Effective Date: December 21, 2019
Last Updated: July 1, 2021

Paymentus Corporation (collectively referred to herein as "Paymentus", "we", "our", or "us") recognizes the importance of protecting personal data we may collect from visitors and any other individual or entity ("users", "you", or "your") who visit our web sites or otherwise provide us with personal data. This Privacy Policy applies to data collection by Paymentus and applies to your use of the website, www.paymentus.com and other Paymentus-related sites, including those we maintain for our customers ("billers"), mobile and other applications, software, communications, capabilities and services ("Services") accessible on or by any top-level Paymentus domain owned by us (each, a "Site" and collectively the "Sites"), but excluding services that state that they are offered under a different privacy policy. This Privacy Policy also applies to information we may collect from representatives of billers and from others directly at trade shows or through similar interactions.

Our Privacy Policy explains: (1) what information we collect; (2) why we collect it; (3) how we use that information; (4) how we may share it; and (5) the choices we offer, including how to access and delete information. Specifically, our Privacy Policy covers the following topics:

Please familiarize yourself with our privacy practices and let us know if you have any questions. By using the Sites, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Sites.

If you have any questions or comments about this Privacy Policy, please submit a request to privacy@paymentus.com.

When This Privacy Policy Applies

Our Privacy Policy applies to all of the Services offered by Paymentus and its affiliates, including some Paymentus partners, and Services offered on other sites, but excludes services that have separate privacy policies that do not incorporate this Privacy Policy.

Our Privacy Policy does not apply to services offered by other companies or individuals, including your biller, products or sites that may be displayed to you, or other sites linked from our Services. Our Privacy Policy does not cover the information practices of your biller, of other companies through which you may receive information or originate payments to or from your biller, or other companies and organizations who advertise our Services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.

Website Conditions of Use

By accessing or using the Sites in any manner, you also agree to be bound by our Website Conditions of Use. Please read the Conditions of Use carefully. If you do not accept all of the terms and conditions contained in or incorporated by reference into the Conditions of Use, please do not use the Sites.

Information We Collect

We collect information, including Personal Data, to provide better services to all our users and, in the case of information we collect from individuals connected with our commercial customers or prospects, for marketing purposes. We use the term "Personal Data" to refer to any information that identifies or can be used to identify you. Common examples of Personal Data include: full name, email address, digital identity, such as a login name or handle, information about your device, and certain metadata.

“Sensitive Personal Data” refers to a smaller subset of Personal Data which is considered more sensitive to the individual, such as race and ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric information, physical or mental health information, medical insurance data, or sexual orientation

The Personal Data we collect includes, but is not limited to, the following circumstances and data elements:

For additional information on the information we collect, please review our Privacy Notice to California Residents and Privacy Notice to European Residents.

If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so and acknowledge that it will be used in accordance with this Privacy Policy. If you believe that your Personal Data has been provided to us improperly, or to otherwise exercise your rights relating to your Personal Data, please contact us by using the information set out in the "How to Contact Us" section below.

We obtain Personal Data from the following categories of sources:

Cookies & Similar Technologies

We and our partners use various technologies to collect and store information when you visit one of our Sites or use our mobile apps, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services from our partners, such as advertising services from our third party advertising and analytics partner Google Analytics and similar partners.

The technologies we use for this automatic data collection may include:

We use information collected from cookies and other technologies, to improve your user experience and the overall quality of our services. We may use your Personal Data to see which web pages you visit at our Site, how you navigate through and interact with our Site and mobile apps, which web site you visited before coming to our Site, and where you go after you leave our Site. We can then develop statistics that help us understand how our visitors use our Site and mobile apps and how to improve them. We may also use the information we obtain about you in other ways for which we provide specific notice at the time of collection.

How We Use the Information We Collect

We use your Personal Data in ways that are compatible with the purposes for which it was collected or authorized by you and in certain cases only as permitted by your biller, including for the following purposes:

For additional information on how we use the information we collect, please review our Privacy Notice to California Residents and our Privacy Notice to European Union Residents.

Our Legal Basis for Collecting Personal Data

Whenever we collect Personal Data from you, we may do so on the following legal bases:

  1. Your consent to such collection and use;
  2. Out of necessity for the performance of an agreement between us and you, such as your agreement to use our Services or your request for Services;
  3. Our legitimate business interest, including but not limited to the following circumstances where collecting or using Personal Data is necessary for:
    • To perform services requested by your biller, our customer;
    • Intra-organization transfers for administrative purposes;
    • Product development and enhancement, where the processing enables Paymentus to enhance, modify, personalize, or otherwise improve our services and communications for the benefit of our users and customers, and to better understand how people interact with our Sites;
    • Communications and marketing, including processing data for direct marketing purposes, and to determine the effectiveness of our promotional campaigns and advertising;
    • Fraud detection and prevention;
    • Enhancement of our cybersecurity, including improving the security of our network and information systems; and
    • General business operations and diligence;

Provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes.

