Business Privacy Policy

1. Introduction and Scope

This Business Privacy Policy ("Policy") explains how VaultPay Global Inc ("VaultPay," "we," "us," or "our") collects, uses, processes, and protects information related to business accounts and merchant services. This Policy applies specifically to businesses, merchants, and organizations using VaultPay's commercial payment processing services.

This Policy supplements our general Privacy Policy and addresses data processing activities specific to business relationships, including B2B transactions, merchant onboarding, payment processing, and business analytics.

2. Data Controller and Processor Relationships

2.1 VaultPay as Data Controller

VaultPay acts as a data controller for:

• Business account holder information (business entity data, beneficial owners, authorized signers)
• Business verification and KYB (Know Your Business) data
• Transaction data for risk management and compliance purposes
• Business analytics and aggregated merchant data
• Communications with business account holders

2.2 VaultPay as Data Processor

VaultPay acts as a data processor when handling customer payment data on behalf of merchants. Merchants remain the data controller for their customer information, and VaultPay processes this data solely to provide payment processing services according to merchant instructions.

3. Business Information We Collect

3.1 Business Entity Information

We collect the following information about your business:

• Legal business name and DBA (Doing Business As) names
• Business structure (corporation, LLC, partnership, sole proprietorship)
• Employer Identification Number (EIN) or Tax ID
• Business registration documents and formation date
• Business address, phone number, and email
• Business website and online presence information
• Industry classification and business description
• Business licenses and permits

3.2 Beneficial Ownership Information

In compliance with FinCEN beneficial ownership regulations, we collect:

• Names and identification of individuals owning 25% or more of the business
• Principal officers and authorized signers
• Government-issued identification documents
• Social Security Numbers or ITINs of beneficial owners
• Residential addresses and contact information
• Date of birth and citizenship information

3.3 Financial and Banking Information

We collect financial information necessary for payment processing:

• Business bank account information for settlements
• Financial statements and revenue projections
• Credit history and creditworthiness data
• Transaction history and processing volumes
• Chargeback and dispute records
• Tax documentation (W-9, 1099-K information)

3.4 Customer Transaction Data

When processing payments for your customers, we collect:

• Payment card information (processed in PCI-compliant manner)
• Transaction amounts, dates, and descriptions
• Customer billing and shipping information
• Device and IP address information for fraud prevention
• Purchase history and transaction patterns

4. How We Use Business Information

4.1 Service Provision

We use your business information to:

• Establish and maintain your merchant account
• Process payments and settle funds to your business account
• Provide payment gateway and POS services
• Generate invoices and transaction reports
• Manage subscriptions and recurring billing
• Provide customer support and technical assistance

4.2 Compliance and Risk Management

We process business data for regulatory compliance:

• KYB verification and identity authentication
• Anti-money laundering (AML) screening and monitoring
• Sanctions screening (OFAC and international lists)
• Fraud detection and prevention
• Chargeback management and dispute resolution
• Risk assessment and underwriting
• Regulatory reporting (FinCEN, card networks, etc.)

4.3 Business Analytics and Improvement

We use aggregated and anonymized business data to:

• Analyze payment trends and industry benchmarks
• Improve our services and develop new features
• Optimize payment processing performance
• Conduct market research and competitive analysis
• Generate industry reports and insights

5. Business Data Sharing and Disclosure

5.1 Service Providers and Partners

We share business information with trusted service providers:

• Payment processors and acquiring banks
• Card networks (Visa, Mastercard, American Express, Discover)
• Identity verification services
• Fraud prevention and security providers
• Cloud hosting and data storage providers
• Customer support and CRM platforms
• Analytics and business intelligence tools

5.2 Legal and Regulatory Disclosures

We may disclose business information when required by law:

• In response to subpoenas, court orders, or legal process
• To comply with regulatory requirements (FinCEN, SEC, FTC)
• To law enforcement agencies investigating fraud or financial crimes
• In connection with mergers, acquisitions, or business transfers
• To protect VaultPay's rights, property, or safety
• With your consent or at your direction

5.3 Card Network Requirements

Card network rules require us to share certain merchant information for:

• Chargeback and dispute resolution processes
• Fraud monitoring and prevention programs
• Merchant monitoring programs (MATCH list, TMF)
• Compliance with card network operating regulations

6. Business Data Security

6.1 Technical Security Measures

VaultPay implements industry-standard security measures:

