PRIVACY POLICY

Checkbook, Inc. (“Checkbook,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our website, hosted applications, APIs, developer tools, dashboards, communications, and other products and services that link to this Privacy Policy (collectively, the “Services”).

This Privacy Policy applies to personal information we process when you:

visit our website or interact with our online content;
create or administer a Checkbook account;
use or integrate with our payment, payout, invoicing, disbursement, or related services;
communicate with us as a customer, prospective customer, vendor, partner, or service provider; or
receive a payment, reimbursement, refund, invoice, or other transaction through a business or other organization that uses Checkbook.

This Privacy Policy does not apply to:

personal information processed in an employment or recruiting context, which is subject to separate notices;
third-party websites, platforms, or services that are not owned or controlled by Checkbook; or
personal information that we process solely on behalf of a customer and subject to that customer’s privacy notice, except to the extent applicable law requires us to respond directly.

By using the Services, you acknowledge that your personal information will be handled as described in this Privacy Policy.

1. Who this Privacy Policy applies to

We may process personal information in different roles depending on how you interact with us.

Business customers and their representatives. If you create, manage, or use a Checkbook account on behalf of a business, we process information about you and your business to provide the Services, administer the relationship, support integrations, process transactions, and meet legal and compliance obligations.

Recipients, payees, and end users. If a Checkbook customer uses our Services to send you a payment, invoice, reimbursement, refund, or similar transaction, we may process personal information about you to facilitate that transaction, verify identity, prevent fraud, comply with law, and provide related support. In many cases, the Checkbook customer that provided your information is responsible for its own privacy notice and for certain rights requests relating to that information.

Website visitors and prospects. If you browse our website, request a demo, download materials, or otherwise interact with us before becoming a customer, we process information necessary to operate the site, respond to inquiries, market our Services, and improve the user experience.

2. Personal information we collect

Depending on how you interact with us, we may collect the following categories of personal information:

Identifiers and contact information

Name
Business name
Username
Mailing address
Email address
Telephone number
Account identifiers
Government-issued identifiers where required for verification or compliance

Financial and transaction information

Payment card-related information, where applicable
Payment instrument tokens
Billing information
Bank account and routing information
Transaction history
Payment details
Remittance and invoice data
Settlement information
Refund or reversal information
Tax-related information

Compliance and verification information

Date of birth
Social Security number, tax identification number, employer identification number, or similar identifier
Government-issued identification information
Sanctions, watchlist, fraud, or risk-screening results
Ownership, control, or beneficial ownership information
Information needed to satisfy know-your-customer, know-your-business, anti-money laundering, anti-fraud, tax, or other legal obligations

Account, authentication, and technical information

Passwords and authentication credentials
Multi-factor authentication data
API credentials and related metadata
Device identifiers
IP address
Browser type
Operating system
Referral URLs
log data
usage data
session information

Commercial and business information

Company type
Business size
Industry
Expected and actual transaction volume
Service configuration
Integration details
Customer support history
Contracting and billing records

Communications and support information

Emails
Call recordings, where permitted by law
Chat or ticket contents
Survey responses
Demo requests
Marketing preferences
Records of communications with us

Internet or network activity information

Information collected through cookies, SDKs, pixels, tags, and similar technologies
Pages viewed
Clickstream data
Browser interactions
Device and network diagnostics

Location information

Approximate geolocation derived from IP address
More precise location information only if you enable a feature that requires it or otherwise consent where required

Professional or commercial background information

Job title
Department
Employer affiliation
Business contact details
Publicly available business profile information

Audio, visual, or similar information

Identity verification images or recordings, where used
Profile photos or uploaded documents
Customer support call recordings, where used

Inferences

Fraud, security, or risk signals
Preferences or interests inferred from interactions with the Services
Service usage patterns

Sensitive personal information We may collect sensitive personal information, such as government identifiers, account log-in credentials, financial account information, payment card information, precise geolocation if enabled, and other information that may be treated as sensitive under applicable law. We use sensitive personal information only as reasonably necessary to provide the Services, perform identity verification, prevent fraud, maintain security, comply with law, process transactions, and for other purposes permitted by applicable law.

3. Sources of personal information

We collect personal information from the following sources:

Directly from you, such as when you create an account, complete onboarding, contact support, request a demo, subscribe to updates, or otherwise communicate with us.
From our business customers, such as when they submit information about payees, recipients, employees, contractors, customers, or other transaction participants.
From your use of the Services, including from your browser, device, cookies, logs, and other automatically collected information.
From integrations and partners, such as accounting platforms, banking partners, payment networks, identity verification providers, fraud prevention vendors, and technology providers.
From publicly available sources and third parties, such as government databases, sanctions lists, public business registries, data validation vendors, and other lawful sources used for compliance, security, and verification.

