SafePay Privacy Policy

Effective Date: May 9, 2025

Privacy and security are very important to us at Safepay. This End User Privacy Policy (“Policy”) is meant to help you (the “end user”) understand how we at Safepay collect, use, and share your data when you use Safepay products or services – for example, when you use Forseti Verify Portal, or when you use Safepay to connect and share your data to power the applications (“apps”) you use. These apps, which offer business and consumer services are built and provided by our business customers (we’ll call them “developers” here), and have their functionality augmented by Safepay products such as Forseti Verify.

This Policy applies to SafePay, LLC and Forseti Verify (collectively, “Forseti”, “SafePay”, “we”, “our”, and “us”).

You should read this Policy carefully, it contains important information about your privacy rights and choices.

Background

Forseti Verify is a payment verification application used by businesses to ensure they are paying the right people for the right reasons, and often used in conjunction with other business applications as part of a robust and secure financial environment.

This Policy does not cover what developers of the apps you use do with your data. You should review the privacy policies or terms of service for those apps for information about their practices. This Policy also does not cover data we collect through our websites or when you interact with Forseti outside of using our product or services, such as emailing Forseti directly.

Forseti services are not directed to individuals under 18 and we do not knowingly collect data relating to children.

Data We Collect and Categories of Sources

The data we collect, use, and share depends on the Forseti products and services that you, and/or the app you have connected to, use. Depending on which of Forseti’s products or services you or your app use, Forseti may collect the following:

Data you provide to us;
Data from financial institutions when you connect your financial account;
Data from the electronic device you use to connect your financial account using Forseti or to otherwise interact with Forseti;
Data from the developer of the app you have connected to;
Data from our affiliates to provide support to you or to provide you with a better user experience; and/or
Data from other sources, including service providers and identity verification and fraud prevention services.

Data you provide to us

When you use Forseti’s products or services (like when you use Forseti to connect your financial accounts to an app), we collect the following data from you as needed to power your particular app or Forseti product or service:

identifiers like name, email address, date of birth, government issued ID numbers, Social Security number, and phone number;
login data when required by the provider of your account, like your username and password, account and routing number, or a security token;
any additional information needed to connect your accounts, including security questions and answers, and one-time password (OTP);
information from documents or statements that you provide to Forseti, like bank statements or pay stubs; and/or
information related to your use of our services, including which of our services you use, the dates and times of your use, and which financial institutions and apps you connect using Forseti.

When you provide login data and additional information needed to connect your accounts, you also give Forseti permission and authority to act on your behalf to access and transmit data to and from your financial institution.

Data we collect from financial institutions about and from your accounts

Depending on which Forseti products or services you, or the developer of your app use, as well as what, and how information is made available, we may collect the following data from your financial institutions:

Account data, including financial institution name, account name, account type, account ownership, branch number, IBAN, BIC, account number, routing number, and sort code;
Data about bank accounts, including due dates, balances owed, payment amounts and dates, account creation date, court-ordered forms of garnishment, and transaction history
Identifiers and data about the account owner(s), including name, email address, phone number, date of birth, and address information;
Data about account transactions, including amount, date, payee, type, quantity, price, location, and a description of the transaction; and/or
Data from your payroll, accounts payable, and tax documents, including data about your income and employer, in cases where you’ve connected your payroll accounts, business accounts payable systems, or provided us with your pay stub or tax form information.

Depending on the Forseti service you or the developer of your app use, and the manner in which the data is made available, the data collected from your financial accounts may include data from all accounts (e.g., checking, savings, credit card, and joint accounts) accessible through a single set of account credentials.

Data we receive from your devices

When you use a device, like your smartphone, tablet, or computer, to interact with our services (including through a developer’s app), we may collect the following data about that device:

internet protocol (IP) address;
timezone setting and location, device location;
hardware model and operating system;
features within our services you access;
browser data;
network data; and
other technical data about the device (such as settings and preferences).

Data we receive about you from the developers of apps powered by Forseti

When needed for Forseti to provide a service (like verifying your identity, protecting against fraud or risk, or enabling a bank transfer), the developers of the apps you use may provide us with identifiers and commercial information about you, like your name, Social Security number, business tax identification numbers, email address, phone number, or information about your financial accounts and transactions.

