Sign in Start now

Limited-time offer: Save up to 25% on subscription plans. Get started ›

Privacy Policy

Last Revision Date: December 27, 2023

Notice at Collection

1. Introduction

Melio Payments Inc. (“Melio”, “we”, “us” or “our”) provides a digital bill payment solution for small businesses. This Privacy Policy (“Policy”) describes our practices concerning the information we receive or collect when you visit our website located at meliopayments.com (“Website”), install and use our mobile application (“Mobile Application”) or access our online platform through the website of one of our partners (collectively, “Services”). Specifically, it describes the information we collect, how and for which purposes we may use such information, where we store it and for how long we retain the information, to whom we may disclose it, our use of tracking technologies and communications, our security practices, your choices and rights regarding such information, our policy concerning children, and how to contact us if you have any concerns regarding this Policy or your privacy.

2. Information Collection

We may collect one or more of the following categories of personal information about the visitors to our Website and users of our Mobile Application, actual users of our Services and their business vendors or potential users (“Users”) of our Services through the following sources:  (i) from your interactions with us when you visit our Website and use our Mobile Application; (ii) from you directly when you contact us or when you request additional information about our Services; (iii) from registrations and other forms when you register for our Services or complete a transaction; or (iv) from your communications, calls to our customer service team or through your other interactions with us.

Category of Personal Information Collected

Examples

Sources of Personal Information

Business Purpose for Collection of Personal Information

Contact Identifiers

Name (first and last); Email Address; Phone Number; Business Contact Information; Online Identifier/Username; IP Address

Directly from our Users; Cookies and Other Online Tracking Technologies; Third Party Partners (including when our Services sync with your accounting software)

Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues

Payment Information and Financial Account Information

Banking information, including  security / access / password or other credentials

Directly from our Users

Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues

Non-precise Geolocation Data

IP address

Cookies and Other Online Tracking Technologies

Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues; Improvement of the Performance of Our Services and the User Experience

Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information

Recordings of User phone calls to us

Directly from our Users

Providing our Services, including User Support; Identification; Security; Improvement of the Performance of Our Services and the User Experience

Commercial or transactions Information

Details related to transactions, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Directly from our Users

Providing our Services, including User Support; Identification; Security; Legal/Compliance Issues

Internet, Computer or Other Similar Network Activity

Wireless networks, cell towers and Wi-Fi access points; Device/Operating System/Browser; Online Activities/Communications and Performance Logs; Issues/Bugs; and Other User Activities Using Our Services

Cookies and Other Online Tracking Technologies

Improvement of the Performance of Our Services and the User Experience

 

We do not collect the following categories of personal information:  characteristics of protected classifications under California or federal law; biometric information; professional or employment-related information (that is not otherwise publicly available information); or education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

We may infer information from other information we collect to generate information about your likely preferences or other characteristics.

We process sensitive personal information only for the limited purposes permitted by applicable law. We do not sell or use sensitive categories of information for purposes of targeted advertising or to make inferences.

 

Cookies and Tracking Technologies

Cookies. In operating the Website and using the Mobile Application and the Services, we may use cookies. Cookies are small text files which are placed on your browser when you visit a website, open or click on an email, or interact with an advertisement. The Website and Mobile Application use session cookies (which expire when you close your browser) and persistent cookies (which expire at a set expiration date or when you manually delete them). We incorporate both first party cookies (which are cookies served directly by us) and third party cookies (which are cookies served by third parties we work with). We use cookies for a variety of purposes, including to help make our website work, personalize your browsing experience, prevent fraud and assist with security, perform measurement and analytics, and provide advertising (including targeted advertising). If you would prefer not to accept cookies when using the Website and Mobile Application or the Services, please follow the instructions provided by your website or mobile browser (usually located within the “Help”, “Tools” or “Edit” facility) to modify your cookies settings. Please note that if you disable cookies, you may not be able to access certain parts of our Website and Mobile Application or Services and other parts of our Website and Mobile Application or Services may not work properly. As a result, we recommend that you leave cookies turned on when accessing the Website and Mobile Application or the Services because they allow you to take advantage of some of the Website and Mobile Application and Services’ features.

