1. Who we are
Payment Gurus LLC ("Payment Gurus," "we," "us," "our") is a merchant services company headquartered at our offices in Troy, Michigan. We provide payment processing, point-of-sale systems, payment terminals, ATM programs, and related financial services to businesses across the United States.
We're a registered Independent Sales Organization (ISO) of Woodforest National Bank (Houston, TX — Member FDIC) and Citizens Bank, N.A. (Providence, RI — Member FDIC). That relationship matters for this privacy policy because some of the information you give us is shared with our banking partners and the card networks they connect to. Details below.
This policy applies to information collected through paymentgurus.com, our forms, our phone and email channels, and the merchant onboarding process.
2. What information we collect
Information you give us directly
- Contact form data — when you fill out our contact form or request a statement analysis, we collect your name, business name, email, phone number, and any details you provide about your business.
- Merchant application data — if you apply for a merchant account, we collect what's required by our banking partners and the card networks: legal business name, DBA, business address, federal tax ID (EIN or SSN for sole proprietors), date of business formation, ownership information (including SSN, date of birth, home address, and photo ID for beneficial owners and signers), bank account information for funding, business website, processing volume estimates, and prior processing history.
- Statements and financial documents — when you send us a current processing statement for analysis or send documents during underwriting (bank statements, tax returns, voided checks), we receive everything in those documents.
- Email and call records — emails to support@paymentgurus.com are stored in our ticketing system. Phone calls may be recorded for quality and training (we'll tell you at the start of the call).
Information collected automatically when you visit our website
- Technical data — IP address, browser type, device type, operating system, referring URL, pages visited, time on page, and timestamp.
- Cookies and similar technologies — see Section 5.
Information from third parties
- Underwriting data — during merchant account approval, our banking partners run credit checks, OFAC/PEP screening, background checks on principals, and match against the MATCH list (the card network's list of terminated merchants). We receive the results.
- Processing data — once you're approved and active, we receive transaction-level processing data from our partners (Fiserv, CardConnect, processors used by Woodforest and Citizens) for the purpose of servicing your account.
3. How we use your information
We use the information we collect to:
- Respond to your inquiries — answering questions, sending quotes, analyzing your processing statements.
- Process your merchant application — submitting it to our banking partners for underwriting and approval, communicating with you about status and required documents.
- Provide service — supporting your active account, troubleshooting your terminal, processing change requests, sending you statements and receipts.
- Comply with legal and regulatory obligations — including the Bank Secrecy Act, anti-money-laundering rules, card network rules (Visa, Mastercard, Discover, Amex), and state laws.
- Protect against fraud and abuse — including monitoring for suspicious transactions on your account.
- Improve our website and services — analyzing how visitors use the site so we can make it better.
- Send service communications — important updates about your account, rate changes, regulatory notices.
- Send occasional marketing — only if you've explicitly opted in or are an existing customer. You can opt out anytime by replying "unsubscribe" or emailing us.
What we never do: We do not sell your personal information. We do not share your personal information with third-party advertisers or data brokers. We do not use your data to train AI models.
4. Who we share it with
Operating a merchant services business requires sharing information with specific partners. Here's the complete list of who we share data with and why:
Banking partners
- Woodforest National Bank and Citizens Bank, N.A. — our sponsoring banks. We share your full merchant application with whichever bank is sponsoring your account, plus ongoing transaction data for active accounts. They are independently regulated and have their own privacy policies.
Card networks
- Visa, Mastercard, Discover, and American Express — they receive transaction-level data through our banking partners. Their own privacy policies apply to that data.
Processors and technology partners
- Fiserv / CardConnect — payment processor for CardPointe accounts.
- Dejavoo, PAX — terminal manufacturers; receive deployment data for terminal provisioning.
- NMI, Authorize.Net — gateway providers, for accounts using their gateways.
- SwitchCommerce, ATM Transact — ATM transaction processors, for ATM programs.
- NextATM — ATM hardware partner.
Service providers we use to run our business
- Email and ticketing — Google Workspace (email), Zendesk (ticketing).
