Privacy Policy

PayVeta LLC, a Delaware limited liability company ("PayVeta", "we", "us", or "our"), provides payment processing and payment-facilitation services and operates the website at payveta.com (the "Site"). This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights you have. By using the Site or our services, you agree to this Policy.

1. Scope

This Policy applies to information we process as a controller — for example, visitors to the Site, prospective merchants, and people who contact us. When we process cardholder and transaction data on behalf of a merchant to deliver payment services, we generally act as a processor / service provider under that merchant's instructions and agreement, and the merchant's own privacy notice governs that data.

2. Information we collect

Information you provide to us

• Contact & form data: when you submit our contact form we collect your name, work email, company, monthly volume, vertical, intent, and any message you include. These submissions are delivered to us by email through our provider Mailgun.
• Merchant application & onboarding data: business details, beneficial-ownership information, government identifiers, and banking details needed for underwriting, KYC/KYB, and anti-money-laundering (AML) compliance.
• Correspondence: records of your communications with our sales, support, and underwriting teams.

Information collected automatically

• Usage & device data: IP address, browser type, device and operating system, pages viewed, referring URLs, and timestamps, collected through cookies, pixels, and similar technologies (see §4).
• Security & network data: information our infrastructure provider (Cloudflare) processes to route traffic, mitigate attacks, and keep the Site available.

Information from third parties

• Identity / business verification providers, sanctions and fraud databases, card networks and acquiring banks, and (where you connect a bank account) account-verification providers such as Plaid.

3. Cookies & analytics

We use a small number of cookies and similar technologies. Strictly-necessary cookies keep the Site secure and functional. Analytics technologies help us understand aggregate usage so we can improve the Site.

• Clicky (Roxr Software): privacy-aware website analytics measuring page views and aggregate traffic. See clicky.com/help/privacy.
• Google Analytics (Google LLC), where enabled: measures aggregate Site usage. You can opt out with Google's browser add-on at tools.google.com/dlpage/gaoptout.
• Cloudflare: sets security/performance cookies and may log request metadata to protect and deliver the Site.

You can control cookies through your browser settings; blocking some cookies may affect Site functionality. We honor Global Privacy Control (GPC) signals where required by law.

4. How we use information

• To provide, operate, secure, and improve the Site and our services;
• To respond to inquiries and process merchant applications and underwriting;
• To comply with AML, sanctions, card-network, and other legal obligations;
• To detect, prevent, and investigate fraud and security incidents;
• To send service and, where permitted, marketing communications (you may opt out); and
• To produce aggregated, de-identified analytics.

5. Legal bases (EEA / UK)

Where the GDPR or UK GDPR applies, we rely on: performance of a contract; our legitimate interests (operating, securing, and improving our services); compliance with a legal obligation; and your consent (for example, certain cookies and marketing), which you may withdraw at any time.

6. How we share information

We do not sell your personal information. We share it with service providers and sub-processors that act on our behalf under contract, with banking and card-network partners to deliver payments, and with authorities when required by law or to protect our rights. Our principal sub-processors include:

7. International transfers

We are based in the United States and our providers may process data in the U.S. and other countries. Where we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

8. Data retention

We keep personal information for as long as needed to provide our services and for legitimate business and legal purposes — including AML and financial record-keeping obligations, which may require retention for several years after a relationship ends. We then delete or de-identify it.

9. Data security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, access controls, and continuous monitoring. PayVeta maintains PCI DSS Level 1 controls for cardholder data. No method of transmission or storage is perfectly secure.

10. Your rights & choices

Depending on where you live, you may have the right to access, correct, delete, or port your personal information; to opt out of certain processing, including "sales" or "sharing" and targeted advertising under U.S. state laws; and to withdraw consent. Residents of California (CCPA/CPRA), Virginia, Colorado, and similar states, and individuals in the EEA/UK, have these rights. To exercise them, email [email protected]. We will not discriminate against you for exercising your rights, and you may appeal a decision or lodge a complaint with your data-protection authority.

11. Children's privacy

Our Site and services are intended for businesses and are not directed to children under 16. We do not knowingly collect personal information from children.

12. Changes to this Policy

We may update this Policy from time to time. We will post the revised version here and update the "Last updated" date; material changes may be communicated by additional notice.

13. Contact us

Questions or requests? Email [email protected]. PayVeta LLC is the data controller for information processed about Site visitors and prospects.