F2M Pay Privacy Policy

How F2M Labs collects, uses, stores, and protects data when merchants use the F2M Pay WooCommerce plugin.

Last updated: July 2026

1. Introduction

F2M Labs ("we", "us", "our") operates the F2M Pay payment processing service. This Privacy Policy explains how we collect, use, and protect data when merchants use the F2M Pay WooCommerce plugin.

2. Data We Collect

When processing payments, we may receive the following data from a merchant's WooCommerce store: order number, payment amount and currency, merchant ID, API credentials transmitted server-to-server in encrypted form, product names and quantities for order description, and webhook callback URL.

3. Data We Do Not Collect

We do not receive, store, or process end-customer personal data such as customer names, email addresses, physical addresses, phone numbers, customer IP addresses, credit card details, bank account details, or other personally identifiable information of the end customer through the standard payment flow.

4. How We Use Data

The data we collect is used solely for processing cryptocurrency payment transactions, verifying payment status, processing refund requests, generating transaction records for merchants, maintaining service logs, and meeting legal or compliance obligations related to payment operations.

5. Data Storage

Transaction records are stored on secure servers. Data transmitted between the plugin and our services uses HTTPS with TLS encryption. API credentials are encrypted and are not intended to be stored in plaintext. Webhook signatures use HMAC-SHA256 integrity verification.

6. Data Stored Locally

The plugin may store transaction records, webhook logs, encrypted API credentials, refund records, and related operational data in the merchant's own WordPress database. This data remains on the merchant's server unless the merchant explicitly enables an optional centralized synchronization feature.

7. Optional Centralized Management

If a merchant explicitly enables centralized management or synchronization features, transaction records and webhook logs may be synchronized to F2M Labs systems. Such features are optional, can be disabled by the merchant, and API secrets should not be included in synchronized data.

8. Third-Party Services

F2M Pay connects to the F2M Pay API at merchant.f2mlabs.com for payment processing and may connect to the DPT Pay API for alternative cryptocurrency payments where enabled. Relevant transaction data may also be shared with Binance Pay or other settlement partners where required for the requested transaction. Each connected service processes data according to its own policies and operational requirements.

9. Data Retention

Transaction records are retained for as long as reasonably necessary for payment processing, dispute handling, accounting, security review, or legal compliance. Merchants may request deletion of their data, subject to any retention obligations that require certain records to be preserved.

10. GDPR and User Rights

We process data on the basis of legitimate interest in payment processing and implement data minimization by processing only the transaction data needed to operate the service. Merchants may request access to, correction of, or deletion of data associated with their account, subject to applicable legal and compliance obligations.

11. Data Security

We implement security measures including encrypted transmission over HTTPS/TLS, AES-256-CBC protection for stored credentials where applicable, HMAC-SHA256 webhook signature verification, time-limited request validation, access controls, and logging designed to reduce unauthorized access or misuse.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

13. Contact Us

For privacy-related inquiries or deletion requests, contact contact@f2mlabs.com. For security issues, contact security@f2mlabs.com.