Khipu is an electronic payment platform that requires the use of personal data to function. At Khipu we take care of our users’ data, preventing third parties from using them for a purpose other than the one for which they were intended.

The most important thing you should know about Khipu’s privacy policy is that we consider the bank passwords of our users to be the most sensitive data with which our platform interacts.

For this reason, we have taken extra care to design the system so that users can enter their bank passwords exclusively in Khipu applications, and that these travel through channels that meet or exceed the security standards of the banking industry. This is thanks to the use of double encryption, HSTS and best practices recommended by the PCI standard.

Khipu does not store the users’ passwords to access the bank on its servers.

In these privacy policies we will share with you the kind of personal data we use in our service, its purpose, and the criteria we follow to share information with third parties.

Scope of the Khipu platform

The Khipu platform includes web pages, databases on servers, applications that run on servers managed by Khipu or on the users’ mobile devices.

This privacy policy regulates the behavior of human personnel and Khipu applications in all contexts controlled by the company.

Khipu Users

Khipu users are the people or systems that use the platform to pay, collect and manage their information in Khipu.

This privacy policy is valid for all kinds of Khipu users.

Khipu servers

To provide the Khipu service, hardware components leased to IBM Cloud are used, a world-class company that provides the datacenter, servers, firewall and other hardware components. These servers are managed by the Khipu staff. The IBM Cloud staff do not have the access keys.

Additionally, some subsystems are leased as a service to other companies, including SMTP to Amazon, file storage to Amazon, ticket system to Zendesk and Google Analytics.

On the other hand, Khipu uses services from other providers for the management of source code and compiled code not detailed in this document because they don’t receive data from Khipu users.

Whenever “Khipu servers” is mentioned, it refers to all the servers and services indicated in this section.

Collected data

Khipu collects data from its users in the following ways:

• When paying: To pay, users use a Khipu payment terminal, which is a web browser accessed by a mobile application or through the store’s website. When paying, the user must enter their authentication credentials at the bank and frequently additional validation data, such as dynamic keys printed on cards, dynamic keys displayed by devices delivered by the bank, mobile applications called “Soft token” or messages sent by the bank by e-mail or sms, among others. If the payment terminal is installed in the user’s mobile application, the user’s passwords are sent directly to the bank’s server, without going through Khipu’s servers. If the terminal is on the merchant’s website, the keys are transmitted to the Khipu microservice with double encryption, through TLS 1.3 secure communication channels, and these are not stored on persistent media. In none of the cases, Khipu stores the users’ passwords on its servers. When paying, the Khipu payment terminal sends to the Khipu servers the necessary data to identify the payment of the transfer, including the bank account used to make the transfer. Navigation data is also sent on the bank’s portal, to allow an analysis aimed at improving the user experience when paying, such as page name or time used. A subset of this information is sent to Google Analytics services, which facilitates an analysis by the Khipu team about what is happening with the use of the system. Exceptionally, the Khipu payment terminal may find a bank page without being able to decide how to automate the transfer. In this case, the page found is sent to Khipu’s servers to be analyzed so that the system can be reconfigured to behave properly on the mentioned page. Once the page has been used to reconfigure the system, it is saved on Khipu’s servers, without identifying the account holder or payment details that generated it. The pages saved under these conditions are used for automatic quality control of all new versions of Khipu and are not shared with third parties. The payment data is used to verify the receipt in Khipu of the corresponding funds and report to the same users who pay or charge using Khipu.

• When collecting: Before being able to collect with Khipu, people or companies must create a record that identifies them and make a payment to verify the data of the charging account. Part of the data entered when registering in the system and the name registered by the bank for the person or company that made the verification payment, are used by Khipu to show the payers the data of the person or company to whom the funds will be delivered. The data entered when registering with Khipu, including an optional photo and the collector’s contract, are stored by Khipu on its servers. In case that the Khipu payment terminal is in the mobile commerce application, the system allows the user to save some of the authentication credentials with their bank. This option produces the encrypted storage of these passwords on the device of the same user, not on Khipu servers.

• Navigation without connecting to the Khipu portal or mobile applications: Both the Khipu portal and its mobile applications offer information and some basic functionalities that are available to users who have not connected and therefore have not been identified in the system. In this case, the system uses cookies to improve the user experience and to update browsing statistics. For example, the system remembers the payment bank and email for payment vouchers, so that the user does not have to re-enter them when paying on the same device.

• Browsing with connection: In the case of users connected to the khipu web portal or mobile applications, besides the cookies used, the data entered in special forms by the users are saved.

• Connection using Google or Facebook: Connection using Google or Facebook: To connect to the Khipu web portal and mobile applications, users can create authentication credentials in Khipu, or use their Facebook or Google credentials in connection mode with a unique password, a system known as SSO (acronym for Single Sign On). In this case, the user must allow Khipu to have access to some of their data on Google or Facebook. Khipu will obtain the email, name and profile picture from these systems and will store this data on Khipu’s servers. Khipu will not post on Facebook on behalf of the user. The user can request the disabling of this data at any time by entering the Support and Suggestions section available at the bottom of all the pages of the Khipu web portal, filling out a form available in the “Send a request” option.

Use of information

Khipu will use the information collected to fulfill the action directly executed by the user, such as paying or requesting a payment.

In the case of payments, this data will be sent by email to the payer and optionally to the accounts that the collector has set up in Khipu.

The data collected will be protected by Khipu so that the payer and collector can later consult reports of their own activity in the system.

This data will also be used by Khipu personnel for supporting issues.

Additionally, the system generates indicators and other statistics.

Disclosure of personal data

Khipu does not disclose the personal data of its users. It does not deliver them to third parties, except for those that are strictly necessary to comply with the promised service, such as the bank’s credentials, which are delivered to the bank and the data of the payment vouchers, which pass through the email server whose services are managed by Amazon.

Khipu may disclose statistics on the use of the system without compromising the confidentiality of its users’ data.

In the case of a competent court order, Khipu will deliver the requested data to the corresponding court and will communicate such fact to the affected users by email.