Privacy Policy

1. Introduction, Acceptance, Definitions, and Modifications

This Privacy Policy  (the “Policy”) applies to the website at http://www.paymentrails.com (the “Website”) which includes all subdomains present and future, and also includes the use of the “Services”, the propriety software system that Payment Rails has developed to facilitate the making of payments to third party individuals or companies around the world (“Recipients”), and as more fully described in the Terms of Use. For further clarity, any mention of the Website in this Policy includes the Services, as the Services are accessed on a subdomain of the Website.

By visiting and / or using the Website, or by clicking the acceptance box upon signing up for an account, you agree to be bound by the terms of the present Policy. By submitting Personal Information to us or on or through the Website or via other means, you consent to Payment Rails’ collection, use and disclosure of such Personal Information (as that term is defined hereinbelow) in accordance with this Policy (as amended from time to time) and as permitted or required by law.

The Services may only be used by legally-constituted entities including but not limited to corporations, partnerships, and legal organizations (hereinafter “Legal Entities”). If you are an individual using the Services on behalf of a Legal Entity, you represent and warrant that you have the capacity and authority to accept the Policy on behalf of the Legal Entity, and hereby agree to be the collection, use, and disclosure of Personal Information on behalf of that Legal Entity.

The Website is owned and operated by Payment Rails Inc. (“Payment Rails”), a corporation located at 1800-130 King St. W., Toronto, ON M5X 1E3. Where the present Policy refers to “Payment Rails”, it may refer to Payment Rails Inc. and / or its officers, directors, employees, agents or representatives, depending on the context. Any reference to “we”, “our”, or “us” in this Policy shall also refer to Payment Rails.

In this Policy, a Website visitor or user, or the Legal Entity they represent (depending on the context), may be referred to as “you” or “your”. When a Website user has created an account and is logged in to the Services, they may be referred to as a “Logged-in User”. 

Payment Rails reserves the right, at any time and without prior notice, to modify or replace any of the Policy. Any changes to the Policy can be found at this URL. It is your responsibility to check the Policy periodically for changes. Your use of the Website following the posting of any changes to the Policy constitutes acceptance of those changes. If we make any substantial changes to the Policy that materially affect the way we treat your Personal Information, we will use commercially reasonable efforts to notify you by sending a notice to the primary email address specified in your account or by posting a prominent notice when you log in to your account for the first time following those changes.

Payment Rails reserves the right, at any time and without prior notice, to modify or replace any of the Policy. Any changes to the Policy can be found at this URL. It is your responsibility to check the Policy periodically for changes. Your use of the Website following the posting of any changes to the Policy constitutes acceptance of those changes. If we make any substantial changes to the Policy that materially affect the way we treat your Personal Information, we will use commercially reasonable efforts to notify you by sending a notice to the primary email address specified in your account or by posting a prominent notice when you log in to your account for the first time following those changes.

The Policy should be read in conjunction with the Terms of Use, as both these documents govern your use of the Website.

If you have any questions about the Policy or if you wish to inquire about and / or access any personal information Payment Rails holds about you, please contact:

Payment Rails Legal Services
legal@paymentrails.com

or:

Payment Rails Legal Services
130 King Street West, Suite 1800 
Toronto, ON M5X 1E3 
Canada

2. General Statement of Privacy and Protection of Personal Information

Payment Rails understands that privacy is important to both our online visitors and registered users. We respect your privacy and will take reasonable steps to protect your information

3. What Does This Privacy Policy Cover?

This Policy covers the treatment of personally-identifiable information, i.e. any information that identifies an individual or Legal Entity, or can be used in conjunction with other information to identify an individual or Legal Entity (“Personal Information”), when you voluntarily submit this information and other information gathered by Payment Rails when you are using or accessing the Website. This Policy also covers Payment Rails’ treatment of any Personal Information that Payment Rails may share with its business partners or other third parties under very limited circumstances. 

This Policy does not apply to the general practices and treatment of information (whether personal or not) by third parties that Payment Rails does not own or control, including but not limited to any third party websites or services that you elect to access through the Website or via a link from the Website (“Third Party Website”), or to individuals that Payment Rails does not manage or employ. While we attempt to facilitate access or link only to those Third Party Websites that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those Third Party Websites. We encourage you to carefully review the privacy policies of any Third Party Website you access. 

Finally, this Policy does not cover any Personal Information you send to Payment Rails via any non-secured mode of communications such as instant messenger, Facebook or Twitter, as communications via these methods may be subject to interception, loss, or alteration. While we welcome your comments and suggestions sent to us in this manner, we encourage you to carefully examine what Personal Information you send to Payment Rails via these methods.

4. No Collection of Personal Information as a Matter of Course

Payment Rails does not, as a matter of course, gather any of your Personal Information while you are using the Website, unless you are asked to provide such information, for example by signing up for an account. Personal Information is only gathered with your informed consent. Where you have provided Personal Information, it will only be used for the stated purpose or use, as described in the next section of this Policy.

