MELANDAS PAYMENTS S.A.P.I. DE C.V. (hereinafter referred to as DAPP), whose address for receiving notifications is located at Av. Antea 1032, Int 304 and 305, Col. Jurica, Querétaro, Qro CP. 76100, Mexico, is responsible for the processing and protection of your personal data. DAPP is committed to protect the privacy of its customers, users, and stakeholders and undertakes its obligations regarding Personal Data protection by treating the Personal Data received with the utmost confidentiality, in accordance with its internal policies and applicable legal provisions.

Therefore, we provide you with the Privacy Notice detailed below, in compliance with the Federal Law on Protection of Personal Data Held by Private Parties (the "Law") and its Regulation.

The purpose of this Privacy Notice is to inform you about the type of Personal Data we collect, the purposes of its Processing, the transfers we may make, and the options you have to exercise your rights of access, rectification, cancellation, and opposition, as well as to revoke the consent you have granted us for the Processing of your Personal Data and to limit its use or disclosure in accordance with the Law.

This Privacy Notice applies if you are a stakeholder, customer, or user of our services, in conjunction with any Terms and Conditions and other contractual documents, including, among others, any contracts we have entered with you.

To avoid doubts, the term Personal Data does not include information from which you cannot be identified (referred to simply as data, non-personal data, anonymous data, de-identified data, or non-identified data).

In this Notice, "Processing" refers to the collection, use, disclosure, or storage of personal data, by any means. The use encompasses any action of access, handling, utilization, transfer, or disposition of personal data.

"Controller" is the natural or legal person of a private nature that decides on the processing of personal data. The uses of the words "we," "our," and "us" within this Notice refer to the Controller (DAPP).


  1. Notice: This physical, electronic, or any other format document generated by DAPP that is made available to the Data Subject prior to the Processing of their Personal Data.
  2. Database: The ordered set of Personal Data referring to an identified or identifiable person.
  3. Personal Data: Any information concerning an identified or identifiable natural person.
  4. Sensitive Personal Data: Those Personal Data that affect the most intimate sphere of the Data Subject or whose misuse could give rise to discrimination or entail a serious risk to them. Those that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical, and moral beliefs, union affiliation, political opinions, sexual preference.
  5. Law: Federal Law on Protection of Personal Data Held by Private Parties.
  6. Data Subject: The natural person who owns the Personal Data.
  7. Processing: any operation or set of operations, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making available, alignment or combination, limitation, erasure, or destruction of your Personal Data.


We collect your information directly when:

  • You access our official website https://dapp.mx/
  • You contact us by phone or through our website or other direct electronic communication means;
  • You interact with us or our services;
  • You enter into a contract with us to use our services;
  • You establish any other relationship with us or interact with us or our services.


DAPP may collect Personal Data directly from the Data Subject, through a third party, or through other sources permitted by Law, and they will be collected, processed, and protected in accordance with this, DAPP's collection of Personal Data will have the purposes established in this Notice and may be safeguarded in DAPP's Database. The Data that DAPP will collect includes:

Full name; address; email address; phone number; date of birth; age; nationality; country and federative entity of birth and/or residence; gender; digitized versions of identity credentials (IFE/INE passport or professional license), digital photograph; Unique Population Registry Code (CURP); geolocation; information of the technological device or any other code that identifies it from which you are connecting to our platform or contracting our services; voice and image that include physical identity, information about your immigration status; electronic signature; handwritten signature as well as any public key you share with us; communications; two-factor authentication reset codes (2FA); and/or information about how you use our website or any other information required by applicable laws and information from legal representatives.

Employment data. Occupation or business activities of the Data Subject.

Financial and asset data. Federal Taxpayer Registry (RFC); financial details such as credit history, bank accounts, card numbers; Standardized Banking Key (CLABE); source of income, amounts to be settled or paid.

Sensitive Personal Data. DAPP does not request or collect Sensitive Personal Data in terms of the Law, in case DAPP requires such data in the provision, a separate privacy notice will be provided to you indicating the Sensitive Personal Data requested, as well as their purpose.

