Privacy Policy

1. INTRODUCTION

This iPaySmart, Inc. General Privacy Policy (also referred to as the “Privacy Policy”) provides information on the collection, use, and sharing (collectively referred to ‘processing’ or ‘process’) of personal information that may occur by IPS and its affiliates (“IPS”, “we” or “us”) in connection with your use of IPS websites, mobile applications, and social media pages, your interactions with IPS during in-person meetings at IPS facilities and/or at IPS events, and in the context of other online or offline sales and marketing activities. This Privacy Policy also explains the privacy rights you have in relation to these processing activities.

This Privacy Policy was last updated on December 31, 2025. However, the Privacy Policy can change over time, for example to comply with legal requirements or to meet changing business needs. The most up-to-date version can be found on this website. In case there is an important change that we want to highlight to you, we will also inform you in another appropriate way (for example via a pop-up notice or statement of changes on our website).

As used in this Privacy Policy, “personal information” or “personal data” means information that relates to an identifiable individual. For example, this could include among other things your name, address, email address, business contact details, or information gathered through your interactions with us via our websites or at events. Personal information is also referred to as “Information about you.” For more detail about the types of information about you that we may process, please refer to Section 4 below.

2. SCOPE

This Privacy Policy applies to the processing of personal information by IPS of:

• Visitors and users of the various IPS sites, including computer or mobile software applications and our social media pages that link to this Privacy Policy (collectively referred to as the sites);
• Attendees of IPS events or IPS-sponsored events;
• Customers and prospective customers and their representatives;
• Subscribers to IPS publications and newsletters;
• Visitors to IPS facilities; and
• Suppliers and business partners and their representatives.

The Privacy Policy does not apply to the following activities:

• Personal information collected about you by IPS customers. IPS customers are responsible for their own personal information collection and processing practices, including when customers use IPS products or services to process your personal information. To find out more about our customers’ use of personal information about you, you are encouraged to review the relevant privacy policy of the company who collected your information from you. Please consult that company directly if you have any further questions about its use of information about you.
• Personal information processed by IPS to provide Cloud, Payment Processing, Technical Support, Consulting or other Services to IPS customers. “Services personal information” is personal information processed by IPS on behalf of a customer in order to provide and perform contracted services. If you are an IPS customer and/or IPS is processing personal information on behalf of your company, please refer to the agreements between you and/or your company and IPS for information on how IPS processes services personal information.
• Personal information you provide on third party sites not controlled by IPS. When interacting with our websites, you also have the ability to link or connect with non-IPS websites, services, social networks, applications or other features. Enabling these features will lead to other parties than IPS processing information about you. IPS does not have any control over these features of other parties. We encourage you to review the privacy policies of these parties before using these features.

3. WHO IS RESPONSIBLE FOR YOUR PERSONAL INFORMATION?

IPS and its affiliated entities are responsible for processing your personal information described in this Privacy Policy.

4. WHICH CATEGORIES AND SPECIFIC PIECES OF PERSONAL INFORMATION DO WE PROCESS?

IPS can process information about you collected directly from you both offline and online, including when you create an IPS account to access IPS products and services or attend an IPS -sponsored event. Information about you may also be provided to IPS by third party sources, such as data aggregators who may not have a direct relationship with you or by third parties who collect information about you on behalf of IPS such as when you download an IPS whitepaper.

Specific pieces of information about you that IPS may collect and process depending on your interaction with IPS, includes:

• Name and physical address, email addresses, and telephone numbers;
• Demographic attributes, when tied to personal information that identifies you;
• Photographs that identify you and testimonials;
• Public information about your work and education history, including professional affiliations;
• Information you provide on your public social media profiles related to your professional and educational history, such as LinkedIn;
• Transactional data, including products and services ordered, financial details and payment methods;
• Company data such as the name, size, and location of the company you work for and your role within the company as well as publicly available company information and activity associated with company data;
• Data from surveys conducted by IPS or by third parties on behalf of IPS and publicly available information, such as social media posts;
• Call recording and chat transcript data from sales and customer support calls and live chat sessions or interviews;
• Unique IDs such as your mobile device identifier or cookie ID on your browser;
• IP address and information that may be derived from IP address, such as geographic location;
• Information about a device you use, such as browser, device type, operating system, the presence or use of “apps”, screen resolution, and the preferred language;
• Certain location or geolocation information you provide directly or through automated means, if you choose to enable location-based services from your device or IPS app; and
• Behavioral data of the internet-connected computer or device you use when interacting with the sites, such as advertisements clicked or viewed, sites and content areas, date and time of activities or the web search used to locate and navigate to a site.

