Get Started

Get Started

One Payment Privacy Policy

Last Updated: February 2, 2026

This Privacy Policy (hereinafter referred to as “this Policy”) sets forth the handling of personal information acquired and used by One Payment Inc., Montana, USA (hereinafter referred to as the “Data Controller”) and One Payment Okinawa Co., Ltd. (hereinafter referred to as the “Domestic Operator”) in connection with the payment processing services, ACH debit processing, foreign currency exchange (FX), proxy payment, and account linking services (hereinafter referred to as “the Service”) they provide.

The Service is primarily aimed at US military personnel and their families stationed in Okinawa, foreign residents in Okinawa, and veterans, etc.

This Policy has been formulated in compliance with the following laws and regulations:

  • US Bank Secrecy Act (BSA) and FinCEN Regulations
  • AML/CFT Guidelines
  • OFAC Sanctions Programs
  • NACHA Operating Rules
  • US State Privacy Standards
  • Japan’s Act on the Protection of Personal Information (APPI)

1. Information We Collect

We acquire the following information to the extent necessary for the provision of the Service, ACH debit processing, FX, proxy payment, and compliance (BSA/AML/CFT/OFAC) purposes.

① Identity Verification and Contract-Related Information

Name, address, date of birth, phone number, email address, identity verification documents (passport, driver’s license, military ID, etc.), information regarding affiliation with the US military in Okinawa (optional, as needed), other information necessary for Customer Identification (KYC), and bank account/financial information.

Bank Information Acquired via Plaid

The Service typically uses a secure account linking process (Tokenization) via Plaid to acquire the following information:

  • Bank Name
  • Account Type
  • Balance Information
  • Transaction Information (as needed)
  • Bank identifiers Tokenized by Plaid

In cases where the customer cannot complete bank authentication through Plaid, or when it is necessary to directly provide bank account information for ACH debit registration, we may acquire the following information based on the customer’s explicit consent:

  • Bank Name
  • Account Number
  • Account Type (Checking / Savings)
  • Routing Number (ABA Number)
  • Account Holder Name
  • Minimum additional information required for ACH debit setup
  • Note: In this case, we do not acquire or retain bank login information (ID / Password).
  • Note: Acquired account information is stored securely, and use for purposes other than those specified is prohibited.

② Payment and Transaction Data

For the payment processing and contract management of the Service, we acquire and use the following transaction data:

  • Payment data related to ACH debits and proxy payments
  • Invoice number, transaction ID, reference number
  • Information related to contract management and settlement reconciliation

This information may be reviewed by authorized personnel on our management platform only for the purposes of business operations, customer support, accounting, audit response, and fraud investigation.

③ Technical Information and Log Information

For the stable operation of the system, security assurance, fraud prevention, and legal compliance, we acquire and record the following technical and log information to the necessary extent:

  • IP address
  • Device type and browser type (in a form that does not directly identify an individual)
  • System access logs
  • API usage logs (communication records between US Bank, Plaid, and our systems, etc.)
  • Note: We do not use Cookies for advertising or behavioral tracking purposes.
  • Note: This information is used strictly for security, audit, fraud investigation, and regulatory compliance purposes.

④ Information for AML / CFT / OFAC Compliance

We acquire and use the following information to fulfill our obligations under US BSA / AML / CFT / OFAC related laws and regulations:

  • Transaction monitoring data
  • Sanctions list screening results (OFAC and international sanctions lists, etc.)
  • Related information necessary for the analysis and evaluation of suspicious transactions
  • Detection and recording logs for SAR (Suspicious Activity Report) target transactions

This information is handled only for the purpose of fulfilling legal obligations, preventing fraud, and managing risk.

  • Other information voluntarily provided by the user
  • Information during inquiries
  • Materials for troubleshooting
  • Information related to the payee service provider

2. Purpose of Information Use

We use the acquired personal and related information within the scope of the following purposes:

① Provision and Operation of the Service

  • Payment processing, such as ACH debit, foreign currency exchange (FX), and proxy payments
  • Execution, management, fulfillment of contracts, and settlement operations

② Identity Verification and Risk Management

  • Identity verification (KYC) and customer management
  • Prevention and investigation of fraudulent use
  • Verification of transaction appropriateness and risk assessment

③ Compliance with Laws and Regulations

  • Fulfillment of obligations under BSA / AML / CFT / OFAC and other related laws and regulations
  • Transaction monitoring, sanctions list screening, and response to reporting obligations

④ Customer Service and Support

  • Responding to inquiries
  • Troubleshooting and investigation

⑤ Accounting, Audit, and Internal Management

  • Accounting procedures, audit response
  • Internal controls and business process improvement

⑥ System Operation and Security Assurance

  • System maintenance and improvement
  • Security assurance and incident response
  • We will not use personal information beyond the above stated purposes of use.

