> ## Documentation Index
> Fetch the complete documentation index at: https://docs.shorpay.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Data Privacy

> What personal data Shor collects, who can see it, and how it's protected.

To move money on behalf of companies and workers, Shor has to handle a lot of personal data: IDs, addresses, tax IDs, bank details, contracts. This page explains what we collect, why, and how it's protected.

## What We Collect

<CardGroup cols={2}>
  <Card title="From Workers" icon="user">
    * Full legal name
    * Date of birth and residential address
    * Government ID (photo and details)
    * Tax identification number and residency
    * Bank account or payout method details
    * Employment history as needed for contracts
  </Card>

  <Card title="From Companies" icon="building">
    * Legal business name and registration
    * Registered address and tax ID
    * Beneficial ownership information
    * ID and address details for the authorized signer
    * Business description and expected activity
  </Card>
</CardGroup>

## Why We Collect It

<AccordionGroup>
  <Accordion title="Identity Verification (KYC/KYB)">
    Required by regulation for any platform that moves money. Prevents identity theft, money laundering, and sanctions violations.
  </Accordion>

  <Accordion title="Contract Generation">
    Contracts need accurate names, addresses, dates, and jurisdictions to be legally valid.
  </Accordion>

  <Accordion title="Payment Processing">
    Bank details and tax IDs are required by banking and tax infrastructure to move money correctly.
  </Accordion>

  <Accordion title="Tax Compliance">
    US tax forms (W-9, W-8BEN, W-8BEN-E) are collected because they're required by the IRS for US businesses paying contractors.
  </Accordion>
</AccordionGroup>

## Who Can See What

Access is scoped tightly:

| Data                                                       | Who can see it                                        |
| ---------------------------------------------------------- | ----------------------------------------------------- |
| **Your verification status** (verified / pending / failed) | You and your employer(s)                              |
| **Your identity documents** (ID photos, selfie)            | You and Shor's verification team (NOT your employer)  |
| **Your contract details**                                  | You and the specific company that contract is with    |
| **Your payment history with Company A**                    | You and Company A                                     |
| **Your payment history with Company B**                    | You and Company B (not Company A)                     |
| **Your tax form**                                          | You and the specific employer who requires it         |
| **Your bank details**                                      | You and Shor's payment operations (NOT your employer) |

Your data is never shared between employers. Each company sees only the information relevant to their own engagement with you.

## How We Protect It

* **Encryption in transit and at rest**: every piece of personal data is encrypted with industry-standard algorithms
* **Access controls**: Shor staff can only see data on a need-to-know basis, with every access logged
* **Tenant isolation**: each business's data is isolated from every other business
* **Retention limits**: we keep data only as long as needed for legal, tax, and regulatory purposes

## Your Rights

Depending on where you're based, you may have specific rights over your data: access, correction, deletion, portability, and objection to processing.

Shor respects GDPR, CCPA, and equivalent frameworks. To exercise any right:

* **Access or export**: from **Settings → Data** in your account
* **Correction**: most fields are editable from your profile directly
* **Deletion**: reach out to [privacy@shorpay.com](mailto:privacy@shorpay.com)
* **Questions**: same email; we'll reply within regulatory timeframes

<Note>
  Some data must be retained even after account closure: for example, transaction records required by tax and anti-money-laundering regulations. We'll always tell you which data has to be kept and for how long.
</Note>

## Third-Party Processors

Shor uses third-party services to provide the platform: cloud hosting, identity verification, payment rails, email delivery. Every processor is:

* Contractually bound by data protection commitments equal to or stronger than Shor's own
* Reviewed for security posture before use
* Only given the minimum data needed to perform their function

A current list of processors is available on request.

## Data Residency

For customers who require their data to be stored in a specific region (EU, US, etc.), Shor offers data residency options on enterprise plans. Contact [sales@shorpay.com](mailto:sales@shorpay.com).

## Incident Notification

If a data breach affects your information, we'll:

* Notify you within regulatory timelines (typically 72 hours in jurisdictions like the EU)
* Explain what happened, what data was affected, and what we're doing about it
* Provide guidance on any action you should take

## Questions

For anything privacy-related, email [privacy@shorpay.com](mailto:privacy@shorpay.com). For urgent issues, use [security@shorpay.com](mailto:security@shorpay.com).

## Next Steps

<CardGroup cols={2}>
  <Card title="Security" icon="shield-halved" href="/platform/security">
    How Shor keeps the platform secure.
  </Card>

  <Card title="KYC / KYB" icon="user-check" href="/platform/kyc-kyb">
    Why we collect what we collect.
  </Card>
</CardGroup>