- Website analytics — Google Analytics (aggregate website usage data, no PII).
- Web hosting — our hosting provider stores the site files and server logs.
- Telephony — our phone provider routes calls and provides IVR.
These service providers receive only the data needed to perform their function and are contractually obligated to protect it.
Underwriting and verification services
During merchant onboarding, the banks may use credit bureaus (Experian, Equifax, TransUnion), identity verification services, and the MATCH list. These are operated by their respective owners and have their own privacy policies.
Legal compliance
We share information when required by law: subpoenas, court orders, regulatory inquiries, suspicious activity reports under the Bank Secrecy Act, or as needed to protect rights, property, or safety.
Business transfers
If Payment Gurus is acquired or merged, customer information may transfer to the acquiring company. We would notify customers of any material change to this policy.
5. Cookies and tracking
Our website uses cookies and similar technologies:
- Strictly necessary cookies — required for the site to function (form submission protection, session management). These don't track you across other sites.
- Analytics cookies — Google Analytics 4 (gtag.js) sets cookies that help us understand aggregate site traffic — which pages are popular, how visitors arrive, how long they stay. Data is aggregated and not used to identify individuals.
We do not use advertising cookies, cross-site tracking pixels, or third-party advertising networks.
You can control cookies through your browser settings — most browsers let you block or delete cookies. Doing so may break certain site functions like form submissions.
6. Your rights (and CCPA for California residents)
Everyone has these rights
- Access — request a copy of the personal information we hold about you.
- Correction — ask us to fix inaccurate information.
- Deletion — ask us to delete your information, subject to legal record-keeping requirements (we are required by law to retain merchant account records for several years after account closure).
- Opt out of marketing — unsubscribe from any marketing email at any time.
If you're a California resident — additional CCPA / CPRA rights
- Right to know — categories of personal information collected, sources, purposes, and third parties we share with (which is what this whole document is).
- Right to delete — subject to exceptions for legal obligations, fraud prevention, and completing transactions you initiated.
- Right to correct — inaccurate information about you.
- Right to opt out of sale or sharing — we do not sell personal information, and we do not share personal information for cross-context behavioral advertising. There's nothing to opt out of, but you have the right.
- Right to limit use of sensitive personal information — we only use sensitive information (like SSN) for the purpose you provided it (merchant onboarding), which is a permitted use under CCPA.
- Non-discrimination — we will not deny service or charge different prices for exercising your privacy rights.
To exercise any of these rights, email privacy@paymentgurus.com or call us at (888) 556-7356. We'll verify your identity (to protect you) and respond within 45 days. There is no fee.
7. How long we keep data
We keep data only as long as needed:
- Contact form submissions and email correspondence — typically 3 years from last contact, unless you became a customer.
- Active merchant accounts — for as long as your account is open, plus required retention after closure.
- Closed merchant accounts — card network rules require us to retain account records for a minimum number of years after closure (typically 5 years), and IRS rules require longer retention of tax-relevant records.
- Website analytics — Google Analytics retention is set to 14 months.
8. Security
We use industry-standard security measures including TLS encryption for all data transmitted to and from our site, encryption at rest for sensitive data, access controls limiting who can view your information, regular security audits, and PCI DSS compliance for any handling of cardholder data.
No system is 100% secure. If we ever experience a breach affecting your personal information, we'll notify you as required by applicable law.
9. Children's privacy
Our services are for businesses, not children. We do not knowingly collect information from anyone under 16. If we discover we've collected information from a minor, we'll delete it.
10. Changes to this policy
We may update this policy from time to time. When we do, we'll change the "Effective" date at the top of this page. For material changes, we'll provide more prominent notice (such as a notice on our homepage or an email to existing customers).
Questions about this policy, requests under your rights, or general privacy questions:
One more thing. This policy explains what Payment Gurus does. When your data flows to our banking partners (Woodforest, Citizens), card networks (Visa, MC, etc.), or third-party services we use, those parties operate under their own privacy policies. You can request copies from each.