Data from our affiliates to provide support to you or to provide you with a better user experience

We may collect data from our affiliates (these are companies related to us by common ownership or control) to provide support to you or improve your experience. For example, when you use a service such as Auth0 to connect your login to a social or other form of single sign-on (SSO), we may collect the following data from Auth0 in order to help you connect to your accounts faster when using our services:

identifiers like name, email address, and phone number;
login data when required by the provider of your account, like your username and password, bank name, account and routing number, or a security token;
when needed, data to help verify your identity and connect your accounts, including your date of birth, security questions and answers, and one-time password (OTP); and/or
data from your device (as explained above).

Data we receive about you from other sources

When needed to provide a service, identify your device, or to help prevent fraud, abuse, or security threats, we may also receive data about you directly from third parties, including your wireless carrier, agents and our service providers.

Information we derive from the data we collect

We may derive additional information about you from the data we collect. For example, we may infer your geolocation, your annual income, or the type of account or subaccount you’ve chosen to connect―such as when you connect your bank accounts, so we can let the developer know whether the account is for checking, savings, or money market.

How we use your data

We use your data for the following business and commercial purposes:

Provide Services: To operate, provide, service, process, and maintain our products and services.
Develop Existing Services: To improve, enhance, modify, add to, and further develop our services.
Help Prevent Fraud, Verify Your Identity, or Protect Privacy: To verify your identity and help protect you, developers, our partners, SafePay, and others from fraud, malicious activity, and other privacy and security-related concerns.
Develop New Services: To develop new products and services.
Develop Insights: To develop insights based on the data we’ve collected about you. This includes your transaction data, other financial data, data about which financial accounts you have connected to which apps, and data from other sources, to help us, your financial institutions, and the developers of your connected apps provide services and/or a better user experience to you, like providing you with a faster connection and onboarding experience, faster access to your funds, to help detect and prevent potentially fraudulent activity, or personalize their services to you.
Provide Support: To provide support to you or to developers, including to help respond to your inquiries related to our services or developers’ apps.
Communicate With You: To communicate with you and send you things like technical notices, updates, security alerts, and messages.
Investigate Misuse and Misconduct: To investigate any misuse of our service or developers’ apps, including violations of our Developer Policy, criminal activity, or other unauthorized access to our services.
For Legal Purposes: To comply with contractual and legal obligations under applicable law and for other legal purposes such as to establish and defend against claims.
With Your Consent: For other notified purposes with your consent or at your direction.

We may also collect, use, and share data that has been aggregated or anonymized in a manner that does not identify you personally for any purpose permitted under applicable law. This includes creating or using aggregated or anonymized data to develop new products or services, to facilitate research, and for analytics purposes to help assess the speed, accuracy, and/or security of our services.

Our Lawful Bases for Processing (EEA and UK End Users)

For individuals in the European Economic Area (“EEA”) or the United Kingdom (“UK”), SafePay only processes your personal data when we have a valid legal basis to do so. Our legal basis for processing the data we collect will depend on what data we collected and the purpose for processing it. Generally, we will only collect and process your data where:

We are bound by any contract or agreement with you (for example, to comply with our end user services agreements) and must adhere to various legal requirements when offering regulated services, including our account information and payment services.
We require your data to comply with our legal obligations under applicable law, to safeguard SafePay’s legal rights, and to prevent and identify criminal activities such as money laundering and fraud. For these purposes, SafePay may find it necessary to share your personal data with entities such as courts, law enforcement agencies, and providers of anti-money laundering services;
Processing is necessary for our legitimate interests to effectively maintain the integrity of our services. This includes retrieving account information or providing payment initiation services (as well as verifying the output of this activity), engaging in communication with you, and ensuring that SafePay upholds the expected standards; or
you have given your consent to do so.

To the extent we rely on consent to collect and process your data, you have the right to withdraw your consent at any time per the instructions provided in this Policy.