• PCI DSS Level 1 compliance for payment card data
• End-to-end encryption for data transmission
• Secure data storage with encryption at rest
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
• 24/7 security monitoring and incident response

6.2 Organizational Security Measures

We maintain strict internal controls:

• Role-based access controls limiting data access to authorized personnel
• Employee background checks and security training
• Confidentiality agreements with all employees and contractors
• Data breach response and notification procedures
• Regular security awareness training
• Vendor security assessments and due diligence

7. Business Data Retention

7.1 Retention Periods

We retain business information for the following periods:

• Business account information: 10 years after account closure
• Transaction records: 7 years (IRS and card network requirements)
• KYB verification documents: 10 years (AML/BSA requirements)
• Chargeback and dispute records: 18 months after resolution
• Tax documents: 7 years (IRS requirements)
• Communications and support records: 5 years

7.2 Legal Hold and Extended Retention

We may retain data beyond standard periods when required for:

• Ongoing legal proceedings or investigations
• Regulatory inquiries or audits
• Fraud prevention and risk management
• Enforcement of our terms and policies

8. International Data Transfers

VaultPay operates primarily in the United States, but may transfer business data internationally when necessary for service provision. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions recognized by regulatory authorities
• Binding Corporate Rules for intra-group transfers
• Appropriate technical and organizational security measures

If your business operates in the European Union, we comply with GDPR requirements for cross-border data transfers.

9. Your Business Rights

9.1 Access and Correction

You have the right to:

• Access your business account information
• Request correction of inaccurate data
• Update business details and authorized signers
• Download transaction reports and statements
• Request copies of verification documents on file

9.2 Data Portability

You may request export of your business data in machine-readable format, including transaction history, customer data (where you are the controller), and account information.

9.3 Deletion and Retention

Upon account closure, you may request deletion of business data, subject to:

• Legal retention requirements (tax, AML, card network rules)
• Pending disputes, chargebacks, or investigations
• Outstanding financial obligations
• Legitimate business interests in fraud prevention

10. GDPR Compliance for EU Businesses

For businesses operating in the European Union, we comply with GDPR requirements:

10.1 Legal Basis for Processing

• Contract performance: Processing necessary to provide merchant services
• Legal obligation: Compliance with AML, KYB, and financial regulations
• Legitimate interests: Fraud prevention, risk management, service improvement
• Consent: Marketing communications and optional features

10.2 EU Representative

For GDPR inquiries, contact our EU representative at: [email protected]

11. CCPA Compliance for California Businesses

California businesses have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what business information we collect and how it's used
• Right to delete business information (subject to legal exceptions)
• Right to opt-out of sale of business information (we do not sell data)
• Right to non-discrimination for exercising CCPA rights

To exercise CCPA rights, contact: [email protected] or call 1-800-VAULTPAY

12. Merchant Data Protection Responsibilities

As a VaultPay merchant, you are responsible for:

• Complying with privacy laws applicable to your business and customers
• Providing clear privacy notices to your customers
• Obtaining necessary consents for data collection and processing
• Implementing appropriate security measures for customer data
• Responding to customer data subject requests
• Notifying VaultPay of data breaches affecting payment data
• Maintaining PCI DSS compliance in your operations

13. Data Breach Notification

In the event of a data breach affecting business information, VaultPay will:

• Notify affected businesses within 72 hours of discovery
• Provide details of the breach and data affected
• Describe measures taken to address the breach
• Offer guidance on protective actions businesses can take
• Notify regulatory authorities as required by law
• Cooperate with investigations and remediation efforts

14. Updates to This Privacy Policy

We may update this Business Privacy Policy to reflect changes in our practices, legal requirements, or services. Material changes will be communicated via:

• Email notification to registered business contacts
• Prominent notice in the merchant dashboard
• Updated effective date on this page

Continued use of VaultPay services after the effective date constitutes acceptance of the updated policy.

15. Privacy Contact Information

For privacy-related inquiries, requests, or concerns:

VaultPay Global Inc - Privacy Office
15442 Ventura Blvd., Ste 201-1952
Sherman Oaks, CA 91403

Privacy Inquiries: [email protected]
Data Protection Officer: [email protected]
GDPR Representative (EU): [email protected]
CCPA Requests: [email protected]
Phone: 1-800-VAULTPAY

We will respond to privacy requests within 30 days (45 days for complex requests).