5. Personal Information Collected and its Uses

The following is an exhaustive list of Personal Information collected from you when you use the Website and what we use it for. You acknowledge that you are submitting this Personal Information with your informed consent. When you submit Personal Information about third parties, you represent and warrant that you have their permission and consent to submit that Personal Information to us and for Payment Rails to use their Personal Information as described in this Policy. When you submit Personal Information about the Legal Entity you represent, you represent and warrant that you have the capacity and authority to do so.

  • “Account Information”. In order to use the Services, you will be required to create an account by entering the following Personal Information: a valid email address, your full name, your company name, your company website, and your phone number. You may also choose to add additional Authorized Users to your account by submitting first and last names and email addresses of additional individuals; this shall also be considered Account Information. This Account Information is used to manage your account, to verify your credentials for logging-in to the Website, to facilitate your use of the Services, and to communicate with you information about your account.
  • “Onboarding Information”. In order to become a Merchant and make payments you will be required to submit Personal Information to determine whether you are qualified to use the Services, as more fully described in the Terms of Use. This complete list of Onboarding Information will be made available to you during the onboarding process, but it includes information about you, your Legal Entity, other individuals at your Legal Entity, and certain banking or financial information. In addition, you will be required to upload government-issued identification and other documentation, which shall also be deemed Onboarding Information. We may also request additional Onboarding Information following your initial submission of your Onboarding Information. This Onboarding Information is used to determine your qualifications to become a Merchant and use the Services, to facilitate the execution of your Merchant Agreement with a Financial Services Provider, and to facilitate payments made to Recipients. 
  • “Recipient Information”. In order to make payments to Recipients, you must submit the following Recipient Information: (i) for an individual, first and last name, and a valid email address; or (ii) for a company, business name and a valid email address. We use this Recipient Information to verify the Recipient’s ability to receive a payment, and to facilitate payments to the Recipients through the Services. 
  • “Third Party Account Information”. In order to make payments to Recipients, you must submit the following Recipient Information: (i) for an individual, first and last name, and a valid email address; or (ii) for a company, business name and a valid email address. We use this Recipient Information to verify the Recipient’s ability to receive a payment, and to facilitate payments to the Recipients through the Services. 

In addition to the uses described above, we may also use Personal Information you have submitted:

  • To facilitate and improve customer service;
  • To send you periodic emails of interest. Please see the Email Communications section further in this Policy for more information.

6. Security and Encryption of Information

Payment Rails uses only industry best practices (physical, electronic and procedural) in keeping any data collected (including Personal Information) secure. In addition, Payment Rails uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Website, and these third parties have been selected for their high standards of security, both electronic and physical. For example, Payment Rails uses Amazon AWS, a recognized leader in secure data, for hosting of the Website and storage of data, including Personal Information. Please note that these third parties may not be located in your home jurisdiction – see the “Transfer of Personal Information Outside Your Home Jurisdiction” section further in this Policy for more information. 

7. Non-disclosure of Personal Information to Third Parties

Except as provided in the next paragraph and the sections in this Policy on Use of the Services and Mailing List Management, Payment Rails does not divulge any Personal Information gathered via the Website to third parties. Moreover, Payment Rails does not sell, rent, trade or license any Personal Information regarding its users to third parties. Only the employees, agents, subcontractors, officers, directors, or assigns of Payment Rails (or of Payment Rails’ affiliates) are responsible for the management and development of the Website, and only these individuals have access to the information collected there. These employees, agents, subcontractors, officers, directors or assigns all have been instructed to comply with the Policy.

Notwithstanding anything in the Policy to the contrary, we may share any information we have collected about you or that you have submitted: (1) in response to subpoenas, court orders, or legal process, or to establish, protect, or exercise our legal rights or defend against legal claims or demands; (2) if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the safety of any person, or any violation of the Terms of Use; (3) if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of the Website infrastructure or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of the Website infrastructure or the Website generally); (4) to a parent company, subsidiaries, joint ventures, or other companies under common control with Payment Rails (in which case we will require such entities to honour this Policy); (5) if Payment Rails merges with another entity, is subject to a corporate reorganisation, or sells or transfers all or part of our business, assets, or shares (in which case we will require such entity to assume our obligations under this Policy, or inform you that you are covered by a new privacy policy).

8. Use of the Services

When you use the Services to make payments to Recipients, your Personal Information is transferred to either the Financial Services Provider or the Third Party Payment Provider who is making the payment on your behalf. Your Personal Information is only used for the making of the payment; the Financial Services Provider or the Third Party Payment Provider do not use this Personal Information for any other purpose, and will not transfer or sell your Personal Information to any other third party.

9. Email Communications and Compliance with Anti-Spam Laws

Payment Rails uses SendGrid for sending out transactional emails to you, and uses Intercom and Hubspot to manage our mailing list and send out marketing emails (collectively “Third Party Email Suppliers”). Personal Information is transferred to these Third Party Email Suppliers in order for our email communications to function properly. Your Personal Information is only used for the proper sending out of email; the Third Party Email Suppliers do not use this Personal Information for any other purpose, and will not transfer or sell your Personal Information to any other third party. You may unsubscribe from receiving marketing emails from us at any time by following the link at the bottom of any email sent to you.