How We Share Your Data

We share your data for the following reasons:

With the developer of the app you are using and as directed by that developer;
To enforce any contract with you;
With our data processors and other service providers, partners, agents or contractors in connection with the services they perform for us or developers;
With financial institutions to help establish, maintain, or manage a connection you’ve chosen to make between your financial institution accounts and the products or services you use, as well as to help them protect your financial accounts and offer you personalized services such as returning user experiences;
If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (like a court order or subpoena);
In connection with a change in ownership or control of all or a part of our business (like a merger, acquisition, reorganization, or bankruptcy);
Between and among SafePay and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
As we believe reasonably appropriate to protect against and prevent actual or potential fraud, unauthorized transactions, claims, other liabilities, or otherwise protect the rights, privacy, safety, or property of you, developers, our partners, SafePay, and others; or
For any other notified purpose with your consent or at your direction.

We do not share your data with non-affiliated third parties except as permitted by law (as authorized by 12 C.F.R. § 1016.14 and 1016.15).

When you link your financial accounts through Forseti, we may use Google’s reCAPTCHA service to help detect fraud and abuse. Google reCAPTCHA is integrated into SafePay products and services in order to ensure that entries made in online forms, for example, are actually made by real persons and are not automated by software (or bots).

Google reCAPTCHA analyzes the behavior of users of our products and services using different characteristics. Google reCAPTCHA processes personal data such as your IP address, your length of stay on our website and further information about your use of Forseti products and services. This data will be transmitted and stored by Google on servers in the United States and other countries. Google has certified with the EU-US Data Privacy Framework; the certificate is available here. When reCAPTCHA is used, Google’s Privacy Policy and Terms of Use apply to reCAPTCHA and information Google collects through reCAPTCHA.

We only share your personal financial data with third parties to power the services you requested, when you consent, and/or to protect against fraud.

Our Retention and Deletion Practices

We retain your data only as long as it is needed. To determine whether the data is needed, we consider the reason your data was collected and used and any legal requirements to hold onto your data. We review your data periodically to ensure it is still needed to fulfill the purpose for which it was collected or any other legal requirements. If a developer removes your connection from their app to your data, Forseti’s systems are designed to automatically delete your personal data, subject to certain exceptions where we may still retain your information.

The exceptions to this may be if: (a) you’ve established a connection with another developer’s app through Forseti that is still active; (b) Forseti needs your data to continue providing you with a product or service you requested; (c) Forseti is required by law to keep your data; (d) Forseti needs your data to help protect against or prevent fraud or protect privacy, provide support, or investigate misuse and misconduct; (e) Forseti has anonymized your data such that it cannot be reidentified; or (f) we request – and you specifically agree – to allow us to retain your data longer.

Your data will only be processed as required by law or in accordance with this Policy.

Protection of data

SafePay’s security policies and practices are designed to protect the confidentiality and integrity of your data. SafePay aims to meet or exceed all US regulatory requirements for the protection of data it is bound by. As such, SafePay implements controls designed to limit access to this data to personnel who have a business reason to know it and prohibits its personnel from unlawfully accessing, using or disclosing this data. Data is encrypted at rest and encrypted in transit via secure protocols, as specified by US laws such as the Gramm-Leach-Bliley Act (GLBA) and the Sarbanes-Oxley Act (SOX).

SafePay retains a certified cybersecurity and data protection officer (DPO) who is responsible for ensuring that policies and procedures are followed and updated.

International Data Transfers

We operate within the United States and while our services are not intended to operate internationally, a developer may request data in such a way where data collected about you may come across international borders for processing and storage. In such cases, developers are expected to make adequacy decisions, data transfer agreements, or other EU Commission- or UK Secretary of State-approved (as applicable) mechanisms for such transfers, such as standard contractual clauses. You or an authorized representative can ask us for specific details by contacting us as set out below.

Your Data Protection Rights

Regardless of where you live, we will honor the following rights related to your personal data, subject to some limitations and exceptions provided by law, and you will not be discriminated against for exercising them:

Access data collected about you;
Request access to more details about the categories and specific pieces of personal information we may have collected about you in the last 12 months (including personal information disclosed for business purposes);
Request, under certain circumstances, that we rectify or update your data that is inaccurate or incomplete;
Request, under certain circumstances, that we erase or restrict the processing of your data;
Object to our processing of your data under certain conditions provided by law;
Where processing of your data is based on consent, withdraw that consent;
Request that we provide data collected about you in a structured, commonly used and machine-readable format so that you can transfer it to another company, where technically feasible.
Please note that for an official record of your financial information you should make that request directly to your financial institution.