Mobile Application Specifics. If you are using Mobile Application, we also may collect the following information about you: mobile device ID; device name and model; operating system type, name, and version; Mobile Application metadata; your activities within the Mobile Application, and the length of time that you are logged into our Mobile Application.

Web Beacons. In addition to cookies, we may use web beacons (also known as “clear GIFs”), which are transparent graphic images placed on a web page or in an email and indicate that a page or email has been viewed or tell your browser to get content from another server. We use web beacons to measure traffic to or from, or use of, our online forms, tools or content items and related browsing behavior and to improve your experience when using the Website and Mobile Application or the Services. We may also use customized links or other similar technologies to track hyperlinks that you click and associate that information with your Information in order to provide you with more focused communications.

Below are links to the cookie opt-out pages of common web browsers. If your web browser is not listed here, you should review your web browser terms to learn more about your cookie choices.

 

3. Purposes of Information Use

We use your personal information as necessary for the performance of our Services; for complying with applicable law; and based on our legitimate interests in maintaining and improving our Services and offerings, understanding how our Services are used, optimizing our marketing, customer service and support operations, and protecting and securing our users, ourselves, and members of the general public.

Specifically, we use personal information for the following purposes:

    • To facilitate, operate, and provide our Services
    • To authenticate the identity of our users, and to allow them to access and use our Services
    • To provide our users with assistance and support
    • To further develop, customize and improve the Services and your user experience, based on common or personal preferences, experiences, and difficulties
    • To contact our users with general or personalized service-related messages (such as password-retrieval); or with promotional messages (such as newsletters, special offers, new features etc.); and to facilitate, sponsor and offer certain events and promotions
    • To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error, or any illegal or prohibited activity
    • To create aggregated statistical data, inferred non-personal data or anonymized or pseudonymized data (rendered non-personal), which we or our business partners may use to provide and improve our respective services
    • To enforce our Terms of Service and any other agreements between you and Melio and
    • To comply with any applicable laws and regulations.

We may also use your personal information to provide you with marketing or other promotional communications via mail or email. If, at any time, you would like to stop receiving these promotional e-mails, you may follow the opt-out instructions contained in any such e-mail or by contacting us as set out below. Please note that by opting out, you may prohibit Melio from informing you of offerings that may be of interest to you. It may take up to ten (10) business days for us to process opt-out requests.

In addition, we may use your personal information to send you messages from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off on your device.

 

4. How We Disclose Your Information in Connection with the Services

We do not sell your personal information. However, we may disclose your personal information in order to provide our Services, with the following categories of recipients:

  • Payors and Payees. In connection with the Melio Services, we may disclose some of your personal information to the business with which you are transacting in order to effect your transaction. We may also disclose certain information (e.g. business contact information) regarding payees provided by our Users to other Users in order to complete quicker transactions.
  • Your Service Providers. If you access our online platform through the website or platform of one of Melio’s partners, then we may disclose your personal information to that partner.  In addition, if you sync third party services such as accounting software services to your Melio account, we may disclose your personal information to the applicable third-party service provider.
  • Melio Service Providers. We may engage selected third party companies and individuals to perform services complementary to our own or to support our business functions (e.g. hosting and server co-location services, data analytics services, marketing and advertising services, data and cyber security services, fraud detection and prevention services, payment processing services, e-mail and SMS distribution and monitoring services, session recording, and our business, legal and financial advisors) (collectively, “Service Providers”). These Service Providers may have access to your personal information, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and may only use it for such purposes.
  • Subsidiaries and Affiliated Companies. We may disclose personal information internally within our family of companies, for the purposes described in this Privacy Policy.
  • Business Transfers. Should Melio or any of its affiliates undergo any change in control, including by means of merger, acquisition, or purchase of substantially all of its assets, your personal information may be disclosed to the parties involved in such event. If we believe that such change in control might materially affect your personal information then stored with us, we will notify you of this event and the choices you may have via e-mail or prominent notice on our Services.
  • Legal and Regulatory Authorities. We may provide legal and regulatory authorities access to your personal information, including to respond to a subpoena or court order, judicial process, or regulatory inquiry; to defend against fraud, lawsuits, claims or other liabilities; to prevent physical harm or financial loss in connection with any suspected or actual illegal activity; or where we have a good faith belief that we are legally compelled to do so.

