Privacy Policy


Updated October October 24th, 2022

This Privacy Policy explains how PAYWHIRL, a corporation organized and existing under the laws of the State of California, collects, uses, discloses, and protects Subscribers' Personal Data (defined below). This Privacy Policy explains which information we collect, use, and process, and what options are available with regard to Personal Data. All capitalized items not defined in this Privacy Policy shall have the meanings set forth in the Terms of Use.

“Personal Data” means any data relating to an identified or identifiable natural person. This policy applies to any individual who is the subject of and owns any Personal Data that we collect when you access, register and/or use PAYWHIRL software or otherwise interact with PAYWHIRL in any manner described below. PAYWHIRL is compliant with applicable laws in the countries in which it operates. By using the PAYWHIRL service or interacting with PAYWHIRL as described below, Subscribers acknowledge that they are aware of this Privacy Policy. Residents of certain jurisdictions may have additional questions regarding their Personal Data under the laws of those jurisdictions. If you are a resident of California, please refer to the Section 10 - California Privacy Rights below. 

PAYWHIRL reserves the right to modify this Privacy Policy at any time, so please review it frequently. If we make material changes to this policy, we will notify you by email, on the Hosted Service or by means of a notice on our homepage, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

1. Information PAYWHIRL Collects

Through our Services, we collect Customer Data:

Our Hosted Service is primarily intended for use by Merchants. Where our Hosted Service is made available to Subscribers, we collect Customer Data on behalf of relevant Merchants. Under those circumstances, the Merchant is the data controller of their Customer Data and must have an accurate privacy policy that complies with all applicable laws and regulations. Subscribers should contact that Merchant with questions or requests regarding their Customer Data, as the Merchants’ privacy practices may differ from this Privacy Policy. Additionally, Merchants’ stores may be hosted on e-commerce platforms. Where this is the case, you may also want to read the e-commerce platform’s terms of service and privacy policy. If you are a Subscriber, you should contact your relevant Merchant with any questions or requests regarding your Customer Data.

PAYWHIRL collects the email addresses of people who send us emails. We also collect information on what pages Merchants access and information provided to us by Merchants via surveys and the Registration Process. Such information may contain Personal Data about you, including your address, phone numbers, and credit card numbers.

The types of information we may collect from Merchants and their respective Subscribers are as follows:

2. Sources of Personal Data

Where requested, or when Merchants configure the application to collect such data from customers. In the preceding twelve (12) months since this notice was last updated, we have collected data from the following categories of sources: 

When you complete the Registration Process for the Hosted Service, we ask for your name, company name, email address, billing address and credit card information. Members who sign up for the free account are not required to enter a credit card; however, if you want to enable your checkout process, you must provide your credit card information.

3. Data Use.

3.1 Services. PAYWHIRL will not disclose Personal Data without that Merchant's written permission. However, certain Personal Data collected from you, and about you, is used within the context of providing the Hosted Service to you.

PAYWHIRL uses Personal Data to authorize Merchants' access to PAYWHIRL services, to provide customer support, to manage Merchants' accounts, and send Merchants technical notices, updates, security alerts and support and administrative messages. PAYWHIRL may share your Personal Data in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of PAYWHIRL's Terms of Use, or as otherwise required by law.

PAYWHIRL may also carry out any other purpose for which the data was collected, to the extent such purpose is necessarily contemplated by the collection of such information or as otherwise notified in the Hosted Service at the time of collection.

PAYWHIRL uses 3rd party services to help us provide the Hosted Service effectively (e.g. maintenance, analysis, audit, transactions, archiving, and marketing and development). These 3rd party services will have access to Merchants’ Personal Data as reasonably necessary to perform these tasks on the behalf of PAYWHIRL and are obligated not to disclose or use it for other purposes.

PAYWHIRL utilizes 3rd party services to store all information regarding Merchants' actions on their account for the purpose of reconstructing the Hosted Service should PAYWHIRL have a system crash resulting in loss of data.