Your Failure to Provide Personal Information

Your provision of Personal Data is required in order to use certain parts of our services and our programs. If you fail to provide such Personal Data, you may not be able to access and use our Services and/or our programs, or parts of our Services and/or our programs.

Our Retention of Your Personal Data

We determine the appropriate retention period for Personal Data on the basis of the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).

After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.

Sharing Personal Data

Paymentus may disclose your Personal Data to your biller, commercial providers and trusted business partners for a business purpose, which includes verifying your identity, to enable our compliance with applicable law and payment network rules when you make a payment or register access to your accounts, to process your payment instructions, to offer you additional channels through which you may receive information about your bills or to make payments, or to test or improve our Services. When we disclose Personal Data for these reasons, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except for the purposes set forth in the contract. We may also disclose Personal Data to governmental authorities and in connection with judicial or administrative proceedings as required or permitted by applicable law to meet legal obligations or to defend or assert our rights or the rights of others. If we establish a new related entity, are acquired by or merged with another organization, or if substantially all of our assets are transferred to another organization, Personal Data about our users is often a transferred business asset. In the event that Paymentus itself or substantially all of our assets are acquired, Personal Data about our users may be one of the transferred assets.

Your Rights and Choices

You may have certain rights relating to your Personal Data, to the extent provided by local law. We will provide you with access to your Personal Data as required by applicable law. If that information is wrong, we strive to give you ways to update it quickly or to delete it - unless we have to keep that information for legitimate business or legal purposes. To the extent required by applicable law, you may obtain a copy of Personal Data we maintain about you. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.

By providing an email address on the Paymentus Sites or Services, you agree that we may contact you in the event of a change in this Privacy Policy, to provide you with any Service related notices, or to provide you with information about our events, invitations, or related educational information.

For purposes of this Privacy Policy, “opt-in” is generally defined as any affirmative action by a User to submit or receive information, as the case may be.

We currently provide the following opt-out opportunities:

  1. At any time, you can follow a link provided in offers, newsletters or other email messages (except for payment confirmation or service notice emails) received from us or a Paymentus Partner to unsubscribe from the service.
  2. At any time, you can contact us through customercare@paymentus.com or at the telephone number (800) 420-1663 to unsubscribe from the service and opt-out of our right per your consent under the terms of this Privacy Policy to share your Personal Data.
  3. At any time, you can reply “STOP” to opt-out of receiving SMS texts.

Notwithstanding anything else in this Privacy Policy, please note that we always reserve the right to contact you in the event of a change in this Privacy Policy, or to provide you with any service related notices.

Third Party Links

The Sites may contain links to webpages operated by parties other than Paymentus. We do not control such websites and are not responsible for their contents or the privacy policies or other practices of such websites. These websites and services may have their own privacy policies, which the user will be subject to upon linking to the third party's website. Paymentus strongly recommends that each user review the third party's terms and policies.

International Transfer

We may, directly or indirectly through third-party entities around the world, process, store, and transfer the information you provide, including your Personal Data, as described in this Privacy Policy. Specifically, the information and Personal Data that we collect may be transferred to, and stored at, a location outside of your jurisdiction. It may also be processed by staff operating outside of your jurisdiction who work for us or for one of the organizations outlined in this Privacy Policy in connection with the activities outlined in this Privacy Policy. By submitting your information and Personal Data using the Sites, you agree to this transfer, storing or processing. We will take all steps necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy. We have put in place commercially reasonable technical and organizational procedures to safeguard the information and Personal Data we collect on the Sites.If we transfer your Personal Data out of your jurisdiction, we will implement suitable safeguards and rely on legally-provided mechanisms to lawfully transfer data across borders to ensure that your Personal Data is protected.

How We Protect Personal Data

Paymentus maintains administrative, technical and physical safeguards designed to protect the user's Personal Data and other information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. For example, we use commercially reasonable security measures such as encryption, firewalls, and Transport Layer Security software (TLS) or hypertext transfer protocol secure (HTTPS) to protect Personal Data.

Paymentus collects account information for payment or credit, and Paymentus will use the information only to complete the task for which the account information was offered or as otherwise provided in this Privacy Policy.

Children

Our website is not intended for children under 16 years of age. We do not intentionally gather Personal Data about visitors who are under the age of 16. If a child has provided us with Personal Data, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 16 in the applicable jurisdiction, please contact us privacy@paymentus.com. If we learn that we have inadvertently collected the Personal Data of a child under 16, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.

Direct Marketing and "Do Not Track" Signals

Paymentus does not track its users over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may include controls to block and delete cookies, web beacons and similar technologies, to allow you to opt out of data collection through those technologies.

