Mynt
‍‍Privacy Notice

Mynt takes your privacy very seriously. We protect your personal data and use it in a fair, lawful, and secure way. We follow the Data Privacy Act of the Philippines, other laws that apply to our services, and relevant industry standards.

This privacy notice tells you how we handle your personal data when you connect with Mynt, Inc. (“we,” “us,” or “our”). It also explains how you can control what happens to your information.

What is Mynt?

Mynt, or Mynt, Inc., is a holding company and the parent entity of the Mynt Group. We oversee a diverse corporate portfolio of specialized companies that drive financial inclusion across both digital platforms and payment networks. This portfolio includes G-Xchange, Inc. (“GXI”), which operates the GCash Wallet; Fuse Financing Inc. (“Fuse”), which handles lending and credit products; Ryse, Inc. (“Ryse”), focusing on wealth management and investments; and BlockG Virtual Assets, Inc. (“BlockG”), providing virtual asset services. The products and services of these companies can all be conveniently accessed through the GCash App. Additionally, Mynt also owns Electronic Commerce Philippines Inc. (“ECPay”), a payment service provider with a nationwide network. Collectively, we call Mynt and its subsidiaries the Mynt Group.

Mynt plays an important role in providing administrative and support services as well as managing the assets and income generated by the Mynt Group.

What personal data do we process and why do we process it?

  1. Information you give us when you contact us:

    These include:
    • Your name;
    • Email address;
    • Company name;
    • Type of inquiry;
    • Subject; and
    • The content of your message
    		 We collect and process this information to respond directly to your questions, feedback, or requests. This allows us to resolve inquiries regarding Mynt, its subsidiaries, and the broader services offered within the Mynt Group.

  2. Information you provide when you do business with us:

    These may include the personal information of your authorized representative (e.g., their full name, designation or job title, and signature of corporate signatories) We collect and process personal information relating to individuals representing our business partners, vendors, contractors, and service providers. This allows us to evaluate, onboard, and manage business relationships necessary for the operations of Mynt and its subsidiaries.

  3. Information you provide when you reach out to us or interact with us on other platforms:

    • Career Inquiry
    		 When you contact us to inquire about career opportunities, we may process your personal information, such as your name and contact information, to respond to your employment inquiries and direct you to our talent channels.
    • Customer Care
    		 When you contact us by chat, phone, or email, we may record our conversation and collect details about you and your concerns. If your concern involves your data, we may ask questions to confirm your identity before we take any action that may affect you. We may also record calls and chats with us to improve our customer service.
    • Social Media
    		 When you interact with us on our official social media pages, we may see the information that you allow us to see from your profile. This may include your photo, profile name, and other information you choose to share. We use this information to respond to your concern, comment, message, or participation in a promo or activity.

  4. Information we process on behalf of the Mynt Group:
    We collect and process your personal information to conduct our regular business activities, which benefit both our company and our subsidiaries. For example, as a shareholder, we register your ownership, investment, and business details for Mynt and its subsidiaries with relevant authorities. We also manage communication efforts to keep you informed about the company's performance and key developments.

    The scope of our activities extends to providing administrative and support services in essential areas including Human Resources, Corporate Affairs, Finance, Legal Services, and others. Mynt also processes personal information to comply with legal and regulatory requirements and to support corporate governance obligations. This may include filings with regulators and government agencies, maintaining corporate records, supporting audits, investigations, and compliance reviews, or responding to lawful requests from authorities.

    These subsidiaries include GXI, Fuse, Ryse, BlockG, and ECPay.

    To learn more about how a specific Mynt Group company handles your data, you may visit their individual Privacy Notices.


How long do we keep your personal data?

We keep your information only as long as necessary to respond to your inquiry or address your concerns, or as long as may be legally required for us, in compliance with prevailing laws, regulations, and for other legal obligations. 

If your information is relevant to an ongoing investigation, legal proceeding, or claim, we will retain it for up to ten (10) years after the completion of the investigation or resolution of the proceeding/claim, or as otherwise required by a court order.

How do we collect your personal data?
  1. Direct interactions: We collect information when you contact us like through our website, when you send us an email, or when you apply to become one of our merchants or business partners. We also collect information through various channels, such as when you interact with us through our official social media pages, through online forms, and pages managed by us or our service providers.

  2. From Mynt Group companies and partners: For example, when we enter into a business engagement with you, we may request information from our affiliates, like our subsidiaries, who you may have previously partnered or interacted with, as part of our due diligence checks or in order to facilitate better communication.

  3. From Other Third Parties: For example, we receive your personal data when you ask another company to transact with us or when you request them to send your personal data to us (exercise of your right to data portability).
Who may receive or use your personal data?
  1. Mynt Group companies: Companies within the Mynt Group work together to provide various services. When allowed by law and when necessary for our services, Mynt may process your personal information to fulfill our role in facilitating common services for our subsidiaries.

    Mynt's role in processing your personal information may extend to new subsidiaries we may acquire, but only if needed to provide our services and in line with this Privacy Notice.
  2. ‍Service providers acting on our behalf: We may share your personal data with trusted service providers. They help us in various ways, such as helping us develop tools and applications to make Mynt services seamless and efficient. They help us answer your questions, analyze and verify information, manage risk, prevent fraud, store data, and provide cloud services.

    Our service providers may process your personal data only for the purposes we allow. They are required by contract to protect your data, keep it confidential, and follow our security requirements. Some of our service providers may store or process data outside the Philippines. When this happens, we use safeguards required by law.