3.2 Communications. PAYWHIRL will avail itself of Merchants’ email addresses to get in contact with those Merchants.

As part of the buying and selling process on the Hosted Service, the Merchants from which you are purchasing a product or service will receive your email address and/or shipping address. With respect to your Personal Data, PAYWHIRL grants a license to that Merchant to use the information only for Hosted Service-related communications that are not unsolicited commercial messages.

3.3 Advertising. PAYWHIRL targets, and measures the performance of, ads to Merchants, visitors and others both on and off the Hosted Service directly or through a variety of partners. PAYWHIRL is using data from advertising technologies on and off the Hosted service, like cookies and session information.

3.4 Cookies. A cookie is a small amount of data, including an anonymous unique identifier. Sites may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them). Cookies are sent to your browser from a Web site and stored on your computer's hard drive. We assign every computer that accesses our Web site a different cookie.

We use two categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third-party cookies, which are served by service providers or business partners on our Sites, and can be used by these parties to recognize your computer or mobile device when it visits other websites.  Third-party cookies can be used for various purposes, including site analytics, advertising, and social media features.

On our Sites, we use cookies and similar tracking technologies in the following categories described below.

Necessary - These cookies are required to allow the technical operation of our Services (e.g. they enable you to move around on a website and to use its features).

Targeting - Advertising companies use these cookies to collect information about how you use our Sites and other websites over time. These companies use this information to show you ads they believe will be relevant to you within our Services and elsewhere and to measure how the ads perform.

Cookies can be used to track Merchants' and visitors' sessions on our Web site and to serve customized ads from Google and other 3rd party vendors. When you visit this Web site, you may view advertisements posted on the site by Google or other 3rd parties. Through 1st party and 3rd party cookies, these 3rd parties may collect information about you while you are visiting this Web site and other Web sites. They may use this data to show you advertisements on this Web site and across the Internet based on your prior visits to this Web site and elsewhere on the Internet. We do not collect this information or control the content of the advertisements that you will see.

We use a service provided by Google called Google Analytics ("GA"). GA permits us to reach people who have previously visited our site and show them relevant advertisements when they visit other sites across the Internet in the Google Display Network. This is often called ‘re-marketing'.

For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit https://www.allaboutcookies.org. If you do not accept our cookies, you may experience some inconvenience in using our Sites.  For example, we may not be able to recognize your computer or mobile device, and you may need to log in every time you visit our Sites.

3.5 Other Technologies. In addition to cookies, our Sites may use other technologies, such as Flash technology to pixel tags to collect information automatically.

Browser Web Storage - We may use browser web storage (including via HTML5), also known as locally stored objects (“LSOs”), for similar purposes as cookies.  Browser web storage enables the storage of a more significant amount of data than cookies. Your web browser may provide the functionality to clear your browser’s web storage.

Flash Technology - We may use Flash cookies (which are also known as Flash Local Shared Objects (“Flash LSOs”)) on our Sites to collect and store information about your use of our Sites.  Unlike other cookies, Flash cookies cannot be removed or rejected via your browser settings.  If you do not want Flash LSOs stored on your computer or mobile device, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel.  You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions.  Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including Flash applications used in connection with our Sites.

Web Beacons - We may also use web beacons (known as pixel tags and clear GIFs) on our Sites and in our HTML-formatted emails to track Merchants’ and visitors’ actions on our Sites and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML-formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of the Sites, so that we can manage our content more effectively.

3.6 Managing Cookies and Similar Tracking Technologies. You can control and manage cookies and similar tracking technologies in various ways.  Please remember that removing or blocking cookies and similar tracking technologies can negatively impact your user experience, and parts of our Sites may no longer be fully accessible. Your options for controlling what information cookies and similar tracking technologies collect about you include the following:

Your mobile device settings may provide additional functionality to limit the use of the advertising ID associated with your mobile device for interest-based advertising purposes.

Your use of the PAYWHIRL website without opting out means that you understand and agree to data collection to provide you with re-marketing ads using GA and cookies from other 3rd party vendors based on your prior visits to this website and elsewhere on the Internet. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms linked above.