Additionally, we will automatically collect the following information when you use our website:

The type of domain you use to connect to the Internet; the assigned IP address; your location/geolocation; your login information; the date and time of access to the Applications and other related data; location; Application programming interfaces (APIs); pages visited; unique device identifiers; the type of browser used; and the operating system and/or platform used; the search engine used and the keywords used to find the Applications; and any other similar identifying information for communications with the Applications, as provided by this document.

The Data Subject states that the Personal Data provided to DAPP is truthful and up-to-date, and in case of any modification, addition, or update, the Data Subject agrees to communicate it to DAPP immediately through the means established by DAPP.


DAPP is responsible for collecting the Personal Data, using it, and protecting it, to comply with the primary purposes that are necessary and that give rise to the relationship between DAPP and the Data Subject, which allow DAPP to have a contractual relationship with the Data Subject, as well as with the secondary purposes that contribute to providing better attention to the Data Subject, which are listed below:

A) Primary Purposes:

DAPP will handle your Personal Data according to the following primary purposes, which gave rise to the relationship we have with you and are necessary for its existence and maintenance:

  • To identify you as a client, validate your identity, validate your information with the databases of the National Electoral Institute (INE) and the National Population Registry (RENAPO) when applicable.
  • To provide you with information, offer and operate the products and services you have requested.
  • To carry out personal data anonymization procedures.
  • To perform any transaction, you are conducting with us.
  • To collect any outstanding payment that you may have with us.
  • To make payments on behalf of the data subject.
  • To fulfill any contractual obligation, we have with you.
  • To comply with any legal or regulatory obligation, including in matters of anti-money laundering and counter-terrorism financing.
  • To ensure that the content of our application is provided to you efficiently.
  • To administer our platform and for the internal administration and operations of the business, including technical service, data analysis, testing, and research.
  • To contact you for customer service and support purposes.
  • To inform you about changes in our products or services.
  • As part of our efforts to keep our site secure and protected.
  • If you are a beneficiary of a client, to comply with the obligation to deliver the amount of the client's resources.
  • To address queries, complaints, or claims arising from the use of the services or products offered.
B) Secondary Purposes:

You authorize DAPP to use your information for the following secondary purposes, without these being necessary purposes or purposes that give rise to a legal relationship between the Data Subject and DAPP:

  • For statistical purposes, surveys, research, and customer satisfaction.
  • Sending commercial and advertising information via email, mobile phone (SMS, MMS).
  • Providing you with information about other services we offer that are similar and/or additional to those you already have or have requested information about.
  • To send you informational material, such as our Newsletter or similar.
  • To contact you for promotional purposes, such as promotions and contests.
  • To evaluate interest in our product, usability, and behavior with the aim of providing you with better service.

By entering a contract with DAPP, you express your explicit or tacit consent to carry out the processing as provided by the applicable provisions.

The Data Subject may express to DAPP their refusal to process their Personal Data for the secondary purposes, within 5 (five) days following DAPP making this notice available, by email to contacto@dapp.mx.


DAPP uses the Personal Data of the Data Subjects exclusively for the purposes indicated in this Notice and retains them for the period specified in the applicable legal provisions. DAPP shares and transfers the collected Personal Data under the following circumstances:

  • The transfer is provided for by a Law or Treaty to which Mexico is a party;
  • The transfer is necessary for the prevention or medical diagnosis, the provision of health care, medical treatment, or the management of health services;
  • The transfer is made to controlling companies, subsidiaries, or affiliates under the common control of DAPP, or to a parent company or any company of the same group as DAPP that operates under the same internal processes and policies;
  • The transfer is necessary by virtue of a contract concluded or to be concluded in the interest of the Data Subject, by DAPP and a Third Party;
  • The transfer is necessary or legally required for the safeguarding of a public interest, or for the procurement or administration of justice;
  • The transfer is necessary for the recognition, exercise, or defense of a right in a judicial proceeding;
  • The transfer is necessary for the maintenance or fulfillment of a legal relationship between DAPP and the Data Subject.

In compliance with the principles of personal data protection, DAPP will require adherence to the Law, its regulations, and other applicable provisions by the third parties to whom the personal data is transferred and will adopt the necessary measures for their protection.