California residents are entitled to contact us to request information about whether we have disclosed Personal Data to third parties for the third parties’ direct marketing purposes. Under the California “Shine the Light” law, California residents may opt-out of our disclosure of Personal Data to third parties for their direct marketing purposes. You may choose to opt-out of the sharing of your Personal Data with third parties for marketing purposes. To make such a request you should send (a) an email to privacy@paymentus.com with the subject heading “California Privacy Rights,” or (b) a letter to us at the address listed in the “How to Contact Us.” In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California privacy rights requirements and only information on covered sharing will be included in our response. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.

Use of Email

By providing an email address on the Paymentus Sites or Services, you agree that we may contact you in the event of a change in this Privacy Policy, to provide you with any Service related notices, or if you provided the information other than in connection with making a payment to your biller, to provide you with information about our events, invitations, or related educational information.

Changes to this Privacy Policy

Our Privacy Policy may change from time to time. We will not reduce your rights with respect to information collected under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we may provide a more prominent notice (including, for certain services or programs, email notification of privacy policy changes).

How to Contact Us

If you have any specific questions about this Privacy Policy, you can contact us via email or by writing to us at the address below:

Send e-mail to: privacy@paymentus.com

Send mail to our address:

Paymentus Corporation
Attn: Privacy Policy Inquiry
13024 Ballantyne Corporate Place
Suite 400
Charlotte, NC 28277
U.S.A.

Privacy Notice to California Residents

The following information is provided to California residents to comply with the California Consumer Privacy Act of 2018 ("CCPA") and other California privacy laws and forms a part of the Paymentus Privacy Policy, the remainder of which may be viewed here. Any terms defined in the CCPA have the same meaning when used in this notice.

What We Collect

During the last twelve (12) months, we have collected the following categories of Personal Data from consumers depending on how a consumer uses our services.

Category Type of Identifiers We Collect
A. Identifiers. First and last name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account number for bills you review or pay.
B. Personal Data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Name, signature, Social Security number, address, telephone number, bank account number, credit card number, debit card number, medical or health insurance information.
C. Commercial information. Bill payment history, utility services consumption information.
D. Internet or other similar network activity. Information on a consumer's interaction with a website, application, or advertisement.
E. Audio, electronic, visual, thermal, olfactory, or similar information Audio recordings

How We Use Information We Collect

We use your Personal Data in ways that are compatible with the purposes for which it was collected or authorized by you and in certain cases only as permitted by your biller, including for the following purposes:

Category The Purpose for Collection

A. Identifiers.

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

C. Commercial Information.

E. Audio, electronic, visual, thermal, olfactory, or similar information

  • To provide you with Services;
  • To present, operate, maintain, secure, authorize access to, or personalize our Sites and Services, and to respond to and support users;
  • To improve, enhance and further develop our Sites and Services;
  • To communicate with you regarding your bills from or payment obligations to your biller;
  • To enable trusted business partners to provide you with information regarding your bill from or payment obligations to your biller and facilitate your payment of those bills or obligations;
  • To perform data analysis and testing, including analysis of Site activity;
  • To investigate possible fraud and/or attempts to harm us, our users or customers or other violations of and to enforce the Conditions of Use, our Payment Authorization Terms or this Privacy Policy, and to resolve disputes;
  • To comply with all applicable legal requirements and the rules of payment networks;
  • To inform you about Services and products available from Paymentus or your biller;
  • To offer and administer content, promotion, sweepstakes, surveys, voting polls or other Site features;
  • To otherwise fulfill the purpose for which the information was provided.

D. Internet or other similar network activity.

  • To authorize access to and secure our Sites and Services; including to authenticate users;
  • To provide you with Services;
  • To offer and administer content, promotion, sweepstakes, surveys, voting polls or other Site features;
  • To understand and improve the user experience of our Site and Services;
  • To support the other uses identified above.

Information We Share

In the preceding twelve (12) months, we have disclosed the following categories of personal information for one or more business purposes:

We disclose your personal information for a business purpose to the following categories of third parties:

In the preceding twelve (12) months, we have not sold any personal information.

Sale of Personal Data

In the preceding twelve (12) months, we have not sold any Personal Data.

Rights Specific to California Residents

Under the California Consumer Privacy Act, California residents have specific rights regarding their Personal Data. This section explains how California residents can exercise those rights and describes Californians’ rights.

If you are a California resident who chooses to exercise your rights, you can:

  1. Submit a request via email to privacy@paymentus.com, or
  2. Call (800) 420-1663 to submit your request.

Upon receiving your request, we will confirm receipt of your request by email or if you are registered in our customer portal, we may do so by a message directed to you in the portal. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. In some instances, such as a request to delete Personal Data, we may first separately confirm that you would like for us to in fact delete your Personal Data before acting on your request.

