Spreedly Privacy Policy

Spreedly is a service that offers a single API and secure credit card tokenization that allows you to integrate to over 120 gateways around the world. We value and respect your privacy and will take all reasonable steps to protect your and your customers’ personal information. This Privacy Policy will help you understand what personal data Spreedly collects and how we collect, hold, use and disclose that information as well as the purposes of such collection and disclosure.

1. What does this Privacy Policy Apply To?

This Privacy Policy applies to www.spreedly.com, all subpages, our blog (together, the “Website”) and all software and services that we offer through our Website. This Privacy Policy does not apply to any website, service or product of any third-party even if such third party links to or is linked from our Website. We do not control or operate those websites, services or products and assume no responsibility for them. You should carefully review the privacy policies of such third party websites, services or products before deciding whether to provide any personal information.

2. Information Collection and Use
What information do we collect?

We collect information in several ways: (i) when you send us an e-mail or communicate via any other electronic means we will store the address and the conversation history; (ii) when you register via our Website we will collect and store certain personal data that may include your address, phone numbers, credit card numbers, IP address, location, information about your computer or device and other standard web log information; (iii) when a customer uses a checkout process on a merchant’s website that is integrated to Spreedly, we will gather and may store payment card data, billing details and other personal data required to process the transaction.

We refer to the information we collect generally as “personal information”, which includes any information that can be used to identify and individual, or any anonymous information that is linked to a specific individual. Any information that is aggregated or becomes anonymous such that it cannot be reasonably associated with an individual shall not be considered personal information.

The types of personal information we collect and our use of that personal information will depend on whether you are a website user, merchant or end customer.

Website Users

When you browse our Website, you will not be required to provide any personal information. We may, however, gather non-personally-identifiable information solely for the purposes of monitoring our Website and the services that we offer through it.

Merchants

When you visit our Website we offer you the opportunity to sign-up for a free test account that gives you the ability to integrate to our API and run test transactions in our sandbox environment before you commit to purchasing a paid subscription plan. As part of this process, we may collect your IP address, information about your computer, and other standard web log information. We will also collect your email address and other personal information that we may use to update you about your account with Spreedly and our service generally.

When you sign-up for a paid production account, in addition to the information above, we require you to provide a valid credit card and contact email. We will only use this information to ensure that your Spreedly account remains in good standing until you elect to terminate your subscription.

Once you begin using the Spreedly service for production transactions, we will keep records of your transactions and collect information of your other activities related to our service.

End customers

When a merchant using Spreedly’s service collects payment information from you, they will collect personal information from you and pass it to us. This personal information includes your payment card or bank account information, and may include your email address, phone number, and billing and shipping address. When you use a merchant’s website to store your payment card details for future use, we will use the personal information you provide to the merchant to store those card details.

Cookies

We may collect information about your computer (including your IP address), operating system and browser type, for system administration purposes.

We may also obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website, deliver a better and more personalized service, look for possible fraudulent activity, and to be better understand the sources of traffic to our Website.

You may elect to refuse to disable cookies by activating the appropriate setting on your browser. Unless you have adjusted your browser setting so that it will refuse cookies, our system will automatically issue cookies when you log on to our Website.

Special information for California residents and cookies from one of our processors can be found here.

Children’s Online Privacy Protection Act

Our Website and the services we offer are directed to the general public, but are not directed at persons under the age of 13. We do not knowingly collect information from children under 13 years of age nor do we have any reasonable grounds for believing that children under the age of 13 are accessing our Website or using our services. If we do learn that we have inadvertently collected personal information from a child under the age of 13, we will promptly delete that information. If you believe that we may have collected any information from a child under 13 years of age, please contact us.

What we do with your information

Spreedly uses the information we collect for the following general purposes including products and services provisioning, billing, identification and authentication, service improvement, contact, and research.

We may occasionally email you with information about new service. You may opt out of these emails by clicking on the unsubscribe link contained in such communications or by replying with unsubscribe in the subject line. Please note that you will continue to receive communications about your Spreedly account including billing invoices and usage notifications.

3. Sharing and disclosure of information

We are not allowed to disclose personal information without your written permission and will never sell or rent your personal information to marketers.

Certain information collected about you and your customers may be shared with third parties within the context of providing Spreedly services. These third parties may include our agents, related body corporates, contractors, financial institutions, payment processors, fraud services, and any third parties that you have directly authorized to receive your personal information. We may store personal information with third parties in locations outside our direct control, for example on offsite servers or databases. Some of the third parties to whom we disclose your personal information may be located outside your country of residence. By visiting our Website or using our service, you acknowledge that we may share payment transaction data and related information with third parties to the extent necessary to process transactions via the Spreedly service. The use of personal information by such third party will be subject to their applicable privacy policy, which we recommend you carefully review.

In certain circumstances we may be required to disclose personal information to government officials, law enforcement or other third parties: (i) in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Spreedly's terms of use, or as otherwise required by law; (ii) if we are compelled to do so by subpoena, court order or other legal process; or (iii) if we are required to do so to comply with any law, statute, or set of rules or regulations.

We will only disclose personal information in response to a request if we believe in good faith that it is necessary to comply with any applicable law or legal requirement. We will use reasonable efforts to provide you prompt notice prior to such disclosure so that you can contest the requirement if you choose unless we determine in good faith that: (i) we are not permitted to provide you such notice under any applicable law; or (ii) giving such notice would result in an imminent risk of death, serious injury or significant property loss or damage to Spreedly or a third party.

