Privacy Policy

Last Revision Date: January 31, 2023

1. Introduction

Mercoa Inc. (“Mercoa”, “we”, “us” or “our”) provides an embedded digital bill payment solution for B2B Fintech platforms. This Privacy Policy (“Policy”) describes our practices concerning the information we receive or collect when you visit our website located at mercoa.com (“Website”) or access our online platform through the website of one of our partners (collectively, “Services”). Specifically, it describes the information we collect, how and for which purposes we may use such information, where we store it and for how long we retain the information, with whom we may share it, our use of tracking technologies and communications, our security practices, your choices and rights regarding such information, our policy concerning children, and how to contact us if you have any concerns regarding this Policy or your privacy.

2. Information Collection

We may collect one or more of the following categories of personal information about the visitors to our Website, actual users of our Services and their business vendors or potential users (“Users”) of our Services through the following sources: (i) from your interactions with us when you visit our Website; (ii) from you directly when you contact us or when you request additional information about our Services; (iii) from registrations and other forms when you register for our Services or complete a transaction; or (iv) from your communications, calls to our customer service team or through your other interactions with us.

Category of Personal Information Collected	Examples	Sources of Personal Information	Business Purpose for Collection of Personal Information
Identifiers	Name (first and last); Email Address; Phone Number; Business Contact Information; Online Identifier/Username; IP Address	Directly from our Users; Cookies and Other Online Tracking Technologies; Third Party Partners (including when our Services sync with your accounting software)	Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues
Sensitive Personal Information	Banking information, including security / access / password or other credentials	Directly from our Users	Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues
Geolocation Data	GPS/GNSS location data, home/work locations	Cookies and Other Online Tracking Technologies;	Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues; Improvement of the Performance of Our Services and the User Experience
Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information	Recordings of User phone calls to us	Directly from our Users	Providing our Services, including User Support; Identification; Security; Improvement of the Performance of Our Services and the User Experience
Commercial Information	Details related to transactions, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies	Directly from our Users	Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues
Internet, Computer or Other Similar Network Activity	Wireless networks, cell towers and Wi-Fi access points; Device/Operating System/Browser; Online Activities/Communications and Performance Logs; Issues/Bugs; and Other User Activities Using Our Services	Cookies and Other Online Tracking Technologies	Improvement of the Performance of Our Services and the User Experience

We do not collect the following categories of personal information: characteristics of protected classifications under California or federal law; biometric information; professional or employment-related information (that is not otherwise publicly available information); education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99); or inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Cookies and Tracking Technologies

Session Trackers. In operating the Website and the Services, we may use cookies and similar session tracking technologies (“Session Trackers”). Session Trackers help provide additional functionality to the Website, customize Users' experiences with the Website and help us analyze Website usage more accurately for research and product development purposes. We (including third parties that we work with) may place Session Trackers on your device for security purposes, to facilitate navigation of the Website or the Services, and to personalize your experience while using our Website or the Services. If you would prefer not to accept Session Trackers when using the Website or the Services, please follow the instructions provided by your website or mobile browser (usually located within the “Help”, “Tools” or “Edit” facility) to modify your Session Tracker settings. Please note that if you disable Session Trackers, you may not be able to access certain parts of our Website or Services and other parts of our Website or Services may not work properly. As a result, we recommend that you leave Session Trackers turned on when accessing the Website or the Services because they allow you to take advantage of some of the Website and Services' features.

Web Beacons. In addition to Session Trackers, we may use web beacons (also known as “clear GIFs”), which are transparent graphic images placed on a web page or in an email and indicate that a page or email has been viewed or tell your browser to get content from another server. We use web beacons to measure traffic to or from, or use of, our online forms, tools or content items and related browsing behavior and to improve your experience when using the Website or the Services. We may also use customized links or other similar technologies to track hyperlinks that you click and associate that information with your Information in order to provide you with more focused communications.

Below are links to the cookie opt-out pages of common web browsers. If your web browser is not listed here, you should review your web browser terms to learn more about your cookie choices.

3. Purposes of Information Use

We use your personal information as necessary for the performance of our Services; for complying with applicable law; and based on our legitimate interests in maintaining and improving our Services and offerings, understanding how our Services are used, optimizing our marketing, customer service and support operations, and protecting and securing our users, ourselves, and members of the general public.

Specifically, we use Personal Information for the following purposes:

To facilitate, operate, and provide our Services
To authenticate the identity of our users, and to allow them to access and use our Services
To provide our users with assistance and support
To further develop, customize and improve the Services and your user experience, based on common or personal preferences, experiences, and difficulties
To contact our users with general or personalized service-related messages (such as password-retrieval); or with promotional messages (such as newsletters, special offers, new features etc.); and to facilitate, sponsor and offer certain events and promotions
To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error, or any illegal or prohibited activity
To create aggregated statistical data, inferred non-personal data or anonymized or pseudonymized data (rendered non-personal), which we or our business partners may use to provide and improve our respective services
To enforce our Terms of Service and any other agreements between you and Mercoa and
To comply with any applicable laws and regulations.

