Privacy Policy

Last updated: April 2026

1. Introduction

Octopus Cards Inc. ("Octopus Cards," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our platform, or redeem our digital gift cards and top-up products.

Our business model is based on a small margin on each card sale. We do not sell advertising, and we have no incentive to collect, retain, or sell your personal data beyond what is strictly necessary to deliver our services.

2. Information We Collect

We collect only the minimum information required to process your transaction:

2.1 Card Redemption (No Account Required)

You do not need to create an account to redeem an Octopus Card. When you redeem a card, we collect:

  • Card code and PIN: Used to verify and process the card. The PIN is consumed upon redemption and is not stored in plaintext after the transaction is complete.
  • Account identifier: A Gamer ID, mobile phone number, or platform username - whatever the specific product requires to deliver value to the correct account.
  • Email address (optional): You may optionally provide an email address to receive a confirmation if your redemption takes longer than expected. This is not required, and skipping it does not affect the redemption process.

We do not collect your name, home address, date of birth, or payment details during card redemption. Payment information is handled by the marketplace or platform where you purchased the card, not by us.

2.2 Business Accounts

If you register for a business or partner account, we collect additional information including your name, company name, email address, and billing details as required for account management, invoicing, and compliance.

2.3 Website Visits

We do not use third-party analytics services (such as Google Analytics), advertising pixels (such as Facebook or Meta pixels), or third-party tracking scripts on our website or claim page. We do not track you across the web.

3. How We Use Your Information

  • To process transactions and deliver digital cards and top-ups to the correct account.
  • To send you a redemption confirmation email, if you opted in.
  • To manage your business account, if applicable.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations and regulatory requirements.
  • To resolve disputes and provide customer support.

We do not use your information for advertising, behavioural profiling, or promotional communications. We do not add your email to a mailing list. If you provide an email during redemption, it is used solely for that transaction's confirmation.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share data with:

  • Upstream Providers: Your account identifier (Gamer ID, phone number, etc.) is passed to the upstream provider who fulfils the top-up or credit delivery. This is necessary to complete the transaction.
  • Service Providers: Payment processors and hosting providers that help us operate our platform, bound by confidentiality obligations.
  • Legal Authorities: When required by law, court order, or to protect our rights and safety.

We do not share your data with advertising networks, data brokers, or any third party for marketing purposes.

5. Data Security

We implement the following security measures to protect your data:

  • Encryption in transit and at rest: All communication between your browser and our servers is encrypted via TLS. Data stored in our database is encrypted at the storage layer.
  • PIN consumption: Card PINs are consumed upon redemption and are not retained in plaintext.
  • Single-use, closed-loop cards: Each card can be redeemed exactly once. After redemption, the code and PIN are permanently invalidated. There is no stored balance to steal and no reusable token to intercept.
  • No account requirement: Card redemption does not require account creation, which eliminates the risk of password leaks, session hijacking, and credential-based attacks.

While no method of transmission over the internet is 100% secure, we strive to protect your information using commercially reasonable and industry-standard means.

6. Data Retention

We retain transaction records for operational and compliance purposes - including dispute resolution, auditing, and regulatory obligations. Transaction records are retained for a minimum of 5 years in accordance with applicable financial regulations. We do not retain data for advertising, profiling, or any purpose beyond what is described in this policy.

7. Cookies & Tracking

Our website uses only essential cookies required for the platform to function (such as session management for business accounts). We do not use third-party tracking cookies, advertising cookies, web beacons, or similar technologies to track your activity. We do not load third-party scripts from advertising or analytics providers.

8. Your Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal information.
  • Object to or restrict the processing of your data.
  • Request data portability.
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at privacy@octopuscards.io.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of our services after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

Octopus Cards Inc.
Email: privacy@octopuscards.io

Related Policies

Terms of Service·Cookie Policy·AML Policy·Back to Home