Privacy Policy


Last Updated: June 27, 2023

Please read this Privacy Notice carefully as it describes how Paya, Inc. (“Paya,” “we,” “our” or “us”) collects, uses, discloses, retains and protects your Personal Information as a customer of our payment processing services, representative of a vendor or company we do business with, visitor of our website, or another individual whose information we have collected pursuant to this Privacy Policy. The Services are designed for users in the United States only and are not intended for users located outside the United States.

1. What This Privacy Notice Covers

Our Privacy Notice applies to our website (http://Paya.com) and all products, applications (including mobile applications, if applicable) and services offered by Paya (together, the “Services”). This Privacy Policy does not cover the practices of companies we do not own or control, including our customers. We offer payment and commerce platform solutions for our customers, and when we do so, we are acting at the direction of our customers that have their own privacy practices. Accordingly, if you are an end user of our customers, please refer to the separate privacy notices that govern your interaction with their products or services.
“Personal Information” means any information that identifies or relates to a particular individual. Personal Information does not include information that is aggregated or deidentified such that the information cannot be reasonably linked to you. When we collect deidentified data, we maintain it in deidentified form and do not attempt to reidentify the information.

2. Changes to Our Privacy Notice

We may change our Privacy Notice from time to time. If we make material changes to this Privacy Notice, we will revise the ‘last updated’ date, post the updated version on our website, use reasonable efforts to notify you, and take any other steps necessary to comply with applicable law.

3. How We Collect Information About You

a. Information You Provide.

i. When you interact with our Services, you may provide us with certain Personal Information, such as your name, employer information, job title, payment information (such as bank account, credit or debit card information), social security number, date of birth, postal address, email address and/or phone number. You may provide this information to us when you contact us, request information about our Services, or apply for/enter into a merchant agreement with us.

ii. We also collect information you may provide when you complete online forms (including call back requests), take part in surveys, or download information such as white papers or other publications.

iii. To the extent applicable, our Services that allow you to share information with third party social media sites. If you link your account or engage with our Services through third-party social media sites, you understand that you may be allowing us to have access to certain information stored on those social media sites.

b. Information Automatically Collected. We automatically collect certain types of technical and usage information when you use our Services or engage with us through our website or otherwise (“Usage Data”). We typically collect this information through a variety of technologies, including cookies, web beacons, file information and similar technology (“Cookies and Similar Technologies”). For example, Usage Data may include the device identification number and type, location information and connection information such as statistics on your page views, traffic to and from the sites, referral URL, ad identifier, your IP address, your browsing history and your web log information). Usage Data may also include information about the way you use our Services, for example, the site from which you came and the site to which you are going when you leave our website, the pages you visit, clickstream data, whether you access the Services from multiple devices, and other actions you take on the Services.

c. Information From Third Parties to Comply with Underwriting and Other Regulatory Requirements. We may collect Personal Information about you from third parties that are entitled to share that information; for example, information from credit agencies, search information providers or public sources (e.g. for customer due diligence purposes), but in each case as permitted by applicable laws and solely as required to ensure we meet, and help our bank partners meet, underwriting and other regulatory requirements and guidelines (e.g., anti-money laundering and anti-terrorism). Any information we obtain from third parties will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices.

4. How We Use Your Information

a. To the extent permissible under applicable law, we may use your Personal Information to:

  • provide the Services that you have requested or ordered;
  • compare information for accuracy and to verify it with third parties;
  • provide, maintain, protect and improve our Services;
  • manage, monitor, and administer your use of the Services and provide an enhanced, personal, user experience for you;
  • manage our relationship with you (for example, customer services and support activities);
  • undertake internal testing of our Services or systems to test and improve their security and performance;
  • provide you with any information that we are required to send you to comply with our regulatory or legal obligations;
  • detect, prevent, investigate or remediate, crime, illegal or prohibited activities or to otherwise protect our legal rights (including liaison with regulators and law enforcement agencies for these purposes);
  • contact you to see if you would like to take part in our customer research (for example, feedback on your use of our applications, products and services);
  • monitor, carry out statistical analysis and benchmarking, provided that in such circumstances, we aggregate your Personal Information, such that it will not be linked back to you; and
  • deliver advertising, marketing (including in-product messaging) or information to you which may be useful to you.