We may also disclose your personal information with others if we believe in good faith that this will help protect the rights, property, or personal safety of Melio, any of our users, or any members of the general public or in instances where you have provided to us your consent.

 

5. Cross-Border Data Transfers, Retention, and Protection of Information

  • Cross-Border Transfers:  We may transfer your personal information to a jurisdiction other than the one from which we have collected your personal information, including to countries that may not have the same level of protections as the country where you are located. If we do transfer your personal information to another jurisdiction, we will do so following due diligence and provided that the data recipient is subject to contractual agreements imposing obligations on it to ensure appropriate technical and organizational measures are implemented and maintained at all times to prevent the unauthorized and unlawful processing of personal information, and the accidental loss or destruction of, or damage to, personal information, consistent with our obligations under applicable data protection laws. By using our Services, you agree to the transfer of your personal information to other jurisdictions.
  • Retention of Personal Information:  We will retain your personal information for as long as you use the Services or as necessary to fulfill the purpose(s) for which it was collected, provide our products and services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable law. If we are required to maintain a record of any information, you may not be able to delete such information due to such requirements. Please be aware that your personal information may be stored on backup tapes and locations, third-party servers, and other repositories that may not be erasable and residual information may be retained. We are under no obligation to store such information indefinitely and disclaim any liability arising out of, or related to, the destruction of such information.
  • Security of Personal Information:  We maintain administrative, technical, and physical safeguards that are designed to protect the privacy and security of your personal information. For example, all information you provide is accessible only to designated staff. We note, however, that the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of information transmitted to our Website and Mobile Application or via the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website and Mobile Application. In addition, where you have chosen a password for access to certain parts of our Website and Mobile Application, you are responsible for keeping this password confidential.

 

6. Third Party Links

We may provide links to other sites or resources provided by third parties. These links are provided for your convenience only. We have no control over the content of those sites or resources and accept no responsibility for them or for any loss or damages that may arise from your use of them. If you decide to access any third-party links on the Website and Mobile Application, you do so entirely at your own risk and subject to the terms and conditions of those websites.

  • User Content
    You represent that you have the right to authorize and hereby do authorize us, subject to the terms of this Policy, to collect, store, process and use any information and data you transmit to us, or to other third parties, through the Website and Mobile Application or the Services, including, without limitation, information requested in the process of signing up to the Services and using the Services (“User Content”). You, and not Melio, shall be solely responsible for the consequence of accessing, transmitting and sharing such User Content and you represent and warrant that such User Content shall not be, and not contain any, defamatory, libelous, offensive or otherwise unlawful content.

7. Do-Not-Track Settings

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not respond to DNT signals.

 

8. Children Under 13 Years of Age

Our Services are not directed to children under 13 years of age, and we do not knowingly collect information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will prohibit and block such use and will make all efforts to promptly delete any personal information stored with us with regard to such child.

 

9. Your Privacy Rights

Depending upon where you reside, certain choices and rights may be available to you under applicable data protection laws, including the right to request access to or correction of your personal information or to have your personal information deleted.  If you have any questions about what rights may apply to you, please contact us at [email protected].

“Shine the Light” and “Eraser” Laws: Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes and a list of the categories of such personal information. To exercise a request, please contact us as set out in the Contact Us section below. We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA): The CCPA, as amended by the CPRA, provides California residents and/or their authorized agents with specific rights regarding the collection and storage of their personal information.