4. How we use personal information

We use personal information for the following purposes:

To provide, operate, maintain, and improve the Services
To create and administer accounts
To authenticate users and secure access to the Services
To process payments, payouts, invoices, refunds, reimbursements, and related transactions
To verify identity and eligibility
To perform sanctions screening, fraud prevention, anti-money laundering checks, tax reporting, and other compliance activities
To communicate with you about accounts, transactions, updates, support, and security matters
To respond to inquiries, troubleshoot, and provide customer support
To analyze performance, usage, and trends and improve our products, documentation, and integrations
To personalize business-to-business communications and service experience
To bill, collect amounts owed, maintain records, and conduct audits
To investigate incidents, enforce our agreements, and protect the rights, safety, and property of Checkbook, our customers, users, recipients, and others
To comply with legal obligations, court orders, subpoenas, regulatory requests, and law enforcement requests
To support corporate transactions such as financing, diligence, merger, acquisition, restructuring, or sale of assets
For any other purpose disclosed at the time of collection or with your consent, where required

We may aggregate or deidentify information and use that information for any lawful purpose. We will not attempt to reidentify deidentified information except as permitted by law.

5. How we disclose personal information

We may disclose personal information to the following categories of recipients:

Affiliates and related companies. We may disclose information within our corporate group for internal administration, product support, security, analytics, and lawful business operations.

Service providers and contractors. We may disclose information to vendors and contractors that help us operate the Services, including providers of cloud hosting, data storage, analytics, communications, customer support, fraud prevention, identity verification, document management, security, and professional services.

Financial institutions, payment networks, and payment partners. We may disclose information to banks, sponsoring institutions, card networks, payment processors, payment rails, settlement partners, and similar parties as necessary to initiate, route, process, complete, reconcile, reverse, settle, or investigate a transaction.

Identity, compliance, and fraud vendors. We may disclose information to vendors and partners that help us verify identity, detect or prevent fraud, perform watchlist or sanctions screening, satisfy legal and regulatory obligations, or assess security and operational risk.

Our customers and transaction counterparties. We may disclose information to the Checkbook customer that submitted or controls the transaction and, where necessary, to recipients, payees, senders, merchants, or other counterparties involved in the transaction.

Integration partners and third parties at your direction. If you connect third-party tools or direct us to disclose information to a third party, we will do so as necessary to provide the requested functionality.

Professional advisors and auditors. We may disclose information to lawyers, accountants, insurers, financing sources, and other professional advisors as necessary for legal, audit, compliance, or business purposes.

Authorities and others for legal, security, or public-safety reasons. We may disclose information if required by law or if we reasonably believe disclosure is necessary to comply with legal process, protect against fraud or security threats, investigate unlawful activity, enforce our agreements, or protect rights, property, or safety.

Corporate transaction recipients. We may disclose information in connection with a proposed or completed merger, acquisition, investment, reorganization, bankruptcy, sale of assets, or similar transaction, subject to appropriate confidentiality and legal protections.

With your consent or at your direction. We may disclose information in other circumstances when you request or authorize us to do so.

We do not sell personal information for monetary consideration. We also do not share personal information for cross-context behavioral advertising as those terms are used under California law.

6. Cookies and similar technologies

We and our service providers may use cookies, local storage, pixels, tags, SDKs, and similar technologies to:

keep the Services functional and secure;
remember your settings and preferences;
measure site and product performance;
understand usage patterns;
detect fraud, abuse, and technical issues; and
improve the Services and related content.

You can manage cookies through your browser settings and, where offered, through our cookie preferences tools. Some browser settings allow you to refuse or delete cookies. Please note that disabling certain cookies may affect functionality.

Do Not Track. Some browsers transmit “Do Not Track” signals. Because there is no consistent industry standard for those signals, our Services do not currently respond to them.

Global Privacy Control. Where required by applicable law, we will process qualifying browser-based opt-out preference signals, such as the Global Privacy Control, as requests relating to sale, sharing, or targeted advertising for the browser or device from which the signal is sent. Because we do not sell personal information or share it for cross-context behavioral advertising, our response may be limited to honoring applicable cookie preferences and similar choices for that browser or device.

7. Data retention

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including to provide the Services, maintain the business relationship, complete transactions, support legitimate business operations, resolve disputes, enforce agreements, and comply with legal, regulatory, accounting, tax, anti-money laundering, anti-fraud, audit, and recordkeeping obligations.

