Privacy Policy

This document was last updated on February 2nd, 2026

Seamless Payments, Inc. (“SeamlessPay,” “we,” “our,” or “us”) provides payment processing, tokenization, fraud prevention, payment orchestration, authentication, and related financial technology infrastructure services (collectively, the “Services”).

This Privacy Policy explains how we collect, use, disclose, safeguard, and otherwise process personal data in connection with:

• Our website at seamlesspay.com
• Merchant payment processing services
• APIs, dashboards, developer tools, and integrations
• Fraud prevention, authentication, and compliance programs
• Sales, marketing, and business relationship activities


This Privacy Policy is designed to reflect the transparency, security, and regulatory expectations applicable to modern payment infrastructure providers and should be read together with the SeamlessPay Services Agreement and applicable Data Processing Addendum (“DPA”).

1. Roles: Data Controller vs Data Processor

Depending on context, SeamlessPay acts either as a data processor/service provider or a data controller/business.

A. When SeamlessPay Acts as a Data Processor
We act as a processor when providing payment processing and related services to merchants. In this role:

• Merchants determine the purposes and legal bases for processing customer personal data.
• SeamlessPay processes personal data solely to provide contracted Services, comply with law, maintain security, and operate payment infrastructure.
• Processing activities are governed by our Services Agreement and applicable DPA.

B. When SeamlessPay Acts as a Data Controller
We act as a controller when determining purposes of processing, including:

• Website operation and analytics
• Merchant onboarding, underwriting, and account administration
• Fraud detection, platform security, and risk monitoring
• Regulatory compliance (AML, sanctions, KYC, tax, card network rules)
• Marketing communications and business development

Merchants remain responsible for providing privacy disclosures to their customers where required.

2. Personal Data We Collect

A. Information Provided Directly
We may collect:

• Names, business contact details, and communications
• Merchant application and onboarding data
• Ownership, beneficial owner, and KYC information
• Government-issued identification where legally required
• Bank account and payout information
• Support inquiries, feedback, and correspondence


B. Payment & Transaction Data
When Services are used:

• Transaction metadata, timestamps, and amounts
• Tokenized payment credentials and authentication signals
• Authorization/decline indicators
• Fraud prevention data, including behavioral or device signals
• Chargeback, dispute, and reconciliation information


SeamlessPay is designed to minimize storage of raw cardholder data and primarily relies on tokenization and PCI-aligned infrastructure except where operational, regulatory, or security obligations require limited retention.

C. Automatically Collected Information
When interacting with our platform or website:

• IP address, browser, device identifiers
• Usage logs, session activity, and diagnostic data
• Cookie and tracking technology data


D. Information from Third Parties
We may receive data from:

• Card networks, issuing/acquiring banks, and payment partners
• Identity verification and compliance providers
• Fraud detection services
• Public records, sanctions databases, and regulators
• Marketing and analytics partners

3. Legal Bases for Processing (GDPR / UK GDPR)

Where applicable, SeamlessPay processes personal data under the following legal bases:

Contractual Necessity

• Providing payment processing and authentication Services
• Merchant onboarding, reporting, and settlement


Legal Obligations

• Anti-money laundering (AML), KYC, sanctions compliance
• Card network rules and financial regulations
• Tax, accounting, and regulatory reporting


Legitimate Interests

• Fraud prevention and platform security
• Risk management and operational integrity
• Product improvement and analytics
• Protection of merchants, consumers, and payment ecosystem participants


Consent

• Marketing communications where required
• Non-essential cookies and tracking technologies where applicable

4. How We Use Personal Data

We use personal data to:

• Provide payment processing, tokenization, and authentication services
• Facilitate authorization, settlement, reconciliation, and reporting
• Detect, prevent, and investigate fraud or prohibited activities
• Comply with legal, regulatory, and card network requirements
• Support merchant onboarding and account administration
• Improve platform performance, reliability, and security


Communicate operational or marketing information where permitted

5. Automated Processing and Risk Scoring

SeamlessPay operates infrastructure supporting fraud detection, transaction authentication, and payment optimization.

These systems:

• Generate risk signals and fraud indicators
• Support routing and authentication decisions
• Enhance transaction security and approval performance


SeamlessPay generally does not independently make final authorization or settlement decisions; those decisions are typically made by financial institutions, card networks, or merchants.

