Stratus Payments Solutions
REPAY Privacy Policy - Last modified: March 1, 2022

Repay Holdings, LLC, through its subsidiaries (collectively, "REPAY," "we," "us" or "our"), provides integrated payment processing solutions to businesses with specific transaction processing needs.  We collect and process information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("Personal Information") as described in this REPAY Privacy Policy (this "Policy").

We take the privacy of your Personal Information very seriously and are committed to the responsible use and protection of it. This Policy contains details about how we collect, use, and share with third parties Personal Information that we obtain from and about you, including when you use our payment services (the "Services") through our mobile application (our "App"), our website or websites that we host or power (collectively, the "Websites") or otherwise. Please read this Policy carefully.

If you are a California resident, please see "Your California Privacy Rights" below for more information about your privacy rights under California law.

Overview

We obtain Personal Information about you from various sources in order to provide the Services, manage the Websites and App and for other purposes described below.  You may be a visitor to our Websites, a user of our App, or a customer of a business that has contracted with us to provide the Services to you (a "REPAY Customer"). If you are a customer of a REPAY Customer, then please note that we are a service provider to such REPAY Customer and we collect and process Personal Information at the REPAY Customer’s direction.  If you have any questions about how the REPAY Customer has directed us to process your Personal Information, please contact the REPAY Customer.

Personal Information We Collect

We may collect the following types of Personal Information:

  • Identifiers, such as name, date of birth, email address, physical address, telephone number, account number or name and password.
  • Protected characteristics, such as age, race, gender, and marital status.
  • Financial information, such as debit card numbers, social security numbers, bank account information, and any background information provided by you or collected by us as part of our business analysis, client onboarding, regulatory compliance checks and other related processes.
  • Internet usage information, such as your browsing history, IP addresses, cookie IDs, search history, and information regarding your interactions with and use of the website or mobile applications. For more information, see "Cookies and Other Tracking Technology," below.
  • Commercial information, including products or services purchased, obtained or considered, or other purchasing or consumer history.
  • Audio, electronic, visual, thermal, olfactory or similar information, such as video conferences with REPAY Customers.
  • Professional or employment-related information, such as job title, business address, employment history, or other professional information.

How We Collect Personal Information

We collect Personal Information about you in the following ways and from the following sources:

  • In connection with the Services. If you are a customer of a REPAY Customer, when you make payments or conduct transactions through a REPAY Customer’s website, our Websites, or our App, we will receive your transaction information. Depending on how the REPAY Customer implements our Services, we may receive this information directly from you, the REPAY Customer or third parties. The Personal Information that we collect may include payment method information (e.g., credit or debit card number, or bank account information), transaction amounts, and date of transaction. Different payment methods may require the collection of different categories of Personal Information. The REPAY Customer will determine the payment methods that it enables you to use, and the payment method information that we collect will depend upon the payment method that you choose. When you make a transaction, we may also receive your name, email, billing or mailing address and, in some cases, your transaction history to authenticate you.
  • Directly from you. We also collect Personal Information directly from you when you submit requests for information on the marketing page of our Website.
  • Through cookies and other tracking technologies. We may collect information about how you use the Websites or otherwise interact with us online automatically, such as IP address, information about your device, internet usage, browsing preferences, browser type, website activity, and other technical information when you interact with us online.  We may also collect information about how you use the App. For more information, see "Cookies and Other Tracking Technologies," below.
  • From third parties.We may collect Personal Information from third parties, such as service and content providers, business partners, companies that provide or sell lists of potential customers, or from others interacting with us.
  • From public sources.We may collect information about you from public sources such as government entities that maintain public records or information you submit in public forums.

We may combine information that we receive from the various sources described in this Policy, including third party sources and public sources.