Payment Rails’ practices with regards to their email communications are designed to be compliant with anti-spam laws, specifically the law unofficially called “CASL”, or Canada’s Anti-Spam Law. If you believe you have received email in violation of this law, please contact us using the contact information further up in this Policy.

10. Limited Gathering of Information for Statistical, Analytical and Security Purposes

Payment Rails automatically collects certain information using third-party analytics programs from Google Analytics and Hubspot to help us understand how our users use the Website, but none of this information identifies you personally. For example, each time you visit the Website, we automatically collect your IP address, browser and computer type, access times, the web page from which you came, and the web page(s) you access (as applicable). We use information collected in this manner only to better understand your needs and the needs of the Website users in the aggregate. Payment Rails also makes use of information gathered for statistical purposes to keep track of the number of visits to the Website and the specific pages on the Website with a view to introducing improvements. 

Your IP address and other relevant information may be used in order to trace any fraudulent or criminal activity, or any activity in violation of the Terms of Use.

11. Verification, Correction and Deletion of Personal Information

You have the right to: (i) verify what Personal Information Payment Rails holds about you; (ii) ask for your Personal Information to be corrected or updated; and (iii) withdraw your consent to the use by Payment Rails of your Personal Information and have it deleted from our records. If you wish to inquire about and verify and / or correct Personal Information Payment Rails holds about you, or if you wish to have all your Personal Information permanently deleted from our records, please contact us using the contact information further up in this Policy. Please note that deletion of your Personal Information may make it impossible for you to use the Website, or certain portions thereof. If you request deletion of your Personal Information, Payment Rails reserves the right to retain some of your Personal Information for a reasonable time in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.

The above paragraph applies equally to any third party Personal Information you have submitted to us with their permission.

12. Transfer of Personal Information Outside Your Home Jurisdiction

Website users may access the Website from any country in the world. Payment Rails and its third party vendors, including service providers and hosting partners, are located in the United States and Canada. You acknowledge that Payment Rails and our third party vendors may be located in jurisdictions or countries where the privacy laws may not be as protective as those in your home country, state, province or other governmental jurisdiction, and consent to the transfer of your Personal Information to such countries. Without limiting the generality of the foregoing, Website users in the European Union acknowledge and agree that their Personal Information may be transferred to the United States.

13. Tracking Technology ("Cookies")

Payment Rails uses tracking technology (“cookies”) on the Website and by using the Website you agree to their use. Cookies are small text files placed on your hard drive when you visit a web site, in order to track use of the site and to improve the user experience by storing certain data on your computer. The Website uses “session cookies,” which improve your user experience by storing certain information from your current visit on your computer while you are a Logged-In User. Specifically, we may use cookies for the following functions:

Specifically, we may use cookies for the following functions:

  • to facilitate your signing-in to the Website;
  • to provide general internal and user analytics;
  • to conduct research to improve the content of the Website using analytics programs as described above in this Policy;
  • to assist in identifying possible fraudulent activities.

Your browser can be set to refuse cookies or delete them after they have been stored. Please refer to your browser’s help section for instructions. Please note that deleting these cookies may reduce your user experience on the Website by requiring you to re-enter certain information, including information required to use the Website and use the Services, such as account login information. Furthermore, deleting cookies may prevent certain functions, from working at all. Payment Rails and its Representatives shall not be held responsible for any function that may not operate after you delete cookies, or any losses or damages (pecuniary or otherwise) arising from those functions not operating, or having reduced functionality.

14. Risks Associated with the Internet

Despite Payment Rails' best efforts to ensure that third parties will not access or obtain your Personal Information through your use of the Website, complete confidentiality and security cannot currently be guaranteed on the Internet. Communication via the Internet is subject to interception, loss, or alteration. You acknowledge and agree that Payment Rails cannot be held responsible for damages resulting from the transmission of confidential information or Personal Information over the Internet and that such communications are at your own risk.

15. Links to Third Party Websites

From time to time Payment Rails may provide links to other websites or services not covered by the present Policy. We encourage you to read the privacy policy of any website or service linked to from our Website, and to be careful when submitting any information, including your Personal Information, to them.

16. Limitation of Liability

Payment Rails, its affiliates, or their respective officers, directors, employees, affiliates, agents, partners, principals, licensors, representatives, successors and assigns, will not be held liable for any losses or damages, direct or indirect, pecuniary or not pecuniary, resulting from the misuse of any information collected by any third party, or any misuse of any information collected through the Website not in violation of the Policy.

17. Compliance with Privacy Laws

This Policy and Payment Rails’ practices in general are designed to be in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”, S.C. 2000, c. 5). If you have any questions regarding this compliance, please contact us using the contact information further up in this Policy.

© Payment Rails 2016

Last Revised: October 24, 2016