Privacy Policy
Last updated: April 20, 2026
This Privacy Policy describes how Bowen Consulting ("we," "us," or "our"), a brand of Reshapify, a company incorporated in the United States, collects, uses, and protects information when you use the Ridley payment processing platform ("Platform"). By using the Platform, you agree to the practices described in this policy.
We are committed to complying with the Jamaica Data Protection Act, 2020 ("JDPA"), the General Data Protection Regulation ("GDPR"), and other applicable data protection laws in the jurisdictions where we operate.
1. Information We Collect
1.1 Account Information
When you register for an account, we collect your name, email address, password, and organization details. If you manage a team, we may also collect the names and email addresses of team members you invite.
1.2 Payment Data
When transactions are processed through the Platform, we collect transaction details including amounts, currency, reference numbers, customer names, customer email addresses, card brand, and the last four digits of the payment card. We do not store full card numbers, CVVs, or complete card expiration dates. All sensitive payment data is handled directly by our PCI-compliant payment processors.
1.3 Order Information
Transactions may include order breakdown data such as subtotals, discounts, shipping charges, and applicable taxes. This information is provided by the merchant's integration and stored alongside the transaction record.
1.4 Checkout Analytics
We collect anonymous checkout analytics including page views, conversion events, device type, referrer URLs, and IP address hashes. IP addresses are hashed immediately and cannot be reversed to identify individuals. This data is used to provide merchants with conversion insights.
1.5 Usage Information
We collect information about how you interact with the Platform, including pages visited, features used, browser type, and operating system. This helps us improve the Platform experience.
1.6 Integration Data
If you connect third-party services (e.g., WooCommerce, QuickBooks Online), we store the authentication tokens necessary to maintain those connections. Tokens are encrypted at rest.
1.7 AI Interaction Data
If you use the Ridley AI assistant, we transmit your queries to third-party AI service providers (such as OpenAI or Anthropic) for processing. AI conversation content is stored temporarily for the duration of your session and is not used to train AI models. We retain AI usage metadata (message counts, timestamps) for billing and rate-limiting purposes.
2. Legal Basis for Processing
Under the Jamaica Data Protection Act, 2020 and other applicable laws, we process personal data on the following lawful bases:
- Contract performance: Processing necessary to provide the Platform services you have subscribed to (Sections 1.1–1.3, 1.6).
- Legitimate interest: Processing necessary for our legitimate business interests, such as fraud prevention, platform improvement, and analytics (Sections 1.4–1.5), where those interests are not overridden by your rights.
- Consent: Where you have given explicit consent, such as for AI interaction data processing (Section 1.7) or optional marketing communications.
- Legal obligation: Processing required to comply with applicable laws, regulations, or court orders.
3. How We Use Your Information
We use the information we collect to:
- Process and record payment transactions on behalf of merchants
- Provide transaction history, reporting, and analytics to authorized account holders
- Generate receipts and send email notifications related to transactions
- Detect and prevent fraudulent activity
- Maintain and improve the Platform's functionality, performance, and security
- Provide customer support
- Comply with legal obligations and enforce our Terms of Service
- Process AI assistant queries and responses
We process personal data only for the specific purposes stated at or before collection, in accordance with the purpose limitation principle under the JDPA.
4. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
4.1 Payment Processors
Transaction data is transmitted to our payment processors to authorize and settle payments. These processors are PCI DSS compliant and process data under their own privacy policies.
4.2 Merchants
If you are a customer making a payment, the merchant who created the payment link or session receives your transaction details (name, email, amount, status) to fulfill your order.
4.3 AI Service Providers
When you use the Ridley AI assistant, your queries are transmitted to third-party AI providers for processing. These providers are contractually bound to process data only as instructed and to maintain appropriate security measures.
4.4 Connected Services
When a merchant connects third-party services (e.g., accounting software), transaction data may be synced to those services as configured by the merchant.
4.5 Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Bowen Consulting, our users, or the public.
5. Data Security
We implement industry-standard security measures to protect your information:
- All data is transmitted over HTTPS/TLS encryption
- Sensitive credentials and tokens are encrypted at rest using AES-256
- Payment card data is handled exclusively by PCI DSS-compliant processors — we never store full card numbers
- Access to customer data is restricted by role-based permissions
- Administrative actions (refunds, subscription changes) are logged in an audit trail
6. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the Jamaica Information Commissioner within 72 hours of becoming aware of the breach, as required by the JDPA
- Notify affected data subjects without undue delay if the breach poses a high risk to their rights and freedoms
- Document all breaches, their effects, and the remedial actions taken
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected:
- Transaction records: Retained for the life of your account and a minimum of seven (7) years after account closure to comply with financial record-keeping requirements.
- Checkout analytics: Retained for up to two (2) years.
- AI interaction content: Retained for the duration of the session only; usage metadata retained for billing purposes.
- Account data: Retained until account deletion is requested, subject to legal retention obligations.
You may request deletion of your account data by contacting us, subject to legal retention requirements.
8. Your Rights
Under the Jamaica Data Protection Act, 2020, GDPR, and other applicable laws, you have the right to:
- Access — Request a copy of the personal information we hold about you
- Rectification — Request correction of inaccurate or incomplete information
- Erasure — Request deletion of your personal information (subject to legal retention obligations)
- Restriction — Request restriction of processing in certain circumstances
- Data portability — Request a portable copy of your data in a structured, commonly used format
- Objection — Object to processing based on legitimate interests
- Withdraw consent — Withdraw previously given consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
To exercise these rights, contact us at [email protected]. We will respond to your request within thirty (30) days.
If you are unsatisfied with our response, you have the right to lodge a complaint with the Jamaica Information Commissioner's Office at oic.gov.jm.
9. Cross-Border Data Transfers
The Platform is operated from the United States. If you access the Platform from Jamaica or other countries outside the United States, your personal data will be transferred to, stored, and processed in the United States.
In accordance with the Jamaica Data Protection Act, 2020 (Sections 33–36), we ensure that cross-border transfers of personal data are protected through:
- Contractual safeguards with our data processors requiring them to maintain appropriate levels of data protection
- Technical security measures (encryption in transit and at rest)
- Your explicit consent to the transfer, provided at account registration after being informed of the transfer
By creating an account and accepting our Terms of Service, you explicitly consent to the transfer of your personal data to the United States for the purposes described in this Privacy Policy, having been informed that the destination country may not provide the same level of data protection as Jamaica.
10. Cookies and Tracking
The Platform uses session cookies to maintain your authenticated state and CSRF protection. We do not use third-party advertising cookies or cross-site tracking technologies. Checkout pages use session storage to maintain payment state during the checkout flow.
11. Children's Privacy
The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date and by email notification at least fifteen (15) days before significant changes take effect. Your continued use of the Platform after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy, our data practices, or wish to exercise your data protection rights, contact us at:
Bowen Consulting (a brand of Reshapify)
Email: [email protected]
Website: bowenconsulting.co
For complaints regarding data protection, you may also contact the Jamaica Information Commissioner's Office at oic.gov.jm.