2. Information Collection and Use
What information do we collect?
We collect information in several ways: (i) when you send us an e-mail or communicate via any other electronic means we will store the address and the conversation history; (ii) when you register via our Website we will collect and store certain personal data that may include your address, phone numbers, credit card numbers, IP address, location, information about your computer or device and other standard web log information; (iii) when a customer uses a checkout process on a merchant’s website that is integrated to Spreedly, we will gather and may store payment card data, billing details and other personal data required to process the transaction.
We refer to the information we collect generally as “personal information”, which includes any information that can be used to identify and individual, or any anonymous information that is linked to a specific individual. Any information that is aggregated or becomes anonymous such that it cannot be reasonably associated with an individual shall not be considered personal information.
The types of personal information we collect and our use of that personal information will depend on whether you are a website user, merchant or end customer.
When you browse our Website, you will not be required to provide any personal information. We may, however, gather non-personally-identifiable information solely for the purposes of monitoring our Website and the services that we offer through it. We will not share this information with third parties or use it to target any advertisements to you.
When you visit our Website we offer you the opportunity to sign-up for a free test account that gives you the ability to integrate to our API and run test transactions in our sandbox environment before you commit to purchasing a paid subscription plan. As part of this process, we may collect your IP address, information about your computer, and other standard web log information. We will also collect your email address and other personal information that we may use to update you about your account with Spreedly and our service generally.
When you sign-up for a paid production account, in addition to the information above, we require you to provide a valid credit card and contact email. We will only use this information to ensure that your Spreedly account remains in good standing until you elect to terminate your subscription.
Once you begin using the Spreedly service for production transactions, we will keep records of your transactions and collect information of your other activities related to our service.
When a merchant using Spreedly’s service collects payment information from you, they will collect personal information from you and pass it to us. This personal information includes your payment card or bank account information, and may include your email address, phone number, and billing and shipping address. When you use a merchant’s website to store your payment card details for future use, we will use the personal information you provide to the merchant to store those card details.
We may collect information about your computer (including your IP address), operating system and browser type, for system administration purposes.
We may also obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website, deliver a better and more personalized service, look for possible fraudulent activity, and to be better understand the sources of traffic to our Website.
Special information for California residents and cookies from one of our processors can be found here.
Children’s Online Privacy Protection Act
Our Website and the services we offer are directed to the general public, but are not directed at persons under the age of 13. We do not knowingly collect information from children under 13 years of age nor do we have any reasonable grounds for believing that children under the age of 13 are accessing our Website or using our services. If we do learn that we have inadvertently collected personal information from a child under the age of 13, we will promptly delete that information. If you believe that we may have collected any information from a child under 13 years of age, please contact us.
What we do with your information
Spreedly uses the information we collect for the following general purposes including products and services provisioning, billing, identification and authentication, service improvement, contact, and research.
We may occasionally email you with information about new service. You may opt out of these emails by clicking on the unsubscribe link contained in such communications or by replying with unsubscribe in the subject line. Please note that you will continue to receive communications about your Spreedly account including billing invoices and usage notifications.
3. Sharing and disclosure of information
We are not allowed to disclose personal information without your written permission and will never sell or rent your personal information to marketers.
We will only disclose personal information in response to a request if we believe in good faith that it is necessary to comply with any applicable law or legal requirement. We will use reasonable efforts to provide you prompt notice prior to such disclosure so that you can contest the requirement if you choose unless we determine in good faith that: (i) we are not permitted to provide you such notice under any applicable law; or (ii) giving such notice would result in an imminent risk of death, serious injury or significant property loss or damage to Spreedly or a third party.
4. Data retention
Personal information we collect and use for any purpose or purposes shall not be retained for longer than is necessary for that purpose or those purposes.
Spreedly owns the data storage, databases and all rights to the Spreedly application, but we make no claim to the rights of your data. You retain all rights to your data and we will never contact your clients directly, or use your data for our own business advantage or to compete with you or market to your clients.
To offer our service we are required to retain certain data you provide us to ensure transactions are processed correctly, to identify fraudulent activity, and to comply with applicable laws and regulations. Accordingly, even if you close your Spreedly account and we export your data to a third party, we will retain certain information as necessary to meet these obligations.