5. Disclosing Your Information

a. We may disclose your Personal Information to the following third parties under certain circumstances, which may include

i. our corporate family, affiliates and subsidiaries;
ii. our service providers and agents (including their sub-contractors) or third parties which process information on our behalf (e.g. internet service and platform providers, online advertising service providers and other organizations we engage to help us send communications to you) to provide you with the Services and information you have requested or which we believe is of interest to you;
iii. partners, including system implementers, resellers, value-added resellers, independent software vendors and developers that may help us to provide you with the Services and information you have requested or which we believe is of interest to you;
iv. third parties used to facilitate payment transactions, for example clearing houses, clearing systems, financial institutions and transaction beneficiaries;
v. third parties where you have requested us to send certain information (for example, a reseller with whom you have an existing relationship);
vi. credit reference and fraud prevention agencies;
vii. any third parties to enforce our legal rights and satisfy our legal obligations, including without limitation any reporting or disclosure obligations under applicable law or regulations or subpoena, court order or other judicial or administrative process, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others;
viii. third parties to comply with the rules, regulations and guidelines of the payment networks in which transactions are processed;
ix. our professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
x. third parties to transfer information and/or assets in the event of a merger, acquisition, sale, bankruptcy filing, or other corporate restructuring; another organization to whom we may transfer our agreement with you; and
xi. third parties for any other purpose permitted under applicable law and regulation or agreed to in this Privacy Notice or disclosed at the time the information is collected.

b. We may disclose non-personally identifiable information about the use of our Services publicly or with third parties but this will not include information that can be used to identify you.

6. Your Information and Your Rights

a. From time to time, we may send you emails regarding updates to our Services, notices about our organization, or information about promotional offers from third parties that we think may be of interest to you. If you wish to unsubscribe from such emails, simply click the “unsubscribe link” provided at the bottom of the email communication. Note that you cannot unsubscribe from certain Services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).

b. You can manage your privacy settings within your browser or our Services (where applicable).

c. If you are a California resident, you may have additional rights in relation to personal information we have collected about you. Please see Section 14 for “California Residents” for more information.

7. Security and Storage of Information

a. Please be aware that despite our endeavors to keep your information secure by taking appropriate technical and organizational measures against its unauthorized or unlawful processing and against its accidental loss, destruction or damage and commercially reasonable steps to protect your Personal Information, no measures can guarantee the security of your information which is transmitted to us. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.
b. We retain your Personal Information for as long as is reasonably necessary for the purposes specified in this Privacy Policy or as otherwise required by law or regulation. When determining the length of time to retain your information, we consider various criteria, including whether we need the information to fulfill our obligations to our bank partners, continue to provide you the Services, resolve a dispute, enforce our contractual agreements, prevent harm, promote safety, security and integrity, or protect ourselves, including our rights, property or products.

8.Data Storage and Transfer

Your information may be stored and processed in the United States or any other country in which Paya or its subsidiaries, affiliates or service providers maintain facilities. If you are located in other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S. or any other country in which we or our parent, subsidiaries, affiliates or service providers maintain facilities and the use and disclosure of information about you as described in this Privacy Notice.

9.Third Party Websites and Social Media

a. We may provide a link from our Services to another site or service. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy notices appearing on those sites or services. We expressly disclaim any and all liability for the actions of third parties, including but without limitation to actions relating to the use and/or disclosure of personal information by third parties. Any information submitted by you directly to these third parties is subject to that third party’s privacy policy.

b. Our Services may enable you to share information with social media sites, or use social media sites to create your account or to connect your social media account (“Social Features”). Use of Social Features may entail a third party’s collection and/or use of your data. If you use Social Features or similar third-party services, information you post or otherwise make accessible may be publicly displayed by the third-party service you are using. Both we and the third party may have access to information about you and your use of both the Services and the third-party service.

10. Cookies and Similar Technologies

a. We use cookies, which are small text files that are transferred from our Services and stored on your device. Depending on where you live, we may use cookies and similar technologies to help us provide you with a personalized service, make our Services better for you, and run analytics.

b. We may use the following different types of cookies:

i. Strictly necessary cookies. These are cookies that are needed for our websites, applications or Services to function properly. For example, these cookies allow you to access secure areas of our Services.

ii. Performance cookies and analytics technologies. These cookies collect information about how visitors and users use our websites, applications and services. All information these cookies collect is aggregated and de-identified. We use these cookies to improve how our Services work.

iii. Functional cookies. These cookies allow our websites, applications and Services to remember choices you make (such as your user name, language or the region you are in), provide enhanced, more personalized features. , and provide Services you have asked for.

iv. Targeting or advertising cookies. These cookies are used to deliver advertisements that are more relevant to you and your interests, and measure the effectiveness of an advertising campaign. They may be placed by advertising networks with the website operators’ permission. Information collected by these cookies may be shared with other organizations such as advertisers, and may also be used for site functionality provided by the other organization.

