Privacy Policy
Data Collection & Legal Basis
Business Enrollment: Legal name, EIN, ownership details, MCC codes, and physical address (required for underwriting).
Transaction Processing: Card/account numbers, IP addresses, device fingerprints (used for fraud monitoring per PCI-DSS 4.0).
High-Risk Verticals:
- Travel Industry: Customer itineraries for chargeback disputes.
- Adult Content: Age verification data and discreet billing descriptors.
Biometric Data: Facial recognition for identity verification (with separate opt-in consent).
Data Sharing & Third Parties
Payment Infrastructure: Data shared with gateways (e.g., NMI, E-Compro) solely for transaction clearing.
Regulatory Disclosures: Responding to subpoenas from FTC, PCI Council, or financial authorities.
No Sale of Data: Explicit prohibition on selling data to advertisers or brokers.
Security Protocols
Encryption: AES-256 for data at rest; TLS 1.3+ for in-transit data.
Hardware Security: P2PE/EMV-certified terminals (e.g., Dejavoo D1) with tamper-evident seals.
Tokenization: Replacement of PANs with tokens for all stored payment data.
User Rights & Controls
Integrated GDPR/CCPA mechanisms
privacy@paysys.us (processed in 72 hours).
Industry-Specific Disclosures
High-risk vertical addendums
| Industry | Data Collected | Special Safeguards |
|---|---|---|
| Travel | Booking confirmations | Dynamic reserve holds |
| Adult Content | Age verification | 2257 compliance audits |
| Non-Profits | Donor histories | PCI-P2PE for recurring gifts |