We may share your Personal Data with third parties with whom contracts have been entered into for the marketing of products and/or services, for the benefit of the Data Subject; after obtaining their consent, considering that sharing your Personal Data is in accordance with the law, is in line with, or is mandatory under, any contractual relationship between you and us, applicable legislation, regulation, or legal process.

Furthermore, in terms of article 37, section III of the Law, they may be shared with subsidiaries, affiliates, or other entities belonging to the same business group, and in cases required by applicable legislation, we will request your consent for such transfer in the terms indicated by this. Said third parties will have access to your Personal Data solely for the purpose of providing the services and fulfilling the primary and secondary purposes specified in the DATA PROCESSING PURPOSE section of this Notice, or to comply with the applicable legislation, exclusively.

We may also be required, by law, by instruction, or by requirement of a competent authority, to disclose to regulatory authorities and/or other competent authorities’ certain information about you and any agreement we have with you.

We may transfer your personal information to a third party as part of the sale of some or all our businesses and assets, or as part of any restructuring or reorganization of the business.

When transferring this data, Third Parties take on the role of the Data Controller that corresponds to them as the Receiving Third Party in terms of the Law and its Regulations. Therefore, if the Receiving Third Party were to use such data for purposes not mentioned in the preceding paragraphs, they would be obligated to obtain your consent prior to its use. We require these Receiving Third Parties to adopt security measures consistent with the protections and purposes specified in this Privacy Notice and applicable legislation to comply with the Principles, Duties, and Obligations of said Law and its Regulations. By accepting this Privacy Notice, you consent to the transfer of your Personal Data in accordance with this Privacy Notice.


We have administrative, technological, and physical security measures in place to ensure the protection, confidentiality, and safeguarding of your Personal Data with the purpose of preventing damage, loss, theft, and restricting access to them by unauthorized persons and entities, in compliance with applicable legislation such as the Federal Law on Protection of Personal Data Held by Private Parties. Likewise, our employees, representatives, consultants, and/or third parties involved in any phase of the Processing of your Personal Data will maintain confidentiality regarding them and will handle them in accordance with this Privacy Notice and applicable legislation, an obligation that will persist even after ending the relationship with such individuals.


The Data Subject is responsible for the accuracy, truthfulness, authenticity, and validity of the Personal Data provided to DAPP and has the right to exercise the rights of Access, Rectification, Cancellation, and Opposition regarding them. Therefore, you have the right to know what Personal Data we have from you, how we use it, and the conditions of use we give it (Access). Likewise, it is your right to request the modification of your personal information if it is outdated, inaccurate, or incomplete (Rectification); that we delete it from our records or databases when you consider that it is not being used in accordance with the principles, duties, and obligations provided for in the regulations, and the legislation does not establish a provision to the contrary (Cancellation); as well as to oppose the use of your Personal Data for specific purposes (Opposition). These rights are known as ARCO rights.

Similarly, you have the right to revoke the consent you have granted us for the Processing of your Personal Data. If you wish to revoke your consent, you can do so by sending a written request, accompanied by a copy of your official identification, to the email address: contacto@dapp.mx following the Procedure to exercise the ARCO Rights described in the following section, also considering the deadlines described therein, and indicating whether the revocation is regarding all purposes or only some of them.

If it concerns only some purposes, you must specifically mention which ones. Revocation is only applicable for "secondary purposes," without this resulting in the conclusion of the processing of the primary purposes that are necessary in the legal or contractual relationship to provide the service; otherwise, the service would be terminated by not having your data.


The Data Subject, either personally or through a duly accredited legal representative, may exercise the Personal Rights against DAPP.

For this purpose, we have enabled the following email address derechosarco@dapp.mx for the Privacy Department to receive and address your request, which must contain at least the following information, in accordance with the Law:

  1. Your full name, an email address, or another means for tracking your request and communicating the corresponding response;
  2. A copy of your official identification to prove data ownership (Voter ID, Passport, or professional ID). In some cases, sending a digital photograph (self-portrait) showing you as the holder of the official identification (INE) may be required to verify your identity remotely.
  3. If you make your request through a legal representative, in addition to proving the identity of both (Data Subject and Legal Representative), you must send a legible copy of the notarized power of attorney granted to the legal representative, or if applicable, a power of attorney letter signed before two witnesses.
  4. A clear and precise description of the right you wish to exercise and, if applicable, a description of the facts that motivated you to do so.
  5. Any other element or document that facilitates the location of the personal data.

