Legal

Privacy Policy

Last updated: 27 May 2026 · Operated by Brhan Enterprise Limited (NZBN 9429050359004, FSP1005151)

1. Who we are

SelamPAY is the customer-facing brand of Brhan Enterprise Limited, a New Zealand company (NZBN 9429050359004) registered on the New Zealand Financial Service Provider register as FSP1005151. Our registered office is at Suite 14726, 17b Farnham Street, Parnell, Auckland 1052, New Zealand. Throughout this policy "we", "us", "our" and "SelamPAY" mean Brhan Enterprise Limited.

We are the data controller for personal information collected through the SelamPAY website (selampay.app) and the SelamPAY mobile application.

2. What information we collect

To provide a regulated money-remittance service we collect:

  • Identity information — full legal name, date of birth, nationality, residential address, government photo ID (NZ Driver Licence, NZ or AU passport), and a selfie used to match your face to your ID.
  • Contact information — email address, mobile phone number.
  • Financial information — bank account or debit card used to fund your transfer, transaction history, source of funds declaration, and purpose of remittance.
  • Recipient information you provide — name, phone number, bank account, wallet, or cash-pickup details, and your relationship to the recipient.
  • Device and usage information — IP address, device identifier, operating system, app version, language, approximate location (city / country only), and how you interact with the app for fraud prevention.
  • Records of our communications — emails, in-app messages, support calls.

3. Why we collect it

We collect this information because we are legally required to under the New Zealand Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act) and the Australian Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), and because we cannot operate a money-remittance service without it.

Specifically we use the information to:

  • Verify your identity before allowing you to send money (customer due diligence)
  • Process your transfers and settle them with banks and mobile-money providers
  • Screen transfers against international sanctions and politically-exposed-persons lists
  • Detect, investigate and prevent fraud, abuse, and money laundering
  • Send you transaction receipts, status updates, and security notifications
  • Respond to your support requests
  • Comply with reporting obligations to NZ Financial Markets Authority, Department of Internal Affairs, AUSTRAC, and the National Bank of Ethiopia
  • Improve the service (in aggregated, de-identified form)

4. Who we share it with

We share personal information only when necessary:

  • Identity verification providers — to match your ID document and selfie. We use Didit (didit.me) for identity verification.
  • Payment processors and banking partners — to collect funds from your bank or card.
  • Payout partners in destination countries — licensed banks, mobile-money operators, cash-pickup networks, and payment aggregators that we contract with for a specific corridor. They receive only the data needed to verify and deliver the payout.
  • Sanctions and screening services — to comply with NZ, AU, UN, EU, US (OFAC) sanctions lists.
  • Regulators and law enforcement — when required by law, including the NZ Department of Internal Affairs, NZ Financial Intelligence Unit, AUSTRAC, the National Bank of Ethiopia, and courts.
  • Professional advisers — our lawyers, accountants, and auditors, under confidentiality obligations.
  • Technology service providers — cloud hosting (Railway), authentication (better-auth, hosted by us), email delivery, customer support tooling. These providers process data only on our instructions.

We do not sell your personal information. We do not share it for marketing or advertising purposes outside of SelamPAY.

5. Where your data is stored

Our primary data store is hosted on Railway in the United States. Backup copies may be held in Australia or the European Union. When a corridor is active, payout partner data may necessarily transfer to the destination country for the duration needed to verify and deliver the payout. By using SelamPAY you consent to these international transfers, which we assess before opening each corridor.

6. How long we keep it

New Zealand AML/CFT law requires us to retain customer due diligence records and transaction records for at least seven (7) years after the end of the business relationship or the date of the transaction (whichever is later). Australian AML/CTF law imposes a similar seven-year retention. We follow whichever period is longer.

Marketing preferences, device logs, and non-regulated information are kept for 24 months unless you ask us to delete them earlier.

7. Your rights

Under the NZ Privacy Act 2020 and AU Privacy Act 1988 you can:

  • Access the personal information we hold about you
  • Correct information that is inaccurate, out of date, or incomplete
  • Withdraw consent to non-essential processing
  • Request deletion, subject to our 7-year AML retention obligation
  • Complain to the NZ Privacy Commissioner (privacy.org.nz) or the Office of the Australian Information Commissioner (oaic.gov.au) if you are not satisfied with our response

To exercise any of these rights email [email protected]. We will respond within 20 working days as required by the Privacy Act.

8. Security

All connections to SelamPAY are encrypted in transit using TLS 1.3. Data at rest is encrypted on disk by our hosting provider. We use single sign-on, multi-factor authentication, and least-privilege access controls for all team members who can view customer data. Authentication tokens on your phone are stored in the device's secure enclave (iOS Keychain / Android Keystore).

No system is perfectly secure. If you suspect a breach affecting your SelamPAY account, contact [email protected] immediately.

9. Cookies and analytics

The marketing site uses strictly-necessary cookies for sessions and preferences. We may also use first-party product analytics to understand early access demand and improve reliability; we do not run advertising trackers or sell analytics data.

10. Children

SelamPAY is for adults aged 18 or older. We do not knowingly collect information from anyone under 18. If you believe we have collected information from a minor, contact [email protected] and we will delete it.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. For material changes we will email registered customers and display a notice in the app for at least 30 days before the change takes effect.

12. Contact

Privacy queries: [email protected]
Security reports: [email protected]
General support: [email protected]
Mail: Brhan Enterprise Limited, Suite 14726, 17b Farnham Street, Parnell, Auckland 1052, New Zealand.