How We Use Personal Information

We may use Personal Information for the following purposes:

  • To provide the Services, such as to register and administer accounts on the App or the Websites; provide customer support; diagnose, repair and track service and product quality issues; communicate with you about the Services; authenticate your identity; verify eligibility for certain programs; to respond to requests, complaints, and inquiries; and otherwise facilitate your relationship with us.
  • To prevent fraud, such as using Personal Information about you obtained through our Services and from our business partners and identity verification services to confirm your identity and detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity. Our fraud monitoring, detection and prevention services may collect Personal Information about you and use technology to help us assess the risk associated with an attempted transaction by you with a REPAY Customer.
  • For our own internal business purposes, such as to evaluate or audit the usage, performance and safety of the Services; evaluate and improve the quality of the Services and design new products and services; operate our Websites and App; internal research and analytics purposes; display or evaluate the effectiveness of our advertising or marketing efforts; evaluate and improve the quality of your interactions with us; catalog your responses to surveys or questionnaires; or maintain internal business records.
  • For marketing, such as for contextual ad customization or to market the Services or the services of our affiliates, business partners, or other third parties. We may use Personal Information we collect to send you newsletters, surveys, questionnaires, promotions, or information about events. You can unsubscribe to our email marketing via the link in the email or by contacting us using one of the methods described in "Contact Information," below.

With Whom We Share Personal Information

We do not sell your Personal Information to third parties and have not sold Personal Information in the past 12 months.  However, we may share Personal Information with the categories of recipients described below:

  • Affiliates and subsidiaries. We may share Personal Information within our group of companies, which includes parents, subsidiaries, business units, and other companies that share common ownership for the purposes described above.
  • Service providers. We may share information with service providers or subcontractors that help us perform our business functions, including completing a transaction you request or supporting our relationship with you, such as IT providers, accountants, logistics providers, analytics companies, and marketing providers.
  • Business partners. We share Personal Information with third party REPAY Customers for which we act as a service provider and other business partners in connection with providing the Services. Examples of third parties to whom we may disclose Personal Information for this purpose are lenders, banks and other third party processors (such as credit card networks) when we provide payment processing services.
  • Law enforcement and other government agencies. We may share information with third parties like law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our Website Terms of Use and other agreements; and to protect ours, our users’, or third parties’ rights, property or safety.
  • Parties to a corporate transaction. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Information with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your Personal Information, but only in the manner set out in this Policy. 

Cookies and Other Tracking Technologies

What are Tracking Technologies? We refer to cookies, web beacons (also known as pixel tags) and other similar technology as "Tracking Technology."  A "cookie" is a small text file that is sent to or accessed from your web browser or your computer’s hard drive. Some cookies exist only during a single browsing session and some are persistent over multiple browsing sessions. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the "lifetime" of the cookie (when it expires), and a randomly generated unique identifier. A cookie may also contain information about your computer, such as user settings, browsing history and activities conducted while using the Services. A "web beacon" (also called a "pixel tag") is a piece of computer code that enables us to monitor user activity and traffic on our Websites.  To learn more about cookies and web beacons, visit www.allaboutcookies.org.

How We Use Tracking Technology. Tracking Technology helps us improve your experience of the Services. In particular, we use Tracking Technology for the following purposes:

  • Storing your preferences and settings. We may store settings that enable our Websites to operate correctly or that maintain your preferences over time on your device. For example, we save preferences, such as language and browser settings, so those do not have to be reset each time you return to the Websites.
  • Sign-in and authentication. When you sign into your account on our Websites, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device. This cookie allows you to move from page to page within the Website without having to sign in again on each page. You can also save your sign-in information so you do not have to sign in each time you return to the Website.
  • Security. We use cookies to detect fraud and abuse of our Websites and Services.
  • Interest-based advertising. We use cookies to collect data about your online activity and identify your interests so that we can provide advertising that is most relevant to you.
  • Analytics. To provide the Services and improve your user experience on our Websites, we use cookies and other identifiers to gather usage and performance data. For example, we use cookies to count the number of unique visitors to a web page or service and to develop other statistics about the operations of our Services. This includes cookies from us and from third-party analytics providers.
  • Performance. We use cookies for load balancing to ensure that our Websites remain up and running.

Controlling cookies.  Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. For example, in most modern browsers, you can block or delete cookies by clicking Settings > Privacy > Cookies. Instructions for blocking or deleting cookies in other browsers may be available in each browser’s privacy or help documentation.

Certain features of the Services depend on cookies. Please be aware that if you choose to refuse or delete cookies, some of our Website functionality may be impaired.  If you change computers, devices, or browsers, or use multiple computers, devices, or browsers, and delete your cookies, you may need to repeat this process for each computer, device, or browser. Please refer to your browser’s Help instructions to learn more about how to manage cookies and the use of other Tracking Technologies.

