Privacy Statement for KeyChain Pay

By installing or using the KeyChain Pay software, you acknowledge, agree and consent that your Personal Information (as defined below) will be handled as described in this Privacy Statement.

The KeyChain FinTech Limited (Collectively referred to as the ‘Company’, or ‘We’) will handle all user information concerned with the Company’s KeyChain Pay service and all its related services (hereinafter referred to collectively as the ‘Service’) in accordance with the following.


We are committed to protecting your privacy while providing you with the Service that serve you in a ‘need-to-know’ basis. The operation of these Services may require minimal collection and use of your personal information. What information The Company collects or receives from you depends on how you use the Service, which may include the following:

Your Personal Information

We are committed to protecting your privacy while providing you with the Service that serve you in a ‘need-to-know’ basis. The operation of these Services may require minimal collection and use of your personal information. What information The Company collects or receives from you depends on how you use the Service, which may include the following:

  1. NAME
  2. PHONE
  3. EMAIL
  4. CREDIT CARD ISSUING BANK (tenant only NOT applicable for Apple Pay / Google Pay)
  5. CREDIT CARD LAST 4 DIGITS (tenant only, NOT applicable for Apple Pay / Google Pay)
  6. BANK NAME (landlord only)
  7. BENEFICIARY NAME (landlord only)
  8. ACCOUNT NUMBER (landlord only)

or any other information which may be deemed personal information under applicable law. When you provide your Personal Information to the Company using KeyChain Pay, The Company receives and stores this information in order to respond to your using needs and requests. For example, we may use your Personal Information when matching your interests with the right parties. You can choose not to provide your Personal Information, but then you might not be able to take advantage of all the features in KeyChain Pay.

Information We Collect Automatically

We receive and store certain types of information whenever you interact with us. For example, upon your confirmation, KeyChain Pay supports the collection of your Personal Information, including tenant’s CREDIT CARD LAST 4 DIGITS. Entire credit card numbers will NOT be kept by the Company but it will be processed by a PCI compliance gateway. Though such information will typically be used in an aggregated way to improve our products and Services, some information we collect, may be used to offer you products and Services specifically based on your preferences and usage.

Device Information

The users’ device information (IP address, OS type, IMEI number, etc.) may be acquired at times. This information shall be used for the provision of a better service, as well as for identification purposes and prevention of any unauthorised/fraudulent practices which interfere with normal Service.

The Company may use the information we collect about you for any of the following purposes:

We may disclose limited information about you to third parties acting on our behalf or who are our subsidiaries, Affiliates or business partners. These third parties may assist The Company with marketing purpose only. In addition, we may use your personal data for the purpose of sending you messages.

We will honor your request to not use your personal data for the marketing purposes noted above. If you do not wish to receive offers or advertising from us or the relevant third party, please delete the KeyChain Pay application.

Protection of The Company

The Company reserve the right to disclose your personal information when we believe such disclosure required to comply with the law, judicial proceeding, court order or other legal process; to enforce or apply the terms of the T&C; or protect the rights, property, or safety of The Company, our employees, our users, or others. This includes exchanging information with other companies and organisations for fraud protection and criminal reduction purposes. This does not include selling, renting, sharing, or otherwise disclosing Personal Information from customers for commercial purposes in violation of this Privacy Policy.


We may retain any information collected from you for the period necessary to fulfil the purposes as outlined in this Policy Statement unless a longer retention period is required by applicable law.


PCI compliance, short for Payment Card Industry Data Security Standard (PCI DSS), is a proprietary series of standards and best practices for payment security. The Company is adhere to PCI DSS and committed to protecting the security of your Personal Information in a reasonable manner. We use a variety of security technologies and procedures to help protect your Personal Information from loss, misuse, unauthorised access, use, disclosure, alteration and destruction.

Any information we collect will be securely processed, stored and archived in databases and backups that could reside outside of your jurisdiction, including without limitation the Hong Kong Special Administration.
If you have any questions about the security of your information, please contact us at


As with other mobile payment software, KeyChain Pay could be mis-used as a tool for hacking and/or phishing and/or money laundry including but not limited to the use of stolen credit cards (collectively, "Risks"). The Company will establish the relevant controls and exercise all reasonable extents to minimise the risks but the controls may not eliminate or avoid all fraudulent or wilful actions. Users are required to provide real identity and true and correct information for the use of Services.

The Company adopts payment tokenisation which replaces the traditional payment card account number with a unique digital token in online and mobile transactions. Tokens can be restricted for transactions with a specific mobile device, merchant or transaction type. The tokenisation process happens in the background in a way that is invisible to the consumer. Tokenisation should reduce the threat of sensitive payment data being usable by fraudsters if compromised.


The Company, its Affiliates, employees, officers and agents shall not be liable for (i) any disclosure of your Personal Information as required by law or relevant governmental authority; (ii) any disclosure of your Personal Information as a result of your own actions or negligent acts (including without limitation the disclosure by you of your Personal Information to any websites, forums, or social networking sites); (iii) any consequence resulting from hackers, computer viruses or temporary closure of our services; or (v) any consequence resulting beyond The Company’s control.

In addition, all provisions of the T&C, including without limitation the limitation of liability and indemnification provisions shall also apply.


If you have questions about the privacy aspects of our products or services, please contact