We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.

In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Data for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

Below we further outline specific rights which California residents may have under the California Consumer Privacy Act.

  1. Right to Access Your Data. You have the right to request that we disclose certain information to you about our collection and use of your Personal Data over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
    • The categories of Personal Data we collected about you.
    • The categories of sources for the Personal Data we collected about you.
    • Our business or commercial purpose for collecting that Personal Data.
    • The specific pieces of Personal Data we collected about you.
    • The categories of third parties with whom we share that Personal Data.
    • The specific pieces of Personal Data we've disclosed for a business or commercial purpose, identifying the Personal Data categories that each category of recipient obtained about you.
    Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
  2. Right to Data Portability. You have the right to a "portable" copy of your Personal Data that you have submitted to us. Generally, this means you have a right to request that we move, copy or transmit your Personal Data stored on our servers / IT environment to another service provider's servers / IT environment.
  3. Right to Delete Your Data. You have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies.
  4. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  5. Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right to not receive discriminatory treatment by us for exercising your privacy rights conferred by the California Consumer Privacy Act.

Privacy Notice to European Union Residents

The following information is provided to European Union residents to comply with the European Union’s General Data Protection Regulation (“GDPR”), and corresponding legislation in the United Kingdom and Switzerland and forms a part of the Paymentus Privacy Policy, the remainder of which may be viewed here. Any terms defined in the GDPR have the same meaning when used in this notice. If you are resident in the European Economic Area, you may have the following rights:

  1. The right to be informed.You are entitled to be informed of the use of your Personal Data. This Privacy Policy provides such information to you.
  2. The right of access.You have the right to request a copy of your Personal Data which we hold about you.
  3. The right of correction: You have the right to request correction or changes of your Personal Data if it is found to be inaccurate or out of date.
  4. The right to be forgotten:You have the right to request us, at any time, to delete your Personal Data from our servers and to erase your Personal Data when it is no longer necessary for us to retain such data. Note, however, that deletion of your Personal Data will likely impact your ability to use our services.
  5. The right to object (opt-out): You have the right to opt-out of certain uses of your Personal Data, such as direct marketing, at any time.
  6. The right to data portability:You have the right to a “portable” copy of your Personal Data that you have submitted to us. Generally, this means your right to request that we move, copy or transmit your Personal Data stored on our servers / IT environment to another service provider’s servers / IT environment.
  7. The right to refuse to be subjected to automated decision making, including profiling:You have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.
  8. The right to lodge a complaint with a supervisory authority.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

To exercise your rights, please submit your request to privacy@paymentus.com or by using the contact information provided below and we will consider your request in accordance with applicable law. For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Site, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.

In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Data for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the Services you have requested. Where this is the case, we will inform you of specific details in response to your request.

We endeavor to respond to a verifiable consumer request within 30 days of its receipt consistent with applicable law.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Paymentus Partners

Paymentus customers (“Paymentus Partners”) engage us to deliver Services to their employees, customers and other users. Partner Information, Information about our Partner’s Contacts and Archival Information (each defined below) are governed by this Privacy Policy, the Paymentus Terms of Use and any other Services agreements between Paymentus and the applicable Partner.

We treat Partner Information, Information about our Partner’s Contacts, Archival Information and Automatically Collected Information as the confidential and proprietary information of our Paymentus Partners, subject to the terms of the Paymentus Terms of Use and any other service agreement between Paymentus and the Partner. We do not share Partner Information, Information about our Partner’s Contacts, Archival Information or Automatically Collected Information with third parties unless directed to do so by our Partner, as may be necessary to provide services to the Partner, to our advisors, affiliates, representatives, agents, service providers, in connection with a business transaction (such as a merger or sale), as allowed under the terms of our agreement with our Partner, or in response to a court order, subpoena, warrant or to comply with a legal requirement or to cooperate with an investigation. We may disclose Partner Information, Information about our Partner’s Contacts, Archival Information or Automatically Collected Information for the aforementioned reasons, or in order to protect our rights or the rights of our affiliates, Paymentus Partners, channel partners or service providers.

We will retain Partner Information we process on behalf of our Paymentus Partners for as long as needed to provide Services to our Partner, or for the period of time requested by a particular Partner.

Quality

Various methods are used to ensure the essential quality and completeness of Personal data obtained by Paymentus, throughout its business processes, to assist in providing business services to both consumers and partners.

Paymentus may use required fields to guarantee that the required amount of necessary data is provided to ensure quality of consumer data collected. Auto-complete fields may also be used to minimize the risk of inaccurate data. Verification of information may be conducted directly with individuals’ data as an additional step to ensure the accuracy of information provided to Paymentus.

Paymentus makes every effort to ensure that the minimum necessary amount of Personal data is collected in order to fulfill its business processes and provide the requested services.