Our retention periods vary depending on the nature of the information and the context in which it was collected. In determining retention, we consider:

the sensitivity of the information;
whether the information is needed to provide ongoing Services;
whether the information is needed to detect or prevent fraud, security incidents, or misuse;
whether we are subject to legal, regulatory, tax, accounting, litigation-hold, audit, or reporting obligations;
whether the information is needed to exercise or defend legal claims; and
whether deletion would impair our ability to comply with law or enforce our agreements.

When personal information is no longer required, we will delete, anonymize, or securely dispose of it in accordance with applicable law and our retention practices.

8. Data security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, destruction, use, modification, or disclosure. These safeguards include controls appropriate to the nature of the information and the risks presented by processing.

No system, network, or method of transmission or storage is completely secure. You are responsible for safeguarding your account credentials, devices, and access methods and for notifying us promptly if you believe your account or information has been compromised.

9. International and cross-border transfers

Checkbook is based in the United States, and personal information may be processed and stored in the United States and other jurisdictions in which we or our service providers operate. Those jurisdictions may have privacy or data protection laws that differ from those in your home jurisdiction.

Where required, we will implement appropriate measures for cross-border transfers.

10. Children’s information

The Services are not directed to children under 18, and we do not knowingly collect personal information directly from children under 18 for our own purposes. If we learn that we have collected personal information directly from a child under 18 without appropriate authorization or another lawful basis, we will take appropriate steps to delete it as required by law.

11. Your choices

You may have the following choices with respect to your personal information:

Account information. You may update certain account information by logging into your account or contacting us.

Marketing communications. You may opt out of marketing emails by using the unsubscribe link in the message or contacting us. Even if you opt out of marketing communications, we may still send you service, transactional, legal, compliance, or account-related communications.

Cookies and similar technologies. You can manage cookies through browser settings and any cookie preference tools we make available.

Recipient or payee information submitted by a customer. If your information was provided to us by a Checkbook customer in connection with a payment or transaction, you may need to direct your request to that customer first. We may forward your request to the relevant customer or work with that customer to address it.

12. U.S. State Privacy Rights

Residents of California and certain other U.S. states may have privacy rights under applicable law, subject to exceptions, exemptions, and limitations. Depending on the law that applies, the nature of the information at issue, and our role in processing the information, these rights may include:

the right to confirm whether we process your personal information;
the right to know or access categories or specific pieces of personal information;
the right to correct inaccurate personal information;
the right to delete personal information;
the right to obtain a copy of personal information in a portable format;
the right to opt out of the sale of personal information;
the right to opt out of targeted advertising or the sharing of personal information for cross-context behavioral advertising;
the right to opt out of certain profiling in furtherance of decisions that produce legal or similarly significant effects;
the right to limit certain uses or disclosures of sensitive personal information, where applicable; and
the right not to receive discriminatory treatment for exercising applicable privacy rights.

How to Exercise Your Rights

To submit a privacy request, contact us at:

Email: support@checkbook.io
Phone: 650-761-0008

Please specify the right you want to exercise and provide enough information for us to verify and process your request.

Authorized Agents

If you are submitting a request as an authorized agent, we may require proof of your authority and may also require verification from the relevant individual.

Verification

To protect privacy and security, we may need to verify your identity before fulfilling a request. Verification may vary depending on the sensitivity of the information requested and the type of request. We may ask you to confirm information we already have on file, provide account-specific information, or provide other information reasonably necessary to verify your identity and authority.

Appeals

If we deny your request in whole or in part, and applicable law gives you the right to appeal, you may submit an appeal by replying to our response or by emailing support@checkbook.io with the subject line Privacy Rights Appeal. We will review the appeal and respond as required by applicable law.

Our Role Matters

In some cases, we act only on behalf of a Checkbook customer, such as when that customer uses our Services to send a payment or process a transaction involving your information. In those cases, that customer may be the party responsible for responding to your request under applicable law. We may direct you to that customer, forward the request to the customer, or assist the customer in responding.

Exceptions and Exemptions

The rights described in this Section do not apply in all circumstances. To the extent permitted by applicable law, we may deny, limit, or defer a request where the personal information or our processing activities are exempt from, or otherwise not subject to, a particular state privacy law, including where an exception applies for compliance with federal, state, or local law; a court order, subpoena, examination, investigation, or regulatory request; to complete or effectuate a transaction; to detect, investigate, or protect against fraud, security incidents, deceptive, malicious, or illegal activity; to exercise or defend legal claims; or as otherwise permitted by applicable law. In addition, certain personal information may be subject to other federal or state financial privacy laws in particular contexts, and where those laws apply, they may govern how the information is processed and how privacy rights requests are handled. We evaluate each request based on the law that applies to the information at issue and our role in processing that information.