5. Credit Card transactional data
Spreedly sits in a unique position, seeing credit card transactional data from a wide range of global credit cards running across a diverse set of financial payment providers. In an attempt to help improve the performance of payment networks, Spreedly may aggregate credit card transactional information and may sell that aggregated data to interested third parties.
"Interested third parties" are customers of our data as a service (DaaS) offering. They are typically focused on comparing their experience of credit card transaction service (specifically, success and decline rates and gateway latency) to the industry overall, with an eye to reducing decline rates and thus improving the payment experience for all involved. By "aggregated data" we mean data collected at the gateway level across all merchants transacting through that gateway.
We DO NOT collect or share any personal identifying information of any individual (such as name, address, credit card or social security number, or other identifiers), any data concerning any Spreedly merchant customer, or any type of Stock Keeping Unit identification code or other information that indicates what product or service was purchased.
6. Security and protection of information
The security of your personal information is important to us. We take all reasonable steps and follow generally accepted industry standards to ensure that the personal information we hold is protected from misuse, interference, loss, unauthorized access, modification or disclosure by the use of various methods including access limitation, and industry-standard Transport Layer Security (TLS) encryption technology.
We take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up-to-date, relevant and stored securely. Security safeguards include data encryption, firewalls, and physical access controls to building and files. Spreedly’s systems are certified as Level 1 PCI compliant and all data retention and credit card information is maintained in accordance with the PCI standards as determined by the PCI Security Standards Council.
You are responsible for the use and safeguarding of any login ID that we issue to you regarding the use of the Website or our service and any associated passwords. It is important for you to protect against unauthorized access to your login ID and password, to other sensitive data regarding your account with us, and to your computer and systems.
Spreedly provides some or all of its service from systems located outside of Europe. Accordingly, any European merchants and/or merchants collecting information from European persons by using Spreedly’s service must disclose to their customers that personally identifiable information may be transferred, processed and stored outside of Europe.
Spreedly maintains strict administrative technical, and physical procedures to protect information stored in our servers, which are located in the United States, and access to personal information is limited to only those employees who require it to perform their job functions.
No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
If you have any questions about security on our Website, you can send email us at firstname.lastname@example.org.
7. EU-U.S. and Swiss-U.S. Privacy Shield Policy
In cases of onward transfers to third parties of data of EU or Swiss individuals received pursuant to the EU-US and Swiss-U.S. Privacy Shield, Spreedly Inc., is potentially liable, unless Spreedly., proves that it is not responsible for the event giving rise to the damage.
Inquiries & Complaints
For more information on filing a complaint with JAMS, please visit: https://www.jamsadr.com/eu-us-privacy-shield.If your complaint is not resolved through the above channel, in certain limited circumstances you may qualify to invoke binding arbitration before the ‘Privacy Shield Panel’ set up by the US Department of Commerce and the European Commission.
We reserve the right to modify this privacy statement at any time, so please review it occasionally to ensure you're still in agreement with its provisions. If we make material changes to this policy, we will notify you here or by means of a notice on our Website so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. You agree that electronic disclosures and notices have the same meaning and effect as if we had provided you with a paper copy.
9. Questions; Access, Corrections and Complaints
Merchants can correct their personal information by logging into their Spreedly account and updating their account information. For all other corrections please contact us at email@example.com.
Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to request confirmation of whether Spreedly processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
- The right to request that Spreedly rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
- The right to request that Spreedly erase your Personal Data in certain circumstances provided by law;
- The right to request that Spreedly restrict the use of your Personal Data in certain circumstances, such as while Spreedly considers another request that you have submitted (including a request that Stripe make an update to your Personal Data); and
- The right to request that we export to another company, where technically feasible, your Personal Data that we hold in order to provide Services to you.
Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
In order to exercise your data protection rights, you may contact Spreedly support. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.
If you are a Customer of a Spreedly Customer please direct your requests directly to them. For example, if you are making, or have made, a purchase from a merchant using Spreedly, and you have a request that is related to the payment information that you provided as part of the purchase transaction, then you should address your request directly to the merchant.
Contact Us and we'll get your questions answered.