Welcome to Plastiq
This Policy applies to all information we collect through our web and mobile applications from you. This policy does not apply to the practices of companies that Plastiq does not own or control, or to individuals that Plastiq does not employ or manage.
Throughout this policy, we use the term “Personal Data” to describe information that can be associated with a specific person or company and can be used to identify that person. We do not consider Personal Data to include information that has been anonymized so that it does not identify a specific user.
Visitors to the Website who do not use our Services for any transactions or other activities, such as making or managing payments, are not required to provide any Personal Data. We may, however, passively collect personally non-identifiable information – information that may correspond to a particular web browsing session, but does not identify the particular person doing the browsing – for the purpose of improving our Website or Services.
- What information does Plastiq collect?
- How does Plastiq use the information it collects about me?
- Does Plastiq ever disclose Personal Data or other information?
- How does Plastiq secure collected data?
- How long does Plastiq hold my Personal Data?
- What are my Choices?
- What are my California Privacy Rights?
- How are updates to this Policy handled?
- Complaints and Contact
Plastiq will specifically collect the following Personal Data and other non-identifiable information:
- Registration Information: When you register to use our Services, we collect Personal Data as necessary to offer and fulfill the Services you request. Depending on the Services you choose, we may require you to provide us with your name, billing address, telephone number, email address, Social Security, Social Insurance Numbers, Taxpayer Identification, or other government-issued identification. We may require you to provide us with additional Personal Data to confirm verification and identification.
- Financial information: Information such as billing address, credit card numbers, photograph, and/or other proof of identification in order to verify your identity, and other publicly available information. We store credit card information, and save your credit card information to facilitate scheduled and future payment purposes for your convenience. We may also collect withholding allowances and tax filing status.
- Transaction Information: When you use our Services to make or accept payments, we collect information about the transaction, as well as other information associated with the transaction such as the date of the transaction, description of the transaction, the payment amounts, and any merchant information, including information about any payment instrument used to complete the transaction, device information, and geolocation information.
- Device Information: We collect device-specific information when you access our Services, including your hardware model, operating system and version, unique device identifiers, mobile network information, and information about the device’s interaction with our Services. We may also identify other software running on the device (but will not collect any content from such software) for anti-fraud and malware-prevention purposes.
- Use Information: We collect information about how you use our Services, including your access times, log-in and log-out information, browser types and language, Internet Protocol (“IP”) addresses, mobile device and operating system, any specific page you visit on our platform, content you view, features you use, the date and time of your visit to or use of the Services, your search terms, and date about how you interact with our Services.
- Other information we collect related to your user of our Services: We may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey.
- Information We Collect From Other Sources: We also collect information about you from third parties relating to identity and account verification process, credit investigation, fraud detection process, or collection procedures, in addition to any publicly available information.
- Information Plastiq does not collect: Plastiq does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data through this Website. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Data on this Website without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to Plastiq via this Website, please contact us, and we will endeavor to delete that information from our databases.
Our primary purpose in collecting Personal data is to provide you with a safe, smooth, efficient, and customized experience. Plastiq, its subsidiaries, and affiliates may use information about you for a number of purposes, including:
- Providing, improving, and developing our Services.
We use your Personal Data to facilitate, improve, and develop our Services for a better user experience. Some of these functions include:
- Determining whether the Services are available in your jurisdiction;
- Processing or recording payment transactions;
- Displaying your historical transaction information;
- Developing new products and services;
- Delivering the information and support you request, including technical notices, security alerts, and support and administrative messages including to resolve disputes, collect fees, and provide assistance for problems with our Services;
- Improving, personalizing, and facilitating your use of our Services;
- To manage our business needs, such as monitoring, analyzing, and improving the Services and the Website’s performance and functionality;
- Measuring, tracking, and analyzing trends and usage in connection with your use or the performance of our Services;
- Improving the content and functionality of our Website, to better understand our users, and to improve our Services;
- Compare information for accuracy and verify it with third parties;
- Prevent potentially fraudulent, prohibited or illegal activities and enforce our Terms of Service;
- Perform other duties as required by law.
We use Personal Data to verify the identity of our Users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.
- Marketing and events-related communications
We may send you email marketing communications about:
- Our Services
- Invite you to participate in our events or surveys
- Deliver targeting marketing, service update notices, and promotional offers based on your communication preferences
When we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with your regarding an event, send you information that you have requested on our Services and, with your permission, include you on our marketing information campaigns.
We may use your contact information in the future to notify you of important things, including but not limited to new or expanded Services capabilities, pending payment deadlines, or promotions from Plastiq or our partners. We may contact you via email, mail and/or through SMSs or text messages. If we send you marketing emails, each email and/or SMSs or text messages will contain instructions permitting you to “opt out” of receiving future marketing or other communications.
- Interest-based advertising
When you visit our Website, both we and certain third parties collect information about your online activities over time and across different sites to provide you with advertising about products and services tailored to your individual interests. These third parties may place or recognize a unique cookie or other technology on your browser (including the use of pixel tags). Where required by applicable law, we will obtain your consent prior to processing of your information for the purposes of interest-based advertising. You may see our ads on other websites or mobile apps because we participate in advertising networks. Ad networks allow us to target our messaging to users based on a range of factors, including demographic data, users’ inferred interests and browsing context. This technology also helps us track the effectiveness of our marketing efforts and understand if you have seen one of our advertisements.
