Last Updated: November 11, 2025
Who We Are
Tensec Holdings Limited (Cayman Islands) is the data controller for purposes of determining the means and purposes of personal data processing. Tensec Payments, Inc. and Tensec US, Inc. (U.S.), and Tensec Mexico act as data processors on behalf of Tensec Holdings. In connection with Services offered to business customers, we may process the personal data of individuals such as company officers, beneficial owners, employees, and authorized representatives. All processing activities are governed by contractual agreements between entities to ensure compliance and confidentiality.
What Personal Data We Collect
We collect the following types of personal data:
• Identifiers: name, company name, job title, contact information, business registration numbers
• Customer Due Diligence (CDD/KYC): national ID, tax ID (e.g., CNPJ, CPF, RFC), government-issued documents, utility bills, company ownership details
• Transaction Details: purpose, amount, beneficiary/payor details, related invoice or contract info
• Device and Usage Information: IP address, browser/device type, access times, user activity logs
• Location Data: derived from IP or provided via documents
• Personal Information: Personal information submitted by corporate customers regarding their own clients or counterparties (e.g., invoice recipients, payees), solely for the purpose of verifying transactions initiated on the platform
Some of this data is collected from the user directly; other data may be sourced from partners (e.g., identity verification vendors, financial institutions, or compliance systems).
How We Use Personal Data
We process personal data to:
• Verify identity, conduct due diligence, and comply with anti-money laundering (AML) and know-your-customer (KYC) obligations
• Enable and support payment processing and cross-border transactions
• Operate internal security controls, fraud prevention, and monitoring systems
• Develop and improve Tensec’s document recognition and compliance systems
• Comply with legal and regulatory obligations in each relevant jurisdiction
• Communicate with business users and provide account support
• Fulfill obligations under a commercial agreement or Order Form entered into between your business and Tensec
Where an authorized business customer submits documents or data on behalf of its own clients (e.g., small businesses, trading partners, or counterparties), Tensec processes that information solely to support the authorized user’s transaction and regulatory obligations. Tensec expects all such users to ensure they have a legal basis to share this information with Tensec (such as contractual authorization or compliance necessity), and Tensec treats this data with the same level of protection and control as if it had been provided directly.
Tensec uses proprietary artificial intelligence (AI) tools to analyze sensitive documents submitted by users during the onboarding and transaction verification process. These tools are developed by Tensec US, Inc. and incorporate technologies based on Google Gemini and Anthropic Claude, operating within proprietary systems owned by Tensec Holdings Limited.
• Classify document types (e.g., invoices, IDs, contracts)
• Extract structured data fields such as names, transaction amounts, dates, counterparties, and declared purposes
• Assist in detecting inconsistencies or missing information relevant to compliance checks
We share data with:
• Banking and financial partners: Braza Bank and Stearns Bank, PMI Américas, among others
• Technology vendors:Google Gemini API, cloud storage providers, analytics tools, CRM platforms
• Regulators or law enforcement: where legally required (e.g., for AML reporting or upon lawful requests)
• Nium Pte. Ltd., a Singapore-based financial services provider and regulated payment institution, to facilitate international payouts in supported currencies and countries. We share transaction metadata and recipient details necessary for processing through Nium’s rails.
Tensec operates globally. Your personal data may be transferred from your home country to:
• The United States (where Tensec US, Inc. and Tensec Payments, Inc. operate)
• Cayman Islands (where Tensec Holdings is based)
• Singapore, Japan, Mexico, Brazil, or Hong Kong depending on transaction flows
We implement safeguards such as:
• Standard contractual clauses (SCCs) where required
Depending on jurisdiction, our legal bases include:
• Performance of a contract (to provide the Services)
• Compliance with a legal obligation (AML/KYC laws)
• Legitimate interest (improving security, fraud detection, system integrity)
• Consent, where required (e.g., for optional marketing or document uploads)
We retain data:
• As long as necessary to fulfill the purpose for which it was collected
• As required by law (e.g., 5+ years for KYC under AML regulations)
• For regulatory inquiries, audits, fraud prevention, or legal claims
We use:
• Access controls, logging, and encryption
• Role-based permissions for employees
• Vendor security assessments and confidentiality agreements
• Access or receive a copy of your data
• Request correction or deletion
• Restrict or object to certain processing
• Brazil (LGPD)
• Full rights under LGPD: access, correction, anonymization, deletion, portability,
revocation, and complaint to ANPD
• Local DPO: René Abe (dpo@tensec.io.br)
• Data may be processed abroad; contractual safeguards are used
How to Contact Us
Email: privacy@tensec.io
Mail: Tensec Payments, Inc.
