Levlpay privacy policy
Contents
1. Scope & Applicability
2. Governing Laws & Standards
3. Privacy
3.1. Purpose
3.2. Collection of PI
3.3. Use, Maintenance, & Sharing
4. Administration
4.1. Adoption & Oversight
5. Policy Review & Approval
6. Appendix A – Privacy Practices Summary (Merchant Support)
6.1. Information We Collect
6.2. How We Use Information
6.3. How We Share Information
6.4. PCI DSS and Security Safeguards
6.5. Consumer Privacy Rights
6.6. Retention
1. Scope & Applicability
This Product-Level Privacy Policy: Merchant Support applies to:
- Merchants who apply for or use our payment processing and acquiring services;
- Payment card transactions processed through our systems;
- Visitors to our websites or users of our platforms.
2. Governing Laws & Standards
The Company complies with applicable laws and standards, including:
- GLBA & Regulation P;
- PCI DSS;
- CCPA/CPRA and other state privacy laws;
- CAN-SPAM Act (advertising/communications);
- Sponsor bank oversight obligations.
3. Privacy
3.1. Purpose
The Company collects and uses PI solely for lawful, relevant, and necessary purposes:
- Payment transaction processing and settlement;
- Fraud detection and risk monitoring;
- Sponsor bank oversight and regulatory compliance;
- Merchant onboarding and underwriting.
3.2. Collection of PI
PI may include, for example:
- Merchant information: business name, contact details, banking details, compliance documentation;
- Transaction information: merchant IDs, transaction dates/times, and amounts (but not consumer names, addresses, or phone numbers); and
- Technical information: IP addresses, device/browser data, usage metrics;
3.3. Use, Maintenance, & Sharing
- Access & Use: PI is accessed only by personnel with a legitimate business need.
- Sharing: PI may be shared with:
- Sponsor banks & card networks,
- Service providers under contractual safeguards,
- Regulators & law enforcement, Affiliates for compliance and operations.
- Former Customers: PI of former customers is handled consistently with current customers, shared only as required to administer transactions, comply with law, or at the direction of the data owner.
- Retention & Disposal: PI is retained only as long as required by PCI DSS, BSA/AML, sponsor bank agreements, or other applicable law.
4. Administration
4.1. Adoption & Oversight
This Product-Level Privacy Policy: Merchant Support is adopted under the Enterprise Privacy Policy.
- The CCSO and CTO jointly oversee implementation and compliance.
- The ERC receives quarterly reporting and privacy incident summaries related to Merchant Support.
- The HCC reviews privacy-training metrics for personnel supporting Merchant Support operations.
- The COO is responsible for operational execution.
- Approved by ERC | Ratified by Board of Directors.
5. Policy Review & Approval
This Policy is reviewed at least annually or upon material change in law, regulation, or business operations.
- Owned by: Chief Compliance Officer (CCO) and Chief Technology Officer (CTO)
- Approved by: Enterprise Risk Committee (ERC)
- Ratified by: Board of Directors
6. Appendix A – Privacy Practices Summary (Merchant Support)
The following summary provides an overview of the Company’s privacy practices related to its payment processing and merchant acquiring operations. This appendix is included to demonstrate the Company’s evaluation of current practices, scope, and safeguards. While this appendix reflects current operations, the governing standards for the Company are set forth in the Privacy Policy above.
6.1. Information We Collect
Merchant Information
When merchants apply for services, we may collect:
- Business and contact details (e.g., business name, address, phone, email);
- Financial and banking information for settlement;
- Identity and background information for underwriting and compliance purposes.
Transaction Information
When processing payment card transactions, USAG may retain:
- Partial card numbers and related transaction data (date, time, merchant ID, amount).
- We do not retain customer names, phone numbers, addresses, or other personal identifiers from card transactions.
Technical Information
We may collect technical data such as IP addresses, browser types, and usage data when you interact with our websites or portals.
6.2. How We Use Information
We use the limited information we collect to:
- Process and settle merchant transactions;
- Provide services to merchants and their customers;
- Comply with PCI DSS, BSA/AML, and other regulatory obligations;
- Monitor for fraud and enhance transaction security;
- Manage our operations and support merchants.
6.3. How We Share Information
We do not sell personal information. We may share information as permitted or required by law, including with:
- Sponsor Banks and Card Networks: To process payments and ensure compliance oversight;
- Vendors and Service Providers: Who perform secure functions on our behalf (e.g., fraud detection, hosting, IT support);
- Regulators or Law Enforcement: When required to comply with law, regulation, or authorized information-sharing programs;
- Affiliates: For business operations and compliance purposes.
6.4. PCI DSS and Security Safeguards
- We maintain strict physical, technical, and administrative safeguards to protect data from unauthorized access, use, or disclosure.
- Access to card data is restricted to authorized personnel only.
6.5. Consumer Privacy Rights
Because USAG does not retain consumer-identifying information (such as name, phone, or address) from card transactions, most consumer privacy laws (such as the Gramm-Leach- Bliley Act or state consumer privacy laws) do not directly apply to our transaction processing data.
- Consumers with questions about their transactions should contact the merchant where the purchase was made.
- Merchants and business partners may contact us directly to inquire about data handling.
6.6. Retention We retain partial card number and transaction information only as necessary to comply with PCI DSS, BSA/AML recordkeeping, sponsor bank requirements, and applicable laws. Refer to the USAG Document Retention Matrix for additional information.