Privacy Policy

Spartan Pay, a product of Spartan Media LLC ("Company," "we," "us," or "our"), is committed to protecting the privacy and security of your personal and business information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our payment processing services and visit our website.

By using our services, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our services.

1. Information We Collect

We collect the following categories of information during the merchant onboarding process and ongoing service delivery:

1.1 Business Information

• Legal business name and DBA (doing business as) name
• Business type and industry classification
• Employer Identification Number (EIN)
• Business address, phone number, email, and website
• Estimated monthly processing volume and average transaction amount
• Transaction type breakdown (swiped, keyed, e-commerce)

1.2 Owner / Principal Information

• Full legal name, title, and ownership percentage
• Social Security Number (SSN)
• Date of birth
• Driver's license number and issuing state
• Residential address, phone number, and email

1.3 Banking Information

• Bank name and ABA routing number
• Demand deposit account (DDA) number
• Account type (checking or savings)

1.4 Technical Information

• Browser type, IP address, and device information when visiting our website
• Usage data including pages visited and interactions with our platform
• Cookies and similar tracking technologies (see Section 7)

2. How We Use Your Information

We use the information we collect for the following purposes:

• Merchant Onboarding: Submitting your application to North (formerly PaymentsHub) for underwriting, KYC (Know Your Customer) verification, and merchant account creation
• Payment Processing: Facilitating the processing of credit card, debit card, and other electronic payment transactions
• Account Management: Managing your merchant account, providing customer support, and communicating service updates
• Compliance: Meeting legal and regulatory obligations, including anti-money laundering (AML) and anti-fraud requirements
• Communication: Sending transactional emails such as application confirmations, status updates, and important service notifications
• Service Improvement: Analyzing usage patterns to improve our platform and services

3. Information Sharing and Disclosure

We do not sell your personal information. We share your information only in the following circumstances:

3.1 Payment Processing Partner

We share your business, owner, and banking information with North (formerly PaymentsHub), our payment processing partner, for the purpose of underwriting, merchant account creation, and ongoing transaction processing. North operates under its own privacy policy and is subject to PCI DSS compliance requirements.

3.2 Service Providers

We use the following third-party service providers to operate our platform:

• Supabase: Secure cloud database for storing merchant application data. Data is encrypted at rest and in transit.
• Resend: Transactional email delivery for application confirmations and notifications.
• Vercel: Website hosting and deployment platform.
• Google Maps Platform: Address autocomplete during the onboarding process. Address data is transmitted to Google for geocoding purposes.

3.3 Legal Requirements

We may disclose your information when required to do so by law, in response to a valid subpoena, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such change via email or a prominent notice on our website.

4. Data Security

We take the security of your information seriously and implement industry-standard measures to protect it:

• PCI DSS Compliance: Our payment processing infrastructure adheres to Payment Card Industry Data Security Standard requirements. Sensitive cardholder data is handled exclusively by our PCI-compliant processing partner, North.
• Encryption: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security). Sensitive data stored in our database is encrypted at rest.
• Sensitive Field Protection: SSN, bank account numbers, and routing numbers are not stored in browser local storage. These fields use masked input and are transmitted securely only during form submission.
• Access Controls: Access to merchant data is restricted to authorized personnel on a need-to-know basis. Our database uses row-level security (RLS) policies.
• Server-Side Credentials: All API credentials for payment processing are stored server-side and are never exposed to the browser or client-side code.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

5. Data Retention

We retain your information for as long as your merchant account is active and as needed to provide you with our services. After account termination, we retain your information for the following periods:

• Transaction records: Retained for a minimum of 7 years as required by financial regulations and card network rules
• Merchant application data: Retained for 5 years after account closure for compliance and audit purposes
• Incomplete applications: Draft application data stored in browser local storage expires automatically after 24 hours

After the applicable retention period, your information is securely deleted or anonymized.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request a copy of your data in a machine-readable format
• Opt-Out: Opt out of non-essential communications at any time

To exercise any of these rights, please contact us using the information provided in Section 9. We will respond to your request within 30 days. Note that certain requests may be subject to limitations where we are required to retain information for legal or regulatory purposes.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience. These include:

• Essential Cookies: Required for the website to function properly, including form state management and session handling
• Local Storage: Used to temporarily save onboarding form progress (excluding sensitive fields like SSN and bank account numbers) with a 24-hour expiration
• Analytics: We may use analytics tools to understand how visitors interact with our website in order to improve our services

8. Children's Privacy

Our services are intended for use by businesses and individuals who are at least 18 years of age. We do not knowingly collect personal information from children under the age of 13. If we learn that we have collected information from a child under 13, we will promptly delete it.

9. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will post the updated policy on this page with a revised "Last updated" date. We encourage you to review this Privacy Policy periodically.

For material changes that affect how we handle your personal information, we will provide notice via email or a prominent notice on our website prior to the changes taking effect.