The Digital Advertising Alliance and Network Advertising Initiative provide mechanisms for you to opt out of interest-based advertising performed by participating members at www.aboutads.info and http://optout.networkadvertising.org/. Opting out of interest-based advertising will not opt you out of all advertising, but rather only interest-based advertising from us or our agents or representatives.  Additionally, we use analytics services, such as HubSpot, which use Tracking Technology to analyze your use of our Websites.

Data Security

The security of your Personal Information is very important to us. We maintain organizational, technical and administrative measures designed to protect Personal Information within our organization against unauthorized access, destruction, loss, alteration or misuse, consistent with applicable regulatory requirements and applicable published security standards. Your Personal Information is only accessible to a limited number of personnel who need access to the information to perform their duties.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your Personal Information, we cannot guarantee absolute security. When you provide us with financial information, we encrypt the transmission of that information by using industry practices as outlined by the Payment Card Industry Data Security Standard (PCI DSS).

If you have reason to believe that your Personal Information is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately at (877) 607-5468 or privacy@repay.com.

Children’s Privacy

We recognize the importance of children’s safety and privacy on the Internet. For this reason, we do not knowingly collect or sell any information, including Personal Information, from children under 16 years of age.  The Services are intended for individuals 16 years of age and older. They are not directed at, marketed to, or intended for, children under 16 years of age. If you believe that we have inadvertently collected Personal Information from a child under the age of 16, please contact us using one of the methods identified in "Contact Information" below, and we will take immediate steps to delete the Personal Information.

SMS Text Messaging

In certain cases, we may send you a SMS text message regarding text-to-pay Services, for payment confirmation and other messages to your mobile phone number. Once you provide us with your mobile phone number (message and data rates may apply), you will receive a text message from us to complete the setup process. By replying to the text message, you will be confirming in writing that you have agreed to receive text messages containing information such as payment confirmations, bill reminders and other relevant messages, including information to inform you of new or additional Services offered by us from which you may benefit. Message frequency depends upon your payment activity and other information such as your geographic location that we may use to send you messages relevant to our Services available in your area.

To opt-out at any time, respond to the text with STOP. If you cancel, we will send you a text message to confirm we have processed your cancellation. When you opt-out of receiving text messages, it does not affect other Services that are provided. Text messaging is not available in all areas. Not all mobile phones have SMS text capability.

External Links

Our Websites may contain links to external sites or other online services that we do not control, including those embedded in third party advertisements or sponsor information. We are not responsible for the privacy practices and data collection policies for such third-party services. You should consult the privacy policies of those third-party services for details.

Website Terms of Use

The Website Terms of Use are incorporated by reference into this Policy and can be found at: www.repay.com/website-terms-of-use.

Your California Privacy Rights

This section applies to California residents whose Personal Information is subject to the California Consumer Privacy Act of 2018 ("CCPA").  If you are not a California resident, the rights described in this section do not apply to you.

Our Status as a Service Provider

In the vast majority of cases, we collect and process Personal Information solely in our capacity as a service provider to REPAY Customers.  In that context, we receive Personal Information from REPAY Customers and collect information from you on behalf of REPAY Customers and solely for the business purpose of providing the Services. If you are a customer or other user associated with a REPAY Customer on whose behalf we have collected or processed your Personal Information, the CCPA rights described below do not apply to Personal Information collected and processed on behalf of such REPAY Customer.  If you have questions or wish to exercise your rights relating to such Personal Information, please contact that REPAY Customer directly.

Summary of Personal Information Collected

Below is a summary of the categories of Personal Information we have collected from consumers in the previous 12 months and the categories of third parties with whom we have shared Personal Information.  The summary below provides disclosure required by the CCPA and does not include Personal Information that we collect as a service provider of REPAY Customers.  Please see "Personal Information We Collect," above, for disclosure that includes such Personal Information.

Information about the categories of sources from which we collect Personal Information and the purposes for which we use Personal Information are described above in "How We Collect Personal Information" and "How We Use Personal Information," respectively.