v. Web beacons and parameter tracking. We also use cookies and similar software known as web beacons to count users who have visited our Services after clicking through from one of our advertisements on another website or in emails and to collect details of any products or Services purchased. These web beacons collect limited information, which does not identify particular individuals.

c. How to Disable Cookies and Similar Technologies
i. Most browsers accept cookies automatically, but you may be able to configure your browser or our website, application or service to control the use of Cookies and Similar Technologies. For example, you can decline to have personal information collected via third party cookies by navigating to the settings feature in your browser and declining all third-party cookies or declining third-party cookies from specific sites. However, if you disable cookies you may find this affects your ability to use certain parts of our website, applications or Services.

ii. For more information about cookies and instructions on how to adjust your browser and device settings to accept, delete, or reject some of these technologies, visit www.youronlinechoices.com or allaboutcookies.org.

iii. We use Google Analytics to analyze how users use our Services. The information generated by the cookie about your use of the websites, applications or services may be shared with Google. To opt out of tracking by Google Analytics, you can do so here.

iv. Do Not Track. Your browser settings may allow you to transmit a “do not track” signal, “opt-out preference” signal, or other mechanism for exercising your choice regarding the collection of your information when you visit various websites. Like many websites, our website is not designed to respond to Do Not Track signals communicated by your browser. To learn more about “do not track” signals, you can visit http://www.allaboutdnt.com/.

11. Children’s Personal Information

Our website is not intended for or directed to children under the age of 13, and we do not knowingly collect personal information directly from children under the age of 13. If we become aware that a child under the age of 13 has provided us with Personal Information, we will take commercially reasonable steps to delete the information from our records. If you are the parent or guardian of a child under 13 years of age who has provided us with their personal information, you may contact us using the below information to request that it be deleted.

12. Your California Privacy Rights. California Consumer Privacy Act (“CCPA”). For purposes of this section, “personal information” has the meaning given in the CCPA, but does not include information exempted from the scope of the CCPA.
The below table explains our practices over the past 12 months related to the categories and types of personal information that we collect about you and the categories of third parties that we disclose this information to for a business purpose.

Category of Information Types of Information Categories of recipients
Identifiers Name, email address, unique personal identifier, postal address, phone number, IP address, password, social media handle Cloud storage providers, online advertising service providers, communications service providers, resellers, software vendors, clearing houses, financial institutions, transaction beneficiaries, credit reference and fraud prevention agencies, data analytics vendors, marketing partners, other parties to whom you request we send your information
Personal information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) Name, postal address, phone number Cloud storage providers, communications service providers, resellers, software vendors clearing houses, financial institutions, credit reference and fraud prevention agencies, other parties to whom you request we send our information
Professional or employment-related information Employer information, role Cloud storage providers, clearing houses, financial institutions, credit reference and fraud prevention agencies, other parties to whom you request we send our information
Geolocation data IP address, zip code Data analytics vendors, online advertising service providers, marketing partners
Internet or other electronic network activity IP address, device ID, browsing and search history, information about your interaction with the Services Data analytics vendors, online advertising service providers, marketing partners
Sensitive personal information Social security number Cloud storage providers, clearing houses, financial institutions, credit reference and fraud prevention agencies

The specific business purposes for which we collect your Personal Information, including sensitive personal information, are described above in Section 4, How We Use Your Information. We only use and disclose sensitive personal information for the purposes specified in the CCPA. The criteria we use to determine how long to retain your personal information is described in Section 7.b, Security and Storage of Your Information.
We do not “sell” or “share” (as those terms are defined under the CCPA) Personal Information.

As a California resident, you may have the rights listed below in relation to personal information that we have collected about you. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.


  • Right to Know. You have a right to request the following information about our collection, use and disclosure of your personal information over the prior 12 months, and ask that we provide you with a copy of the following:

    • categories of and specific pieces of personal information we have collected about you;
    • categories of sources from which we collect personal information;
    • the business of commercial purposes for collecting personal information;
    • categories of third parties to whom the personal information was disclosed for a business purpose; and
    • categories of personal information disclosed about you for a business purpose.

  • Right to Delete. You have a right to request that we delete personal information, subject to certain exceptions.
  • Right to Correct. You have a right to request that we correct inaccurate personal information we maintain about you.


You may exercise any of these rights by emailing [email protected]. We may need to collect information from you to verify your identity, such as your email address, government issued ID or date of birth, before providing a substantive response to the request. You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.

We will not discriminate against you for exercising any of your rights under the CCPA.

13. Further Information

If you have any queries about our privacy practices or this Privacy Policy, please email us at [email protected].