3790 El Camino Real #1234, Palo Alto, CA 94306, USA
DPO (Brazil): dpo@tensec.io.br
Updates
We may update this Privacy Policy from time to time. If material changes are made, we will notify users via email or through our platform.
Last updated date will reflect most recent version. Continued use of the Services indicates your acceptance of the updated policy.
Privacy Policy
This Privacy Policy shall be effective for all customers on November 11, 2025
Tensec Holdings Limited, along with its affiliated entities including Tensec US, Inc., Tensec Mexico, and Tensec Payments, Inc. (collectively, “Tensec,” “we,” “us,” or “our”), respects the privacy of business users and their authorized representatives. This Privacy Policy explains how Tensec collects, uses, shares, and safeguards personal data collected through our platform and services.
This Privacy Policy applies to all users who access our websites (e.g., https://www.tensec.io/), mobile applications, and services (collectively, the “Services”) and to any personal information processed by Tensec in connection with those Services. By using our Services, you acknowledge that you have read and understood this Privacy Policy.
Who We Are
Tensec Holdings Limited (Cayman Islands) is the data controller for purposes of determining the means and purposes of personal data processing. Tensec Payments, Inc. and Tensec US, Inc. (U.S.), and Tensec Mexico act as data processors on behalf of Tensec Holdings. In connection with Services offered to business customers, we may process the personal data of individuals such as company officers, beneficial owners, employees, and authorized representatives. All processing activities are governed by contractual agreements between entities to ensure compliance and confidentiality.
What Personal Data We Collect
We collect the following types of personal data:
• Identifiers: name, company name, job title, contact information, business registration numbers
• Customer Due Diligence (CDD/KYC): national ID, tax ID (e.g., CNPJ, CPF, RFC), government-issued documents, utility bills, company ownership details
• Transaction Details: purpose, amount, beneficiary/payor details, related invoice or contract info
• Device and Usage Information: IP address, browser/device type, access times, user activity logs
• Location Data: derived from IP or provided via documents
• Personal Information: Personal information submitted by corporate customers regarding their own clients or counterparties (e.g., invoice recipients, payees), solely for the purpose of verifying transactions initiated on the platform
• Personal or Business Information: Personal or business information contained in documents submitted by Tensec’s business clients on behalf of their own customers or third-party originators (e.g., invoices, contracts, payment instructions, identification documents).
Some of this data is collected from the user directly; other data may be sourced from partners (e.g., identity verification vendors, financial institutions, or compliance systems).
How We Use Personal Data
We process personal data to:
• Verify identity, conduct due diligence, and comply with anti-money laundering (AML) and know-your-customer (KYC) obligations
• Enable and support payment processing and cross-border transactions
• Operate internal security controls, fraud prevention, and monitoring systems
• Develop and improve Tensec’s document recognition and compliance systems
• Comply with legal and regulatory obligations in each relevant jurisdiction
• Communicate with business users and provide account support
• Fulfill obligations under a commercial agreement or Order Form entered into between your business and Tensec
Where an authorized business customer submits documents or data on behalf of its own clients (e.g., small businesses, trading partners, or counterparties), Tensec processes that information solely to support the authorized user’s transaction and regulatory obligations. Tensec expects all such users to ensure they have a legal basis to share this information with Tensec (such as contractual authorization or compliance necessity), and Tensec treats this data with the same level of protection and control as if it had been provided directly.
Use of AI
Tensec uses proprietary artificial intelligence (AI) tools to analyze sensitive documents submitted by users during the onboarding and transaction verification process. These tools are developed by Tensec US, Inc. and incorporate technologies based on Google Gemini and Anthropic Claude, operating within proprietary systems owned by Tensec Holdings Limited.
AI processing is used to:
• Classify document types (e.g., invoices, IDs, contracts)
• Extract structured data fields such as names, transaction amounts, dates, counterparties, and declared purposes
• Assist in detecting inconsistencies or missing information relevant to compliance checks
Important: Tensec’s AI tools are never used for autonomous decision-making. Any decision that could delay, flag, or reject a transaction based on AI output is subject to human review by qualified compliance personnel.
In some cases, AI-extracted information may prompt enhanced due diligence or delay a transaction if potential discrepancies are detected. This helps fulfill anti-money laundering and fraud prevention requirements.
Tensec does not use customer data to train AI models. Extracted data and outputs are retained only as required to support specific transactions or regulatory obligations.
These tools are used exclusively to support compliance workflows initiated by our customers or their agents. They are not used to assess or score user behavior outside the scope of a given transaction.
Third Parties We Share Data With
We share data with:
• Banking and financial partners: Braza Bank and Stearns Bank, PMI Américas, among others
• Technology vendors:Google Gemini API, cloud storage providers, analytics tools, CRM platforms
• Regulators or law enforcement: where legally required (e.g., for AML reporting or upon lawful requests)
• Nium Pte. Ltd., a Singapore-based financial services provider and regulated payment institution, to facilitate international payouts in supported currencies and countries. We share transaction metadata and recipient details necessary for processing through Nium’s rails.
