captured if the merchant provides an email address of the purchaser during invoice generation. This collection feature enables our system to send email notifications to purchasers upon successful payments or if there is a payment exception (e.g. overpaid, underpaid, paid after an invoice expired etc.). This creates a more seamless payment experience for both the merchant and the purchaser. AtomicPay will never require purchaser's personal details, hence we do not process or store purchaser's sensitive data.

3. Sensitive or special categories of personal data

AtomicPay does not process any sensitive personal information, such as religion, race, ethnicity and/or political views.

4. Why we collect personal information

Our primary purpose for collecting Personal Data is to provide you with a secure, smooth, efficient, and customized experience. We may use your Personal Data to:

  1. Comply with applicable laws and regulations;
  2. Provide the AtomicPay Services and customer support you request;
  3. Process transactions and send notifications about your transactions;
  4. Resolve disputes, collect fees, and troubleshoot problems;
  5. Prevent potentially prohibited or illegal activities, and enforce our Terms of Use;
  6. Customize, measure, and improve the AtomicPay Services and the content and layout of our website and applications;
  7. Deliver service update notices, and promotional offers based on your communication preferences

5. How we protect and store personal information

We take security of data very seriously. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to files, and we authorize access to Personal Data only for those key employees whom require it to fulfill their job responsibilities.

In addition to this Privacy Policy, we have several other internal policies and standard operational procedures in place that deal with data security:

  1. IT Security Policy: This policy describes how we store and process your Personal Data on our servers in Thailand and elsewhere around the world where AtomicPay operations are located. It also describes how we protect Personal Data by maintaining physical, electronic and procedural safeguards in compliance with applicable Thailand regulations, and EU data protection laws.
  2. Incident Response Policy: This policy describes our response to an information security incident.
  3. Data Breach Policy: This policy specifically describes what steps will be taken by us in case of a data breach. This includes notifying the supervisory authorities and the affected data subjects when required.
  4. Business Continuity and Disaster Recovery Policy: This policy describes how we recover from a disaster and what steps will be taken to continue or resume routine business operations.
  5. Cookie Policy: This policy describes how AtomicPay uses cookies to customize the AtomicPay Services, content and layout; measure UI/UX effectiveness, and promote trust and safety.

6. Data retention

As part of our policy, we will retain Personal Data that has been obtained as a part of merchant registration and usage of our Services for up to a period of 10 years after an account has been closed or become dormant.

7. How we share personal data with third parties

AtomicPay will never transfer information about you to third parties for the purpose of providing or facilitating third-party advertising to you. We will not sell information about you and your usage of our Services.

We may share your Personal and/or Account Data with third parties in some circumstances, with your consent:

  1. To a service provider or partner who meets our data protection standards;
  2. To academic or non-profit researchers, with aggregation, anonymization, or pseudonymization;
  3. To law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to AtomicPay; or when we believe, in good faith, that the disclosure of Personal Data is necessary to report suspected illegal activity or to investigate violations of our Terms of Use.;

We will challenge improper requests for user information disclosure. In the event where we are required by law enforcement to share your personal or account data in response to a legal process, we will provide you with notice so that you may challenge the process (e.g. seeking court intervention or injunction), unless we're prohibited by law or in good faith belief, that the disclosure is necessary to prevent physical harm or financial loss to an individual or an entity.

8. How data subjects can access or change their personal data

Individuals located in the European Union have statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete, correct, or restrict the processing of this Personal Data. If you are located in the European Union and would like to exercise the right of access, you can make a request via our support email at

Merchants can review and edit their information by logging in to their account and reviewing their Personal Data under the Settings tab on the Dashboard. If you wish to delete your account, you can send an email to If you choose to delete your AtomicPay account, we will mark your account in our database as "Closed". We will retain the information on the account in line with the data retention principles as outlined in Section 6.

9. How we use cookies

9.1 What are cookies?

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time. Most browsers support cookies, but you can set your browser to decline them and can delete them whenever you like.

9.2 What type of cookies do we use?

When you access our website, we, or third party services we use to track how our website is used, may place small data files called "cookies" on your computer. We and our service providers also use cookies to customize the AtomicPay Services, content and advertising; measure promotional effectiveness, and promote trust and safety.

We send a "session cookie" to your computer when you log in to your account or otherwise use the AtomicPay Services. This type of cookie helps us to recognize you if you visit multiple pages on our site during the same session, so that we do not need to ask you for your password on each page. Once you logout or close your browser, this cookie expires and no longer has any effect.

We also use longer-lasting cookies for other purposes such as to display your email address on our login page, so that you don't need to retype the email address each time you login to your account.

We encode our cookies so that only we can interpret the information stored in them. You are free to decline our cookies if your browser permits, but doing so may interfere with your use of our website. We may also collect information about your computer or other access device to mitigate risk and for fraud prevention purposes.

You may encounter cookies from third parties when using the AtomicPay Services on websites that we do not control (for example, if you view a web page created by a third party or use an application developed by a third party, there may be a cookie placed by that web page or application.)

9.3 Managing your cookie settings

You can manage cookies through the settings of your Internet browser. You can have the browser notify you when you receive a new cookie, delete individual cookies or delete all cookies. Please note that, if you choose to delete AtomicPay cookies, your access to some functionalities and areas of our website may be degraded or restricted.

10. Changes to this policy

We may amend this policy at any time by posting a revised version on our website. The revised version will be effective at the time we post it. In addition, if the revised version includes any substantial changes to the manner in which your Personal Data will be processed, we will provide you with 30 days prior notice by posting notification of the change on the "Privacy Policy" area of our website.

11. Questions about privacy?

If you have questions concerning this Privacy Policy, please feel free to send us an email at