Certain online information about you or device information may originate from the use of cookies and similar technologies (for example, pixel tags and device identifiers) on our sites or sites of third parties. For more information on cookies and similar technologies, please see Section 11 below.

Please note that IPS does not control the content that you may post to forums or social networks; in some cases, such content may be publicly available on the Internet. You should carefully consider whether you wish to submit personal information to these forums or social networks and whether you wish to make your profile available to other users, and you should tailor any content you may submit accordingly.

5. WHY AND HOW DO WE USE YOUR PERSONAL INFORMATION?

We may use personal information for the following business purposes:

• To communicate and respond to your requests and inquiries to IPS;
• To create and administer an IPS single sign-on (SSO) account (also referred to as an “IPS Account”) and to deliver functionality on our sites and for their technical and functional management;
• To engage in transactions with customers, suppliers, and business partners and to process orders for IPS products and services;
• To analyze, develop, improve, and optimize the use, function, and performance of our sites and products and services;
• To manage the security and operation of our sites, facilities, and networks and systems; and
• To comply with applicable laws and regulations and to operate our business.

We may use personal information for the following commercial purposes:

• To administer subscriptions of IPS publications and newsletters;
• To market our products and services or related products and services, and to tailor our marketing and sales activities to your or your company’s interests; and
• To provide select business-to-business services to IPS customers using publicly available information about companies which may include personal information such as the name of a company’s CEO that is publicly available.

6. WHAT IS OUR BASIS FOR PROCESSING INFORMATION ABOUT YOU?

For personal information collected about you in the EU/EEA, the UK and other relevant jurisdictions, our basis for processing is the following:

• We rely on our legitimate interest in processing contact and related information about you to communicate adequately with you, to respond to your requests, and to tailor our marketing and sales activities to your professional interests.
• In order to engage in transactions with customers, suppliers, and business partners, and to process purchases and downloads of our products and services, we need to process information about you as necessary to enter into or perform a contract with you.
• We process personal information for marketing and sales activities (including events) based on your consent where so indicated on our sites at the time your personal information was collected, or further to our legitimate interest to keep you updated on developments around our products and services which may be of interest to you.
• We rely on our legitimate interest to analyze, develop, improve and optimize our sites, facilities, products, and services, and to maintain the security of our sites, networks, and systems.
• In order to comply with applicable laws and regulations, such as to comply with a subpoena or other legal process, or to process an opt-out request.

7. FOR WHAT PERIOD DO WE RETAIN PERSONAL INFORMATION

IPS maintains personal information for the following retention periods:

• Information about you we collect to engage in transactions with our customers, suppliers, and business partners, and to process purchases of our products and services, will be retained for the duration of the transaction or services period, or longer as necessary for record retention and legal compliance purposes.
• If you opened an IPS account, your account information will be retained for as long as you maintain an active account. After service termination, minimal account information will be held for records retention purposes. Please note the IPS Privacy team cannot delete, correct, or access service account data or terminate your contracted IPS product or service account.
• Contact information such as your email address or phone number collected online on our sites or offline from our interactions with you at IPS events and conferences, and used for direct marketing and sales activities will be retained for as long as we have an active (customer) relationship with you.

8. WHEN AND HOW CAN WE DISCLOSE YOUR PERSONAL INFORMATION?

Sharing within IPS

As a global organization, information about you may be shared globally throughout IPS’s worldwide organization.

IPS employees are authorized to access personal information only to the extent necessary to serve the applicable purpose(s) and to perform their job functions.

Disclosing personal information to third parties

We may disclose personal information with the following third parties for a business purpose:

• Third-party service providers (for example, credit card processing services, order fulfillment, analytics, event/campaign management, website management, information technology and related infrastructure provision, customer service, e-mail delivery, auditing, and other similar service providers) in order for those service providers to perform business functions on behalf of IPS;
• Relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings);
• As required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.

We may share personal information with the following third parties for a commercial purpose

• IPS distributors or resellers for further follow-up related to your interests, specific partners that offer complementary products and services or with third parties to facilitate interest-based advertising; and
• Event partners or conference sponsors for IPS events such as when you scan your badge at a sponsored booth

When third parties are given access to personal information, we will take appropriate contractual, technical and organizational measures designed to ensure that personal information is processed only to the extent that such processing is necessary, consistent with this Privacy Policy, and in accordance with applicable law.

