Privacy Policy

Last Revision Date: March 14, 2023

1. Introduction

Melio Payments Inc. (“Melio”, “we”, “us” or “our”) provides a digital bill payment solution for small businesses. This Privacy Policy (“Policy”) describes our practices concerning the information we receive or collect when you visit our website located at www.meliopayments.com (“Website”) install and use our mobile application (“Mobile Application”) or access our online platform through the website of one of our partners (collectively, “Services”). Specifically, it describes the information we collect, how and for which purposes we may use such information, where we store it and for how long we retain the information, with whom we may share it, our use of tracking technologies and communications, our security practices, your choices and rights regarding such information, our policy concerning children, and how to contact us if you have any concerns regarding this Policy or your privacy.

2. Information Collection

We may collect one or more of the following categories of personal information about the visitors to our Website and users of our Mobile Application, actual users of our Services and their business vendors or potential users (“Users”) of our Services through the following sources: (i) from your interactions with us when you visit our Website and use our Mobile Application; (ii) from you directly when you contact us or when you request additional information about our Services; (iii) from registrations and other forms when you register for our Services or complete a transaction; or (iv) from your communications, calls to our customer service team or through your other interactions with us.

Category of Personal Information Collected

Examples

Sources of Personal Information

Business Purpose for Collection of Personal Information

Identifiers

Name (first and last); Email Address; Phone Number; Business Contact Information; Online Identifier/Username; IP Address

Directly from our Users; Cookies and Other Online Tracking Technologies; Third Party Partners (including when our Services sync with your accounting software)  

Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues

Sensitive Personal Information

Banking information, including  security / access / password or other credentials  

Directly from our Users

Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues

Financial Account Information

Banking information

Directly from our Users

Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues

Geolocation Data

GPS/GNSS location data, home/work locations

Cookies and Other Online Tracking Technologies;

Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues; Improvement of the Performance of Our Services and the User Experience

Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information

Recordings of User phone calls to us

Directly from our Users

Providing our Services, including User Support; Identification; Security; Improvement of the Performance of Our Services and the User Experience

Commercial Information

Details related to transactions, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Directly from our Users

Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues

Internet, Computer or Other Similar Network Activity

Wireless networks, cell towers and Wi-Fi access points; Device/Operating System/Browser; Online Activities/Communications and Performance Logs; Issues/Bugs; and Other User Activities Using Our Services

Cookies and Other Online Tracking Technologies

Improvement of the Performance of Our Services and the User Experience

 

 

We do not collect the following categories of personal information: characteristics of protected classifications under California or federal law; biometric information; professional or employment-related information (that is not otherwise publicly available information); education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99); or inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

Cookies and Tracking Technologies

Session Trackers. In operating the Website and using the Mobile Application and the Services, we may use cookies and similar session tracking technologies (“Session Trackers”). Session Trackers help provide additional functionality to the Website and Mobile Application, customize Users’ experiences with the Website and Mobile Application and help us analyze Website and Mobile Application usage more accurately for research and product development purposes. We (including third parties that we work with) may place Session Trackers on your device for security purposes, to facilitate navigation of the Website and Mobile Application or the Services, and to personalize your experience while using our Website and Mobile Application or the Services. If you would prefer not to accept Session Trackers when using the Website or the Services, please follow the instructions provided by your website or mobile browser (usually located within the “Help”, “Tools” or “Edit” facility) to modify your Session Tracker settings. Please note that if you disable Session Trackers, you may not be able to access certain parts of our Website and Mobile Application or Services and other parts of our Website and Mobile Application or Services may not work properly. As a result, we recommend that you leave Session Trackers turned on when accessing the Website and Mobile Application or the Services because they allow you to take advantage of some of the Website and Mobile Application and Services’ features.

Mobile Application Specifics. If you are using Mobile Application, we also may collect the following information about you: mobile device ID; device name and model; operating system type, name, and version; your activities within the Mobile Application, the length of time that you are logged into our Mobile Application, and, with your permission, your precise geo-location information.

Web Beacons. In addition to Session Trackers, we may use web beacons (also known as “clear GIFs”), which are transparent graphic images placed on a web page or in an email and indicate that a page or email has been viewed or tell your browser to get content from another server. We use web beacons to measure traffic to or from, or use of, our online forms, tools or content items and related browsing behavior and to improve your experience when using the Website and Mobile Application or the Services. We may also use customized links or other similar technologies to track hyperlinks that you click and associate that information with your Information in order to provide you with more focused communications.

Below are links to the cookie opt-out pages of common web browsers. If your web browser is not listed here, you should review your web browser terms to learn more about your cookie choices.