4. Data Sharing Method and Purpose.

PAYWHIRL will only use and disclose Personal Data internally in order to:

PAYWHIRL may disclose any information collected about you, whether you are a current or former customer, with law enforcement, data protection authorities, government officials, and other authorities when:

PAYWHIRL may also share your Personal Data with a 3rd party in the event that PAYWHIRL is acquired by, or merged with, another company. Under these circumstances, PAYWHIRL will notify you by email or by placing a prominent notice on the Hosted Service before Personal Data about you is transferred and becomes subject to a different privacy policy.

4.1 Sharing Data With 3rd Party Service Providers.

4.1.1 PAYWHIRL Service. PAYWHIRL shares some of your personal data with 3rd Party Applications, defined in Section 3.11 - Payment Gateway Service Provider of PAYWHIRL's Terms of Use, that are linked to the Hosted Service for the purpose of processing credit card transactions. The following provides a list of those Payment Gateway Service Providers as well as a link to their Privacy Policies:

PAYWHIRL shares Merchant email addresses with 3rd party product and service providers, such as the business for which you are conducting your commercial transaction, in order to facilitate that transaction.

PAYWHIRL also shares some Merchant data with 3rd party service providers (“Subprocessors”) for analytic purposes in order to provide the best user experience. The following provides a list of those 3rd party Subprocessors as well as al link to their privacy policies.

4.1.2 Communications. PAYWHIRL uses your information when sending communications to you.

4.1.3 Disclosure. PAYWHIRL requires any company with which we may share Personal Data to protect that data in a manner consistent with this Privacy Policy and to limit the use of such Personal Data to the performance of services for PAYWHIRL. We do not sell or otherwise provide Personal Data to other companies for the marketing of their own products or services.

5. Legal Basis for Processing Data.

PAYWHIRL collects, uses and shares data in the manner described in the previous sections of this Privacy Policy.

PAYWHIRL will only collect and process personal data about you where we have a lawful purpose to do so. Lawful purposes include consent (where you have authorized us to do so), contractual obligation (where processing your data is necessary for the performance of our contractual obligations with PAYWHIRL Merchants - available in our Terms of Use on the PAYWHIRL website), legal obligation (where European Union or a Member State's law requires PAYWHIRL to do so), "public interest" as defined in the General Data Protection Plan (GDPR), "vital interests" (where it is necessary for the protection of an individual) and "legitimate interests" as defined in the General Data Protection Regulation (GDPR).

Where you have provided consent to process your Personal Data, you have the right to withdraw or decline your consent at any time. Where we rely on legitimate interests, you have the right to object.

6. Merchant Choices and Obligations.

6.1 Data Retention. PAYWHIRL takes measures to delete your Customer Data or keep it in a de-identified form when your Customer Data is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the specific retention period, consider various factors, such as the type of services provided to you, the nature and length of our relationship with you, and any mandatory retention periods provided by law and the statute of limitations.

6.2 Accessing and Controlling Your Personal Data. Regarding your Personal Data, you have the following options:

You can request any of the above-mentioned actions by sending an email to team@paywhirl.com.

In relation to all procedures relating to PAYWHIRL's collection, processing and storage of your Personal Data, you have the right to appeal to the supervisory authority of the European Union (EU) Member State in which you reside.

6.3 Account Information and Account Deletion. You may access and review or update your account information at any time by logging into your account.

If you choose to close your PAYWHIRL account, please contact us at team@paywhirl.com. Your account will be deleted and your Personal Data will be erased within 30 days of receiving your request.

PAYWHIRL retains your Personal Data even after you have closed your account if reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse or enforce our Terms of Use. PAYWHIRL will retain de-personalized and fully encrypted information after your account has been deleted.

7. Security.

PAYWHIRL implements reasonable security practices and procedures to help protect the confidentiality and security of your information, including any non-public Customer Data.