3. Provision to Third Parties

We will not provide a user’s personal information to a third party, except in the following cases:

① Provision to Business Contractors

We may provide personal information to the following business contractors to the extent necessary for the provision and operation of the Service:

  • Payment and financial service providers (e.g., partner banks such as US Bank)
  • Account linking, identity verification, and payment support service providers (e.g., Plaid, etc.)
  • Business contractors performing system operation, data management, audit, etc.

In such cases, we will enter into appropriate contracts and conduct management, and supervise the contractors to ensure the secure management of personal information.

② Provision Based on Legal Requirements

We may provide a user’s personal information to a third party in the following cases:

  • When required by laws, regulations, or regulatory authorities
  • When fulfilling reporting obligations under laws such as BSA / AML / OFAC
  • When responding to judicial procedures, investigations, or orders from supervisory authorities

③ Provision Due to Business Succession

In the event of a merger, business transfer, or other form of business succession, personal information may be transferred to the successor to the extent necessary for the succession of that business.

④ Provision Based on User Consent

Even if not falling under the above, if explicit prior consent is obtained from the user, personal information may be provided within the scope of that consent.

4. Method of Information Management

We implement technical, organizational, and physical security management measures to protect the confidentiality and integrity of the acquired information. These measures include encryption of communications, access control, authentication management, and log management, but the specific details are implemented based on our separately established Information Security Policy.

5. Special Handling Based on Laws and Regulations

We may monitor, analyze, or compare a user’s transactions and information based on US BSA, AML, CFT, and OFAC related laws and regulations. Furthermore, we are obligated under law to file a Suspicious Activity Report (SAR) regarding suspicious transactions. We are legally restricted from notifying users of the submission or content of an SAR.

6. Retention Period of Personal Information

We retain acquired personal information only for the period necessary for the provision of the Service, contract management, legal compliance, and dispute resolution. Specifically, in accordance with US BSA / AML related laws and regulations, transaction records and identity verification information are generally retained for at least 5 years from the completion of the transaction or the termination of the contract. Information may be retained beyond this period if reasonably necessary for legal obligations, audits, investigations, litigation, or fraud prevention measures.

7. Cross-Border Data Transfer

For the provision of the Service, payment processing, account linking, and compliance with laws and regulations, we may transfer, store, or process acquired personal information in our systems and servers or those of our partners located outside of Japan (primarily in the United States). In the event of such a data transfer, we will take appropriate protective measures in accordance with applicable laws and industry standards to ensure the safety and confidentiality of the personal information.

8. Use of Plaid Services

We use Plaid Inc. (“Plaid”) to enable you to securely connect your bank account and access financial data for the purpose of providing our services.

When you choose to connect your financial account, certain information is transmitted directly to Plaid. Plaid may collect and process your financial information in accordance with its own Privacy Policy.

Plaid’s Privacy Policy is available at:

https://plaid.com/legal/#privacy-policy

By connecting your financial account through our Website, you acknowledge and agree that:

• Your information will be processed by Plaid in accordance with Plaid’s Privacy Policy.

• We may receive information from Plaid about your connected financial accounts to provide our services.

• Plaid acts as our service provider for the purposes of enabling financial data connectivity.

We only use the information received from Plaid for the purposes described in this Privacy Policy.

9. User Rights

Users have the following rights:

Request for disclosure, correction, or deletion of their own information, and application for suspension of use. However, there is information that cannot be deleted due to laws such as AML/BSA, etc. Furthermore, if such a request conflicts with legal obligations (BSA / AML, etc.), we may not be able to comply with all or part of the request.

10. Cookies and Tracking Technologies

We may use technologies such as Cookies to the necessary extent for the normal provision, security assurance, and convenience improvement of our website and the Service. The Cookies we use are for the purposes of session management, fraud prevention, and system operation, and are not used for advertising or for tracking and profiling user behavior. Additionally, we may conduct access analysis in a form that does not identify individuals to understand site usage.

11. Use by Minors

The Service is generally not intended for individuals under 18 years of age.

12. Changes to the Policy

We may update this Policy from time to time.

13. Contact Information

For inquiries regarding this Policy, please contact us at:

Email: info@onepayment-inc.com

Domestic Operator: One Payment Okinawa Co., Ltd.

Address: S-APT 2-A, 3-128 Miyagi, Chatan-cho, Nakagami-gun, Okinawa

Note: One Payment Okinawa Co., Ltd. does not perform acts such as receiving funds, sending money, or foreign currency exchange, but only provides operational support for the Service.

14. Business Operator Information

One Payment Inc.
1001 S MAIN ST STE 500 KALISPELL, MT 59901-5635
FinCEN MSB Registration Number: 310003122444647
One Payment Okinawa Co., Ltd.
S-APT 2-A, 3-128 Miyagi, Chatan-cho, Nakagami-gun, Okinawa