 

3. Purposes of Information Use

We use your personal information as necessary for the performance of our Services; for complying with applicable law; and based on our legitimate interests in maintaining and improving our Services and offerings, understanding how our Services are used, optimizing our marketing, customer service and support operations, and protecting and securing our users, ourselves, and members of the general public.

Specifically, we use Personal Information for the following purposes:

    • To facilitate, operate, and provide our Services
    • To authenticate the identity of our users, and to allow them to access and use our Services
    • To provide our users with assistance and support
    • To further develop, customize and improve the Services and your user experience, based on common or personal preferences, experiences, and difficulties
    • To contact our users with general or personalized service-related messages (such as password-retrieval); or with promotional messages (such as newsletters, special offers, new features etc.); and to facilitate, sponsor and offer certain events and promotions
    • To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error, or any illegal or prohibited activity
    • To create aggregated statistical data, inferred non-personal data or anonymized or pseudonymized data (rendered non-personal), which we or our business partners may use to provide and improve our respective services
    • To enforce our Terms of Service and any other agreements between you and Melio and
    • To comply with any applicable laws and regulations.

We may also use your personal information to provide you with marketing or other promotional communications via mail or email. If, at any time, you would like to stop receiving these promotional e-mails, you may follow the opt-out instructions contained in any such e-mail or by contacting us as set out below. Please note that by opting out, you may prohibit Melio from informing you of offerings that may be of interest to you. It may take up to ten (10) business days for us to process opt-out requests.

In addition, we may use your personal information to send you messages from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off on your device.

 

4. How We Share Your Information in Connection with the Services

We do not sell your personal information. However, we may share your personal information in order to provide our Services, with the following categories of recipients:

  • Payors and Payees. In connection with the Melio Services, we may share some of your personal information with the business with which you are transacting in order to effect your transaction. We may also share certain information (e.g. business contact information) regarding payees provided by our Users with other Users in order to complete quicker transactions.
  • Your Service Providers. If you access our online platform through the website or platform of one of Melio’s partners, then we may share your personal information with that partner. In addition, if you sync third party services such as accounting software services to your Melio account, we may share your personal information with the applicable third-party service provider
  • Melio Service Providers. We may engage selected third party companies and individuals to perform services complementary to our own or to support our business functions (e.g. hosting and server co-location services, data analytics services, marketing and advertising services, data and cyber security services, fraud detection and prevention services, payment processing services, e-mail and SMS distribution and monitoring services, session recording, and our business, legal and financial advisors) (collectively, “Service Providers”). These Service Providers may have access to your personal information, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and may only use it for such purposes.
  • Subsidiaries and Affiliated Companies. We may share personal information internally within our family of companies, for the purposes described in this Privacy Policy.
  • Business Transfers. Should Melio or any of its affiliates undergo any change in control, including by means of merger, acquisition, or purchase of substantially all of its assets, your personal information may be shared with the parties involved in such event. If we believe that such change in control might materially affect your personal information then stored with us, we will notify you of this event and the choices you may have via e-mail or prominent notice on our Services.
  • Legal and Regulatory Authorities. We may provide legal and regulatory authorities access to your personal information, including to respond to a subpoena or court order, judicial process, or regulatory inquiry; to defend against fraud, lawsuits, claims or other liabilities; to prevent physical harm or financial loss in connection with any suspected or actual illegal activity; or where we have a good faith belief that we are legally compelled to do so.

We may also share your personal information with others if we believe in good faith that this will help protect the rights, property, or personal safety of Melio, any of our users, or any members of the general public or in instances where you have provided to us your consent.

 

5. Cross-Border Data Transfers, Retention, and Protection of Information

  • Cross-Border Transfers: We may transfer your personal information to a jurisdiction other than the one from which we have collected your personal information, including to countries that may not have the same level of protections as the country where you are located. If we do transfer your personal information to another jurisdiction, we will do so following due diligence and provided that the data recipient is subject to contractual agreements imposing obligations on it to ensure appropriate technical and organizational measures are implemented and maintained at all times to prevent the unauthorized and unlawful processing of personal information, and the accidental loss or destruction of, or damage to, personal information, consistent with our obligations under applicable data protection laws. By using our Services, you agree to the transfer of your personal information to other jurisdictions.
  • Retention of Personal Information: We will retain your personal information for as long as you use the Services or as necessary to fulfill the purpose(s) for which it was collected, provide our products and services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable law. If we are required to maintain a record of any information, you may not be able to delete such information due to such requirements. Please be aware that your personal information may be stored on backup tapes and locations, third-party servers, and other repositories that may not be erasable and residual information may be retained. We are under no obligation to store such information indefinitely and disclaim any liability arising out of, or related to, the destruction of such information.
  • Security of Personal Information: We maintain administrative, technical, and physical safeguards that are designed to protect the privacy and security of your Personal Information. For example, all information you provide is accessible only to designated staff. We note, however, that the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of information transmitted to our Website and Mobile Application or via the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website and Mobile Application. In addition, where you have chosen a password for access to certain parts of our Website and Mobile Application, you are responsible for keeping this password confidential.

