Privacy Policy

Last updated: April 2026

1. Information We Collect

Business Information: Legal entity name, DBA, Tax ID (EIN), address, website, company structure, date of establishment, registration number.

Personal Information: Names, dates of birth, Social Security Numbers, residential addresses, phone numbers, email addresses of business owners and directors.

Financial Information: Bank account details, routing numbers, processing volumes, transaction history, existing processor relationships.

Healthcare Information: Licensure details, treatable conditions, physician vetting processes, compliance frameworks.

Documents: Financial statements, bank statements, processing statements, government-issued IDs, business licenses, PCI compliance reports.

Technical Data: IP addresses, browser information, device data, usage analytics.

2. How We Use Your Information

We use collected information to: process merchant applications, conduct underwriting and risk assessment, comply with financial regulations (KYC/AML), communicate about your account, improve our services, and prevent fraud.

3. Data Security

We employ industry-standard security measures including: AES-256-GCM encryption for all sensitive fields (SSN, Tax ID, bank details), TLS 1.3 for data in transit, database encryption at rest, row-level security policies, and comprehensive audit logging. Sensitive data is stored in isolated, encrypted database tables separate from general application data.

4. Data Sharing

We share information only with: payment processing partners (as required for underwriting), provider networks (for clinical routing), pharmacy partners (for order fulfillment), and as required by law. We never sell personal information to third parties.

5. Data Retention

Application data is retained for the duration of the business relationship plus 7 years as required by financial regulations. Sensitive data (SSN, bank details) can be deleted upon request after account closure, subject to regulatory retention requirements.

6. Your Rights

You have the right to: access your personal data, correct inaccurate data, request deletion (subject to legal requirements), opt out of marketing communications, and receive a copy of your data in a portable format.

7. Contact

For privacy-related inquiries: privacy@careplugpay.com