This Privacy Policy explains how GuardedPay collects, uses, and protects your personal information.
1. Introduction
GuardedPay ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our warranty certificate services.
This policy applies to both merchants (businesses) and customers (end users) who interact with our platform.
2. Information We Collect
2.1 Information You Provide Directly
Merchants:
- Business name, address, and contact information
- Tax identification number (EIN/SSN)
- Bank account details for payouts
- Government-issued identification
- Authorized representative contact details
Customers:
- Name, email address, phone number
- Billing address
- Payment card information (tokenized by NMI, not stored by GuardedPay)
2.2 Information Collected Automatically
- IP address and geolocation data
- Device information (browser, operating system, device type)
- Transaction metadata (timestamp, amount, merchant ID)
- Session tokens and cookies
- Log data (API requests, errors, performance metrics)
2.3 Information from Third Parties
- Card network data (AVS/CVV responses, authorization codes)
- NMI payment gateway transaction data
- Fraud prevention services (risk scores, device fingerprints)
3. How We Use Your Information
3.1 Transaction Processing
- Process payments and authorize transactions
- Issue warranty certificates and redemption codes
- Send transaction confirmations via email and SMS
3.2 Fraud Prevention and Security
- Detect and prevent fraudulent transactions
- Monitor for suspicious activity
- Comply with anti-money laundering (AML) regulations
- Maintain PCI-DSS adjacent compliance
3.3 Business Operations
- Manage merchant accounts and processing caps
- Calculate chargeback ratios and risk scores
- Process payouts to merchants
- Provide customer support
- Generate analytics and reporting
3.4 Legal Compliance
- Respond to legal requests (subpoenas, court orders)
- Comply with KYC (Know Your Customer) requirements
- Enforce our Terms of Service
- Maintain audit trails for regulatory purposes
4. Data Sharing and Disclosure
We do not sell, rent, or share your personal information with third parties for their own marketing purposes.
4.1 Service Providers
We share data with trusted third parties who help us operate our business:
| Service Provider | Purpose |
|---|---|
| NMI Payment Gateway | Payment card processing and tokenization |
| Cloud Hosting (GCP) | Server infrastructure and data storage |
| Fraud Prevention | Transaction risk scoring and device fingerprinting |
| Email/SMS Services | Transaction confirmations and notifications |
4.2 Card Networks
We share transaction data with Visa and Mastercard as required for payment processing and chargeback handling.
4.3 Legal Requirements
We may disclose information when required by law or in response to:
- Court orders, subpoenas, or legal processes
- Government or regulatory investigations
- Requests from law enforcement
- Protection of our rights or property
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, customer and merchant data may be transferred to the acquiring entity.
5. Data Security
5.1 Security Measures
We implement industry-standard security practices:
- Encryption: TLS 1.3 for data in transit, AES-256-GCM for data at rest
- Tokenization: Card data is tokenized by NMI and never stored by GuardedPay
- Access Controls: Role-based access with multi-factor authentication
- Audit Logging: Comprehensive audit trails for all administrative actions
- Rate Limiting: Protection against brute force and DDoS attacks
- Secure Coding: Input validation, parameterized queries, XSS/CSRF protection
5.2 Data Retention
- Transaction data: 7 years (regulatory requirement)
- Merchant account data: 10 years after account closure
- Customer data: Duration of active certificate plus 7 years
- Log data: 90 days (unless required for investigations)
6. Your Rights
6.1 Access and Correction
You have the right to access your personal information and request corrections. Merchants can update their information via the dashboard. Customers can contact us at privacy@guardedpaypro.com.
6.2 Data Deletion
You may request deletion of your personal data, subject to legal and regulatory retention requirements. We must retain transaction data for 7 years under card network rules.
6.3 Data Portability
Merchants can export their transaction history and analytics data from the dashboard. Customers can request a copy of their data by contacting us.
6.4 Opt-Out Rights
You can opt out of:
- Marketing emails (transaction confirmations cannot be disabled)
- Analytics and performance monitoring (may impact service quality)
7. Cookies and Tracking
7.1 Essential Cookies
We use essential cookies to maintain your session and authenticate requests. These cannot be disabled without affecting core functionality.
7.2 Analytics Cookies
We use analytics cookies to understand how users interact with our platform and improve performance. These can be disabled in your browser settings.
8. Children's Privacy
GuardedPay is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected information from a child, we will delete it immediately.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before they take effect. Your continued use of GuardedPay constitutes acceptance of the updated policy.
11. California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information (we do not sell data)
- Right to deletion (subject to exceptions)
- Right to non-discrimination for exercising CCPA rights
To exercise these rights, contact us at privacy@guardedpaypro.com.
12. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
13. Contact Us
For privacy-related questions or to exercise your rights, contact:
GuardedPay Privacy Office
Email: privacy@guardedpaypro.com
Support: support@guardedpaypro.com