Categories of Personal Information We Collect Categories of Third Parties With Whom We Share Personal Information for a Business Purpose
Identifiers
  • Service providers, such as IT providers, accountants, logistics providers, analytics companies, and marketing providers;
  • Business Partners in connection with requested transactions;
  • Law enforcement or other authorities for legal compliance; and
  • Entities involved in a corporate reorganization, merger, or acquisition and their representatives.
Internet usage information
  • Service providers, such as IT providers, accountants, logistics providers, analytics companies, and marketing providers;
  • Business Partners in connection with requested transactions;
  • Law enforcement or other authorities for legal compliance; and
  • Entities involved in a corporate reorganization, merger, or acquisition and their representatives.
Commercial information
  • Service providers, such as IT providers, accountants, logistics providers, analytics companies, and marketing providers;
  • Business Partners in connection with requested transactions;
  • Law enforcement or other authorities for legal compliance; and
  • Entities involved in a corporate reorganization, merger, or acquisition and their representatives.

 

Your CCPA Rights

Subject to certain legal limitations and applicable exceptions, California residents may exercise the following rights.

  • Right to Know. You have the right to request that we disclose to you the categories of Personal Information we have collected about you in the preceding 12 months, the categories of sources from which we collected the Personal Information, the purposes for collecting the Personal Information, and the categories of third parties with whom we have shared your Personal Information.  You may also request information about the specific pieces of Personal Information we have collected about you.
  • Right to Delete. You have the right to request that we delete your Personal Information that we have collected from you.

How to Exercise Your Rights

You may exercise your rights under the CCPA by either:

You may also designate an authorized agent to exercise these rights on your behalf by following the process described in "Authorized Agents," below.

You may request access to your Personal Information twice in any 12-month period, measured from the date we receive your first request.  If you submit a request to obtain your Personal Information more than twice in any 12-month period, we will either: (i) proceed with honoring your request; or (ii) deny your request in writing.

In accordance with applicable law, you have the right not to receive discriminatory treatment from us as a result of your exercising these rights.

Verification

In order for you to exercise your CCPA rights, we will need to obtain certain information from you to verify your identity.

For a report of the specific Personal Information we have processed about you, you must provide us with three of the following pieces of information in order for us to verify your identity:

  • full name;
  • email address;
  • mailing address;
  • your account number with a REPAY Customer;
  • previous REPAY transaction ID;
  • your REPAY Customer ID; or
  • The last four digits of your debit card number, credit card number or bank account number used to make a payment via REPAY.

You also must provide us with a signed declaration, under penalty of perjury, that you are who you say you are.

For a report of the categories of Personal Information we have processed about you or for a request to delete your Personal Information, you must provide us with two of the above-referenced pieces of information in order for us to verify your identity.

To the extent possible, we will use our existing account authentication practices to verify your identity. Where necessary, we may request additional information about you so that we can verify your identity. Where we did not already hold that information, we will use it only for the purpose of verifying your identity and to process your request.  If you are submitting a request on behalf of a household, we will need to verify each member of the household in the manner set forth in this section.

Authorized Agents 

You may use an authorized agent to exercise your CCPA rights on your behalf.  Authorized agents may demonstrate that the agent has authority to exercise rights on the requesting consumer’s behalf by submitting supporting documentation to privacy@repay.com.  At a minimum, we will require evidence of the agent’s identity (via passport or driver’s license submission), and at least one of the following evidencing proof of your legal authority to act on the behalf of the individual who is the subject of this request:

  • Written authorization signed by the consumer;
  • Certified copy of a Power of Attorney granted under the California Probate Code; or
  • Evidence of parental responsibility.

Whenever you interact with us on behalf of another individual or entity, such as by providing or accessing Personal Information about another individual, you represent that your interactions and exchanges comply with applicable data privacy laws. You shall have sole responsibility for any violation of applicable laws as a result of a failure to obtain any necessary consent from such individual.

Timing 

We will respond to Requests to Delete and Requests to Know within 45 calendar days, unless we need more time, in which case we will notify you and may take up to 90 calendar days total to respond to your request.

Contact Information

If you have questions regarding this Policy or our privacy practices generally, please contact us at:

Email: privacy@repay.com

Phone: (877) 607-5468

Mail: REPAY, Attn: Legal Department, 3 West Paces Ferry Road, Suite 200, Atlanta GA 30305

We may update this Policy from time to time. The current Policy will be effective when posted. Please check this Policy periodically for updates. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will notify you of any changes to this Policy by posting an update on the Websites.

If you are having trouble viewing or accessing this Policy or need it made available to you in an alternative format, please contact us at support@repay.com.