9. HOW IS PERSONAL INFORMATION HANDLED GLOBALLY?

IPS is a global corporation with operations in multiple countries and personal information is processed globally as necessary in accordance with this policy. If personal information is transferred to an IPS recipient in a country that does not provide an adequate level of protection for personal information, IPS will take adequate measures designed to protect the personal information, such as ensuring that such transfers are subject to the terms of the EU Model Clauses or other adequate transfer mechanism as required under relevant data protection laws. Additional country-specific information on data transfers may be provided if you sign up for an IPS SSO account (IPS Account) or register for an event.

10. HOW IS YOUR PERSONAL INFORMATION SECURED?

IPS has implemented appropriate technical, physical and organizational measures designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing.

11. WHAT COOKIES AND SIMILAR TECHNOLOGIES DO WE USE ON OUR SITES?

Cookies and similar technologies (e.g., pixels tags and device identifiers) are used by IPS and our advertising technology partners to recognize you and/or your device(s) on, off and across different services and devices for the purposes specified in Section 5 above.

When do we use cookies and similar technologies?

Cookies are small text files that contain a string of characters and uniquely identify a browser on a device connected to the Internet. We place cookies in your browser when you visit IPS sites and non- IPS sites that host our plugins or tags. Depending on your jurisdiction, you may be presented with different consent options, including the option to reject all non-essential cookies, prior to IPS placing cookies on your browser. Visitors from all jurisdictions are provided with functionality to opt out of non-required cookies using the cookie preferences tool.

We use cookies and other technologies on all our sites to ensure the best possible and secure experience on our sites and to provide you with tailored information on products and services. IPS also uses cookies or similar technologies on its sites to collect online information such as your mobile device ID, IP address, and other information about your device, as well as behavioral data of your device usage on our sites (e.g. pages viewed, links clicked, documents downloaded).

12. WHAT ARE YOUR PRIVACY RIGHTS?

You have multiple privacy rights, subject to applicable law, in respect of the information we process about you:

• Opt-out of our use or sharing of your personal information
• You may withdraw consent you have previously provided for the processing of information about you, including for email marketing by IPS.
• Delete personal information
• You can ask us to erase or delete all or some of the information about you.
• Change or correct personal information
• You can edit some of the information about you. You can also ask us to change, update, or fix information about you in certain cases, particularly if it is inaccurate.
• Object to, or limit or restrict use of personal information
• You can ask us to stop using all or some of the information about you (for example, if we have no legal right to keep using it) or to limit our use of it (for example, if the information about you is inaccurate).
• Right to access and/or have your information provided to you
• You can also ask us for a copy of information about you and can ask for a copy of information about you provided in machine-readable form if you reside in the EU, California, or other jurisdiction that provides you this right as a matter of law.

If you are authorized to make an access or deletion request on behalf of a data subject, please reach out to us and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a data subject.

In the event you have previously created an account for a certain IPS portal, you can access and manage your personal information stored in these portals (i) by clicking the links and following the corresponding instructions, and (ii) taking the actions within each portal with regards to your personal information, such as updating your contact details, deleting certain entries or records, or downloading a copy of your profile. Please note that these actions are available to the extent permitted by each portal’s functionality.

If your inquiry relates to your company’s service account or support of IPS products or services, please note the IPS Privacy team cannot delete, correct, or access service account data or terminate your contracted IPS product or service account. Please go to the Contact IPS page for resources and contact information to administer service account data.

13. DO YOU COLLECT SENSITIVE INFORMATION AND INFORMATION FROM CHILDREN?

Sensitive personal information

We ask that you do not send us, and do not share any sensitive personal information (for example, government-issued IDs, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, genetic, or biometric data, criminal background or trade union membership).

Children’s privacy

As a company focused on serving the needs of businesses, IPS’s sites are not directed to minors and IPS does not promote or market its services to minors, except in very limited circumstances as part of specific educational outreach programs with parental permission. If you believe that we have mistakenly or unintentionally collected personal information of a minor through our sites without appropriate consent, please notify us so that we may immediately delete the information from our servers and make any other necessary corrections.

14. WHAT ARE MY RIGHTS AS A CALIFORNIA RESIDENT?

Under the California Consumer Privacy Act (CCPA), as amended, California residents may request that we:

1. disclose to you the following information:

• The categories and specific pieces of personal information we collected about you and the categories of personal information we sold (Section 4);
• The categories of sources from which we collected such personal information (Section 4);
• The business or commercial purpose for collecting or selling personal information about you (Section 5); and
• The categories of third parties to whom we sold or otherwise disclosed personal information (Section 8).

2. delete personal information we collected from you or correct inaccurate personal information about you (see Section 12); or

3. opt-out of any future sale of personal information about you (see Section 12).

We will respond to your request consistent with applicable law. If you are an authorized agent making an access or deletion request on behalf of a Californian resident, please reach out to us and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a Californian resident.