The security of your Personal Data is important to us. PAYWHIRL protects your information using reasonable physical, technical and administrative security measures, including by limiting access to your information to employees that require knowledge of that information. To ensure your Personal Data is secure, PAYWHIRL communicates its privacy and security guidelines to its employees and strictly enforces privacy safeguards within the company. Additionally, when you enter sensitive information, such as your credit card number, on our registration form, we encrypt the transmission of that information using secure socket layer technology (SSL). Credit card information is not stored on PAYWHIRL's servers. 

No method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

8. Children’s Privacy. By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence, and you have given us your consent to allow any of your minor dependents to use this site.

We do not knowingly collect, maintain, or use Customer Data from children under 13 years of age, and no part of our Services are directed to children under 13. If you learn that a child has provided us with Customer Data violating this Policy, you may notify us at team@paywhirl.com.

9. External Links. When you use our Website and Services, you may find links to other websites we don’t own or control. We are not responsible for the content or any other aspect of these third-party sites, including their collection of your Personal Information. Before proceeding to that site, you should review its terms and conditions and privacy policies.

10. California Privacy Rights. Under the California Consumer Privacy Act (“CCPA”), residents of the state of California, USA, have the following rights in addition to the choices described above in this Policy, where applicable. If you are a Subscriber, please contact the relevant Merchant directly for information about how to exercise your privacy rights. Additionally, if you interacted with PAYWHIRL in your capacity as an employee or agent of a Merchant, this section and the rights explained herein do not yet apply to you. This section does not address or apply to our handling of Personal Data exempt under the CCPA.
Categories of Personal Data Collected and Disclosed: 

Right to Know: With respect to the Personal Data we have collected about you in the past 12 months, you have the right to request from us (up to twice per year and subject to certain exemptions):

        Right to Access: You also may have the right to receive a copy of the specific pieces of your Personal Data we have collected.
Right to Delete: Subject to certain conditions and exceptions, you may have the right to request the deletion of Personal Data that we have collected about you.
Right to Opt-Out of Sale: The CCPA requires notice and an opportunity to opt-out from certain disclosures of Personal Data considered a “sale” as defined in the CCPA. A “sale” includes disclosing or making available Personal Data to a third party in exchange for monetary or other valuable consideration. We do not “sell” Personal Data under this definition.
“Shine the Light” Disclosure: We do not disclose Personal Data to third parties for their direct marketing purposes.
Right to Non-Discrimination: We will not discriminate against you for exercising any of the rights described in this section.
Authorized Agent: You may designate someone as an authorized agent to submit requests and act on your behalf. To do so, you must provide us with written permission to allow the authorized agent to act on your behalf.
Submitting Privacy Rights Requests: Please note if you are a Subscriber, you must contact the relevant Merchant directly about your privacy rights. Additionally, if you interacted with PAYWHIRL in your capacity as an employee or agent of a Merchant, these rights do not yet apply to you. You may exercise your rights by mailing us a request at 9452 Telephone Rd. #140, Ventura, CA 93004. We will take steps to verify your request by matching the information provided by you with the information in our records. You must provide the following information with your request: (1) first and last name, (2) email address, and (3) phone number for verification. In some cases, we may request additional information to verify your request or, where necessary, to process your request. If we cannot verify a request adequately, we will notify the requestor.

11. International Data Transfers. The Services are hosted in the United States and are intended for visitors located within the United States. If you choose to use the Services from regions of the world with laws governing data collection and use that may differ from U.S. law, please note that you are transferring your Personal Data outside of those regions to the United States for storage and processing, which may not have the same data protection laws as your jurisdiction.

If you are based in the EEA or Switzerland, your Personal Data may also be held, processed, and accessed outside the EEA or Switzerland to countries that have not been determined by the European Commission to provide an adequate level of data protection, for instance the United States. In any such transfer, we will put in place appropriate data protection safeguards. Also, our third-party service providers or we may transfer your data from the U.S. to other countries or regions in connection with storing and processing of data, fulfilling your requests, and operating the Services. 

If you have any questions or concerns regarding this Privacy Policy, please contact us at team@paywhirl.com.

Updated October October 24th, 2022