Menu

Reloadly GDPR Compliance Statement

Last updated: July 17th, 2025

At Reloadly Inc., we take data privacy and protection seriously. As a financial technology provider, we build our platform, infrastructure, and internal operations with a focus on data security and compliance. This page outlines how Reloadly complies with the General Data Protection Regulation (GDPR).

Our Role Under the GDPR

Reloadly acts as a data processor (or sub-processor) under the GDPR, while you—our customer—remain the data controller.

We only collect and process personal data about recipients based on your documented instructions, strictly for the purpose of facilitating airtime, digital goods, or financial payouts.

Personal Data We Process

We collect the minimum necessary data to fulfill delivery, typically limited to:

  • Recipient name
  • Email address

Additional data such as phone number, date of birth, or address is collected only when legally required (e.g., for regulated or high-value transactions).

Data Security Measures

Reloadly maintains a comprehensive information security program aligned with industry best practices, including:

  • Encryption of data in transit and at rest
  • Role-based, least-privilege access controls
  • 24/7 monitoring and threat detection
  • Incident response procedures with prompt notification in the event of a data breach

Reloadly is SOC 2 Type II compliant ready —the U.S. equivalent of ISO/IEC 27001. (pending certification)

Use of Sub-Processors

We engage carefully selected sub-processors (e.g., for cloud hosting and payment processing), each bound by robust data protection agreements.

  • We provide advance notice of any changes to our sub-processor list.
  • You have the right to object to new sub-processors.
  • A current list of sub-processors is always available upon request.

Supporting Your GDPR Obligations

Reloadly is committed to supporting your compliance efforts. We:

  • Assist with data subject access requests, DPIAs, and regulator inquiries
  • Undergo regular security audits
  • Provide penetration test reports on request
  • Offer secure data return or deletion at your request or upon contract termination, unless legally obligated to retain it

What We Don’t Do

Reloadly never:

  • Sells or shares personal data for advertising purposes
  • Combines customer data for marketing analytics or profiling

If you have any questions or would like a copy of our Data Processing Agreement, please contact us at privacy@reloadly.com.