In the event Spreedly is acquired by or merged with another company or enters into a reorganization, bankruptcy or any other similar event then we may also transfer any personal information to our success or assign. In this event, we will notify you by email or by putting a prominent notice on the Website before any personal information is transferred and becomes subject to a different privacy policy.

4. Data retention

Personal information we collect and use for any purpose or purposes shall not be retained for longer than is necessary for that purpose or those purposes.

Spreedly owns the data storage, databases and all rights to the Spreedly application, but we make no claim to the rights of your data. You retain all rights to your data and we will never contact your clients directly, or use your data for our own business advantage or to compete with you or market to your clients.

To offer our service we are required to retain certain data you provide us to ensure transactions are processed correctly, to identify fraudulent activity, and to comply with applicable laws and regulations. Accordingly, even if you close your Spreedly account and we export your data to a third party, we will retain certain information as necessary to meet these obligations.

5. Credit Card transactional data

Spreedly sits in a unique position, seeing credit card transactional data from a wide range of global credit cards running across a diverse set of financial payment providers. In an attempt to help improve the performance of payment networks, Spreedly may aggregate credit card transactional information and may sell that aggregated data to interested third parties.

"Interested third parties" are customers of our data as a service (DaaS) offering. They are typically focused on comparing their experience of credit card transaction service (specifically, success and decline rates and gateway latency) to the industry overall, with an eye to reducing decline rates and thus improving the payment experience for all involved. By "aggregated data" we mean data collected at the gateway level across all merchants transacting through that gateway.

We DO NOT collect or share any personal identifying information of any individual (such as name, address, credit card or social security number, or other identifiers), any data concerning any Spreedly merchant customer, or any type of Stock Keeping Unit identification code or other information that indicates what product or service was purchased.

6. Security and protection of information

The security of your personal information is important to us. We take all reasonable steps and follow generally accepted industry standards to ensure that the personal information we hold is protected from misuse, interference, loss, unauthorized access, modification or disclosure by the use of various methods including access limitation, and industry-standard Transport Layer Security (TLS) encryption technology.

We take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up-to-date, relevant and stored securely. Security safeguards include data encryption, firewalls, and physical access controls to building and files. Spreedly’s systems are certified as Level 1 PCI compliant and all data retention and credit card information is maintained in accordance with the PCI standards as determined by the PCI Security Standards Council.

You are responsible for the use and safeguarding of any login ID that we issue to you regarding the use of the Website or our service and any associated passwords. It is important for you to protect against unauthorized access to your login ID and password, to other sensitive data regarding your account with us, and to your computer and systems.

Spreedly provides some or all of its service from systems located outside of Europe. Accordingly, any European merchants and/or merchants collecting information from European persons by using Spreedly’s service must disclose to their customers that personally identifiable information may be transferred, processed and stored outside of Europe.

Spreedly maintains strict administrative technical, and physical procedures to protect information stored in our servers, which are located in the United States, and access to personal information is limited to only those employees who require it to perform their job functions.

No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

If you have any questions about security on our Website, you can send email us at support@spreedly.com.

7. Data Privacy Framework

Spreedly, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce (“Data Privacy Framework”). Spreedly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Spreedly has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. Learn more about the Data Privacy Framework (DPF) program, and view our certification here.

Inquiries & Complaints

In compliance with the Data Privacy Framework, Spreedly Inc., commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, UK or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Spreedly at support@spreedly.com.We will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal information. If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using JAMS as a third party resolution provider.

For more information on filing a complaint with JAMS, please visit: https://www.jamsadr.com/dpf-dispute-resolution.

8. Changes to this Privacy Policy

We reserve the right to modify this privacy statement at any time, so please review it occasionally to ensure you're still in agreement with its provisions. If we make material changes to this policy, we will notify you here or by means of a notice on our Website so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. You agree that electronic disclosures and notices have the same meaning and effect as if we had provided you with a paper copy.

9. Questions; Access, Corrections and Complaints

If you have any questions about this Privacy Policy or would like to access or seek correction of your personal information, or if you have any complaints regarding our privacy practices, please contact us at support@spreedly.com.

Merchants can correct their personal information by logging into their Spreedly account and updating their account information. For all other corrections please contact us at support@spreedly.com.

Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:

- The right to request confirmation of whether Spreedly processes Personal Data relating to you, and if so, to request a copy of that Personal Data;

- The right to request that Spreedly rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;

- The right to request that Spreedly erase your Personal Data in certain circumstances provided by law;

- The right to request that Spreedly restrict the use of your Personal Data in certain circumstances, such as while Spreedly considers another request that you have submitted (including a request that Spreedly make an update to your Personal Data); and

- The right to request that we export to another company, where technically feasible, your Personal Data that we hold in order to provide Services to you.

- Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.

In order to exercise your data protection rights, you may contact Spreedly support. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.

For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.

If you are a Customer of a Spreedly Customer please direct your requests directly to them. For example, if you are making, or have made, a purchase from a merchant using Spreedly, and you have a request that is related to the payment information that you provided as part of the purchase transaction, then you should address your request directly to the merchant.

This Privacy Policy was last updated on January 10, 2024. As our service continues to evolve, we may update this policy so please check back frequently.

More Questions?

Contact Us and we'll get your questions answered.