We work with Digital Advertising Alliance and other advertising networks. To learn how to opt out of behavioral advertising delivered by Digital Advertising Alliance, click here. If you opt out from interest-based advertising, you may see advertising that is not relevant to you.
We use various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files that are stored on your hard drive or in device memory by a website. Cookies help provide additional functionality to the Website and help us analyze Website usage more accurately. Through Cookies we can offer additional site functionality, and make sure that those who are most interested can find us online. For example, we may set a cookie on your browser that enables you to access this Website without needing to enter a password more than once during a single visit. Cookies also support the integrity of our registration process, retain your preferences and account settings, and help evaluate and compile aggregated statistics about user activity. Based on Website usage and browsing data we collect through Cookies, Plastiq can also target specific promotions or advertisements directly related to your interest in us (see interest-based advertising above).
Users are free to decline our cookies if your browser permits, but doing so may interfere with your use of our Website and Services. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Website’s more advanced features. If you choose to delete or switch off cookies you may not have access to certain features or areas of the Website.
We may also collect information using pixel tags or web beacons. Pixel tags are electronic images with a unique identifier, similar in function to cookies, that may be used in our Services or emails. We may use pixel tags to deliver cookies, count visits, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.
Cookies help us test different versions of our services to see which particular features or content users prefer. We might also optimize and improve your experience by using cookies to see how you interact with our services, such as when and how often you use them and what links you click on. We may use Google Analytics to assist us with this. Learn more about the cookies you may encounter through our use of Google Analytics.
Plastiq does not sell or rent your Personal Data to marketers or third parties for marketing purposes.
We sometimes share information with trusted third parties to perform functions to enable our Services and business to work better. These trusted third parties may include, but are not limited to, credit card associations, banking and processing partners, security and audit providers, as well as any other entities that you have directly authorized to receive your Personal Data. We take efforts to limit the amount of information that is shared with third parties to what is necessary to accomplish the specific business purpose.
We will occasionally conduct research on our customer demographics, interests and behavior based on Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and Plastiq may share this aggregate data with its affiliates, agents and business partners. Importantly, this aggregate information cannot be used to personally identify any Plastiq user or users. We may also disclose aggregated user statistics in order to describe our Services to current and prospective business partners, and to other third parties for other lawful purposes.
Payment-related data, including your cardholder data, is securely stored for accounting and auditing purposes, and non-sensitive information may be made available to your Merchants via our secure Services. Merchants paid through Plastiq may customize the information they collect from you via Plastiq at time of payment. This information is subject to change at any time and may include but is not limited to your full name, home address, phone number, and invoice number. You agree to allow Plastiq to share this collected information with the Merchant.
In order to protect our business or users from suspicious activity, we may disclose your Personal Data (i) when required to do so by law, (ii) to ensure regulatory compliance, (iii) further to communications with government officials, or (iv) to ensure that our partner financial institutions can comply with regulatory obligations.
Credit and debit card data is stored and managed in compliance with strict Payment Card Industry (PCI) standards. Plastiq utilizes tokenization, a payments industry-standard procedure, to limit exposure of sensitive cardholder data. Your credit and/or debit card information is sent directly to our secure, encrypted data vault, which generates a random, cryptographically secure token that is used by our payment application to submit payments on your card. Once information is deposited into the vault, it cannot be directly retrieved by our payment application or any third parties.
Although no data transmission or storage can be guaranteed 100% secure and error free, Plastiq takes great care to protect Personal Data collected via this Website from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, in both transit and at rest. Access to user data is limited (via username/password authentication and 2-factor verification, among other safeguards) only to those employees who require it to perform their job functions. Connections to this Website are secured with an Extended Validation (EV) SSL certificate with 256-bit encryption, and our data centers, located in the United States, boast enterprise-level security with top-level industry certifications and fault-tolerant, distributed systems. Other security safeguards include, but are not limited to, encrypted vault storage for sensitive data, strict hardware firewalls, and limited physical access to buildings, servers, and files.
As our data centers are located in Canada, your Personal Data may be available to the Canadian government or its agencies under a lawful order, irrespective of the safeguards we have put in place for the protection of your Personal Data.
We at Plastiq do our best to secure your data, and we ask that you take reasonable precautions as well. Ensure your personal computing device has up-to-date security and anti-virus software, and please consider carefully what information you choose to send anyone via the Internet and log of your account when you are finished using the Services and do not share your password with anyone.
We will keep your Personal Data for as long as it remains necessary for the operation of the Website and Services or as required by law, which may extend beyond the termination of our relationship with you. However, even after you close your account, we can retain copies of information about you and any transactions or Services in which you may have participated for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our Terms of Service or other applicable agreements or policies, or to take any other actions consistent with applicable law.