We may also use your personal information to provide you with marketing or other promotional communications via mail or email. If, at any time, you would like to stop receiving these promotional e-mails, you may follow the opt-out instructions contained in any such e-mail or by contacting us as set out below. Please note that by opting out, you may prohibit Mercoa from informing you of offerings that may be of interest to you. It may take up to ten (10) business days for us to process opt-out requests.

In addition, we may use your personal information to send you messages from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off on your device.

4. How We Share Your Information in Connection with the Services

We do not sell your personal information. However, we may share your personal information in order to provide our Services, with the following categories of recipients:

Payors and Payees. In connection with the Mercoa Services, we may share some of your personal information with the business with which you are transacting in order to effect your transaction. We may also share certain information (e.g. business contact information) regarding payees provided by our Users with other Users in order to complete quicker transactions.
Your Service Providers. If you access our online platform through the website or platform of one of Mercoa's partners, then we may share your personal information with that partner. In addition, if you sync third party services such as accounting software services to your Mercoa account, we may share your personal information with the applicable third-party service provider
Mercoa Service Providers. We may engage selected third party companies and individuals to perform services complementary to our own or to support our business functions (e.g. hosting and server co-location services, data analytics services, marketing and advertising services, data and cyber security services, fraud detection and prevention services, payment processing services, e-mail and SMS distribution and monitoring services, session recording, and our business, legal and financial advisors) (collectively, “Service Providers”). These Service Providers may have access to your personal information, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and may only use it for such purposes.
Subsidiaries and Affiliated Companies. We may share personal information internally within our family of companies, for the purposes described in this Privacy Policy.
Business Transfers. Should Mercoa or any of its affiliates undergo any change in control, including by means of merger, acquisition, or purchase of substantially all of its assets, your personal information may be shared with the parties involved in such event. If we believe that such change in control might materially affect your personal information then stored with us, we will notify you of this event and the choices you may have via e-mail or prominent notice on our Services.
Legal and Regulatory Authorities. We may provide legal and regulatory authorities access to your personal information, including to respond to a subpoena or court order, judicial process, or regulatory inquiry; to defend against fraud, lawsuits, claims or other liabilities; to prevent physical harm or financial loss in connection with any suspected or actual illegal activity; or where we have a good faith belief that we are legally compelled to do so.

6. Third Party Links

We may provide links to other sites or resources provided by third parties. These links are provided for your convenience only. We have no control over the content of those sites or resources and accept not responsibility for them or for any loss or damages that may arise from your use of them. If you decide to access any third-party links on the Website, you do so entirely at your own risk and subject to the terms and conditions of those websites.

7. Children Under 13 Years of Age

Our Services are not directed to children under 13 years of age, and we do not knowingly collect information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will prohibit and block such use and will make all efforts to promptly delete any personal information stored with us with regard to such child.

8. Your Privacy Rights

Depending upon where you reside, certain choices and rights may be available to you under applicable data protection laws, including the right to request access to or correction of your personal information or to have your personal information deleted. If you have any questions about what rights may apply to you, please contact us at support@mercoa.com

“Shine the Light” and “Eraser” Laws: Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.

California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA): The CCPA, as amended by the CPRA, provides California residents and/or their authorized agents with specific rights regarding the collection and storage of their personal information.

Your Right to Opt-Out of Sale or Sharing of Personal Information: California residents have the right to opt-out of the sale of their personal information by submitting a request as directed on the homepage of our website.

Please note that we do not knowingly sell the personal information of any individuals under the age of 16.

Where we are sharing your personal information with third parties for the purposes of cross-context behavioral advertising or profiling, you may opt-out of such sharing at any time by submitting a request as directed on the homepage of our website.

Your Right to Limit Use of Sensitive Personal Information: California residents have the right to request that we limit our use of any sensitive personal information to those uses which are necessary to perform the Services or for other specifically-enumerated business purposes under the CCPA, as amended by the CPRA.

Your Right to Delete: California residents have the right to request that we delete any of the personal information collected from you and retained by us, subject to certain exceptions. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Once your request is verified and we have determined that we are required to delete the requested personal information in accordance with the CCPA, we will delete, and direct our third-party service provides to delete, your personal information from their records. Your request to delete personal information that we have collected may be denied if we conclude it is necessary for us to retain such personal information under one or more of the exceptions listed in the CCPA.

Your Right to Correct: Under the CCPA, as amended by the CPRA, California residents have the right to request that we correct any inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes for which we are processing such personal information. We will use commercially reasonable efforts to correct such inaccurate personal information about you.

Non-Discrimination: You will not receive any discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.

Verifying Your Request: Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf. We will only use the personal information that you have provided in a verifiable request in order to verify your request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority. Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive or manifestly unfounded.

9. Changes to This Privacy Policy

This Policy is effective as of the date stated at the top of this page. Please read this Policy carefully. Mercoa will occasionally update this Privacy Policy. By accessing and using the Website after we notify you of such changes to this Policy, you are deemed to have accepted such changes. Please refer back to this Policy on a regular basis.