 

6. Third Party Links

We may provide links to other sites or resources provided by third parties. These links are provided for your convenience only. We have no control over the content of those sites or resources and accept not responsibility for them or for any loss or damages that may arise from your use of them. If you decide to access any third-party links on the Website and Mobile Application, you do so entirely at your own risk and subject to the terms and conditions of those websites.

  • User Content
    You represent that you have the right to authorize and hereby does authorize us, subject to the terms of this Policy, to collect, store, process and use any information and data you transmit to us, or to other third parties, through the Website and Mobile Application or the Services, including, without limitation, information requested in the process of signing up to the Services and using the Services (“User Content”). You, and not Melio, shall be solely responsible for the consequence of accessing, transmitting and sharing such User Content and you represent and warrant that such User Content shall not be, and not contain any, defamatory, libelous, offensive or otherwise unlawful content.

7. Do-Not-Track Settings

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not respond to DNT signals.

 

8. Children Under 13 Years of Age

Our Services are not directed to children under 13 years of age, and we do not knowingly collect information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will prohibit and block such use and will make all efforts to promptly delete any personal information stored with us with regard to such child.

 

9. Your Privacy Rights

Depending upon where you reside, certain choices and rights may be available to you under applicable data protection laws, including the right to request access to or correction of your personal information or to have your personal information deleted. If you have any questions about what rights may apply to you, please contact us at [email protected].

“Shine the Light” and “Eraser” Laws: Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.

California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA): The CCPA, as amended by the CPRA, provides California residents and/or their authorized agents with specific rights regarding the collection and storage of their personal information.

Your Right to Know: California residents have the right to request that we disclose the following information to you about our collection and use of your personal information over the past twelve (12) months. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Upon verification, we will disclose to you:

  1. The categories of personal information we have collected about you.
  2. The categories of sources for the personal information we have collected about you.
  3. The specific pieces of personal information we have collected about you.
  4. Our business or commercial purpose for collecting or selling your personal information.
  5. The categories of third parties to whom we have sold or shared your personal information, if any, and the categories of personal information that we have shared with each third-party recipient.

Your Right to Opt-Out of Sale or Sharing of Personal Information: California residents have the right to opt-out of the sale of their personal information by submitting a request as directed on the homepage of our website.

Please note that we do not knowingly sell the personal information of any individuals under the age of 16.

Where we are sharing your personal information with third parties for the purposes of cross-context behavioral advertising or profiling, you may opt-out of such sharing at any time by submitting a request as directed on the homepage of our website.

Your Right to Limit Use of Sensitive Personal Information:  California residents have the right to request that we limit our use of any sensitive personal information to those uses which are necessary to perform the Services or for other specifically-enumerated business purposes under the CCPA, as amended by the CPRA.

Your Right to Delete: California residents have the right to request that we delete any of the personal information collected from you and retained by us, subject to certain exceptions. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Once your request is verified and we have determined that we are required to delete the requested personal information in accordance with the CCPA, we will delete, and direct our third-party service provides to delete, your personal information from their records. Your request to delete personal information that we have collected may be denied if we conclude it is necessary for us to retain such personal information under one or more of the exceptions listed in the CCPA.

Your Right to Correct:  Under the CCPA, as amended by the CPRA, California residents have the right to request that we correct any inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes for which we are processing such personal information. We will use commercially reasonable efforts to correct such inaccurate personal information about you.

Non-Discrimination: You will not receive any discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.

Verifying Your Request: Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf. We will only use the personal information that you have provided in a verifiable request in order to verify your request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority. Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive or manifestly unfounded.

 

10. Contact Us

If you have questions or concerns regarding this Privacy Policy, please contact us at [email protected] or by mail at 124 E 14th St, New York, NY 10003.

 

11. Changes to This Privacy Policy

This Policy is effective as of the date stated at the top of this page. Please read this Policy carefully. Melio will occasionally update this Privacy Policy. By accessing and using the Website and Mobile Application  after we notify you of such changes to this Policy, you are deemed to have accepted such changes. Please refer back to this Policy on a regular basis.