All third parties operate under contractual obligations to safeguard the data and process it only for Tensec’s purposes.
Cross-Border Transfers
Tensec operates globally. Your personal data may be transferred from your home country to:
• The United States (where Tensec US, Inc. and Tensec Payments, Inc. operate)
• Cayman Islands (where Tensec Holdings is based)
• Singapore, Japan, Mexico, Brazil, or Hong Kong depending on transaction flows
We implement safeguards such as:
• Standard contractual clauses (SCCs) where required
• Data protection agreements among entities
• Encryption, access control, and data minimization practices
Data processed through Nium’s systems may be transferred to or processed in jurisdictions where Nium operates, including Singapore and other countries that may not offer the same level of data protection as your home country. We ensure contractual safeguards and encryption of data transmitted to Nium for processing
Legal Basis for Processing
Depending on jurisdiction, our legal bases include:
• Performance of a contract (to provide the Services)
• Compliance with a legal obligation (AML/KYC laws)
• Legitimate interest (improving security, fraud detection, system integrity)
• Consent, where required (e.g., for optional marketing or document uploads)
Data Retention
We retain data:
• As long as necessary to fulfill the purpose for which it was collected
• As required by law (e.g., 5+ years for KYC under AML regulations)
• For regulatory inquiries, audits, fraud prevention, or legal claims
Security Measures
We use:
• Access controls, logging, and encryption
• Role-based permissions for employees
• Vendor security assessments and confidentiality agreements
Your Rights (General)
Depending on your location, you may have rights to:
• Access or receive a copy of your data
• Request correction or deletion
• Restrict or object to certain processing
• Withdraw consent (where applicable)
• File a complaint with your local data protection authority
Country-Specific Disclosures
• Brazil (LGPD)
• Full rights under LGPD: access, correction, anonymization, deletion, portability,
revocation, and complaint to ANPD
• Local DPO: René Abe (dpo@tensec.io.br)
• Data may be processed abroad; contractual safeguards are used
• Mexico (LFPDPPP)
• ARCO rights: access, rectification, cancellation, opposition
• Contact: privacy@tensec.io for rights requests
• You may also file a complaint with INAI (www.inai.org.mx)
• ARCO rights: access, rectification, cancellation, opposition
• Contact: privacy@tensec.io for rights requests
• You may also file a complaint with INAI (www.inai.org.mx)
• Cayman Islands (DPA)
• We follow DPA principles: fairness, necessity, purpose limitation
• Contact our Privacy Officer at privacy@tensec.io for rights under DPA
• We follow DPA principles: fairness, necessity, purpose limitation
• Contact our Privacy Officer at privacy@tensec.io for rights under DPA
• Hong Kong (PDPO)
• You may request access/correction of personal data
• Contact: privacy@tensec.io
• You may request access/correction of personal data
• Contact: privacy@tensec.io
• Japan (APPI)
• We disclose purposes of use and sharing partners
• Users may request access, correction, and suspension of use
• We disclose purposes of use and sharing partners
• Users may request access, correction, and suspension of use
• Singapore (PDPA)
• You may request access and correction of personal data
• We protect your data with reasonable security arrangements
• When Nium services are used, data may be processed in Singapore by Nium Pte. Ltd., a licensed financial institution regulated under the Monetary Authority of
Singapore. Tensec has taken steps to ensure your data is protected through
contractual controls and transfer mechanisms that meet PDPA standards.
• You may request access and correction of personal data
• We protect your data with reasonable security arrangements
• When Nium services are used, data may be processed in Singapore by Nium Pte. Ltd., a licensed financial institution regulated under the Monetary Authority of
Singapore. Tensec has taken steps to ensure your data is protected through
contractual controls and transfer mechanisms that meet PDPA standards.
• United States
• Federal laws: GLBA (financial privacy), CAN-SPAM (marketing), OFAC (sanctions), E-SIGN Act (e-consent)
• State-specific rights (e.g., CCPA) may not apply unless Tensec crosses relevant
thresholds
• State-specific rights (e.g., CCPA) may not apply unless Tensec crosses relevant
thresholds
How to Contact Us
Email: privacy@tensec.io
Mail: Tensec Payments, Inc.
3790 El Camino Real #1234, Palo Alto, CA 94306, USA
DPO (Brazil): dpo@tensec.io.br
Updates
We may update this Privacy Policy from time to time. If material changes are made, we will notify users via email or through our platform.
Last updated date will reflect most recent version. Continued use of the Services indicates your acceptance of the updated policy.