    For security reasons, we may not publish the full list of our service providers. As a data subject, you may request more information on how we process your data. Please see the “How can you exercise your data privacy rights?” section of this Privacy Notice.
  3. Law enforcement agencies, regulatory bodies, local government units, and courts: We may share your personal data with law enforcement agencies, regulators, local government units, courts, and other public authorities when required by law, when needed to protect our rights, or when needed to prevent fraud, crime, or harm to our stakeholders and the public. These may include the Securities and Exchange Commission, the National Bureau of Investigation, the Philippine National Police, courts, and other similar authorities.
  4. Changes in our Business: If Mynt or any part of our business is merged, sold, reorganized, or transferred to another company, we may need to share or transfer personal data as part of that change. This may include sharing limited personal data with potential or actual buyers, investors, or professional advisors when needed to review, negotiate, or complete the change, subject to appropriate confidentiality and security safeguards. If this happens, we will tell you when required by law and explain any important changes to how your personal data will be handled.
How do we delete your personal data?

We securely delete, destroy, anonymize, or make your personal data unreadable when we no longer need it, or when no longer required or allowed by law to keep it. We use security measures that are standard in our industry. 

For physical records, we destroy them by shredding. For electronic records, such as files stored on devices, drives, or other electronic media, we use secure deletion or wiping tools so the data cannot be read or used without authorization.

Do we transfer your data outside the Philippines?

Philippine privacy and data protection laws allow cross-border transfers when proper safeguards are in place. We may store or process your personal data through cloud service providers, service providers, Mynt Group companies, or partners whose systems or centers may be located outside of the Philippines.

We may also share or disclose your personal data to authorized partners outside of the Philippines when allowed by law, needed for the service you choose, covered by the relevant terms or notice, or based on your instruction or consent. While we do not publish the exact location of our systems or data centers for security reasons, as a data subject, you may request more information on where we transfer your data. Please see the “How can you exercise your data privacy rights?” section of this Privacy Notice.

When we transfer or process data outside the Philippines, we use safeguards such as contracts, access controls, security measures, and confidentiality requirements to help keep your personal data protected.

How do we keep your information safe and secure?

Your trust and privacy are important to us. We use safeguards to help keep your personal data safe when it is collected, used, shared, stored, or sent.

There can be risks when you use a digital platform. Someone may try to trick you into giving away your personal data (social engineering) or access your data without permission. We use security measures to help protect your data from loss, misuse, unauthorized access, or other harmful activity.

These security measures include:

  1. Restricting access: Only authorized people, systems, or companies may access your personal data when they need it for an allowed purpose.
  2. Encryption: We use encryption to help protect your personal data when it is stored or sent. Encryption turns information into a secret code that can only be read by someone with the right key.
  3. Multi-factor authentication (MFA): We use MFA in our systems. This means a person needs more than one factor before they can access Mynt tools or applications. For example, when an employee logs in to their employee email account from a new device or location, our tools add an extra layer of security. They send a special code to a registered phone to make sure it’s really the employee.

We also check how data moves into and out of our systems to help keep it protected. We use organizational, physical, and technical security measures aligned with recognized industry standards.

When service providers or partners outside the Mynt Group process personal data, we require them to protect your data and follow our privacy and security requirements. Relevant Mynt Group companies must also follow the security and privacy rules that apply to their services and data use.

What rights do you have regarding your information?

You have rights under the law. These rights may be subject to legal limits. For example, we may need to keep some data to follow the law, prevent fraud, protect users, or resolve disputes. Your rights include:

  1. Right to be informed: You can be told how we collect, use, share, keep, and protect your personal data.
  2. Right to access: You can ask for a copy of the personal data we have about you.
  3. Right to rectify: You can ask us to correct mistakes or errors in your personal data.
  4. Right to object: You can object to certain uses of your personal data, such as processing based on consent or legitimate interest, when allowed by law.
  5. Right to withdraw consent: If we rely on your consent to process your personal data, you can withdraw your consent. This will not affect processing done before you withdrew consent, or processing we must continue under law or for a service you requested.
  6. Right to erasure or blocking: You can ask us to delete, block, or stop using your personal data when allowed by law.
  7. Right to data portability: You can ask for a copy of your personal data in an electronic format. You may also ask us to port or send your data to another company when allowed by law.
  8. Right to file a complaint: You can file a complaint with the National Privacy Commission if you believe your privacy rights were violated.
  9. Right to damages: You may claim compensation if your privacy rights were violated and you suffered damage.

‍For more information about your privacy rights, you can visit the National Privacy Commission’s website to look at resources about the Rights of Data Subjects.

How can you exercise your data privacy rights?

We will handle your requests to access, rectify, delete, block, object to, or port your personal data, unless legal reasons prevent us from doing so.

Before acting on your request, we may ask you to verify your identity. This helps us make sure we are dealing with the right person and protects your data from unauthorized requests.

If your request relates to a service handled by a specific Mynt Group company, we may coordinate with that company or direct your request to the proper channel.

We value your thoughts, feedback, and requests. If you need to talk to us, you may reach us through any of the channels listed in the GCash Contact Us Page.

Is our Privacy Notice up to date?

We periodically update this notice to provide you with the most recent information on how we protect your personal data. Our goal is to keep up with the latest rules about data privacy and advancements in security technologies. We recommend that you visit this page often to stay informed of any updates we make.

Effective Date: 15 June 2026

Seal of Registration