Notice at Collection: At or before the time of collection of your personal information, you have the right to receive notice of our data practices. Our data practices are as follows:

  • For the categories of personal information we have collected in the past 12 months, see the Information Collection section above.
  • For the categories of sources from which personal information is collected, see the Information Collection section above.
  • For the specific business and commercial purposes for collecting and using personal information, see the Purposes of Information Use section above.
  • For the categories of third parties to whom information is disclosed, see the How We Disclose Your Information in Connection with the Services section above.
  • For the criteria used to determine the period of time information will be retained, see the Cross-Border Data Transfers, Retention, and Protection of Information section above.

We collect, sell, or share the following categories of personal information for commercial purposes; contact identifiers, commercial or transactions information, device identifiers, device information, internet activity, non-precise geolocation data, and inferences drawn from any of the above. The categories of third parties to whom we sell or share your personal information include, where applicable, vendors and other parties involved in cross-context behavioral advertising. For details on your rights regarding sales and shares, see the Your Right to Opt-Out of Sale or Sharing of Personal Information section below.

Some of the personal information we collect may be considered sensitive personal information under CPRA. For example, payment information and financial account information. We collect, use, and disclose such sensitive personal information only for the permissible business purposes for sensitive personal information under the CPRA or without the purpose of inferring characteristics about consumers. We do not sell or share sensitive personal information.

Your Right to Know: California residents have the right to request that we disclose the following information to you about our collection and use of your personal information over the past twelve (12) months. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Upon verification, we will disclose to you:

  • The categories of personal information we have collected about you.
  • The categories of sources for the personal information we have collected about you.
  • The specific pieces of personal information we have collected about you.
  • Our business or commercial purpose for collecting or selling or sharing your personal information.
  • The categories of third parties to whom we have sold or shared your personal information, if any, and the categories of personal information that we have sold or shared with each third-party recipient.

Your Right to Opt-Out of Sale or Sharing of Personal Information: California residents have the right to opt-out of the “sale”/”sharing” of their personal information by clicking the “Your Privacy Choices” link at the bottom of our website.

California residents may also opt out of sales/shares of their personal information by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on browsers and/or browser extensions that support such a signal). Please note that when you submit an opt-out, we do not know who you are within our systems, and your opt-out will only apply to personal information collected from tracking technologies on the specific browser from which you opt-out. If you delete or reset your cookies, or use a different browser or device, you will need to reconfigure your settings. If you want the opt-out to apply to your Melio account, when you submit the request, you will also need to provide your full name, email address, and phone number.

Please note that we do not knowingly sell the personal information of any individuals under the age of 16.

Your Right to Delete: California residents have the right to request that we delete any of the personal information collected from you and retained by us, subject to certain exceptions. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Once your request is verified and we have determined that we are required to delete the requested personal information in accordance with the CCPA, we will delete, and direct our third-party service provides to delete, your personal information from their records. Your request to delete personal information that we have collected may be denied if we conclude it is necessary for us to retain such personal information under one or more of the exceptions listed in the CCPA. To exercise this right, please email us at [email protected].

Your Right to Correct:  Under the CCPA, as amended by the CPRA, California residents have the right to request that we correct any inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes for which we are processing such personal information. To exercise this right, please email us at [email protected].

Non-Discrimination: You will not receive any discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.

Authorized Agent: You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.

Verifying Your Request: Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf. We will only use the personal information that you have provided in a verifiable request in order to verify your request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority. Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive or manifestly unfounded.

 

10. Contact Us

If you have questions or concerns regarding this Privacy Policy, or trouble accessing this Privacy Policy, please contact us at [email protected] or by mail at 124 E 14th St, New York, NY 10003.

 

11. Changes to This Privacy Policy

This Policy is effective as of the date stated at the top of this page. Please read this Policy carefully. Melio will occasionally update this Privacy Policy. By accessing and using the Website and Mobile Application after we notify you of such changes to this Policy, you are deemed to have accepted such changes. Please refer back to this Policy on a regular basis.