6. Data Sharing and Disclosure

Personal data may be shared with:

Financial Ecosystem Participants

• Banks, payment processors, and card networks
• Authentication and fraud prevention partners
• Chargeback, reconciliation, and dispute providers


Service Providers and Subprocessors
We may engage vetted subprocessors providing:

• Cloud hosting and infrastructure
• Identity verification and compliance services
• Analytics, monitoring, and customer support tools

Subprocessors are contractually bound to confidentiality, security, and data protection obligations.

Legal and Regulatory Authorities
Where required to:

• Comply with law or regulatory obligations
• Protect rights, safety, or security
• Prevent fraud or financial crime


Corporate Transactions
In connection with mergers, financing, acquisitions, or asset transfers.
SeamlessPay does not sell personal data for monetary compensation.

7. International Data Transfers

Payment infrastructure is inherently global. Personal data may be transferred outside the country of collection, including to the United States.

Where required, safeguards may include:

• Standard Contractual Clauses (SCCs)
• UK International Data Transfer Addendum
• Adequacy decisions or equivalent legal mechanisms


These safeguards are designed to ensure appropriate protection of personal data.

8. Data Retention

We retain personal data only as long as necessary to:

• Provide Services
• Meet contractual obligations
• Comply with legal, regulatory, and card network requirements
• Prevent fraud and maintain security
• Resolve disputes and enforce agreements


Deletion may not be immediate due to backup systems, fraud monitoring needs, or regulatory retention obligations.

9. Security Measures

SeamlessPay maintains administrative, technical, and organizational safeguards appropriate for payment infrastructure providers, including:

• Encryption in transit and at rest where appropriate
• PCI-aligned infrastructure and controls
• Access controls and authentication safeguards
• Continuous monitoring, logging, and risk detection
• Incident response and security governance procedures


No system is completely secure, and ecosystem dependencies may introduce risks outside our direct control.

10. Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

• Access personal data
• Correct inaccuracies
• Request deletion (subject to legal obligations)
• Restrict or object to processing
• Data portability
• Withdraw consent where applicable
• Lodge complaints with a supervisory authority


Requests may be submitted to: privacy@seamlesspay.com

Identity verification may be required.

For transaction-specific requests, contacting the relevant merchant first is often most effective.

11. California Privacy Rights (CCPA/CPRA)

California residents may have rights to:

• Know what personal information is collected and disclosed
• Request deletion of personal information (subject to exceptions)
• Correct inaccurate information
• Limit use of sensitive personal information where applicable
• Opt out of “selling” or “sharing” personal information

SeamlessPay does not sell or share personal information as defined under the California Consumer Privacy Rights Act.

Requests may be submitted via privacy@seamlesspay.com.

We will not discriminate against individuals exercising privacy rights.

12. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Authentication and security
• Fraud prevention
• Performance monitoring and analytics
• Service functionality
• Marketing where permitted


Where required, cookie preferences may be managed through our consent management tools.

13. Children’s Privacy

Our Services are intended for businesses and adults. We do not knowingly collect personal data from individuals under 18.

14. Third-Party Links

Our website may contain links to third-party sites. SeamlessPay is not responsible for their privacy practices.

15. Updates to This Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised effective date. Continued use of the Services indicates acceptance of the updated policy.

16. Contact Information

Seamless Payments, Inc.
2810 N Church St
Wilmington, DE 19802

Email: privacy@seamlesspay.com
Website: https://seamlesspay.com

Important Notice
This Privacy Policy is provided for transparency purposes and does not expand SeamlessPay’s contractual liability beyond limitations set forth in the Services Agreement, Data Processing Addendum, or applicable law.

Additional GDPR and UK GDPR Disclosure

This section supplements the SeamlessPay’s Privacy Policy and applies where Personal Data is subject to the European Union General Data Protection Regulation (“GDPR”), the UK GDPR, or similar Data Protection Laws. It is intended to provide transparency regarding how SeamlessPay processes Personal Data in connection with its payment infrastructure Services.

Nothing in this section expands SeamlessPay’s contractual liability beyond the limitations set forth in the SeamlessPay Services Agreement or applicable Data Processing Addendum.