Depending on where you live, you may have the right to lodge a complaint. We welcome and appreciate the chance to address any concerns you may have and encourage you to contact us. In addition, and depending on your jurisdiction, you may have the right to make a complaint at any time to your (data protection) supervisory authority.

To exercise any rights you have, you can submit a request using our online form. You can also contact us as described in the “Contacting Us” section below to exercise any of your data protection rights. You may be required to provide additional information necessary to confirm your identity before we can respond to your request.

If we receive your request from an authorized agent, we may ask for evidence that the agent has valid written authority, like a power of attorney, to submit requests on your behalf.

We will consider requests and provide our response within a reasonable period of time (and within any time period required by applicable law). Please note, however, that certain data may be exempt from such requests, for example if we need to keep the data to comply with our own legal obligations or to establish, exercise, or defend legal claims.

Changes To This Policy

We update or change this Policy from time to time. If we make any updates or changes, we will post the new policy on Forseti’s website at https://forsetiverify.com/privacy-policy/ and update the effective date at the top of this Policy. We will also notify developers of any material changes in accordance with our developer agreements, as they may be better positioned to notify you about changes to this Policy. If you are an active user of Forseti products, we will also send you an email notifying you of the update.

Contacting Us

If you have any questions or complaints about this Policy, or about our privacy practices generally, you can contact us at [email protected] or by mail at:

SafePay
Attn: Legal
3543 Archgate Ct
Milton, GA 30004
U.S.A.

Consumer Privacy Notice

	WHAT DOES SAFEPAY DO WITH YOUR PERSONAL INFORMATION?
Why?	Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?	The types of personal information we collect and share depend on the product or service you, or the app developer you are connecting to, use. This information can include: Social Security number and account balances Account transactions and transaction history Income and employment information For more information, see the “Data We Collect or Derive” section of our Privacy Policy. When you are no longer our consumer, we continue to use and share your information as described in this notice.
How?	All financial companies need to share consumers’ personal information to provide their products and services. Below are the reasons SafePay shares and whether you can limit this sharing.
Reasons We Can Share Your Personal Information			Does SafePay Share?	Can You Limit This Sharing?
For our everyday business purposes – such as to connect and share data from your financial accounts to power the apps you use, as well as to protect against fraud or misuse, respond to court orders and legal investigations, or report to credit bureaus.			Yes	No
For our marketing purposes			No	We don’t share
For joint marketing with nonaffiliates			Yes	Yes, and we only share at your direction
For our affiliates’ everyday business purposes – contact information and nonidentifiable personal information			Yes	Yes, and we only share at your direction
For our affiliates’ everyday business purposes – financial account information			No	We don’t share
For nonaffiliates to market to you			No	We don’t share
Questions	Contact us at: [email protected]
Who We Are
Who is providing this notice?		SafePay, LLC
What We Do
How does SafePay protect my personal information?	To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does SafePay collect my personal information?	As explained in more detail in the Data We Collect or Derive section of our End User Privacy Policy, we collect personal information you provide to us and collect your personal information from other companies when you use our products or services. This includes, for example, when you use Forseti Verify or when you use Forseti to connect and share your data to power the applications (“apps”) you use.
Why can’t I limit all sharing?	Federal law gives you the right to limit only: sharing for affiliates’ everyday business purposes affiliates from using your information to market to you sharing for nonaffiliates to market to you State laws and individual companies may give you additional rights to limit sharing.
Definitions
Affiliates	Companies related by common ownership or control. They can be financial and nonfinancial companies. Our affiliates include Data Pros Consulting, LLC.
Nonaffiliates	Companies not related by common ownership or control. They can be financial and nonfinancial companies. SafePay does not share with nonaffiliates so they can market to you.
Joint marketing	A formal agreement between nonaffiliated financial companies that together market financial products or services to you. SafePay joint markets with Omni Group Consulting, LLC.
Other Important Information
California: If you are a resident of California, we will not share personal information we collect about you except to the extent permitted under California law. Vermont: If you are a resident of Vermont, we will not share personal information we collect about you with non-affiliates unless the law allows or you provide authorization.