We may request additional information or the completion of a form within five days after receiving your request if the information provided in the request is insufficient or incorrect. You will have ten days to respond to this requirement; if no response is given within said period, the corresponding request will be considered not submitted.

If you request the rectification of your Personal Data, you may update those related to your identification document or contact details through the Application; otherwise, you must submit the Rectification request according to this procedure and, in addition to complying with the aforementioned items, indicate the modifications to be made and provide the documentation supporting your request.

Once we receive your request and it is complete, DAPP will have a period of 20 (twenty) business days to respond regarding its acceptance or rejection. If it is accepted, DAPP will have an additional period of 15 (fifteen) business days to make it effective by providing the information to the data subject (electronic documents or evidence supporting the exercise of the right) through the same means of attention.

Any request to exercise ARCO rights may be denied in the following cases:

  1. When the requester is not the Data Subject, or their legal representation is not duly accredited for it.
  2. When the Personal Data is not found in the DAPP database.
  3. When the rights of a third party are infringed.
  4. When there is a legal impediment or a resolution from a competent authority restricting access to the Personal Data or not allowing its rectification, cancellation, or opposition, and
  5. When rectification, cancellation, or opposition has been previously carried out.

The denial referred to in the previous point may be partial; in this case, DAPP will carry out the access, rectification, cancellation, or opposition required by the Data Subject.

Additionally, DAPP may refuse the cancellation of the processing of personal data under the assumptions established in articles 26 of the Federal Law on Protection of Personal Data Held by Private Parties.

Exercising ARCO Rights is simple and free of charge; the Data Subject, if applicable, shall only cover the shipping, reproduction, and, if necessary, certification expenses of documents, except for the exception provided by Law.

Here's your text translated into English:


You can contact INAI through the following link: http://inicio.inai.org.mx/SitePages/Contactanosf.aspx

Exercising any of these rights is not a prerequisite and does not prevent the exercise of another.


Cookies are data files stored on the hard drive of a user's computer or electronic communication device when browsing a specific internet site, which allow for the exchange of state information between said site and the user's browser. State information can reveal session identification, authentication, or user preferences, as well as any data stored by the browser regarding the internet site.

We have designed our Website so that you can browse and use it without the need to provide Personal Data, subjected only to certain data that may be collected through the use of cookies, in accordance with what is established in this Privacy Notice. Therefore, this document should be interpreted in conjunction with our Cookie Policy, which provides more information about our use of cookies on the Website. You can consult our Cookie Use Policy at the following link: https://dapp.mx/

We may use cookies to understand your behavior as a user of our Website and provide you with a better browsing experience on the platform. You can accept, disable, or manage cookies directly in your browser preferences; understanding that if you decide to block or disable them, you may not be able to access certain content on the Website or cause a deficiency in the performance and/or functioning of the platforms.


We inform you that we reserve the right to make modifications or updates to this Privacy Notice at any time to address legislative or jurisprudential novelties, internal policies, new requirements for the provision or offering of our services or products, and market practices.

Changes to this Privacy Notice will be notified to you through our Website.


DAPP has implemented administrative, physical, and technical security measures to prevent the misuse and disclosure of personal data.

You can limit at any time the use or disclosure of your Personal Data provided through the exercise of the ARCO Rights indicated in this notice by registering in our own exclusion list. Additionally, to ensure that your personal data is not disclosed or used without your consent.


Your information will be retained for the time required to fulfill the purposes established in this Privacy Notice and pursuant to what is required by applicable laws. Information related to identification, as well as those acts and operations in our service, must be safeguarded for at least ten years.


For the purposes established in this Notice, the Data Subject will be responsible for keeping their email account, address, or other contact information provided to DAPP updated to hear and receive notifications.

Last updated: June 23, 2023.

Forgot my password