Roles of the Parties

Depending on the context in which Personal Data is processed:

• SeamlessPay generally acts as a Data Processor or Service Provider when processing Personal Data on behalf of merchants using the Services.
• SeamlessPay may act as a Data Controller for limited purposes including website operations, account administration, platform security, fraud prevention analytics, and regulatory compliance.

Merchants remain responsible for providing appropriate privacy disclosures to their customers and establishing lawful bases for data collection.

Categories of Personal Data Processed

Depending on how the Services are used, SeamlessPay may process:

• Transaction metadata and payment-related information;
• Tokenized payment credentials;
• Authentication data, including fraud prevention signals;
• Device, browser, and session information;
• Business contact and account information;
• Technical logs and system usage data.

SeamlessPay generally does not store raw cardholder data unless required for operational security, compliance, or legal obligations.

Purposes and Legal Bases for Processing

Personal Data may be processed on the following legal bases:

Contract Performance
Processing necessary to:

• Provide payment orchestration and authentication services;
• Enable integrations and reporting;
• Maintain platform functionality.

Legitimate Interests
Including:

• Fraud prevention and detection;
• Platform security and operational integrity;
• Risk management and analytics;
• Protection of merchants, Financial Institutions, and payment ecosystem participants.

These interests are balanced against individual privacy rights.

Legal Obligations
Processing necessary to:

• Comply with Payment Network rules;
• Meet anti-money laundering or sanctions requirements;
• Respond to regulatory inquiries or lawful requests.

Consent (Where Applicable)
Where legally required, consent may be obtained either directly by SeamlessPay or by merchants using the Services.

Automated Decision-Making and Profiling

SeamlessPay provides infrastructure supporting fraud detection, authentication, and risk scoring. However:

• SeamlessPay does not independently make decisions producing legal or similarly significant effects on individuals.
• Final authorization, settlement, or dispute decisions are typically made by Financial Institutions, Payment Networks, or merchants.

Where automated tools are used, they are designed primarily for fraud prevention, authentication support, and security monitoring.

Data Sharing and Recipients

Personal Data may be shared with:

• Financial Institutions and Payment Networks;
• Authentication providers and fraud detection vendors;
• Cloud infrastructure providers and Subprocessors;
• Regulators, supervisory authorities, or law enforcement where required.

Such sharing is limited to what is necessary to provide Services, maintain security, or comply with legal obligations.

International Data Transfers

Because payment infrastructure operates globally, Personal Data may be transferred outside the European Economic Area or United Kingdom.

Where required, safeguards may include:

• European Commission Standard Contractual Clauses;
• UK International Data Transfer Addendum;
• Comparable lawful mechanisms.

These safeguards are intended to ensure appropriate protection of Personal Data during international processing.

Data Retention

Personal Data is retained only as long as necessary for:

• Providing the Services;
• Security and fraud prevention;
• Compliance with legal and regulatory obligations;
• Enforcement of contractual rights.

Immediate deletion may not always be technically feasible due to backup systems, fraud monitoring requirements, or regulatory retention obligations.

Data Subject Rights

Individuals may have rights under GDPR or UK GDPR including:

• Access to Personal Data;
• Correction of inaccurate information;
• Erasure where legally permitted;
• Restriction of processing;
• Data portability;
• Objection to certain processing activities.

Requests relating to merchant transactions should generally be directed first to the relevant merchant. SeamlessPay will reasonably assist where appropriate.

Individuals also have the right to lodge a complaint with a supervisory authority in their jurisdiction.

GDPR Privacy Contact

For questions regarding this GDPR disclosure, Personal Data processing practices, or to exercise applicable data protection rights where appropriate, you may contact:

SeamlessPay Privacy Team

• privacy@seamlesspay.com
• seamlesspay.com

SeamlessPay will respond to inquiries in accordance with applicable Data Protection Laws.

Security Disclosure Alignment

SeamlessPay maintains commercially reasonable administrative, technical, and organizational safeguards appropriate for payment infrastructure services. However:

• No system is completely secure;
• Security responsibilities are shared across ecosystem participants;
• Third-party infrastructure dependencies may introduce risks.

Liability Alignment

This GDPR disclosure is provided for transparency purposes only and does not expand SeamlessPay liability beyond the limitations set forth in:

• The Services Agreement;
• The Data Processing Addendum;
• Applicable law.