13. Additional California disclosures

This section supplements the rest of this Privacy Policy and applies only to California residents.

California notice at collection

At or before the point of collection, California residents are entitled to notice of the categories of personal information collected and the purposes for which the information is used. The categories of personal information we collect are described in Section 2 above, and the purposes for which we use them are described in Section 4 above.

Categories of personal information collected and disclosed

In the preceding 12 months, depending on how you interact with us, we may have collected and disclosed for business purposes the following categories of personal information:

identifiers and contact information;
customer records information and similar information described in California Civil Code section 1798.80;
financial account, transaction, and payment information;
internet or other electronic network activity information;
geolocation information;
audio, electronic, visual, or similar information;
professional or employment-related information;
commercial information;
inferences drawn from personal information; and
sensitive personal information.

We collect these categories from the sources described in Section 3, use them for the purposes described in Section 4, and disclose them to the categories of recipients described in Section 5.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

Sensitive personal information

We may collect sensitive personal information, including government identifiers, financial account information, account credentials, and certain verification-related information. We do not use or disclose sensitive personal information for purposes that require us to offer a right to limit under California law, other than as required by law. We do not use sensitive personal information to infer characteristics about individuals, recipients, payees, or end users of a Checkbook customer.

California privacy rights

If you are a California resident, you may have the following rights:

Right to know the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties to whom we disclose personal information.
Right to delete personal information we collected from you, subject to exceptions.
Right to correct inaccurate personal information we maintain about you.
Right to opt out of the sale or sharing of personal information.
Right to limit certain uses and disclosures of sensitive personal information, where applicable.
Right to non-discrimination for exercising your California privacy rights.

California residents may also designate an authorized agent to make requests on their behalf, subject to verification and applicable legal requirements.

14. Nevada privacy rights

Nevada residents may submit a verified request directing us not to sell certain covered information to third parties, as permitted by Nevada law. We do not currently sell covered information as defined by Nevada law.

Nevada residents may submit such requests by emailing support@checkbook.io with the subject line Nevada Privacy Request.

15. Financial Privacy Laws

Checkbook provides services to businesses and organizations and does not offer financial products or services directly to individuals for personal, family, or household purposes.

In some cases, a Checkbook customer may use the Services to send a payment or other disbursement to an individual. In those cases, we generally process personal information in connection with providing services to our business customer and facilitating the transaction requested by that customer.

Certain personal information or processing activities may be subject to federal or state financial privacy laws in particular contexts. Where applicable, we will comply with the notice, consent, opt-out, disclosure, and other requirements imposed by those laws.

Nothing in this Privacy Policy is intended to limit any rights or obligations that apply under applicable financial privacy laws. Where information is subject to those laws, those laws may govern how we process the information and how privacy rights requests are handled.

15A. Educational Institutions and FERPA

If a school, school district, college, university, or other educational institution uses our Services in connection with student-related payments, refunds, reimbursements, stipends, grants, or other disbursements, Checkbook may process certain student-related information on behalf of that institution in connection with providing the Services.

To the extent the Family Educational Rights and Privacy Act (“FERPA”) applies to information processed through the Services, Checkbook processes that information only as authorized by the applicable educational institution and the parties’ agreement. Checkbook does not use personally identifiable information from education records for its own independent educational purposes.

Where FERPA applies and the educational institution relies on a FERPA exception to disclose information to Checkbook, Checkbook’s processing is intended to remain subject to the educational institution’s direction and control with respect to the use and maintenance of the relevant information, as provided in the parties’ agreement and applicable law. Checkbook will not re-disclose personally identifiable information from education records except as authorized by the educational institution, required by law, or otherwise permitted by applicable law.

Educational institutions are responsible for determining whether FERPA applies to particular information, whether disclosure to Checkbook is permitted, and whether their notices, policies, contracts, and other compliance measures appropriately address their use of service providers and any applicable FERPA exception.

Where required by contract or applicable law, Checkbook will support educational institutions in responding to requests relating to access, correction, retention, and return or deletion of relevant information.

16. Third-party websites and services

The Services may contain links to third-party websites, tools, documentation, integrations, or services that are not controlled by Checkbook. We are not responsible for the privacy, security, or data practices of those third parties. We encourage you to review the privacy policies of any third-party services you use.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Privacy Policy and revise the “Last Updated” date above. Where required by law, we will provide additional notice.

18. Contact us

If you have questions about this Privacy Policy or our privacy practices, or if you would like to submit a privacy request, please contact us at:

Checkbook, Inc. Email: support@checkbook.io Phone: 650-761-0008