Hero Image
Hero Image

Privacy Policy

Updated: June 2026

3Degrees ("we", "our", "us") respects your privacy and is committed to protecting personal data in accordance with the UK GDPR, EU GDPR, and other applicable data protection laws. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit www.3degrees.co or use our services.

1. Data Controller

The data controller responsible for your personal data is:

3 Degrees Technologies Inc.
Email: privacy@3degrees.co
Website: https://www.3degrees.co

2. Personal Data We Collect

We collect the following categories of personal data in the course of providing our payment infrastructure services:

Beneficiary data (provided by our clients for payment execution)

  • Full name

  • Address

  • Date of birth

  • National identification number

  • Email address

  • Phone number

  • Bank account details (IBAN, sort code, account number, bank name, routing code)

Client and account data

  • IP address

  • Contact name and email

  • Company information

  • API keys (stored hashed)

  • User credentials

Technical data

  • IP address

  • Browser type and version

  • Device information

  • Website usage data

Transaction data

  • Payment amounts, currencies, and references

  • Payout summaries and statuses

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract: processing is necessary to perform our payment infrastructure services under the service agreement with our clients. This covers payment execution, FX quoting, and account management.

  • Legal obligation: we are required by financial regulations (anti-money laundering, know-your-customer, financial record-keeping) to collect, verify, and retain certain personal data for a minimum of 7 years.

  • Legitimate interest: For operational security, system monitoring, fraud prevention, and improving our services. We do not process personal data for profiling, advertising, or marketing purposes.

  • Consent: for non-essential analytics cookies and similar tracking technologies on our website. Analytics cookies are only set after you have given explicit opt-in consent via our cookie banner. You may withdraw consent at any time.

  • Consent is not the lawful basis for any core processing activity: Centro is a B2B payment infrastructure platform; all core processing is driven by contractual and regulatory obligation. Consent applies only to optional website analytics.

4. How We Use Personal Data

We use personal data to:

  • Execute cross-border payments on behalf of our clients

  • Verify beneficiary identities for AML/KYC compliance

  • Maintain transaction records for financial audit and regulatory purposes

  • Monitor and secure our systems against fraud and unauthorised access

  • Respond to support requests and data subject access requests

5. Data Sharing

We share personal data only with third parties that enable us to deliver our services. These fall into the following categories:


Payment and financial service providers

We work with regulated payment institutions and foreign‑exchange partners to execute international payments. These providers receive only the beneficiary information necessary to process the transaction (such as name, account details, and address). Depending on the service, they may act as independent controllers or data processors.


Technology, infrastructure, and operational service providers

We use trusted third‑party providers for secure cloud hosting, authentication, communication, and internal operations. These providers process data strictly on our behalf and in accordance with our instructions.


Legal, regulatory, and compliance partners

Where required, we may share data with auditors, regulators, or compliance service providers to meet our legal obligations.


We do not sell personal data, and we do not share it with third parties for their own marketing purposes.

6. International Data Transfers

Our primary infrastructure is hosted in a secure cloud environment located in the European Union (Ireland). We also operate a flexible infrastructure model that allows us to serve clients in the United States, the United Kingdom, and the European Economic Area. Depending on a client’s location and service requirements, their data may be processed in the region most appropriate for delivering the service.

When personal data is transferred across borders, including transfers from or to the United States, the United Kingdom, or the EEA, we apply appropriate safeguards to ensure an equivalent level of protection. These may include:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions

  • Contractual, organisational, and technical safeguards that meet applicable legal requirements

Some of our payment and financial service partners may process data in jurisdictions that do not have the same data‑protection laws as the UK, EU, or US. Where this occurs, we assess and document the relevant transfer mechanisms and ensure they remain compliant with applicable regulations.

For more information about cross‑border transfers or specific service providers, you may contact us at privacy@3degrees.co

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, and operational requirements.

Beneficiary personal information is retained for seven years from the date of the last transaction. This includes details such as name, address, and account information, and is required for financial record‑keeping, anti‑money laundering, and know‑your‑customer obligations.

Account details, including IBANs and other payment identifiers, are also retained for seven years from the last transaction for the same regulatory reasons.

Transaction event history is retained for seven years from the date of each event to comply with financial record‑keeping and audit requirements.

Payout summaries are retained for seven years from the payout date to meet financial and regulatory obligations.

Quote requests are retained for 90 days from creation, as there is no financial record‑keeping requirement once the quote expires.

Client credentials are retained for the duration of the service agreement in order to provide the contracted services.

Application logs are retained for between 30 and 90 days, depending on the log type, for operational and security purposes.

After the retention period expires, data is deleted or anonymised. Transaction records are retained for 7 years as required by applicable financial regulations, even if you close your account.

8. Your Data Protection Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Request deletion of your data

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time


Limitation on erasure: The right to erasure does not apply where we are required to retain data for compliance with legal obligations, including financial record-keeping under anti-money laundering and know-your-customer regulations. Transaction-related data (beneficiary records, account details, payment history) is retained for 7 years regardless of erasure requests.


To exercise these rights, contact: privacy@3degrees.co

9. Data Deletion Requests

You may request deletion of your personal data at any time using our Data Deletion Request form:

https://www.3degrees.co/data-deletion

All requests are logged, tracked, and processed in accordance with applicable data protection regulations.

10. Security

We implement technical and organisational safeguards to protect personal data, including:


We implement technical and organisational safeguards to protect personal data, including:

  • Encryption at rest (AES-256) and in transit (TLS)

  • Access controls and tenant isolation

  • Network isolation (VPC, security groups)

  • Monitoring, logging, and alerting

  • Regular security assessments

11. Cookies and Analytics

We use cookies on our website. Some are strictly necessary for the site to function; others (analytics cookies) are optional and require your consent.

Strictly necessary cookies: required for the website to function (e.g. session management, security). These do not require consent.

Analytics cookies: help us understand how visitors use our website (e.g. page views, traffic sources, device types). These are only set after you have given explicit opt-in consent via our cookie banner. You may withdraw consent at any time by adjusting your cookie preferences.

We do not use advertising or marketing cookies.

11. Updates to This Policy

We may update this Privacy Policy periodically. Updated versions will be published on this page with the revised date. Material changes to our data processing activities will be reflected within 30 days.


Prior versions of this policy are retained for audit purposes.

12. Contact

For privacy-related enquiries:

privacy@3degrees.co

Shape

Ready to Accelerte Your Global Payments?

See how leading fintechs and enterprises are reducing costs, unlocking new revenue streams, and future-proofing their payments infrastructure with us.

Shape

Ready to Accelerte Your Global Payments?

See how leading fintechs and enterprises are reducing costs, unlocking new revenue streams, and future-proofing their payments infrastructure with us.

Shape

Ready to Accelerte Your Global Payments?

See how leading fintechs and enterprises are reducing costs, unlocking new revenue streams, and future-proofing their payments infrastructure with us.