We provide multiple choices in respect of the information we process about you:
Opt-out of our use of your Personal Data
If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
- Right to access, correct and/or have your Personal Data provided to you
You have the right to access the Personal Data we hold about you in order to verify the accuracy of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Data. We will endeavor to deal with all such requests for access in a timely manner.
Having accurate Personal Data about you enables us to give you better service. We will make every reasonable effort to keep your Personal Data accurate and up-to-date.
Please keep us informed of any changes such as a change of address or telephone number. If you would like to access your information, if you have any questions, comments or suggestions of if you find any errors in our information about you, please contact us at: firstname.lastname@example.org.
- Object to, or limit or restrict use of Personal Data
You can ask us to stop using all or some of your personal data (i.e., if we have no legal right to keep using it) or to limit our use of it (i.e., if your Personal Data is inaccurate or unlawfully held) by contacting email@example.com
Pursuant to the California Consumer Privacy Act (“CCPA”) natural persons who are California residents have certain rights concerning their personal information. Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories of specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occuring, and to not be discriminated against for exercising these rights.
The following is a table indicating (1) the categories of personal information (as defined in the CCPA) we may collect about you, (2) the categories of sources from which that information is collected; (3) the business and/or commercial purposes for collecting that information; (4) the categories of third parties to whom that information is disclosed; and (5) the business and/or commercial purposes for disclosing that information:
|Categories of Personal Information||Categories of Collection Source(s)||Business and/or Commercial Purpose(s) for Collection||Categories of Third-Party Recipient(s)||Business and/or Commercial Purpose(s) for Disclosing|
|Identifiers (i.e., name, alias, email address, mailing address, phone number, signature)||You, the consumer when you create an account; Service Providers||Performing Services; Processing and managing interactions and transactions; Quality Assurance; Security; Debugging; Marketing||Vendors which assist us in providing services and running our internal business operations (“Service Providers”); Data Analytics Partners;||Performing Services on our behalf; Processing and managing interactions and transactions; Performing Services; Quality Assurance; Security and Debugging|
|Commercial Information (i.e., sales engagement history, purchase and consumption history)||Directly from you; Your Devices; Service Providers||Research and Development; Quality Assurance; Managing interactions and transactions; Marketing||Data Analytics Partners; Service Providers||Performing Services on our behalf; research and development of improving our Services; Quality Assurance; Security and Debugging|
|Biometric Information (i.e., photographs of office visitors for identification badges)||Directly from you.||Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity; short-term, transient use, provided that the personal information collected for such use is not disclosed to third parties and is not used to build a profile about you or otherwise alter your experience outside the current interaction; undertaking activities to verify or maintain the quality or safety of a service that is owned or controlled by Plastiq, and to improve, upgrade, or enhance the service that is owned or controlled by Plastiq||Service Providers||Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity; short-term, transient use, provided that the personal information collected for such use is not disclosed to third parties and is not used to build a profile about you or otherwise alter your experience outside the current interaction; undertaking activities to verify or maintain the quality or safety of a service that is owned or controlled by Plastiq, and to improve, upgrade, or enhance the service that is owned or controlled by Plastiq|
|Internet or other electronic network activity information (i.e., online identifier Internet Protocol address, unique personal identifier, web history, advertising history)||You; Your Devices; Data Analytics Partners; Service Providers||Research and Development; Quality Assurance; Security and Debugging; Managing interactions and transactions; Marketing||Data Analytics Partners; Service Providers||Performing Services on our behalf; Research and development; Quality Assurance; Security and Debugging|
|Geolocation data (i.e., the location from which you’re logging in)||Your Devices; Service Providers||Performing Services; Processing and managing interactions and transactions; Quality Assurance; Security; Debugging; Marketing||Service Providers||Performing Services on our behalf; Processing and managing interactions and transactions; Performing Services; Quality Assurance; Security and Debugging|
Plastiq does not knowingly “sell” personal information that we collect from you, in accordance with the definition of “sell” in the CCPA. There is not yet a consensus as to whether third party cookies and tracking devices associated with our websites and mobile apps may constitute a “sale” of your personal information as defined by the CCPA. You can exercise control over browser-based cookies by adjusting the settings on your browser.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at firstname.lastname@example.org or directly through our chat. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
If this Policy raises any further privacy questions, comments, or suggestions or if you wish to request a copy of the Personal Data we hold about you, we encourage you to reach out to us at email@example.com Our policies will continually adjust to the exciting and ever-changing landscape of credit card payments and will be informed by the valuable feedback of our visitors and users.
Please also review the Terms of Service which governs your use of our Services. Capitalized terms in this Policy not otherwise defined herein have the same meanings as the definitions of those terms in the User Agreement.
Services in the state of Texas are provided by PLV Inc. DBA PLV TX Branch Inc., a Plastiq Inc. subsidiary. If you have a complaint involving a Texas transaction, first contact the consumer assistance for PLV, Inc. at (866) 313-9823 or firstname.lastname@example.org. If you still have an unresolved complaint regarding the company’s money transmission or currency exchange activity, please direct your complaint to: Texas Department of Banking, 2601 North Lamar Boulevard, Austin, Texas 78705, 1-877-276-5554 (toll free), www.dob.texas.gov.